Kenya is the Internet freedom-friendly country while Nairobi is dubbed as a Silicon Savannah and the next tech capital of the world. The Kenyan government doesn’t seem to engage in draconian online censorship, creating a fruitful ground for online start-ups and individual entrepreneurs seeking to enter the international market.
The use of VPNs is legal, and the demand for them is at an all-time-high, so it seems anyone living in and working from Kenya shouldn’t have problems navigating the thriving VPN market. There are so many providers out there, some offering free or dirt-cheap services, you’d think picking a VPN is a no-brainer.
Unfortunately, a quick reality check proves the VPN niche has its nagging issues. Tech jargon makes it difficult for average users to understand the features and how VPNs work. Lack of regulation and transparency makes it hard to tell trustworthy providers from privacy-invasive snoopers. A multitude of “VPN review” websites are often VPN resellers profiting from affiliate programs, which creates an apparent conflict of interest and makes you doubt if you can trust their impartiality.
With all of that in mind, Alex Grant, a digital nomad who’s been relying on VPNs for productivity for ages, wrote a concise yet comprehensive guide VPN for Beginners, taking a critical look at the industry. A look that hasn’t been clouded by affiliate dollars.
It’s a useful read that will guide you step-by-step through essential VPN terms, explain how VPNs work and why you may want to use one. It scrutinizes interesting industry case studies, and legal landscape for VPNs, explaining why governments and private entities want to control VPNs.
Most importantly, the guide will give you a clear idea of how to choose a decent, trustworthy and transparent VPN provider that protects your privacy.
AES
Advanced Encryption Standard, the current golden standard for encryption being the 256-bit AES cipher used by the surveillance agencies. If privacy and security are your priority, always look for VPN providers that rely on AES-256 encryption.
Backdoor
A deliberate weakness in a code that can be used by the developer, law enforcement or hackers to snoop on user activities. The authorities of the Five Eyes countries insist that the tech companies embed backdoors in their products for the sake of national security. This is bad for privacy since backdoors inevitably get exploited by hackers. It’s also bad for business as privacy-minded users turn their backs on the US/Canadian/Australian/British VPNs because tech companies based in these countries can be compelled to cooperate with the three-letter agencies.
Bitcoin
Virtual cryptocurrency that lets you pay for goods and services online and remain anonymous. It’s open-source and peer-to-peer (think BitTorrent). A pro-privacy VPN provider will support Bitcoin payments. If you pay with Bitcoin, the VPN provider will know your IP, but not your real name. Do note, however, that payments made with Bitcoin don’t qualify for a refund with many VPN providers.
BitTorrent, also P2P or File-Sharing
A peer-to-peer (P2P) file-sharing protocol that lets you share files efficiently. The technology itself is legit, and there are many good uses for it, but BitTorrent is also widely used to share copyrighted content illegally. The catch with torrenting is that it’s easy to trace the IPs of all connected seeders and leechers (those downloading and sharing files). That’s where a VPN comes handy to hide your real location. So, if torrenting is on your mind, look for a VPN that allows P2P and has a clear stance on torrenting. The rule of thumb when torrenting is to choose the servers located outside the countries with strict copyright laws like Germany, France, Japan, USA, or the UK.
Browser Extension or VPN Add-On
Some VPNs offer a browser extension (i.e., for Chrome, Firefox, Opera). Whereas a desktop VPN program tunnels all your traffic through the VPN, a browser extension only tunnels your browser traffic, letting your other applications connect to the Internet the usual way.
Cipher or Protocol
A math algorithm VPNs use to encrypt your data like the OpenVPN, PPTP and L2TP/IPSec. The golden standard for the VPNs is the OpenVPN protocol.
Connection Logs or Metadata
Records that the VPN providers might keep on you. The catch is that most VPNs claim to be zero-logs, but in reality do log some of your data (your IP, when you connect and for how long, etc.). What they log varies by provider. For instance, some keep no activity logs but keep metadata logs, and some keep no logs at all. Still, and I can’t stress this enough, never commit to a long-term subscription without reading VPN’s ToS and Privacy Policy.
Copyright Trolls
Legal firms that hunt down users sharing copyrighted content via P2P torrenting. They monetize on legal prosecution and cash settlements. Copyright trolls monitor websites like The Pirate Bay to track users’ IPs and then identify the offender. In some countries like Germany and France, copyright trolls are a tangible threat, so VPNs have become indispensable protection tools for those looking to torrent.
Data Authentication
A cryptographic hash used to verify encrypted VPN connections. OpenVPN uses SHA-1, while the providers that are at the top of their game offer more secure SHA256, SHA512, or SHA3 data authentication.
DNS
Domain Name System that translates the websites’ web addresses (URLs) into their numerical IP addresses used by computers. Every device and connection have their unique IP address. Traditionally, DNS translation is handled by your internet service provider (ISP).
DNS Leak
Since the IP address of the server that translates your computer’s numeric address into web address is easy to detect; a VPN should route all your DNS requests through the VPN tunnel. When you’re using a VPN, the VPN provider must resolve these DNS requests, not your ISP. You can check if your VPN is leaking your DNS by running this quick online test. If the test detects a DNS leak, your DNS requests are processed by your ISP, and not your VPN provider. Look for a provider offering a DNS leak protection.
Data Retention
Many countries have data retention regulations that compel the internet service providers to keep users’ data and share it with law enforcement or surveillance agencies. In some countries, the data retention period is 12 months, in others as long as 2-5 years. In Germany, for instance, ISPs are authorized to install keyloggers on citizens’ devices. It’s important to know the jurisdiction of your VPN provider because in some countries VPNs can be compelled to cooperate with law enforcement, keep logs, and share them with the surveillance agencies without prior notice to the user. Privacy advocates recommend steering clear of the VPN providers based in the Five Eyes countries, and be cautious with providers headquartered in the 14 Eyes countries due to their intrusive data retention laws.
Encryption
Scrambles or encodes your traffic to protect it from unauthorized access using a sophisticated cipher. It may take years for a computer to break strong encryption. Without encryption, just about anyone can snoop on your online activities. Currently, encryption is the only accessible tool for the common folks who seek to protect their privacy and security online. Still, not all encryption is made equal. Many providers advertise end-to-end encryption since it’s a buzz word that sells, but embed a backdoor that enables covert snooping (think WhatsApp encryption). Overall, if a provider holds the encryption keys, you must have valid reasons to trust they’re not using them to snoop on you.
End-to-End Encryption
Your data is encrypted while in transit (as it travels the Internet) and at rest (as it resides in your cloud storage or email server). When you and only you, or you and your trusted recipient, have the encryption key, end-to-end encryption works. When the provider (cloud storage, email provider, or the VPN provider) holds the keys, the security is controversial. For one, a provider can be hacked – think Yahoo hack that exposed the passwords of a billion of Yahoo users. Also, when a provider keeps your keys, they can be compelled to hand them over to law enforcement. Therefore, only zero-knowledge providers (that don’t have access to your keys) offer truly-secure service. But you won’t be able to request a password recovery with a zero-knowledge provider. In the world of the VPNs, end-to-end encryption is considered reasonably secure, but some other factors need to be considered like data retention laws, jurisdiction, and logging and privacy policies.
Five Eyes
Australia, Canada, New Zealand, United Kingdom and the United States of America cooperatively collect and share intelligence not only on their adversaries but also on each other’s citizens and share that data to avoid breaking domestic surveillance restrictions. If you seek privacy, avoid VPN providers based in these countries.
Fourteen Eyes
the countries of the Five Eyes cooperate with and share intelligence on foreigners and their own citizens with other countries (Denmark, Netherlands, France, Norway, Belgium, Germany, Italy, Spain, and Sweden), and spy on each other.
Geo-Blocks, Geo-Restrictions
An outdated, medieval and barbarian if you ask me, but still relevant monetization model used by some streaming services like Netflix, Hulu or BBC iPlayer. Geo-restriction blocks access to the service, or parts of it, to users located outside of a certain white list of locations. For instance, you can’t access BBC iPlayer from outside the UK. Netflix US is inaccessible from anywhere but the US. Worse yet, Netflix uses region-based fees that force non-US users to pay up to 20% more than what the US users pay (I feel your pain, Aussies). Some VPNs unblock these geo-restrictions, others only claim they do, while some providers explicitly say they don’t. Netflix invests heavily into its anti-VPN force, so the list of providers that unblock Netflix is always changing, as the streaming service keeps blacklisting more and more VPNs.
Geo-Spoofing or Spoofing
Pretending you’re accessing the Internet from a location other than your actual location by using a VPN, proxy or SmartDNS. Spoofing lets you bypass geo-restrictions and censorship.
IP Address (or just IP)
Internet Protocol Address is a unique numerical identifier assigned to every device accessing the Internet. IP addresses can change each time you connect to the Internet, but the very gist of using a VPN is to hide your true IP. The VPN provider, however, still can see it.
IP Leak
What happens when a VPN fails to hide your actual IP. This can happen for a variety of reasons, but generally, you need to test a VPN for IP leaks before committing to a long-term subscription.
IPv4 and IPv6
as of now, IPv4 is the default DNS system that defines the numerical IP address values. IPv4 supports 32-bit internet addresses that amount to ~4.29 billion addresses, and right now we’re running out of those. IPv6 came about as a solution to that problem, as it uses 128-bit addresses which amount to a 39-digit total (2^128) of web addresses. You should check for the IPv4 and IPv6 leaks when choosing a VPN provider.
ISP
Internet Service Provider is the telecoms company that provides you with the Internet connection. The ISPs traditionally monitor users’ traffic and often throttle, or limit, your bandwidth if you’re torrenting large files. Besides throttling, ISPs in some countries have extensive surveillance authority. For instance, German ISPs can install keyloggers, steal passwords, log and store your activity data for years and hand it over to law enforcement or get you nailed if they receive a copyright infringement notice. The VPNs are so high in demand because they encrypt and hide your data and traffic from the ISPs. The ISPs have powerful political lobbies, so I don’t expect these to become pro-privacy, transparent or accountable in the foreseeable future.
Kill Switch (or kill-switch)
An important VPN feature that shuts down your access to the Internet in case a VPN connection fails for some reason. Thus, it protects you from exposing your real location and traffic. Even the most reliable VPN connections occasionally drop out, so a kill switch is vital. The term used by a VPN provider may be different, though. I’ve seen the kill switch dubbed as a network lock, secure IP, and whatnot. When in doubt, always inquire with the provider’s support if their software offers a kill switch feature.
L2TP/IPsec
Encryption and VPN tunneling protocol built into most Internet-enabled platforms. It’s pretty secure if done right but unfortunately it’s hacked by the NSA.
Metadata
Information about who accesses the Internet (or makes a phone call, sends a text message, email – you get the idea), when, from where, for how long, and to whom they send it. It’s not the contents of your communications, but it’s enough for in-depth profiling, identification of your social circles, locations, and lifestyle. The three-letter agencies all over the world love metadata as it tells them pretty much everything about you.
NAT Firewall
A VPN feature that blocks third parties from connecting to your VPN-protected system. Nat Firewall blocks unrequested incoming connections while the VPN is running.
Network Latency
The time it takes for a data packet to travel from one point to another, or rather the delay in data transfer. Small delays = low latency; long delays = high latency.
OpenVPN
The golden standard protocol for a VPN to use in combination with a strong AES-256 encryption. It’s open-source, so frequently reviewed by independent experts for vulnerabilities. OpenVPN is considered to be safe against state surveillance so far. You can download OpenVPN client and set up your own VPN if you don’t mind some mingling and reading, or you can rely on a commercial provider offering OpenVPN protocol. If privacy and security are on the table, go for a VPN that supports OpenVPN.
Perfect Forward Secrecy
Generates a unique private encryption key designed to make HTTPS connections more secure. It’s new for every session, so every session with a HTTPS service has a unique set of keys. VPNs deploying PFS are considered pro—privacy.
PPTP
A VPN protocol that’s quite old, so most VPNs support it. The advantage of PPTP is it’s easy to set up on just about any VPN-capable device or platform. It’s also highly insecure, so use it only when nothing else is available and only for non-confidential data.
Proxy Server or Proxies
An intermediary computer between your PC and the Internet. When you’re browsing – or routing your traffic – through a proxy, you appear with the proxy’s IP address. Although public proxies are not safe and don’t encrypt your traffic, you can still use them for basic, non-confidential browsing that requires an IP other than your true one.
Shared IP
A method used by most VPNs when they assign multiple users the same IP address (shared IP) to increase users’ privacy. That way, it’s more difficult for the VPN provider itself and any outside party to identify users.
Simultaneous Connections
The number of devices you can connect to the Internet simultaneously using one VPN subscription. That number differs by the vendor.
SmartDNS
DNS servers located in various countries that enable VPN providers to bypass geo-blocks from the likes of Netflix efficiently. SmartDNS is much faster than VPN since no encryption is at play, but it’s also not secure or private for the same reason. So, if all you need is to bypass Hulu or BBC iPlayer geo-blocks, SmartDNS is a good option.
Tor (the Onion Browser)
A browser and a network for anonymous browsing. Unlike VPNs that can see your real IP, Tor routes your traffic through multiple nodes. Each node only knows the IP of its preceding node, so in the end, your IP is hidden beneath layers and layers of IPs. Hence, the onion name. It’s considered safer to connect to Tor with a VPN on instead of using a Tor feature embedded in a VPN.
Usage Logs
Some VPN providers log your Internet activities like the websites and services you visit. It’s the worst case scenario, and some providers go that far without disclosing their practices in ToS. One way to determine if a provider keeps some usage logs is to read carefully through ToS and Privacy Policy. Some providers mention they can restrict your access to certain content, which implies censorship. Thus, they do know what you’re doing online. Other providers inject ads and redirect you to their partner sites to monetize your traffic. Some VPNs store only temporary usage logs for troubleshooting. If you ask me, any form of usage logs compromises your privacy to a certain extent. It’s up to you to decide what risk is acceptable.
VPN
Virtual Private Network, a technology that allows you to access the Internet and appear as if you are connecting from a location of your choice instead of your real location. It allows you to bypass geo-blocks and censorship, but also encrypts your traffic and hides it from your ISP, advertisers, marketers, and other snooping parties. A VPN provider runs a network of servers located across the globe and routes your traffic through them so that you appear as if connected from a different location. Do inquire if the provider manages its servers, or leases them because it affects the quality of service and the privacy of your traffic. VPNs are must-have tools if you frequently use public Wi-Fi hotspots that are plagued by hackers.
Warrant Canary
Some VPN providers set up a Warrant Canary page to warn users in case the company receives a gag order. The gag order doesn’t allow the provider to alert anyone about the request for data disclosure. That’s why some countries have made Warrant Canaries illegal. The Warrant Canary has to be regularly updated. Otherwise, the provider might have been compromised. Running a Warrant Canary page is good practice for a VPN, but in the end, it doesn’t guarantee anything.
WebRTC
Web Real-Time Communication, tools that enable P2P connections between browsers for video chats, file-sharing, browser games, or VoIP calls. Most browsers support WebRTC, except for Safari and IE. Even though it uses encryption, WebRTC may leak your real IP address, so you can either disable it, or use browsers that don’t support it. Always test your VPN against a WebRTC leak.
By Alex Grant and was originally posted on BestVPN.org