I wanted to write a quick article discussing VPN providers because they are heavily promoted on Youtube and every time I see the ads I think about the problems with using a large VPN provider and how people that are not knowledgeable in internet security may not fully understand how a VPN works and the drawbacks of using a service for their VPN.
What is a VPN?
To boil it down into simple to explain terms a VPN is a computer that you connect to and that computer then connects to the websites and services that you are trying to browse. The connection typically takes place from a provider application either on your phone or computer. All of your internet traffic is processed through the second computer so this computer becomes a "middle man" of sorts for your internet traffic. VPN's allow you to do a lot of things, for example, you can use them to circumvent geo-locked content by making it appear that you are in another physical location. This is not a foolproof solution however because it simply makes your IP address different and there are many more advanced ways to acquire a user's location now than just locating the origin of the IP address.
Advantages of Providers
A VPN provider makes it super simple to use a VPN typically a provider will have an app that you can simply press a button to connect with, this saves time in setting up your own service and configuring your devices.
Providers also typically have several physical locations that you can use to circumvent geo-locked services as discussed in the first section, all with a couple of clicks. This ease of use makes it simple for really nontechnical people to use them.
Drawbacks of Providers
Now that we have discussed what a VPN is and what advantages providers have we can analyze the concept and think about security and privacy. Typically people use VPN services to enhance their privacy on the internet so we will look at it from this angle to help explain the problems.
VPN providers typically require user authentication. Many times user authentication requires an email address and if you're not using a throwaway email address this email could tie the service's IP address to you. This is a more advanced look and it may not be relevant to everyone but there's another consideration to make that is based on this same idea with any VPN and that's that if you log in to any accounts that have your personal information attached to them while you are using a VPN you have effectively compromised the privacy of your VPN because the provider now knows that your personal information was accessed with this IP address.
Adding a payment method to a VPN provider also compromises the privacy of your access because you have now given a legal name and address and a card that's likely tied into your personal bank account to the VPN provider. This can easily be resolved if the VPN provider allows anonymous forms of payment but this is rarely the case.
The way that VPN's function requires all of your internet traffic to route through the machine that you are connected with. The problem with this is that if you're using a VPN provider you are effectively allowing them to access all of your internet traffic and you have created an easy man in the middle attack on yourself if they decide to exploit this. There have been numerous cases of VPN services being compromised leaking personal data that passes through and VPN providers by nature of their business can be targeted by attackers of all kinds. Governments can in some cases force the provider to allow them access to physical devices and can then use them as a honeypot to collect information on anyone connected to them. This is a huge privacy and security risk and many VPN providers use their reputation to counter this argument, but in my opinion, reputation is just not good enough because anyone can be compromised at any time with the right dedication and knowledge even if the intent of the provider is good and they try their best to ensure that their clients are safe.
If you're at least a little tech-savvy there are a few really good solutions to deploy your own VPNs using cloud hosting providers that rent out Virtual Private Servers (VPS) and allow you to change the root password and manage users. Changing the root password and locking down your system properly with encryption ensures that even the hosting provider cannot access the data that's contained on the machine they can only wipe the machine at worse. Hosting providers also tend to have many different physical locations you can choose from but it's usually not possible to move the physical location after you create your instance so make sure you choose one you want. You can deploy more instances and destroy your old ones at any time though.
Web hosting, more specifically VPS hosting has a wide variety of costs depending on what you need. I like using Vultr and have run my own VPN on a variety of servers from them and have found that their $5/month cloud compute server does the job well. Just pay attention to network limits when you make your choice because some providers, including Vultr, have limits. Note that if you decide to go with Vultr you can use my referral link for some credits ($100 as of the article publication date).
Once you have a hosting provider chosen and an account set up you don't even have to install or configure VPN software yourself, there are a couple of great projects out there that make it super easy and automated. My suggestion is Algo by trailofbits which you can simply download and run on your machine following the step-by-step instructions. Once you have your VPN set up Algo even provides help getting connected to your new VPN with both
.mobileconfig files for Apple devices to automatically configure them and instructions for Android and other operating systems.
Keep in mind that if you choose a hosting provider that collects your personal information the same issue that was discussed above exists, but this resolves the issue about transferring your data across computers that you don't own.
There are more advantages to using your own service than just privacy and security as well. Hosting providers tend to have a reputation based on uptime so if their services are down, taking down your VPN, they will work hard to get them back up quickly and they rarely go down. Since you are using your own service you will be the only person using the machine so you don't have to compete for resources with other users and you don't have to be concerned about what other users are doing with the same IP address as you.