How to VPN (Security and privacy the real way)

How to VPN (Security and privacy the real way)

October 12, 2017 Blog 0
vpn internet security anonymous

VPN (Virtual Private Network) can become handy when some contents are not available in your area or is a great thing for people who are worried about their privacy, to hide their internet activity from their internet provider(or their spouse). Moreover, VPN makes surfing on the web safer since hackers have a more hard time connecting to your PC.

To explain in a simple way what a VPN does, we first need to understand what an IP address is. IP (Internet protocol) is a unique virtual address that every device, which is connected to the internet, has to have to be identified. For example, Google's IP address is "216.58.200.196" which you can verify with entering the number in your browser:

And as Google has it's unique IP address, so do have you have one too. These IP addresses are used to identify people and can be used to get your location, access your machine and a lot more. VPN simply connects your device to another device, before it accesses the internet. In other words, VPN is the man in the middle and the whole world wide web never knows of your existence.

However, connecting to the internet with VPN doesn't mean that all of above is guaranteed. I'll try to explain what the difference between VPN providers are and how to correctly set a VPN up.

1. Log less VPN provider

Some VPN providers are keeping a history of their costumer's internet activity, same as internet provider do. Which means that the VPN provider is storing the internet history, instead of the internet provider. That's why it's very important to read the conditions, Terms of Service and whatever other information you can gather. Some VPN providers do advertise not storing internet history, but after looking carefully into their TOS, you found out that this is not 100% true.
Most privacy activists are recommending Mullvad, AirVPN or ProtonVPN.
Eventough free VPN's are not recommended, but if it's really needed, I can recommend Windscribe who have 10GB of VPN per month for free. Also ProtonVPN provides free VPN service but with reduced speed.

2. Setting up VPN

After you've acquired a VPN, you need to set it correctly up. Read carefully the installation or setup guide which can be found on each providers website - or if you're lucky, you'll get a software that makes everything really easy. Activate your VPN and choose a location different than your country. Visit this page and see if your current connection is from a different country.

You can use this as a reference:

Your current IP address is: 31.184.238.175
Country: Russia

3. Checking for leaks

WebRTC

Even when you use VPN that routes your internet traffic via another place, you can still be tracked down. If that's the case, you're having one or multiple leaks, but don't worry, you don't need to have an MIT degree to fix them.

The first step would be to check if it's your browser that is leaking, which is called a "WebRTC leak".
You can check on this page if WebRTC is active. If it is, you can disable it by using browser add-ons:

Deactivate WebRTC in Firefox
Deactivate WebRTC in Chrome

IPv6

IPv6, a shortcut for "Internet Protocol version 6" is the most recent version of IP version. We all know this IP format "172.16.254.1". However, due to the increasing size of devices connected to the internet, are we slowly running out of numbers in this format. That's why the internet was in need of a new IP format, which we know under the name IPv6 and looks like this "2001:0DB8:AC10:FE01".

Newest Laptops and PC's are using both IP formats until they run out of IPv4 addresses. IPv6 can leak your IP address too, that's why you should check for it too.

Test for IPv6 Leak

If your machine is leaking from IPv6, the only current fix is to disable it. (I've had mine disabled for years and felt a difference between having it enabled)

Disable IPv6 Windows
Disable IPv6 Mac

DNS (Windows)

Finally, the last leak you need to check for is if your machine's Domain Name System (DNS - is a system used to convert a computer's unique name into an IP address on the Internet) is leaking your IP address.
You can do a test using the "Extended Test" from
DNS Leak Test

If your DNS is leaking your IP address, then you need to change your DNS server address from auto to 0.0.0.0.

To do so, I've created a small tool, that you can use to enable DNS fix and disable DNS fix.

Download DNS Fixer

How to use:

Run the DNS-LEAK-ON.exe file, and enter as demonstrated below the current active Interface name.
If e.g. you're connected to WiFi, locate your WiFi's interface name and enter it.

dns leak tool fix

When you're done with VPN, use the DNS-LEAK-OFF.exe file, insert again your interface name and disable the fix.
Otherwise, you will not be able to connect to the internet anymore!

Check for WebRTC:

If your browser has WebRTC enabled, you should see here below your local IP address:

WebRTC disabled, you're not leaking

Source code: diafygi

More privacy?

Even tough this will be good enough for 95% of all internet users to keep their privacy. If you however, want to go a step further, where you'll make it for hackers, FBI, CSI, Chuck Norris and Trump even more difficult to trace and track you then you need to create a setup similar to this one:

  1. Install a Virtual machine (VM) on your PC (preferably Linux, or Windows 7)
    If possible, run the VM in a Sandbox program. Cut all lose ties between your PC and the VM.
  2. Get yourself a non-tracking script for Windows 7 (use the internet)
  3. Install a VPN client on this VM and apply the fix from above to it.
  4. Install Tor on your VM and use it as your default browser.

This is advanced and usually only used for people who need to be afraid of being track. Therefore will i not dig deeper into it.

References:
WebRTC check script: https://github.com/diafygi/webrtc-ips
IP: https://en.wikipedia.org/wiki/Internet_Protocol
IPv6: https://en.wikipedia.org/wiki/IPv6
DNS Leak Fixing: https://www.dnsleaktest.com/how-to-fix-a-dns-leak.html

Disclaimer:
I'm not affiliated with any of the links and/or services mentioned on this page. They are chosed based on recommendations or personal experience. I've used a VPN service called RA4WVPN for years, but found out that they are not secure and private at all. Therefore, I lately changed to Windscribe, where I found online a lifetime plan for 70$. Until now, Windscribe is my top choice based on the lifetime plan!

 

Leave a Reply

Your email address will not be published. Required fields are marked *