Remember that VPNs are an ideal tool for improving your security and privacy. They are very common in business environments for secure access to sensitive resources, databases or critical applications, and even more so in a world where remote working has become so commonplace. But we can also use them at home. And perhaps we should.
It’s just a tunnel
Before getting into the details, let’s quickly review the different types of VPNs. To put it simply, a VPN is a tool that allows you to establish a secure tunnel between two sites.
Depending on the nature of the tunnel’s endpoints, we can distinguish between two main types of VPNs:
- Site-to-site (S2S): These allow you to connect two complete networks, such as the network of one office to the network of another office, or my home network to my cousins’ network.
- Point-to-site (P2S): These allow a remote user to connect to a private network, such as a company network, to access internal resources.
Recently, we have also seen an increase in the popularity of another type of VPN, Mesh VPNs, which allow users to connect to each other. This is a type of P2P (peer-to-peer) VPN, where each user or device acts as a node in the network, allowing a direct connection between them without the need for a centralised server (beyond the coordination and exchange of keys, of course).
(To be honest, it’s not really that new; the concept of Mesh VPNs dates back to the 1990s, but it has been given a new lease of life with the popularity of certain providers, decentralisation and remote working, in order to avoid the traditional costs of this type of hardware).
Returning to the main points, S2S and P2S VPNs have traditionally involved the purchase of expensive network equipment, so their use has been limited to businesses and organisations. However, the popularisation of P2S VPNs as privacy and security tools for browsing the internet has led many providers to offer these services to individual users at a very low cost, or even for free.
But remember: if it’s free, you’re the product.
Internet protection
As we have seen, VPNs are tools that allow you to establish a secure tunnel between two points.
–Does that protect us? When I browse the internet without a VPN, a padlock appears saying that my connection is secure. Isn’t that enough?
To answer that, we first need to clarify a couple of things. Yes, our browsing is typically secure, but only between us and the website we are connecting to: our internet provider, or even the owner of the Wi-Fi network at the café where we are connected, can see which sites we are accessing.
Normally, this is not a problem, apart from the fact that we may be bombarded with personalised ads based on our browsing habits.
But if we add a VPN to that, things change. The commercial VPNs we see out there are Point-to-Site VPNs: they establish a tunnel between our device and the VPN provider’s servers. This acts as an additional layer that encrypts our traffic, making the data we send and receive, as well as other relevant information, such as our IP address, hidden from third parties.
This does not mean that we are completely safe. A VPN itself does not protect us from potential threats on the internet, such as malware or phishing; it simply hides us and makes us a little more anonymous. If we browse dangerous sites or download apps from dubious sources, a VPN will not protect us; for that, some VPN providers offer additional features, such as firewalls or ad blockers.
Choosing my VPN provider
When choosing a VPN provider, there are three main differences to consider:
Server location: Perhaps the most important factor, the physical locations of the VPN provider determine the speed and latency of the connection, as well as the jurisdiction under which the provider operates and the content that can be accessed, if it is geographically restricted.
VPN protocol: Each provider may use a different security protocol. Beyond their capabilities, these are usually transparent to the end user. The most common VPN protocols are OpenVPN, L2TP/IPsec, IKEv2/IPsec and WireGuard. Whether each provider has its own app (for mobile or desktop) is usually irrelevant; it will always use one of these protocols.
Privacy policy: It is essential that the VPN provider has a clear and transparent privacy policy that explains how it handles user data and what information it collects.
Additional services: Some providers offer additional features, such as firewalls, malware protection, ad blockers or even preferential access to streaming services.
I don’t trust anyone. And that’s a good thing
The best solution when browsing the internet is not to trust anyone, and VPNs are no exception.
A provider with over 200 locations, anti-phishing filters and high bandwidth? All this comes at a very high cost to offer such attractive prices, not to mention the free ones.
The thing is, when we use a VPN, we are transferring that responsibility to the VPN owner. We are trusting them not to spy on us, not to store our data, not to sell our information to third parties.
How do they collect our data? Although many of them offer privacy policies where they claim not to store activity logs (known as No-log Policies), what they actually do is profile our browsing, extract patterns and sell that information to third parties. Others outright lie and sell all our activity. Or perhaps something worse.
Furthermore, a VPN itself is not foolproof: there are many ways to track our movements, no matter how much we connect through a tunnel in Madagascar. Take a look at this website, and you will see if you are unique or not.
That is why, just as we do not connect to public Wi-Fi, it is best to know who we trust. And if we do not trust anyone, it is better to set up our own.
A home VPN gives us that extra layer of security, without fear of third parties. We’ll use the same security protocols as commercial VPNs, and nowadays the necessary hardware isn’t really that expensive.
Connect to Wi-Fi in a café, hotel or airport without fear of being spied on, as it’s just like being in your living room.
Really, it’s not that complicated
There are multiple ways to set up a free, open-source home VPN, such as OpenVPN or WireGuard.
We can also opt for a complete, assisted solution, such as PiVPN, which can be installed on a Raspberry Pi: a small, low-cost, low-power computer, ideal for this type of experiment.
Installing a Raspberry Pi with PiVPN can be done with an afternoon of research and some hacker skills: Get a Raspberry Pi (any recent model will do).
- Install the Raspberry Pi OS operating system.
- Install PiVPN following the instructions.
- Configure your router to redirect traffic to the Raspberry Pi.
- Install the VPN client on your devices (mobile phones, computers, etc.).
This is just one example. There are hundreds of more advanced resources and tutorials on the internet that delve deeper into all these concepts. It is even possible to set up your own VPN on a web host in another country for a price similar to any commercial VPN.
Now, when you are on a public network, you can connect to your Raspberry Pi remotely and browse the internet as if you were at home, with the assurance that your data is protected and not accessible to third parties.
And best of all, you don’t have to trust anyone but yourself.
