Knowing the Limitation of VPN and How to Keep Yourself Safe

The advent of VPNs and their propagation has made it significantly easier than it was in the early 2000s to simply tunnel your connection through a far away server to ensure that all your communication is anonymized and secure. At least this is the impression that most people get when they hear about VPNs and the wonders that they bring. Connecting like this to browse the internet has become such a phenomenon that almost two-thirds of tech workers are doing it. In the real world, however, there are always some caveats to using a VPN, and it all depends on what steps your provider uses to secure your connection.

safevpn-spy

If you’re up to something that you really don’t want anyone to find out about, even if they attempt to audit your VPN provider for your info, you have to understand that most of the time your traffic is being logged. So long as a log of your activity exists somewhere in the ether, your privacy cannot be guaranteed. Even if you compartmentalize your activities (i.e. logging into social media only when you’re not logged into other things at the same time) you can still be pinpointed and your provider will have records of the IP address you logged in from.

In the worst case scenario, they might even have other information about you that can be handed over to anyone who requests it. If you really want the anonymity you’ve heard that VPNs promise, you have to make absolutely sure that the provider you choose does not keep logs. Be sure to Google a VPN provider’s name followed by “logging” just to be sure that it doesn’t have a reputation for doing this.

Before choosing a provider, be sure to ask what kind of authentication they use to get you connected in the first place. If they’re using point-to-point tunneling (PPTP) with MS-CHAPv2 authentication (over half of them do), then you’re signing up for a service that has a vulnerability that can be hacked through brute force attacks. This theoretically can allow hackers to sniff out your connection to see what you’re doing.

safevpn-mitm

Although a VPN is a great way to secure your connection to servers, it’s not a miracle worker. To negotiate your connection, most providers will use the internet security association and key management protocol (ISAKMP) and attempt to establish a security association (ISAKMP SA). Unfortunately, this could lead to a couple of issues if a hacker manages to mimic this association through techniques like ARP spoofing. It can then sit between you and the VPN, quietly listening to your connection (also known as a man-in-the-middle attack). Even if the server has another form of authentication on top of that, the second layer of security ultimately depends on the ISAKMP SA.

To avoid these issues, try authenticating from a network that only you have control over. I know this somewhat defeats the purpose of VPNs, but connecting to one through public Wi-Fi or a company network can lead to these kinds of risks. To be fair, it’s a minuscule amount of risk, but a skilled hacker can get the upper hand over your connection and completely undermine the security you were hoping to get out of it. So, even when using a VPN, you should be careful about what you do when authenticating via a public network.

In most cases, a good VPN will do everything possible to secure your connection, but some of that work has to come from you. If you can switch networks during an active session, then you’re gold! You could, for instance, authenticate via mobile internet and continue the session through Wi-Fi.

Do you have any advice you’d like to share regarding the relative safety of VPN providers? Let’s discuss this in a comment!

Leave a Reply

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.