Many users have long been familiar with various VPN services, which are necessary for safe and free use of the Internet without the restrictions of censorship.
But not all VPN providers can provide a high level of Internet security. In the following, we will tell you how to check your VPN service and what it is important to pay attention to.
We will talk only about what each user can independently check and see how reliable protection is provided by VPN-services. All comparisons are based on the example of VPN Monster, which fully implements the security levels described below.
Secure https connection
During the study, it turned out that several sites of VPN companies, working on the http protocol. Using such a connection is insecure and allows the keys to be intercepted and then – to decrypt all of the user’s Internet traffic.
Today, an important condition for site security is the use of https protocol with SSL certificates, which will protect the receipt of keys and configuration files from the VPN provider to the user.
Vulnerabilities of proprietary VPN clients
Different companies offer their own proprietary VPN clients to make it easier to connect to a VPN network. Using a proprietary client is always easier and faster, but not always secure.
We found several VPN companies that use an unencrypted http connection to an authorization server in their branded clients. The danger may lie in the lack of encryption of the configuration and key file retrieval process. As a result – keys and configuration files can be intercepted by outsiders and used to decrypt all Internet traffic.
To check whether the client uses data transmission encryption, you can use various sniffer programs that allow interception of traffic. If encryption was not used – you can find configuration files and keys in the intercepted data. In turn, if encryption is enabled – received encrypted traffic will show random data set with no indication of content.
Shared or individual encryption keys?
Interesting details were found when checking with several major VPN providers. Many practice handing out one key to all servers and all users, with only the login and password authorization process being different. If the username and password are compromised, the intercepted key will allow all of the user’s Internet traffic to be decrypted.
Some companies use different encryption keys for each user, but still with the same key for all servers. And only an individual key for each user and each server can provide reliable protection. Thus, if the user’s keys on one server are compromised, the connection remains secure when connecting to another server.
You can open a folder with configuration files and keys to check. The number of servers must correspond to the same number of keys, if the keys themselves are not in the ovpn files.
Possibility to change the key for user security
In the process of working on a computer, various situations can arise related to the loss of keys: infection by viruses, hacking or loss of the device. It is for such situations that some VPN providers offer users the ability to change keys without losing their subscription. In case of any suspicious incidents regarding information security, it is recommended to change VPN keys.
Logging and storage
The question of logging and storage is one that all users ask when choosing a VPN provider. This is important because logging will allow you to associate a customer’s online activities with his real IP address.
As a part of the experiment, we approached top VPN companies with a proposal for cooperation. And we found out that it is an obligatory condition for the resellers to store and provide all the users’ data (IP, email, phone, etc…). Such information may point to the keeping of user logs at large VPN-companies.
VPN provider can prove that there is no logging on the server only if he provides full Root access to check the user. If you need a complete guarantee of the absence of logging, it is better to have your own VPN server with full root access and the company RootVPN can help you with that.
If there is no possibility of the above-mentioned verification, you should pay attention to the physical location of the VPN company. Jurisdiction of offshore zones allows VPN providers not to log and not to depend on the requests of foreign intelligence services.
VPN fingerprint digital fingerprint gives away the use of a VPN
Modern technology makes it easy to tell if a person is using a VPN connection or not.
Most VPN providers do not hide the digital fingerprint. If, however, you need to hide the use of VPN technology, it is advisable to test the operation of the chosen service.
Information by IP address
It is important to consider that the time zone of the selected VPN-server must coincide with the time set on the user’s device.
In some VPN companies, when using OpenVPN in Windows 8 and 10, there is a risk of leaking the actual DNS value. It is possible to make sure there is no DNS leakage yourself. To do this, you will need to find the block-outside-dns option in the configuration file obtained from the VPN provider. The presence of the block-outside-dns option allows you to automatically block DNS leaks.
Reliability of encryption algorithms
Many VPN services often use insufficiently strong encryption methods, which saves server resources. Sometimes, at the expense of security, VPN companies continue to use PPTP, which has a number of vulnerabilities.
You should always pay attention to the encryption technology and algorithms used by the VPN provider. It is recommended to use OpenVPN technology with AES 256 algorithm, Diffie-Hellman keys of 2048 bits and 512 mb hash algorithm for maximum security.
What are the conclusions?
We tried to show that users can check the security of their VPN provider’s services themselves, in simple and affordable ways. And then an attractive price or colorful website design of a popular VPN company will not be able to mislead users, for whom anonymity and security are paramount.