VPNs aren't really something about which I know much (other than that they're not the same as onion networks and I should probably use one). However, in the course of enhancing my knowledge of cryptography, I found some potentially useful information.
VPNs come in two varieties: Transport and tunneling.
- Transport encryption establishes a secure, encrypted link across the Internet, and it encrypts the data (payload) you are sending to the other end. The encryption is transparent to the user — other than passwords, passphrases, or special hardware to plug into the computer and/or software to operate, the user doesn't have to press a button that says “encrypt” or “decrypt.” All the data in transit is protected from sight. The only drawback to transport encryption is the fact that the headers on the data (metadata) are sent in the clear. In effect, that’s like disguising a package and then putting a label on it that says what's inside. That's maybe not the smartest thing to do considering that intruders may occasionally gain access. Worse, it may give users a false sense of security. It's for that reason that bad/weak encryption is worse than none.
- The other form of VPN encryption, tunneling, not only sets up a secure, encrypted link between two points, but it also encrypts the headers of the data packets. That's definitely better. Not only do you have a disguised package, but the address and the contents listed in the package's label are in code so it's not easily recognizable.
Even if someone does manage to intercept the data travelling through a tunneling VPN, they won't know what's in it or where it's going.
There aren't many protocols for tunneling VPNs, but the two most commonly recommended ones are as follows:
- IPSec: Secure Internet protocol
- L2TP: Layer 2 Tunnelling Protocol (Layer 2 forwarding & point-to-point tunnelling protocol)
I'm leaving finding a tunelling VPN that fits your needs and budget up to you, since I can't possibly know what those are without asking. Besides, I'm reluctant to recommend anything I haven't thoroughly researched and tested. I have seen a lot of buzz/hype around Mullvard and Nord, but couldn't tell you if any of it is warranted. If I remember, Proton (the company with which I have an email account) does offer a VPN as well, but I don't know more about it than that.
VPNs are great at protecting the data in transport, but they do not encrypt the data on your drives — that data is still in the clear. That's why encrypting your drives (with something like BitLocker, LUKS or VeraCrypt) is of paramount importance, especially if you use a laptop or other portable device.
Thumbnail image: Photo by Pixabay on Pexels
