IPLeak.Net

If you are using a VPN, IPLeak.Net will detect whether your connection leaks any WebRTC or DNS information that would allow your ISP to determine what sites you are visiting.

It also has a Torrent Address detection feature in which you add a magnet link to a fake file to your torrent client, and the site will tell you what data can be gleaned from your torrent activity.

Highly recommended.

How Much Privacy Can VPN Providers Really Offer?

Nick Pearson, an EFF member and founder of IVPN.net, wrote a thorough article for TechDirt on precisely what sort of privacy VPN providers can and cannot offer customers.

I’ve been using AirVPN for a couple years now, and there are two basic forms of privacy I’m trying to achieve.

First, I do not want people who have access to the networks I’m using have the capability of monitoring what I amdoing. For example, I regularly connect my laptop to WiFi networks that I do not control, and want to ensure that no other users (including the operators of those networks) are able to see or record my activity.

Second, I do not want entities on the other end able to directly track my activity back to my actual IP address.

So for my case the most important thing was finding a VPN that doesn’t do any logging. As Pearson points out, a number of popular VPNs based in the United States — VyprVPN, HideMyNet, StrongVPN, etc. — actually keep logs of all activity through their systems so they can respond to DMCA requests. Pearson makes the case that not only is this the height of stupidity for a VPN, but that it is not even remotely required by US law.

The next most important thing, in my opinion, is to avoid any VPN based in the United States. With a lot of services, that option just isn’t there. With VPNs, many of them are based outside of the US and Europe, and the more obscure the jurisdiction the better.

Pearson raises a third use case for VPNs — avoiding monitoring by law enforcement.

So what happens if a law enforcement agency approaches a VPN, serves a subpoena, and demands a the company trace an individual, based on the timestamp and the IP address of one of their servers? VPN services, like all businesses, are compelled to abide by the law. However, there is no way of complying with the authorities if the data they require does not exist.

One of the few ways law enforcement could identify an individual using a privacy service, without logs, is if they served the owners a gag order and demanded they start logging the traffic on a particular server they know their suspect is using. We would shut down our business before co-operating with such an order and any VPN serious about privacy would do the same. So unless law enforcement were to arrest the VPN owners on the spot, and recover their keys and password before they could react, your privacy would be protected.

While I appreciate Pearson’s activism, I wouldn’t count on that sort of activist mentality to shield me from law enforcement. If law enforcement monitoring were a serious concern, I’d use multiple VPNs, switch servers within those VPNs regularly, and cycle through the VPNs I was using on a regular basis (as well as use TOR and other anti-monitoring countermeasures)

Even then, there are ways beyond direct logging for a persistent-enough law enforcement agency to track Internet activity back to specific users given enough time.

TorrentFreak Overview of VPN Services and Anonymity Policies

TorrentFreak published an interesting survey in which they asked various VPN providers about what, if any, logging of customers they do and what legal jurisdiction the companies operate in.

Not surprisingly, the worst for logging were StrongVPN and VyprVPN. I’ve used both in the past primarily because I wasn’t doing any file sharing while using the VPNs, but rather was using them to avoid being spied on locally over wireless and wired Ethernet.

That is still my primary goal with a VPN service, but it is also becoming more and more difficult to determine what is and is not illegal to do on the Internet, even in the United States.

Using the TorrentFreak overview as a starting point I looked over the various options and finally settled on AirVPN. AirVPN doesn’t maintain any logs, and is surprisingly cost-effective — I paid just $21 for a three month subscription.

AirVPN is OpenVPN-based, and the connection speed is generally good. The difference between something like AirVPN vs. StrongVPN — aside from the excessive logging of the latter — is the difference in server choices. StrongVPN had numerous servers I could choose from in the United States. AirVPN has just two.

Personally, though, I never had a need to switch servers while I was using StrongVPN. I’ve never seen the servers at AirVPN at capacity or had any problem connecting, so they’re keeping their capacity at an appropriate level which is all I care about.

Assuming the next couple months go as smoothly as October went, I’ll be going for the year’s subscription which cuts the cost to $6/month.

Android and VPNs

Over the past 6 months or so I’ve gotten to the point with my Android phone that I have started to use it for a lot of things I used to do only on my laptop. I typically run through about 3 gb of bandwidth a month, with 2/3rds of that being on public and semi-public wifi networks.

Since I’d prefer not to be spied on, I decided to go ahead and start VPN-ing whenever I’m connected to a wifi network I don’t own (which I’ve been doing for a couple years now on my laptop).

After doing a bit of research online, I signed up for a trial account at StrongVPN. And immediately ran into problems. From my experience, the PPTP feature in Android simply doesn’t work. It didn’t work on my Nexus One and doesn’t work on my TMobile G2, and it doesn’t work with either StrongVPN or another VPN service I use for my laptop.

I was able to get L2TP to work, however, using IPSec pre-shared key and keeping the L2TP secret disabled.

After sorting through that, the system has worked flawlessly. Android is smart enough to display a nice key symbol in the status bar so I can quickly verify that I am connected to the VPN as I am web surfing.

I set StrongVPN to use one it New York servers, and while I haven’t done any bandwidth testing to see what the speed hit is, that’s because whatever it is is so low that I don’t notice it in my day to day use of the network. I signed up for a 3-month subscription for $36.

Android really needs to add the ability to create a widget of a particular VPN network, but in the meantime VPN Show is a free app that will get you VPN settings screen in one click where you can select from the networks you’ve configured.