The Pros And Cons Of Using A VPN Or Proxy Service

The Pros And Cons Of Using A VPN

You don't know and can't know if you're being watched. The point is that you could be.

Since long before the Wikileaks and Edward Snowden events, credible information had trickled into the public eye about governments' electronic surveillance of citizens. Do some reading on ECHELON. Look up Carnivore and its less threateningly named successor, DCS1000. The technology to monitor your online communications is real; only the knowledge of whether those communications are being collected and examined remains in dispute. Of course, that's just the government. The question of whether and how much companies, from your ISP to discount retailers, examine your activities is a whole different can of worms.

Your privacy is under threat. That may not be an immediate reason for alarm, but if the thought makes you uneasy, you may want to turn to a virtual private network (VPN) service for help. Like most things, there are good and evil ways to use a VPN, and even the good ways may not always be legal. We're not here to judge or advocate, only inform. In the following article, we'll examine the technology of VPN services, assess their role in today’s world, and examine a few of the market’s top subscription-based contenders.

MORE: VPN Services in the Forums

Nuts, Bolts, And Why You Want A VPN

You know that the public Internet is not secure. It's like a public highway system. Any compliant traffic can hop on or off at will. To see what's inside of a car, all you have to do is look through the windows. A LAN is a private network, like driving inside of a gated community. Consumers, with their basic home routers, typically implement just enough security to deter curious onlookers -- a wooden fence, if you will. Businesses employ more serious measures, with dedicated firewall appliances, IT staff trained in security practices, and so on. LANs are essentially pockets of security dotting a landscape of open, insecure data traffic.

Many years ago (and to a lesser extent, still today), companies might opt to install a leased communications line from a provider, such as a T-1 or ISND line. This provided a new, private road between two points. In most cases, though, a VPN offers a drastically more cost-effective approach. A VPN is a sort of secure tunnel between a client (PC, laptop, tablet, etc.) and a LAN. The traffic between those two points still travels across the open Internet, but encryption provides a sort of shroud around the connection. Those who want a peek can't see inside the connection, and even if they manage to break in, the traffic packets are still encrypted and thus gibberish when examined.

Additionally, by manipulating the header information in your packet stream, an intermediary VPN service replaces your computer’s IP address with its own. If that VPN service's server happens to be in a country beside your own, then it appears as if you are generating traffic from within that server’s country. Illicit uses of this location spoofing abound, but think of it this way: You want to get hired by a company that is only recruiting from the town next to yours. You're willing to accept the commute to get the job, so you convince a friend in the neighboring town to let you send mail from his address. You correspond with the employer from this second address, get the job, and the employer is none the wiser. (Whether you get busted and fired in an audit later is a different story.) Is this how people get around regional DRM restrictions for streaming content? Sure. Every day. It's illegal, but it happens. To be fair, this is also how people in oppressive, Internet-blocking nations manage to receive exposure to the outside world. For one recent example, check out VPN provider TorGuard's blog post on China's recent blocking of Gmail service.

Legitimate and semi-legitimate scenarios for VPN use abound. What if you're a student whose college requires a secure connection to the school's costly subscription databases? What if you're using BitTorrent to download legal content (of course) but don't want to run the risk of getting accused of downloading something you may not have intended? What if you're an American paying for a music streaming service and you travel abroad for a month to a country that restricts your content? (Note that streaming service providers, such as Netflix, may be getting more aggressive about limiting geoblocking work-arounds.) And naturally, there's always the pursuit of privacy and shielding your traffic from everyone simply because that's your right. As we said, VPN technology can be used for good or evil, and deciding which is which may be a matter of perspective.

VPN Or Proxy?

Often, the terms "VPN server/service" and "proxy server/service" get used interchangeably. That's not quite accurate. While both are similar in function, their differences can decide which is better for your given needs.

A VPN is essentially a secure wide area network (WAN) comprised of two or more end points, at least one of which will be a server. VPNs use any of several protocols to perform their tunneling; PPTP, L2TP, IPSec, and SSL are the most common. (It is beyond the scope of this article to talk about the inherent advantages and disadvantages of each approach, but there are plenty of resources for doing so.)

VPN technology is cheap, but it still suffers from the same congestion and latency issues as the public Internet because, after all, it's on the public Internet.

A proxy server acts as a middleman, fielding requests from clients requesting resources from servers. If you've seen Galaxy Quest, you might recall how Sigourney Weaver's character would field requests for information from the captain and then convey them to the ship's computer system. Then, when the computer supplied an answer, Weaver would repeat it back to the captain (even though everyone could hear the computer first-hand)? Weaver was acting as a proxy server. In real world computing, the client (the captain, in our analogy) wouldn't be in the same room. The end server can only see the proxy server and has no idea what client is doing the requesting, thus preserving anonymity.

"A VPN provides the highest level of privacy because it applies encryption to the entire session, protecting all applications that access the Web," notes Jason C., a TorGuard administrator. "A proxy simply tunnels the traffic with no encryption. However, it can be applied to specific applications that support proxies."

According to Ted Kim, interim chief operating officer of London Trust Media, maker of the Private Internet Access VPN service, all software will work with a VPN service. This is not true of a proxy service. The latter will take your request, perform any necessary processing (such as authenticating your user status), then send out your request as if it were its own. If a software application is written to work with this forwarding arrangement, then all is well -- and many do. Most Web browsers, Torrent clients, and so forth work very well with proxy services. But proxy forwarding falls flat when, for instance, needing to mask DNS requests such that they appear to come from another country. Proxying also struggles with games, VoIP, and other traffic types that flow just fine on a VPN.

"A VPN service adds a virtual network adapter that your PC is then told is the primary network adapter for the computer," explains Kim. "All traffic, whether it's designed to be proxied or not, will go out on the VPN to your end-point. This allows for traffic such as DNS, gaming, and VoIP to be routed out via that network with surprising ease. Our servers then take the traffic, anonymize it, and send it out to its destination. The client can relax in security, knowing there’s no identifying information about their personal IP address visible to the end-node at the network level."

Compatibility aside, the critical difference between these two service types generally boils down to security. Proxy services do not tend to be encrypted; VPN services do. With encryption in place, your ISP cannot see what is happening within your VPN connection. This may not be the case with a proxied connection. Caveat emptor.

On the other hand, encryption can slow things down, and therefore proxy services process streaming media and file downloads faster, TorGuard founder and CEO Ben Van Pelt tells us. Also, he adds, "a proxy server can be configured to provide IP masking for a single application or device that may not normally support VPNs."

For the ultimate in privacy control, you can use a technique called layering, or using both a proxy and VPN. This helps "prevent against accidental disconnects or IP leaks," Van Pelt says, adding that TorGuard provides discounts to customers who add connections.

Can You Trust The VPN Service?

VPN services can shield your identity from service providers, but can the VPN providers themselves see your identity? If so, can they be forced to turn it and your activities over to authorities when legally demanded to do so?

"We try our best to ensure that proper legal process is followed for all law enforcement requests," says London Trust Media’s Ted Kim. "Further, we do not know your IP address nor ask for any other private information about you when you sign up at Private Internet Access, except for an email address to confirm your account. While service providers may have your specific IP address, the systems Private Internet Access has in place makes it virtually impossible for a service provider to prove a particular IP address definitively accessed a separate destination point through our network."

What about in situations where a new deanonymizing tool arises, such as the brouhaha that blew up recently over Cisco's Netflow being able to identify Tor users with disturbing proficiency?

"IP traffic is very difficult to trace, but, given sufficient resources it can be done," says Kim. "However, there are ways to stay more anonymous and therefore be untraced if, by the same token, sufficient resources are deployed to anonymize oneself."

A note about privacy: TorGuard CEO Ben Van Pelt notes that one of the big misconceptions about privacy is the assumption that those employing it must be hiding something. "This statement couldn’t be more inaccurate," he says. "If this was true, then I assume just because you are a law abiding citizen there should be no problem with installing a camera in your shower. Pivacy is an essential human right, one that reinforces our very own humanity through dignity, freedom of speech and freedom of association."

Key Purchasing Considerations

All VPN services are not created equal. If you're in doubt on this point, try paid and free VPN services side by side and look at the differences in advertising, performance, and privacy policies. You do get what you pay for. Apart from obvious factors such as price and a user-friendly interface, you will want to compare subscription VPN providers based on several criteria that matter most to you and your applications. We recommend at least investigating the following variables.

Personal Data Retention

For many users, this may be the most important criterion of all. You're not truly anonymous if the VPN provider logs your identity and activities. A VPN provider that takes privacy seriously should get right in your face with assurances and details about how they do not monitor traffic, record session activity or IP addresses, or even capture time stamps. This way, if the government or other authority should come knocking, the VPN provider will be largely powerless to sacrifice the user's identity or actions because no record of such doings exist. For instance, TorGuard has gone on record saying that the best (or worst, depending) it can do in the face of a DMCA notice is to filter specific content. This is generally sufficient to appease bandwidth providers.

Supported Client Diversity

With so many apps migrating to the cloud, it's easy to forget that some software, including VPN clients, need to run locally. Thus you'll want to check if your devices and OSes are covered. Windows, Mac, Android, and iOS versions should be a given. Dig deeper to find out about Linux and unconventional platforms, such as smart TVs and game consoles, if these apply to your desired use.

Total Number, Speed, And Location Of Servers

All other things being equal, more servers is better. You want fast servers, and you want them as close to your client as possible to help reduce latency. You also want a provider with a relatively low per-server load count, since a customer base hammering only a handful of servers will naturally lead to congestion and paltry bandwidth allocation. Also be aware that secondary market servers may not offer the same bandwidth speeds as those in primary developed nations. Backbone and trunk speeds will vary widely. Know your bandwidth needs and run speed tests accordingly.

Supported Ciphers And Protocols.

Security buffs will likely know the difference between OpenVPN, AES-256-CBC, SHA3, and plenty of other encryption methods. VPN providers may offer users a range of ciphers from which to pick for their connections. If this matters to you, check out your prospective provider’s list of supported algorithms.

Embedded Anti-Malware

Hopefully, you're running anti-malware software on all of your clients, but some providers will offer additional security by running anti-malware scanning on their traffic.

Accepted Payment Methods

Obviously, credit cards can be tracked and represent a privacy weakness. One path around this is to use pre-paid cards, which require little more than an anonymous email address, but this can be a hassle. You may want to inquire about alternatives, such as PayPal, Bitcoin, Plimus, and even cash. Keep in mind that PCI (payment card industry) requirements (if your provider is PCI-compliant) prohibit the storing of payment data with customer records, but that doesn’t bypass the fact that providers need some way to record payments to user accounts for simple accounting. However, knowing that you paid for a service in no way indicates what you did with that service.

VPN Location, Location, Location

The discrepancy between VPN server location and IP location can be jarring when you first encounter it, as we did. To the uneducated eye, it seems to be a case of bait-and-switch. But is there more to it? We asked the crew at IPVanish and received back this admirably thorough reply from its Digital Community Team:

Geolocation, the method with which websites determine the location of someone accessing their site, is a service provided by third-party entities wherein the website provider purchases access to a database that supposedly has the latest, most accurate information. When someone visits a company's site, the company just references that IP against the database, and the result determines what you see. In these cases, it is important to note that for all VPN providers:

A geolocation company is allowed to misrepresent the actual location, and there is no current legal course that can be taken to have that corrected.

Owners of websites often pay once for a copy of the database, and, to save money, do not pay for regular updates. Thus in the event a correction is made, there is no guarantee that it will affect that website.

Most geolocation providers use crawlers to see what IPs regularly access a server with their database and correlate that with the content being accessed (among other things). They use this automated method to determine a location.

If they get enough conflicting data, providers will simply put the IP address in the middle of the ocean and call it a day. Other times, they will just correlate it to the greatest similarity and determine location based on that. Take, for example, our Atlanta c-server. Some providers say it’s in Blountville, others in Bloomington, others in Stone Mountain, a few actually in Atlanta, and a few that have us in the middle of the ocean.

Ultimately, we have to ask ourselves: What can you do when you physically purchase a server that is physically hosted in a location but others decide that they don't want to report it accurately? To date, and every month going forward, we go through the process of requesting corrections from the affected providers. All of them have a threshold of "if we get X-number of requests from the same people within Y-number of days, we will permanently ignore them." So we have to be careful of that, as well.

That's where we are at with this issue. I apologize for any inconvenience, but you can rest assured that it’s a thorn in our side, too, and we are continuously trying different ways to get our servers reported correctly by these companies.

MORE: VPN Services in the Forums

Tom's Hardware VPN Ratings: You Be The Judge

Tom's Hardware would like your input on the top VPN services. Specifically, we would like you to rate the services you have experience with as a customer and tell us what you like and dislike about them. Our plan is to use your ratings when we review some of these services ourselves.

We are going to follow up this article with an assessment of four of the leading VPN players. Depending on the volume and quality of written feedback, we may even use your commentary within our upcoming VPN article.

The idea here is to augment our own experience with that of the Tom's community in order to present some of the diverse feedback we often get. We aren't looking for full-fledged reviews here, just a 1-5 star rating and short comments on what you like and dislike about the service. Most important, please only rate the VPN services with which you've had direct experience.

We also realize that our list represents only a handful of VPN services, so feel free to add the VPN service you'd like to review in the "Other" box. Thank you in advance for helping out. You're not just helping us, but inevitably also other Tom's readers.


Create a new thread in the US Reviews comments forum about this subject
This thread is closed for comments
19 comments
Comment from the forums
    Your comment
  • PaulBags
    Eh. In NZ, I'm pretty sure the tics bill made it illegal to sell vpn service that the gcsb doesn't already have a back door to. I could possibly source a service from outside the country, but it will likely throw up a flag & be traceable back to me anyway, just because they can't see what's in the tunnel doesn't mean they can't see the tunnel.

    I figure I'm better off being unassuming. They can't read _everything_, might as well stay in the open and be protected by the masses & luck.

    Of course, I have nothing worth hiding...
    1
  • heffeque
    Quote:
    Eh. In NZ, I'm pretty sure the tics bill made it illegal to sell vpn service that the gcsb doesn't already have a back door to. I could possibly source a service from outside the country, but it will likely throw up a flag & be traceable back to me anyway, just because they can't see what's in the tunnel doesn't mean they can't see the tunnel.

    I figure I'm better off being unassuming. They can't read _everything_, might as well stay in the open and be protected by the masses & luck.

    Of course, I have nothing worth hiding...

    We've gotten used to governments from all over the world spying on us.

    Sad that things have come to this.
    1
  • knowom
    VPN for security and proxy for performance & content filtering.
    0
  • rayden54
    @heffeque
    No, the sad part is that people ever thought there was such a thing as privacy on the internet. When I was a kid people knew better.

    People shouting from the rooftops shouldn't get to be surprised when someone listens in. It isn't even spying when you're the one broadcasting the information.
    -1
  • Reepca
    Quote:
    @heffeque
    No, the sad part is that people ever thought there was such a thing as privacy on the internet. When I was a kid people knew better.

    People shouting from the rooftops shouldn't get to be surprised when someone listens in. It isn't even spying when you're the one broadcasting the information.


    I suppose the real question is why our only mode of efficient communication is shouting from the rooftops. Someone should do something about that...
    4
  • razor512
    Unless you are running your own VPN server, you can be sure that any paid VPN service will log just enough information in order to be able to link your actions back to your IP address.

    If they did not, then they would be liable for the traffic for their customers. Imagine if a customer of the paid VPN service, decided to do something highly illegal like downloading or distributing child pornography. The VPN service will have enough bits and pieces logged in order to know which customer generated the illegal traffic.

    They literally cannot do otherwise without becoming a safe heaven for crime, or or providing criminals at least a criminals with a 1 time free pass to do something highly illegal. Furthermore it can also be interpreted as allowing someone to mask their own illegal activity by blaming it on the customers who they are not logging the traffic of.

    Overall, the VPN services will log information for their own network management needs, but you can bet that it is enough for them to figure out who did what on their network if the government comes knocking.
    (They may not all be explicitly recording your session, but there is going to be enough logged to essentially allow them to rebuild the details session if they wanted to)
    2
  • PaulBags
    Quote:
    Quote:
    Eh. In NZ, I'm pretty sure the tics bill made it illegal to sell vpn service that the gcsb doesn't already have a back door to. I could possibly source a service from outside the country, but it will likely throw up a flag & be traceable back to me anyway, just because they can't see what's in the tunnel doesn't mean they can't see the tunnel.

    I figure I'm better off being unassuming. They can't read _everything_, might as well stay in the open and be protected by the masses & luck.

    Of course, I have nothing worth hiding...

    We've gotten used to governments from all over the world spying on us.

    Sad that things have come to this.

    I acknowledge the reality, that doesn't mean I'm okay with it. I just see no point in fighting when no-one else will stand up by my side. I'm fine with the idea of even armed revolution, but if I stand up alone I'm just going to get chopped down. Better to smile & nod & bow, and enjoy what little freedom and comfort I have; and be ignored by the big power wielding entities.
    0
  • Vosgy
    "Australians will have two years of their metadata stored by phone and internet providers after the Abbott government's controversial data retention laws passed Parliament."

    Yay for Australia, cost of Internet is already too high, now with go up more as the ISPs need to store years of data and will pass that cost on to the consumer. Loose loose for the consumer.

    Damn backward country I live in.
    4
  • otokomae
    I'd really love to see a "VPN for Gaming Guide" or something like that, as many people use them and other, similar-sounding services to reduce lag or latency when playing online games.
    2
  • ctsboss
    Here is the real question, Can I use a VPN or Proxy to fool Pokerstars or Full Tilt into believing that I am NOT inside the US and allow me access and play on the site? I have heard of some people using this solution instead of actually moving to canada or mexico to play?
    -3
  • Xivilain
    Quote:
    I'd really love to see a "VPN for Gaming Guide" or something like that, as many people use them and other, similar-sounding services to reduce lag or latency when playing online games.


    How would that even be possible? Wouldn't the VPN introduce even more latency in the speed?
    5
  • Cespenar
    In Australia, maybe the ISP's can send a billion hard copies to the govt. to store in a shed somewhere.
    Maybe they could set up an automatic emailing system where the metadata is emailed directly to the govt. offices. Yeah! I like that idea!
    1
  • Tonylu1595
    Bad: Makes tomshardware site not trust you and makes you enter in a Captcha.
    2
  • wtfxxxgp
    Quote:
    Quote:
    I'd really love to see a "VPN for Gaming Guide" or something like that, as many people use them and other, similar-sounding services to reduce lag or latency when playing online games.


    How would that even be possible? Wouldn't the VPN introduce even more latency in the speed?


    I'd love an answer to these questions - the added latency presumption is logical, but, what if it meant that your overall UP-TIME was 300% better? Latency is such an issue in South Africa because all the cool games are always hosted very far from us. Part of the issue is that we have failed connections from time to time and packet loss (obviously). If a VPN solution adds less than 30ms to my already high latency (230-odd ms average for League of Legends for example) then I'd prefer to go with a VPN solution because sometimes the packet loss makes my mood less than desirable.
    -1
  • Eggz
    It would be more helpful for Tom's to do an article on setting up a home server to run a VPN. I know there are a lot of steps, and there are different ways to do it, but seeing that laid out would be cool.
    1
  • Kadathan
    Quote:
    Quote:
    Quote:
    I'd really love to see a "VPN for Gaming Guide" or something like that, as many people use them and other, similar-sounding services to reduce lag or latency when playing online games.


    How would that even be possible? Wouldn't the VPN introduce even more latency in the speed?


    I'd love an answer to these questions - the added latency presumption is logical, but, what if it meant that your overall UP-TIME was 300% better? Latency is such an issue in South Africa because all the cool games are always hosted very far from us. Part of the issue is that we have failed connections from time to time and packet loss (obviously). If a VPN solution adds less than 30ms to my already high latency (230-odd ms average for League of Legends for example) then I'd prefer to go with a VPN solution because sometimes the packet loss makes my mood less than desirable.


    It depends. The theoretical maximum speed a signal can travel is just under 300km/ms , so there is a hard minumum when it comes to latency between you and a server. Then there's computer cycles going to the network card, there's the input deay from your keyboard and output from your monitor... all of these things have and cause small latencies. But if you're strictly talking about server latency, VPNs often can reduce it when there is something between you and the server causing a slowdown, i.e. a high traffic datacenter. Taking a different route to circumvent these places is something a vpn is capable of being set to do, and is where most latency increases would come from. Under ideal conditions, you are right, they would add latency rather than remove it, but the internet is rarely, if ever, ideal.
    2
  • scify
    If one lives in any particular country, would it be best to use a VPN service that headquarters from outside of that country?
    0
  • Xivilain
    Anonymous said:
    Quote:
    Quote:
    Quote:
    I'd really love to see a "VPN for Gaming Guide" or something like that, as many people use them and other, similar-sounding services to reduce lag or latency when playing online games.


    How would that even be possible? Wouldn't the VPN introduce even more latency in the speed?


    I'd love an answer to these questions - the added latency presumption is logical, but, what if it meant that your overall UP-TIME was 300% better? Latency is such an issue in South Africa because all the cool games are always hosted very far from us. Part of the issue is that we have failed connections from time to time and packet loss (obviously). If a VPN solution adds less than 30ms to my already high latency (230-odd ms average for League of Legends for example) then I'd prefer to go with a VPN solution because sometimes the packet loss makes my mood less than desirable.


    It depends. The theoretical maximum speed a signal can travel is just under 300km/ms , so there is a hard minumum when it comes to latency between you and a server. Then there's computer cycles going to the network card, there's the input deay from your keyboard and output from your monitor... all of these things have and cause small latencies. But if you're strictly talking about server latency, VPNs often can reduce it when there is something between you and the server causing a slowdown, i.e. a high traffic datacenter. Taking a different route to circumvent these places is something a vpn is capable of being set to do, and is where most latency increases would come from. Under ideal conditions, you are right, they would add latency rather than remove it, but the internet is rarely, if ever, ideal.


    So the bottom line is... it depends. Interesting. I'd like to know if its possible to find out where these latencies are in my internet connection and possibly circumvent them too, with a VPN. Trial and error testing would work, but takes some time.
    1
  • Kadathan
    tracert to the destination server, and you'll see where the heavy spots are. Then, same tracert using a vpn and see if it's improved. Sometimes I get better latency with it on, sometimes better with it off, but it's nice to have options for when the internet starts doing it's thing where it becomes terrible.
    1