Recently one of my students asked for a recommendation on a VPN app for his Macbook. I thought my rather long-winded reply might be useful to others wondering the same thing, and it’s appended below.<\/p>\n
There are two primary use cases for a VPN:<\/p>\n
Here’s my reply to my student’s question:<\/p>\n
The short answer is that I don\u2019t trust the apps on the App Store for VPNs. The longer reason\u2026all of them provide their own server to connect to, which means that my VPN internet traffic is going through an endpoint that I don\u2019t control. The only assurance I have that my traffic isn\u2019t being decrypted, stored, or otherwise manipulated is that the app seller tells me that they don\u2019t. Also, the programs are not open source, so I can\u2019t look through the code to assure myself that there is no back door or other security risk.<\/p>\n
For that reason, I use Tunnelblick on the Mac (https:\/\/tunnelblick.net), which is an open-source VPN program. I have very high confidence that it hasn\u2019t been compromised. I run my own VPN server (which I personally built and maintain) to connect Tunnelblick to when I\u2019m away from the home network, so the encrypted tunnel goes from my Macbook, through the Tunnelblick VPN, into my own server, and from there out onto the internet. The use case is typically that I\u2019m away from home, on an insecure network, and want to lock down \/ encrypt everything going over that network.<\/p>\n
That being said, if my purpose is to connect to a VPN so that it appears I am somewhere else, such as if I want my internet address to be in the UK to watch soccer, I\u2019m forced to use one of the commercial VPN providers, and for that I use Tunnelbear, https:\/\/www.tunnelbear.com. Note that this is not open-source, and so your confidence in it in terms of privacy should be very low. They do get good reviews, and I\u2019ve had a $5\/month subscription with them for about three years now. I generally use Tunnelbear for very specific purposes (such as location shifting) and take steps to make sure that no other traffic is going through their VPN endpoint (I use Little Snitch firewall rules to accomplish this).<\/p>\n
On the iPhone\/iPad side I use OpenVPN (https:\/\/openvpn.net), but again I\u2019m connecting back to my on VPN server with it. It\u2019s an open-source project that I have high confidence in.<\/p>\n
OpenVPN offers PrivateTunnel, with a pay-as-you-go connection plan that is fairly inexpensive. It\u2019s the same team that produces OpenVPN, so I would trust them a little more. The \u2018tunnel\u2019 is a VPN connection back to one of their servers, and so you run the same risk of interception as with something like TunnelBear, which means that you would NOT use this solution for highly sensitive traffic. Also, I don\u2019t believe that they have all that many servers, so you\u2019d be limited in your choice of where you appear to be. I\u2019ve been meaning to give them a try to see what the service looks like.<\/p>\n
[update 7\/15\/2016] I’ve installed Private Tunnel for testing. They offer endpoints in: NYC; Chicago; Miami; San Jose; Montreal; London; Amsterdam; Stockholm; Frankfurt; Tokyo; Zurich; and Hong Kong.<\/p>\n
I know that\u2019s a long answer! Bottom line is that if you are connecting to someone else\u2019s VPN server, don\u2019t trust it with anything other than mundane traffic. For location-shifting to do something trivial like watch soccer or get around a school\u2019s firewall, commercial solutions like TunnelBear are fine.<\/p>\n
Since we\u2019re on the subject, I can\u2019t recall if I mentioned it in class, but if you need secure IM and voice, you (currently) should be using Signal and nothing else. And of course PGP for email :^)<\/p>\n","protected":false},"excerpt":{"rendered":"
Recently one of my students asked for a recommendation on a VPN app for his Macbook. I thought my rather long-winded reply might be useful to others wondering the same thing, and it’s appended below. There are two primary use cases for a VPN: You are away from your home network, possibly on an unsecured […]<\/p>\n","protected":false},"author":11388,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[8],"tags":[19,18,17],"_links":{"self":[{"href":"https:\/\/sites.bu.edu\/perryd\/wp-json\/wp\/v2\/posts\/145"}],"collection":[{"href":"https:\/\/sites.bu.edu\/perryd\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sites.bu.edu\/perryd\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sites.bu.edu\/perryd\/wp-json\/wp\/v2\/users\/11388"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.bu.edu\/perryd\/wp-json\/wp\/v2\/comments?post=145"}],"version-history":[{"count":5,"href":"https:\/\/sites.bu.edu\/perryd\/wp-json\/wp\/v2\/posts\/145\/revisions"}],"predecessor-version":[{"id":150,"href":"https:\/\/sites.bu.edu\/perryd\/wp-json\/wp\/v2\/posts\/145\/revisions\/150"}],"wp:attachment":[{"href":"https:\/\/sites.bu.edu\/perryd\/wp-json\/wp\/v2\/media?parent=145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sites.bu.edu\/perryd\/wp-json\/wp\/v2\/categories?post=145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sites.bu.edu\/perryd\/wp-json\/wp\/v2\/tags?post=145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}