Özel Fırsat 2 Yıl Alın + 1 Yıl ÜCRETSİZ ! Sınırlı teklif >>

Trust.Zone Blog

Trust.Zone'dan En Son Haberler, Etkinlikler ve Özel Teklifler

How To Choose The Best VPN - Kill Switch, Warrant Canaries

1 Haziran 2016
This is the last part of the comrepehensive guide on how to choose the best VPN by @ThatOnePrivacyGuy:  Kill switch, Warrant Canaries (read previous parts here: part 1, part2 and part3)



IF YOU'RE CONCERNED WITH BYPASSING RESTRICTIVE NETWORKS

Some parts of the world are resisting the ever-growing ability for their citizens to freely share information and as such have implemented roadblocks in their networking infrastructure to cripple such communication. For example, the "Great Firewall of China" has several layers of VPN detection and blocking built into it. Other networks belonging to large corporations or maybe even your Internet Service Provider may restrict you from using certain ports, limiting what you can use the internet for. However, there are ways to get around these restrictions by using the right VPN.

Features such as multihop, TCP port 443, Obfsproxy, SOCKS, SSL tunnels, SSH tunnels, and some other proprietary solutions (which may be built specifically by a given VPN company) can be useful in avoiding these restrictions. As for which are most effective, it's a matter of which restriction is being inflicted upon the user. Speak with your VPN service's support team to determine which might be effective in your case. The VPN Comparison Chart shows which services support which of these protocols and features in their configuration. Using TCP port 443 is usually a relatively common and user-friendly measure to bypass a restrictive/oppressive network.

CLEARING UP MISCONCEPTIONS

Kill switches - Many VPN services offer in their client a feature called a "Kill switch". The idea with a Kill Switch is that when the VPN loses its connection, it completely prevents the device from using internet, thus preventing accidental leaks of local connection data. Kill Switches are implemented very differently and will never be secure due to their design. The only 100% effective and secure configuration to accomplish prevention of leaks is a properly configured firewall. There are two main types of kill switches, those that shut down preconfigured apps in response to detecting the VPN connection has dropped and those that disable the network connection (or delete routes etc) if they detect a disconnection. In both of these cases the Kill Switch component is having to react to an event and very often leads to leaks - just a single packet is all it takes to compromise your privacy. The only way to be absolutely certain that packets cannot leak is for there to be an independent component (the Firewall) that blocks all packets unless destined for the VPN interface.

Warrant Canaries - Some VPN services maintain a document called a "Warrant Canary". This is a document put out and updated by them certifying that they have not been contacted by government agencies or coerced to compromise their user's data. In theory, if such an event occurred forcing them to compromise their principles, they would stop updating the canary, which in turn would indicate to users that their data is no longer private. Note that not all companies use effective warrant canaries. There is some debate as to the effectiveness of a warrant canary between experts to begin with - as force can be used by governments to coerce companies into maintaining them, thus nullifying their effectiveness. They are usually nothing more than marketing theater. If a company WAS operating a good canary, it would be almost impossible to tell. A warrant canary is almost a better feature to care about once you've found a trustworthy, capable service, rather than looking for a company that has one when shopping around.


Many thanks to @ThatOnePrivacyGuy!

Share: