It probably says something about mildly disturbing about my character that I’m borderline obsessed with online security. That might sound like a setup for some kind of epic humble-brag (“I suppose my greatest weakness is that I’m too dedicated to doing this thing that is awesome” etc), but honestly, if you want to distract me from anything useful then start talking to me about IT security and I’ll break out the grey beard and pocket protector and suddenly turn from the dapper bon vivant my clients know and love into an utter, utter adenoidal bore.
Freudian theory would dictate that I’m clearly hiding some terrible, dark set of secrets that make me preternaturally concerned with discovery and deceit, but I’m frankly baffled as to what they could be. I mean, my greatest flaws are that I lie about going to the gym, play Dungeons and Dragons over Zoom with other nerds on Thursday nights and my secret addiction is about thirty-five dollars a week in espresso and not opioids or persons of negotiable value. It’s distressingly low-stakes stuff. My midlife crises are of the existential variety and not the acting-out type. I’m… well. I’m pretty dull.
And it’s probably that inherent, unrelenting dullness that makes me interested in security, simply because a lot of it so cerebral and complex, and scratches all the itches that speak to philately and not philandery. Still, there are nuances that are potentially interesting to people who don’t lick their chops when they hear about end-to-end encryption and start banging on about said subject while their loved ones roll their eyes at the dinner table and exchange just-let-him-get-it-out-of-his-system looks, and those nuances also happily seem to fall into the category of things-I’m-sometimes-asked-about, and so here we are in paragraph three and I’m about to talk about masking your IP address. I’ll try and make this painless.
Practicing safe browsing is common sense in this day and age. It’s not simply a case of hiding your location and details from the authorities out of (probably justifiable) paranoia about The Man nor is it about using anonymity to go and do illegal things on the internet. Okay, it’s partly about those things, but it’s more about the value of privacy in an age where the commoditization of the individual has become the chief form of currency. Advertisers track you, build profiles of you, push products and content at you, increasingly crafting narratives and information designed to feed their ideas of who you are economically and demographically. Andrew Lewis put it concisely into this quote: “If you are not paying for it, you’re not the customer; you’re the product being sold.” It’s an unfortunate condition of using the internet, and it’s kind of gross. But there are simple, easy, legitimate ways to take yourself off the market.
VPNs and Proxies are a simple and effective way to mask your location and presence on the internet, and Tor is a technology that essentially uses an alternate network altogether. There are pros and cons to each.
A VPN creates a Virtual Private Network – an encrypted channel between you and the endpoint you’re accessing on the internet.
Pro: When you connect to a VPN you’re essentially telling your computer that it has a special network interface, and that when data is sent out via that interface it is encrypted and protected and – as far as the world is concerned – you’re actually at the end point. A prime use for VPNs is connecting from a remote location – coffee shop, airport, home – to an office network. You host a VPN at the office and connect to it remotely, and as soon as you do so then your office network thinks that you’re on its local network and in your office and not using the Shake Shack™ guest Wifi network in Irvine, CA. The sketchy guy at the table near the door can’t eavesdrop on the traffic going into and out of your computer, and you can access all the resources you have in the office (servers, printers etc) just as if you were actually on the office network – because in a very real sense, you are on the office network.
Con: VPNs don’t always work. Oh, sure, they mostly work just fine, but it’s entirely possible for VPN traffic to be blocked or throttled by ISPs and local networks – particularly if you’re running your own VPN out of your office/remote location. If you don’t run or roll your own and prefer to use a commercial VPN solution (you know, the kind you pay ten bucks a month for) then you need to read some fine print and do some research. Sure, any data you send to and from those VPN providers is securely encrypted, but there’s nothing preventing them from logging what you access on the internet once you’re connected to them. Some VPN providers will swear blind that they don’t keep logs, but that’s not always factually correct.
Proxies are much like VPNs in that traffic you send or receive goes is handled on your behalf by a third party.
Pro: Proxies are reasonably fast, and proxies are flexible; where a VPN sends everything out of your computer as encrypted traffic to a remote location, a proxy can be set up for a particular service or program. Want to use one proxy for web traffic on Safari and another for gaming? Fiddly, but doable. Also, proxies are relatively simple to set up and inexpensive.
Con: Proxies are not as fast as VPNs. And they do a miserable job of securing your data. That guy at Shake Shack™ might as well be like that kid John Ellison when you were in eighth grade who you had pass a note to Hannah Davis during math class to ask if she’ll go out with you. Yes, he’s going to be able to read everything, and No, she was never going to date you with that haircut.
Tor is the one I get asked about least. I think that’s because Tor doesn’t really use the internet as we know it; instead it routes traffic through multiple volunteer networks.
Pro: Tor is secure. Like, really, really secure. It’s less a product and more a system of stripping your data of identifying information, adding layers of encryption and then funneling your data through multiple networks. To use Tor you’ll need the Tor browser (based on Firefox).
Con: The Tor browser is great and allows you to use the Tor network, but on the other hand it’s not infallible. You have to trust the operator of the exit node you’re connected to, who can potentially track your information and activity. Additionally, the Tor browser only protects data on that browser – anything else sent out on your computer is something that your ISP can track, and additionally your ISP can see that you’re using Tor.
So, what does this all get you? Well, it’s clear that there are pros and cons to proxies, Tor and VPNs. But can you mix and match to get the best of all worlds?
Sort of. You can combine a Tor and a proxy by connecting to Tor via a proxy – which isn’t a great idea because then the connection between you and the Tor network goes through an unencrypted proxy. The other way round is marginally better – if you connect to a proxy through Tor then your traffic would end up finally exiting through a proxy and thus the ISP would have no proof that you were using Tor. But it’d be slow. Like, slow.
No, the better move is to combine VPN and Tor. Using those two together isn’t what you’d call fast, either. But if you’re using a VPN to encrypt your traffic to the Tor network then you’re getting the best of all possible worlds; route obfuscation and end-to-end-encryption. Your data is encrypted when it enters the Tor network and your origin IP address is likewise protected…