“We’ve spoken about the merits of having a VPN (virtual private network) to protect your privacy and secure your connections when online,” Anthony Casella writes for iMore. “If you have a VPN service running on your local device, all of the data (so long as you’re routing all of the data through the VPN) is encrypted from your device to the VPN server. Depending on the VPN provider, your data afterwards can be anonymized, since anyone ‘listening’ to the traffic coming in and out of the VPN server would see a din of data with the origin and destination being the IP of the VPN server. Not your true IP.”
“DNS stands for Domain Name Service. The nutshell explanation is that it performs the translation from human-friendly URL names (like www.imore.com) to internet service computer destinations called IP (internet protocol) addresses,” Casella writes. “You don’t need to know imore.com’s IP address when you visit. You just need to type in the name and off you go.”
“Even though you may be using a VPN service, there are some caveats that may affect how truly private your internet access is,” Casella writes. “There are somethings you can do to make certain you’re not leaking private information via your DNS.”
Read more in the full article here.
MacDailyNews Take: We use TunnelBear’s VPN service (especially while using public Wi-Fi) which lets you choose from servers located around the world in 20+ countries. TunnelBear offers unlimited data for less than $4.17/month. Importantly, TunnelBear explicitly states, “No logging. TunnelBear does NOT log any activity of users connected to our service. Period.”
SEE ALSO:
Apple should offer their own VPN service to iOS and Mac users for security and privacy – April 5, 2017
Protecting against possible ISP snooping by using a VPN and https – April 3, 2017
Privacy 101: Why you need a VPN – March 31, 2017
Why Congress’s rejection of proposed FCC data rules will not affect your privacy in the slightest – March 31, 2017
Congress to US citizens: Online privacy isn’t dead, those who want it will just have to pay for it – March 30, 2017
U.S. Congress sends repeal of FCC broadband privacy rules to President Trump for signature – March 29, 2017
Congress votes to repeal FCC Internet privacy rules – March 28, 2017
U.S. Senate votes to overturn Internet privacy rules – March 23, 2017
i use tunnel bear too, have been for several years.
If you F up DNS, you will pay dearly.
Very happy TunneBear user here, based on MDN’s recommendation.
Fast, private and easy to use.
MDN take doesn’t address DNS, which was the point of this article. Taking the day off MDN and just copy/paste your usual responses?
Why would anyone pay monthly for a VPN service.
There are plenty of options to get lifetime subscriptions.
When I see “lifetime subscriptions,” I think “we are going to collect a whole bunch of folk’s money and then go out of business.”
The problem is that the “lifetime” of the subscription is “the life of our marketing campaign until our unsustainable business collapses.”
When I see a monthly service, I think “these folks might actually have a plan to stay in business for a while.”
And, even if they don’t, I haven’t sunk money in that I’ll never see again if they go bankrupt.
Odd I’ve had the same VPN for the past 3 years on my lifetime subscription, one of the largest VPN services out there. Got it on a promotional deal they were running on another site. They still offer monthly if you want it, but I grabbed a $29 deal. Less then you’d pay for Tunnel bear for a year. So while you keep dumping $50 a year , year after year and money you never get back. I’m so far ahead of the game. Have fun with your monthly payments. I suggest other go to other mac sites and grab one of the lifetime deals when they offer them.
I’m with Krioni. Be VERY careful when choosing a VPN service, especially those offering a ‘lifetime’ subscription. Dig around in the search engines to find out everything you can about them, their promises, their follow-through, their speed, location, reputation and longevity.
EXAMPLES:
Good lifetime subscription: I joined a PROxpn lifetime subscription and am very pleased. But, at first, I didn’t believe their offer was for realz. I wrote them twice to verify. It was for realz. It was a great deal. (To those interested: They are no longer offering lifetime subscriptions).
Bad lifetime subscription: PureVPN is located in Hong Kong. It’s well worth checking out the core location of any VPN service! They advertise that they don’t collect Internet usage data. But surprise, they do. They lied. They were subpoenaed for a list of user’s data and they provided it. Oops. A lifetime subscription with them is to be avoided.
Con-job subscription: I received a year’s subscription to a VPN service called VPN Forever as part of a bundle purchase. I tried their client software repeatedly. It NEVER worked. They turned out to be a FRAUD. The bundle service kindly gave me my money back (without my even asking!) The fraudulent VPN service has never been seen in a bundle again, thankfully. Meanwhile, their website has become ever more elaborate with endless promises of excellent service, a service that literally does not exist. BEWARE.
Oh and…
– If you use iOS devices, be sure the VPN service provides an iOS client app!
– Be sure the VPN service provides Exit Nodes in locations you want to use. For example: If you’re in the USA but want to buy iTunes music from the Japan iTunes Store, you’re going to have to have an iTunes account in Japan AND visit using a Japan IP address exit node or iTunes will bounce you. Etc. (This stuff can get convoluted, so I’ll leave it at that).
– Be sure the VPN service regularly updates its client software. There have been a number of security flaws found in the OpenVPN protocol requiring patches. If the VPN doesn’t update their software, you’re vulnerable to man-in-the-middle attacks, etc.
– Verify that the VPN service does NOT track its users behavior on the Internet. Note that some VPNs, such as PureVPN, have LIED about not tracking their users.
– If you’re stuck in a location [China, ad nauseam] where all the ISPs block VPN or governments demand man-in-the-middle surveillance of VPN services, there is ONE VPN service that offers a workaround, or so they say. That is VyprVPN out of Switzerland.
https://www.goldenfrog.com
They use their own proprietary servers, VPN unblocking and encryption system (called ‘Chameleon™’), firewall, unique computer ports and they claim they can work around evil ISP bandwidth throttling. Theoretically, Vypr lets you VPN you way out of anywhere and into anywhere. But investigate their service and be sure it can do what you need to do where you need to do it! (Note that I’m NOT endorsing VyprVPN and have never used them).
Based on MDN saying Tunnel Bear is good, I changed to it. Like it a lot better than the other vpn I used.
A caveat regarding VPNs. Many financial websites track you by location as part of their security scheme and if they suddenly see you logging in from a different location they might lock your accounts.
It happened to me. The VPN service has servers in multiple locations and I tried a couple during my first day- as they suggested- to see which give the best speeds at your home location. One of my Banks (USAA Bank) saw this (logins appearing from different geographical locations during one day) and slapped a lock on my account until I called and sorted things out.
PayPal blocks transactions coming from locations other than those with which it’s familiar for your account. I once VPNed through the UK and PayPal refused my attempted transaction. They then emailed me, asking if my account may have been stolen. I was very impressed.
USAA Bank is a subsidiary of USAA Insurance and they have been exclusively for members of the Armed Forces and their families since 1922, when 25 Army Officers formed a Mutual Insurance Company because many private insurers would not write policies for members of the Armed Forces.
Since 1983 they have been offering Banking Services and since 1996 Enlisted members have been able to join.
As of 2003 96% of active-duty officers and 44% of enlisted personnel are USAA members. They are consistently ranked as one of the best places to work and as one of the best run businesses in America. Their record for customer service is stellar- something increasingly uncommon in this world.
Because they have members in well over 100 countries around the world, they have always taken precautions to protect the assets and privacy of members. They do track the location of logins to be on the lookout for suspicious activity BEFORE something happens.
I was not trying to scare people away from VPNs, but be sure you set it up so as not to trigger such a reaction from some businesses. If your VPN is set to hop servers in search of the fastest signal, it can look like you are logging in from Atlanta now and Denver 5 minutes from now- or Tokyo or wherever.
I highly recommend USAA (if you are eligible by Veteran status) and, like you, also use PayPal (open to all). Both have shown themselves well run and reliable.
The internal network DNS is not sending it’s name requests through your VPN.
This is incorrect, if you have a VPN service that takes over your DNS Server settings. Mine does. (proXPN). Check with your VPN service.
To find your DNS settings, go to:
System Preferences/Network/Advanced/DNS/
In my case, my VPN takes control of the settings.
When I’m not using my VPN, I’m using the FREE and open source DNSCrypt client software. It has a learning curve and an occasional *clunk* factor. But I like it and have been using it for years, since its beta days. There is hope that it may be ported to iOS as well.
https://www.dnscrypt.org
https://en.wikipedia.org/wiki/DNSCrypt
One of these years, DNSSEC (Domain Name System Security Extensions) may be finished, go mainstream and help protect DNS queries. Until then, there’s DNSCrypt and higher quality VPN services.