VPN: Proceed with caution

-August 22, 2017

Along with enjoying the significantly enhanced bandwidth of broadband Internet access versus the POTS-based dial-up modem precursor, consumers have also appreciated (and grown to expect) cable, DSL, and fiber's always-on characteristics. Always-on is beneficial when you're trying to access the WAN from your LAN, of course, since you don't need to endure a lengthy log-on process each time you want to go online. But consumers quickly realized that always-on was also beneficial when they wanted to access something on their LAN (such as a networked printer, storage device, or webcam) from a WAN connection, i.e. from a Starbucks hotspot or any other time they were away from home.

Only one problem: most consumer broadband service tiers are dynamic, versus static, i.e. each time your broadband modem reconnects to your ISP's access servers (and sometimes even more frequently than this), it's assigned a different WAN IP address. Even if a consumer has figured out how to configure a "hole" in his or her router's firewall to enable WAN access to a device connected to the LAN, not knowing the router's WAN IP address from one moment to the next is ... problematic. That's where dynamic DNS services come in.

If you have an always-on computer on your LAN, for example, client-installed update utilities will sense each time your WAN IP address changes and send the new information to their servers. By accessing your WAN via a dynamic DNS service provider-assigned URL instead of an IP address string, you're assured of always being able to find your router (and therefore what's behind it) on the Internet. And, instead of relying on a computer, it's possible to directly embed the update client into a LAN client; it's increasingly rare, in fact, for me to find a router, NAS, webcam, etc. that doesn't offer a manufacturer-provided dynamic DNS service, partnered with someone like DynDNS, etc.

What's this all got to do with VPN (virtual private network) services? Short answer; they're becoming known to (and popular with) consumers, too. Until recently, admittedly, my only personal exposure to VPNs came from the archaic SonicWall NetExtender utility I occasionally needed to fire up in order to access my primary employer's LAN-housed storage (which we've now rendered obsolete in favor of migrating to a corporate Dropbox account). Anecdotally, I'd also heard of VPNs being used by internationally located folks to access Netflix, for example, by spoofing the service provider into thinking they were located somewhere in the United States.

Recently, however, VPNs have gained more widespread awareness, even domestically within the United States. Why? Back in October 2016, at the tail-end of the Obama administration's second term, the then-Democrat-dominated FCC issued a ruling that required ISPs to obtain opt-in consent from consumers before sharing their Web browsing data and other private information with advertisers and other third parties. The rules were scheduled to take effect on March 2 of this year (2017), but, the day prior, the now-Republican-dominated FCC halted the rules' implementation. The U.S. Congress, led by the Senate, quickly followed by completely eliminating the privacy rules, a legislative action which President Trump promptly signed into law (and both cities and states are now considering overriding).

Privacy advocates were up in arms about this turnabout of fortunes, despite the fact that the earlier FCC ruling they advocated hadn't even gone into effect yet. And unsurprisingly, major ISPs' reassurances that they still wouldn't sell your Internet traffic history were met with widespread skepticism. To be clear, even if you wipe your browser cookies, history, etc. (or run your browser in so-called "Private" or "Incognito" mode such that this data isn't collected in the first place), such actions only obscure your network activities at any particular client:

The aggregate of all LAN clients' traffic still flows through the common WAN connection, which an ISP can monitor, both to detect illegal activity (child porn, for example) and for financial gain. To be clear, to the best of my knowledge nobody in my household is doing anything illegal (or immoral, for that matter) online; it's not like we've got anything to hide. Still, I'm not remotely enthralled with Comcast being able to let WalMart know (hypothetically speaking, of course) how often my wife and I are on Amazon's website. So, like many consumers, I began researching VPN services, as a means of tunneling my traffic through a source-and-destination obscuring proxy service intermediary ... and promptly ran into multiple roadblocks.

For one thing, a proxy server can seriously clobber your effective bandwidth, especially when it's heavily loaded. For another, who's to say that the VPN provider won't sell your traffic analytics, even if it promises not to (sure, you can build your own VPN server, but I daresay that's beyond the reach of the masses)? And the real deal-breaker for me was that, for previously mentioned reasons, streaming content providers such as Netflix don't like VPNs and do everything they can to block service access when they detect a proxy server in use; even if you are a valid domestic subscriber versus someone sitting in China or Russia, after all, how can they tell?

In my particular case, after doing a bunch of research, I'd planned on going with Private Internet Access; this particular VPN provider seems to be highly regarded (NordVPN is another compelling option I found, by the way), and I could even set up the service on my Merlin firmware-based ASUS router. But the Netflix, etc. block was a deal-breaker, no matter that I could always log into my router and disable VPN whenever I wanted to watch a movie. I could do it; I wouldn't think of asking my wife to jump through similar hoops.

So at least for now, Comcast can still see (and profit from) everything we do online. And if you're a network equipment provider who's considering adding VPN support to your devices, following in the footsteps of the dynamic DNS support you've already added, consider yourself duly warned. While the concept of VPN sounds good, the content-access and other roadblocks I've mentioned here will likely be showstoppers for your customers, too. And when Internet access slows down substantially or, in some cases, is completely blocked, it's not the VPN provider that they'll complain to ... it's you.

Brian Dipert is Editor-in-Chief of the Embedded Vision Alliance, and a Senior Analyst at BDTI and Editor-in-Chief of InsideDSP, the company's online newsletter.

Also see:

Loading comments...

Write a Comment

To comment please Log In