Archive

Category Archives for "Guide"

Bitcoin Basics

From mathematical wonder, revolutionizing breakthrough, next-gen money to fraud and one big fat scam – Bitcoin has been awarded a multitude of epithets. While some start their mornings by checking Bitcoin exchange rates, others predict doom and gloom for its adepts. There’s also a third group – those who are just waking up to the new reality of Bitcoin and blockchain looming from everywhere.

“The Internet is among the few things humans have built that they don’t truly understand,” said Eric Schmidt and Jared Cohen in The New Digital Age. Well, I say we can safely add the Bitcoin and blockchain to the list of things humans built that they don’t understand because both are a lot more complicated than the Internet.

If you’re beginning to feel awkward not understanding what the fuss is all about, it’s high time you sorted out the subject.

What Is Bitcoin?

In casual conversations, you can get away with knowing that bitcoin is a digital currency. But in reality, it’s several things:

  • Bitcoin is a platform developed by an individual – or a group – that goes by a pseudonym Satoshi Nakamoto.
  • Bitcoin (often used with a lower case or abbreviated as BTC) is a virtual currency, and the most valuable cryptocurrency for that matter, at least for now.
  • Bitcoin is the first example of a fast-growing type of money known as the cryptocurrency, or crypto.
  • Bitcoin is its own payment network devoid of a centralized overseeing authority.

The simplest way to explain a cryptocurrency is it is a digital asset stored on decentralized, peer-to-peer computer database similar to file-sharing networks. Anyone can buy Bitcoin and use it to purchase goods and services online.

How is Bitcoin Different from Normal Currency?

Unlike traditional currencies, Bitcoin and other cryptocurrencies are not issued by any entity. There is no bank, sovereign state or monetary fund that prints, controls and regulates cryptocurrency. It does not exist in physically tangible form.

In theory, conventional currency should be based on gold. But in practice, the U.S. dollar stopped being backed by gold since 1971, and the U.S. government backs the currency ever since.

Bitcoin is not backed by any state, but it is not based on gold, either. It is ruled by computer code and mathematical logic.

Cryptocurrencies are produced by people and businesses running software that solves mathematical problems using the computing power of their computers. The concept of “proof of work” is at the core of Bitcoin generation process. To create – or mine – a new Bitcoin, a computer must complete an extensive mathematical calculation.

In layman terms, you download the software, install it, and let your hardware do the mining. Bitcoins are mined by using the computing power of tens of thousands of computers in a decentralized, P2P network.

The mathematical algorithm used to produce Bitcoins is freely available, anyone can check it. The software is open-source, so anyone can audit it and make sure it works as advertised.

The value of a newly minted currency is whatever the market commands through supply and demand. The more people buy it, the higher its value, just like with your traditional currency exchange rates.

Blockchain Basics

Bitcoin is based on a distributed ledger technology – the blockchain. Blockchain relies on nodes – individual computers in a global P2P network – to run a database that is:

  • Always online and up-to-date
  • Not tied to a single location
  • Not controlled by a single, centralized entity
  • Cannot be infiltrated or corrupted because it’s impossible to corrupt tends of thousands of computers across the world at once

The blockchain database verifies itself at certain intervals automatically. This self-auditing feature guarantees the data held by the system is accurate at all times.

Groups of data inside the system are dubbed blocks, which are chained to one another cryptographically. In such chains, individual pieces of information get buried under other blocks and are therefore much harder to corrupt than data in a regular database stored on servers. Changing one part of data within a block requires enormous computing power.

Since the ledger is open and distributed, verification of transactions on the blockchain is ensured through the consensus of every member. The degree of security and trust it provides is unprecedented, especially because it eliminates a third-party overseer from the equation.

This decentralized P2P network also processes transactions made with Bitcoin or any other cryptocurrency, which effectively makes Bitcoin its own payment network.

What’s the Appeal?

Cryptocurrencies possess inherent features that set them apart from state-backed currencies and make them appealing to individuals and businesses alike.

  • P2P – The decentralized nature of cryptocurrencies sets them free from one central authority. Every Bitcoin-mining computer is also a part of the payment network. In theory, no centralized overseeing entity can impose a monetary policy on Bitcoin, or pull the plug on the system and bring it down for everyone simultaneously.
  • Ease of Use – Even if you don’t understand the technology behind Bitcoin, you can set up a wallet and buy BTC or pay with BTC for online goods and services in a matter of minutes.
  • Anyone Can Buy It – No paperwork, mind-numbing red tape, and bureaucratic hoops. Most importantly, no questions asked, no fees to pay. It’s a free software you install and use.
  • No Conversion Fees – Bitcoin transactions involve no conversion fee, even if you trade with overseas partners.
  • Fast – Transactions come through almost instantly. They only take a few minutes to confirm.
  • Global – transactions work anywhere where the global P2P network is available, be it next door or across the ocean.
  • Relative Anonymity – Or pseudonymity, since accounts and transactions aren’t tied to real identities. You use the so-called address, a chain of 30-something characters, to receive Bitcoins. That address does not have to be tied to your real identity, and you can change it as often as you wish.
  • Transparency – The blockchain holds information about every single transaction that happens on its network. Your public Bitcoin address reveals how many Bitcoins it stores, but not your identity. You can use multiple addresses, and avoid storing all your Bitcoins in a single address as a way of obscuring the publicly available information on your Bitcoin totals.
  • Security – The public key/private key cryptographic system works its magic, and as long as only you have access to your private key, your Bitcoins are safe. Each coin movement is recorded and stored in thousands of continuously synchronized blockchain files across the world, which makes it all but impossible for someone to alter the transaction history.
  • Limit – there is a cap set on the total number of Bitcoins that can be produced (21 million). Therefore, inflation can’t devalue the cryptocurrency as it can do to state-backed currencies.
  • Free from Censorship – cryptocurrencies can be used for transactions that traditional payment processors would censor.

Combined, these features make cryptocurrencies superior to fiat (state-backed currencies) in the way that you don’t need to involve any third parties with your transactions that are cheap, fast, and global. Oh yeah, and your transactions are recorded on a decentralized, incorruptible ledger that anyone can confirm.

A Brief History of Bitcoin

Bitcoin emerged after the financial crisis of 2007-2008 and grew stronger when Occupy Wall Street accused banks of rigging the system and scamming their customers. Bitcoin historians believe that when people realized they put too much faith in the central banking system, they were finally ready to accept a new, revolutionary idea. An idea of a global, transparent currency free from middlemen, centralized authority, interest fees, and corruption.

2008: The Shady Origins

Bitcoin surfaced when Neal King, Vladimir Oksman, and Charles Bry filed a patent for “Updating and Distributing Encryption Keys” in August 2008. A few days later, bitcoin.org was registered. The WhoIs record does not reveal much about the owners, except that they’re registered in Panama, and that the domain expires in 2021.

In October 2008, Satoshi Nakamoto published a whitepaper “Bitcoin: A Peer-to-Peer Electronic Cash System.” Even though the paper mentions the author’s website as bitcoin.org, it remains unclear who Satoshi Nakamoto is, or if it is a single person or a group of people.

Interestingly, “Satoshi” means wisdom and “Nakamoto” means “central source” in Japanese, which leads some inquisitive minds to believe that a group – rather than an individual – is behind the project. One theory suggests Bitcoin is the brainchild of NSA or CIA, claiming that “wisdom” and “central source” allude to “Central Intelligence.”

Proponents of the CIA/NSA theory argue that no one has ever met Satoshi Nakamoto in person, and the group behind the technology most certainly had intelligence training. Other evidence includes the use of PRNG crypto program in Bitcoin, which is believed to have an NSA backdoor. Additionally, the use of the NSA-developed SHA-256 hash function in Bitcoin leads some to assume NSA embedded a backdoor to the hash function to spy on Bitcoin users. There is no conclusive evidence to this theory so far.

Officially, Bitcoin.org states Nakamoto left the project, handing the ownership to a group of individuals so that they could share responsibility and prevent one person from gaining full control of it.

The mystery surrounding the creator – or creators – of Bitcoin keeps the crypto community in suspense. The true origins of the technology could reveal if there is an ulterior motive and hidden backdoors in it, or not.

2009: The Genesis

Bitcoin Version 0.1 was released in January 2009, and the first generated block was dramatically named Genesis. In October 2009, Bitcoin got its first valuation in US dollar at $1 per 1309 BTC, based on the cost of electricity it took for a computer to mine one Bitcoin. And so, the ball – or rather the block – started rolling.

2010: Let It Roll

In May 2010, the Bitcoin community celebrated the Pizza Day, when Bitcoin was first used to buy physical goods – two pizzas worth 10,000 BTC or $25 at the time. That’s $11.47 million today, so let’s hope the pizzas were topped with diamonds (and lots of cheese!).

In August 2010, 184 billion Bitcoins were hacked when someone found an exploit in how the system verified the value of crypto. Notably, that incident didn’t prevent Bitcoin from rising to $0.5/BTC in November 2010 and then to $31 per 1 BTC in February 2011.

Ever since then, Bitcoin grew at an increasing speed, and the fact that a popular exchange service Mt. Gox got hacked didn’t stop crypto adopters from pumping up the mining pace.

2013: The Real Money

2013 was marked by several major events, as Federal Judge Amoz Mazzant declared that Bitcoin was real money, and could be used to buy goods and services. He did admit that it’s limited to the markets that accept it as currency – fair enough.

In November 2013, the first Bitcoin ATM was opened in Vancouver.

In December 2013, China officially declared Bitcoin “not a currency.” The Chinese government feared Bitcoin could threaten China’s financial stability, so it banned the national banks from interacting with the cryptocurrency altogether.

Ironically, a few years later China became the largest Bitcoin trader in the world, only to request Chinese Bitcoin exchanges and traders to halt their services in September 2017. Either they know something others don’t, or it’s a shaped trend of governments tightening the grip on the crypto.

Ups and downs continued in 2013, as Bitcoin became the currency of choice for one of the major dark web marketplaces – the Silk Road – where criminals traded drugs, weapons, and other illegal goods. So Bitcoin got in the spotlight again, but for all the wrong reasons, as it became associated with the criminal underworld. According to Wired, 45% of Bitcoin exchanges shut down in 2013 due to hacks and fraud.

2014-2015: One Milestone After Another

Bad publicity did not rain much on Bitcoin’s parade, however. It certainly did not prevent BTC from reaching parity with USD in early 2014, a major milestone for currency that wasn’t worth a zilch when it first started.

At the same time, the concept of hardware wallets emerged, and users were finally able to save their Bitcoins on external carriers.

Disaster struck when Mt. Gox got hacked again in March 2014. Millions of Bitcoins were stolen, leaving customers high and dry.

A few months later, in mid-2014, the Silk Road was shut down. After the government auctioned confiscated Bitcoins, the cryptocurrency got rid of the dark web associations (at least partially) and continued on its course to global success.

In late 2014, Microsoft started accepting Bitcoin payments for games and videos on the XBox platform and apps in the Windows phone store. More and more merchants began accepting Bitcoins.

The next thing you know, the New York Stock Exchange “taps into a new asset class” making a minority investment in one of the leading platforms Coinbase in early 2015.

By the end of 2015, approximately 160,000 companies accepted BTC payments.

2016: ICOs – It’s Raining Money

In 2016, 770 Bitcoin ATMs were functioning worldwide (there are over 1700 of them now) while the Swiss Railway operator SBB launched Bitcoin sales through their automated ticket machines.

Japan officially recognized the crypto as money. The country of the rising sun is currently the world’s largest Bitcoin exchange market, with 50.75% market share.

The same year saw a rise of ICOs, the initial coin offerings, as Golem raised $8.6 million in BTC in 20 minutes.

That same year, the CEO of a US-based exchanger Cryptsy was charged with $3.3 million worth of BTC theft, while $72 million worth of BTC were stolen from a Hong Kong-based exchange Bitfinex and $2 million from GateCoin.

2017: All-Time High

In March 2017, BTC price surpassed that of an ounce of gold. In June, the crypto hit an all-time high as it reached $2967.48 mark. The number of Bitcoin-related projects on GitHub exceeded 14,000. At the same time, the blockchain technology is actively adopted in other fields such as healthcare, banking, cybersecurity, and many others.

Bitcoin not only grew strong, but helped grow smaller cryptocurrencies such as Ethereum, LiteCoin, or DogeCoin. The industry of cryptocurrencies is gaining traction, securing millions in funding from tech and financial sectors.

ICOs have revolutionized the financing landscape for start-ups and surpassed the early-stage venture capital funding. By now, ICOs have funded companies for over $1.2 billion.

However, some experts claim it is the blockchain that holds the keys to the future, not Bitcoin. Some analysts and Bitcoin early adopters fear that Bitcoin is a bubble “that’s going to blow up in many people’s faces,” and that ICOs are a scam.

Despite the pessimistic voices, the crypto community is ecstatic, forecasting that Bitcoin will change the banking industry forever.

As you can see, Bitcoin’s is a history of bold ups and downs, astounding success, and abhorrent fraud – all wrapped in one. Considering its humble beginnings, it grew to be a global cryptocurrency in less than a decade. Now it has its own application programming interface, exchange rate, and price index.

All over the world, merchants accept BTC payments – from Microsoft to PayPal, Dell and Expedia to REEDS Jewelers, private hospitals, and a multitude of online services, VPNs included. A substantial number of online magazines, forums, and websites promote it, discuss it, and trade it.

The sheer volume of analytics on Bitcoin’s future is overwhelming. While some publications are all-hyper about crypto, others anticipate the bubble is about to explode. This is how Jordan Belfort, the banker portrayed by Di Caprio in The Wolf of Wall Street, describes Bitcoin and ICOs:

"Probably 85% of people out there don’t have bad intentions, but the problem is, if 5 or 10% are trying to scam you, it’s a ***king disaster."

So, how can you tell promotional fanfic from analytics based on facts, and legitimate concerns from fear mongering? In the next chapters of this guide, I am going to try and take a critical look at Bitcoin and cryptocurrencies.

Recent News and Case Studies

In case you haven’t been following the Bitcoin news, its price went up 600% over the last year, and 1600% over the previous 24 months. Priced at over $4,200, BTC is now three times more expensive than an ounce of gold while Bitcoin evangelists predict the growth will only intensify in the next few years.

Financial analysts are not so optimistic because the price of cryptocurrencies depends on many circumstances. How governments around the world react to crypto is one of the critical factors defining the present and future of Bitcoin.

Is Bitcoin Legal and Regulated?

There is no simple answer. It depends on where you are and what you do with your coins.

The extent of semi-anonymity BTC allows, and its decentralized nature do facilitate illegal transactions. Bitcoin was the only currency accepted by the notorious Silk Road, shut down in 2013. It was the currency favored by two of the dark web’s largest marketplaces Alphabay and Hansa, which were recently seized by joined forces of the European police, the FBI, the DEA and the Interpol.

Not helping Bitcoin’s reputation is the fact that it was the primary payment method used by criminals in the recent WannaCry ransomware attack that sent shock waves across the world.

Because some Bitcoin owners use it to buy illicit drugs and chemicals, there is a flair of illegality to the cryptocurrencies. But can you think of any currency, precious metal or commodity that does not have a history of facilitating money laundering, tax evasion, extortion, or bribery? Many believe it’s not Bitcoin that the regulators should go after, but the illegal activities.

Regardless, the question of Bitcoin’s legality is complicated. Some jurisdictions already have regulations and laws in place that deal with Bitcoin, while others are still hesitant.

In the United States

In the US, the legal landscape for Bitcoin is a patchwork of varying approaches because each state can do as it pleases. For instance, a U.S. Magistrate of New York ruled that BTC is not money. In the meantime, a judge in Manhattan ruled that it was an acceptable means of payment.

The US Internal Revenue Service views Bitcoin as property – not currency – for tax purposes, similar to stocks and bonds. But the U.S. Treasury defines it as a decentralized virtual currency.

What this means for you:

  • Users - If you buy Bitcoins and use them to purchase legal virtual goods and services, you are doing it legally, according to the U.S. Financial Crimes Enforcement Network, FinCEN. BTC received from another person as a result of exchange counts as gross income subject to income tax.
  • Miners – If you mine Bitcoins and exchange them for fiat currency, FinCEN views you as a money transmitter, which could make you liable for money transmitting business (MTB) classification. There is little clarity on that matter for now, though. BTC earned by mining is viewed as income by IRS and is taxable with the expenses accrued being deductible (i.e., computing power). When miners sell their coins, they are taxed on the increase in the BTC value between the time the coins were mined and when they were sold.
  • Exchanges – These are definitely viewed as MTBs by FinCen. In tax terms, BTC earned through trade or running an exchange falls under capital gains and are taxed.

OF NOTE:

  • The IRS issued a draft guidance on virtual currency on how it views BTC as a taxable asset.
  • You also need to account for how much your coins are worth in relation to USD, keep a detailed BTC expense report, and record the BTC value when you spend it.

Around the World

Internationally, Bitcoin’s legality, as well as corresponding regulations, are complicated, too. Some countries view it as a commodity, others as a currency. Some countries like Estonia are encouraging the use of crypto while Bolivia, Ecuador, Bangladesh, and Kyrgyzstan have banned it. Most countries are in the gray zone with little clarity on crypto’s legality and regulations.

  • EU - In the European Union, BTC is viewed as a currency not subject to VAT/GST and income tax when you convert it from crypto to fiat. At the same time, if you buy goods online and pay in BTC, the transaction is taxable.  The European Central Bank declared that the current regulations made for fiat and traditional financial sector do not apply to cryptocurrencies. Mario Draghi, the president of the ECB, said crypto was too immature to be considered a viable payment method.
  • UK - The United Kingdom has not implemented much of regulations on Bitcoin, treating it as private money. This means profits/losses during BTC trading are subject to capital gains tax. VAT applies to any transactions when goods or services are bought for the digital currency. The British approach is applauded by the start-ups, which can experiment with the ICO funding without red tape.
  • China - China’s attitude to crypto took a sharp turn in 2017, as it first banned the ICOs and then the crypto exchanges altogether. Some believe the ban is temporary until the authorities decide on how to tighten the grip on record-keeping, licensing, and anti-money laundering (AML) laws for exchanges. The rumor also has it China might be building its own cryptocurrency.
  • Japan - Japan’s regulations aim to normalize Bitcoin payments, protect its users and facilitate BTC transactions’ compliance with AML laws. Japan’s regulations create a favorable climate for start-ups so that they could act in a stable business environment. Japan also gained from China’s exchange ban, authorizing a dozen crypto exchanges and welcoming Chinese traders to an efficient and well-regulated ecosystem.

Obviously, there is no global agreement on how crypto should be defined, taxed and regulated. There might never be. Nonetheless, how regulators view cryptocurrencies is important because it affects the exchanges, the value of crypto and how – or where – the tech industry develops.

Initial Coin Offerings

ICO, or initial coin offering, is a big deal, and major publications have been allocating hefty real estate to it for a good reason: in Q2 of 2017 alone, ICOs have made $800 million. But what are ICOs and why is the sudden hype around them? Most importantly, how can anyone wrap their head around why startups are jumping on the ICO bandwagon en masse while the majority of experts warn they are extremely risky?

What is an ICO?

Start-ups often struggle to get the traditional angel or venture investments, which typically secure them for up to $3 million. An ICO secures up to $10-12 million! With ICOs, companies are crowdfunding their projects by offering crypto when their project will have launched.

In a traditional IPO, participants buy shares. In an ICO, participants use Bitcoin to buy tokens. Now, tokens are very particular – they can either be used in a specific environment or grant the holder rights or discounts within that environment.

For example, if you buy tokens from a cloud storage provider, you can then exchange your tokens for extra storage space as was the case with Storjcoin. The tokens can be used for voting powers – the more tokens, the more voting power. But in many cases, you can just exchange tokens for other currencies.

Unlike stocks, however, the token does not give you any ownership rights in the tech company, nor entitles you to any dividends.

How ICOs Work

ICO is currently one of the easiest methods for companies to fund their projects. It’s also one of the easiest ways for regular users to become investors. ICOs are also very easy to structure and set up. Thanks to technologies like ER20 Token Standard, companies skip a lot of development hassle when creating a new crypto asset.

A typical ICO event usually lasts from a week to a month, and everyone is allowed to buy newly issued tokens for Bitcoin or Ether.

An ICO usually has a specific goal or limit, and tokens have a pre-defined price that does not change during the ICO period. It is also possible to have a limited amount of tokens but a dynamic funding goal. In the latter case, token distribution depends on the funds collected, i.e., the more funds a project receives, the higher the token price will be.

Token supply can also be dynamic and depend on the funds received – the price of each token is static, but every time one coin is sent a new token is generated. In this case, the token limit is set based on the project goals or time.

If an ICO campaign fails, your funds will be returned. But even if an ICO campaign is successful, there is no guarantee the developers will deliver the product, and the token price will go up.

ICO Boom

By now, ICOs have become a proven way of crowdfunding crypto projects, provided the product is in demand. For example, during Ethereum ICO in 2014, investors could buy a token for $0.3-$0.4. When the project’s platform launched in mid-2015, the price of tokens reached $19.42 per unit, which is over 6000% ROI.

In 2017, the crypto community saw about 140 ICOs so far, with over $2 billion in token sales. Experts predict $4 billion will be raised by the end of the year. Several ICOs launch every day while Silicon Valley is literally obsessed with them.

ICO experts warn, however, that for an ICO to be successful, a company must have blockchain at its heart. A multitude of ICOs fail when that’s missing.

ICO Risks

Any investment is a gamble, but ICOs are beyond the extreme points of gambling. The reason - most of them raise funds pre-product, i.e., they are selling an idea, not a product.

Most companies have a white paper, but many things can happen between conception and product delivery, especially now that many companies simply want to pick up on the market hype.

Vetting an investment or the technology behind it is difficult, which makes ICO investments extremely risky, and facilitates downright fraud. Experts warn -  only invest funds you are fine with losing.

Unfortunately, too many ICOs are opportunistic and fraudulent while hackers target ICOs and steal the collected Bitcoins. Recently, scammers stole $7 million in under 3 minutes by hacking a CoinDash ICO.

The ICO craze has also given rise to some indirect scams. The SEC recently issued a warning that some companies tout an upcoming ICO only to inflate their shares price, and cash out when investors buy in. The CIAO Group announced a $530 billion (!) Blockchain and Cryptocurrency Target Market collaboration in mid-2017, which was supposed to lure a multitude of investors into buying their stock. The SEC suspended shares trading of four companies that were pumping up their shares value by talking up ICO.

Another risk is ICOs will slow down at some point. According to CryptoHustle, “ICO mania is likely due to early Ethereum adopters making serious returns after the last bull run.” However, that doesn’t mean Ethereum’s run will keep fueling ICOs forever. How long the good times will last for ICOs is yet to be seen, but predictions are already there.

Are ICOs Regulated?

The risk also comes from the regulatory side. Despite the craze, ICOs are new and reside in the gray zone of law. For example, if the token buys you access to a network, the unregulated asset is most likely safe. But if you can exchange it and gain value, it most likely is a security regulated by securities law. The IRS said that crypto is taxable as long as it can be converted to USD.

Recently, the Securities and Exchange Commission (SEC) established a task force to target cybercrime, with the primary focus on ICOs (mainly thanks to the notorious investigation into the Decentralized Autonomous Organization’s ICO). The main takeaway from the investigation is that tokens are securities under US law.

Some companies are already launching platforms regulated by SEC. For example, tØ is launching an alternative trading system for tokens categorized as securities, which will be regulated by the Financial Regulatory Authority and SEC.

Some observers believe SEC will soon begin to clamp down on ICOs before they raise cash:

"If the SEC doesn't crack down, this party will be amazing, the biggest party in town for a long time. If they do crack down, a lot of people are going to feel a lot of pain," said investor Naval Ravikant.

The crackdown already happened in China, where ICOs have been banned altogether. South Korea banned ICOs, too. Combined, the bans triggered a crash in BTC value for a short while.

The bottom line is ICOs are sort of regulated, depending on location, but globally, regulation is out of the mix. At least, for now.

Some argue that the absence of regulation is good because it allows the market to evolve and innovate quickly. For legitimate start-ups with great ideas that couldn’t get funding otherwise, that is true. But that doesn’t mean regulators shouldn’t act to protect investors and industry as a whole from the plague of fraudsters.

The Dangers of Bitcoin

One of the critical downsides of Bitcoin, cryptocurrencies, and blockchain in general, is it is still new, despite being around for nine years. The technology is not yet completely secure while BTC itself is extremely volatile. The industry is advancing through trial and error, and when an error happens, many people are left empty-handed.

Volatility

BTC is vulnerable to public perception, Twitter trends, and events in the global or regional politics. What causes a minor fluctuation for fiat, can push BTC into freefall.

No central authority regulates the crypto’s supply and demand, and the BTC prices are highly susceptible to speculation and manipulation. Since the project is open-source, news of newly discovered security flaws often cause a price drop. A series of DDoS attacks on Mt. Gox sent crypto value into a dramatic decline.

Whenever coin exchanges are under attack, the resulting down times affect traders badly. In early-2017, a US-based exchange Kraken was robbed of more than $5 million in a hacker heist. During the attack, the price of Ether fell more than 70%, and many traders’ positions were liquidated with no further compensation.

Because crypto exchanges aren’t regulated like stock exchanges, there is no circuit breaker to stop trading during wild price swings. BTC prices have fluctuated violently, rising to $1,100 and falling to $76 in short lapses. Traders who lose money during such swings have no way of recovering them, and no one to blame.

Not helping Bitcoin is the fact that hackers are stealing a significant chunk of the total Bitcoin pie, according to Chainalysis. The total market value of cryptocurrency is about $135 billion. If hackers stole 1% ($225 million) of Ethereum’s total market value last year alone, the toll on Bitcoin is estimated to be even larger. That, too, affects crypto’s volatility.

The 51% Attack

51% is a notable security flaw in Bitcoin. If more than 51% of nodes – computers in the P2P network – tell a lie, the whole network treats it as the truth.

Satoshi Nakamoto warned about it, so the crypto community monitors BTC mining pools to ensure no one gains such influence. If one entity takes over enough nodes, it could then dictate its own version of the blockchain, or spend the same coins multiple times.

As of now, the largest BTC owner holds 15% of the total hashing power.

Scams

Some argue the very structure of Bitcoin and lack of regulation make fraud prevention hard. One of the biggest strengths and its weakest spot is Bitcoin’s irreversibility – when the transaction is through, there is no way to retrieve your coins.

If you buy something from fraudsters and pay with your credit card, you can cancel the transaction, and banks will often insure you. With BTC, you can’t cancel your payment or receive a refund.

  • Ponzi schemes hook you by offering an abnormally high interest rate (1-2% per day) and redirect your money to the thief’s wallet. One of the red flags is the fraudsters operate using their Bitcoin address rather than a payment processor.
  • Mining scams offer to mine astronomical amounts of BTC for you. Naturally, you need to transfer your crypto to them first.
  • Exchange scams offer services that typical exchanges can’t offer, such as credit card and PayPal processing, or overly lucrative exchange rates.
  • Online wallet scams appear as regular Bitcoin online wallets, but when you transfer your coins to your new address, it turns out the address is not yours but the scammers’.
  • Then, there’s a multitude of stories like this Maryland retiree, when scammers put up a false car ad online and instructed the buyer to send them money using a Bitcoin ATM.

Security and Bitcoin

There is this nagging controversy that should bother you about cryptocurrencies unless you get brainwashed with crypto hype and success stories of average people getting rich. The controversy is if Bitcoin and blockchain are so secure and incorruptible, why investors and exchanges get hacked all the time?

Bitcoin fans seem to be hypnotized by some powerful NLP and deny the inherent security vulnerability and fatal flaw in BTC irreversible transactions. Meant to make cryptocurrency censorship-free, in a way that no one can stop a BTC transaction from happening, this irreversibility increasingly attracts thieves to crypto rather than fiat.

Is Bitcoin Secure?

Bitcoin fans say that because everything in blockchain is traceable, the system is secure. But cases, when hackers ransack individual electronic wallets and hack major exchanges, are frequent. So, is Bitcoin not as secure as they say, or are hackers extremely smart?

It’s both, plus the fact that securing Bitcoin wallets and exchange accounts requires the level of technical savvy most users might not have. At the end of the day, your digital wallet is as secure as the endpoint device you are using to access it.

If you use your smartphone to manage your Bitcoin wallet or trade, your coins are not secure. If you do it from your computer connected to a home network with a dozen devices like computers, printers, smart gadgets and routers, your coins are not secure.

John McAfee says any mobile device that’s ever accessed a porn website is infected with a keylogger or spyware. Thousands of mobile devices are currently infected, and somebody out there is watching your activity. It doesn’t matter who or where they are. What matters is when you install a Bitcoin wallet and set up your two-factor authentication, they know you’re up to something they can monetize.

Here is how a typical Bitcoin hack happens for an exchange customer:

  • The attackers have a wide range of methods to pinpoint their targets, be it via spyware or by scouting social networks for people who are into Bitcoin trading. What they need is your email, phone number, and name.
  • The attackers then contact your mobile service provider and port your number to a device under their control. Now, your two-factor authentication SMS will be redirected to their device, not yours.
  • Since people often use their phone numbers as a way to backup their Gmail accounts, the attackers now gain access to your Gmail account. They reset your Gmail password and do the same for your exchange account. Voila!
  • The scammers then transfer your coins to their wallets. The stolen coins are easy to track since everything in blockchain is visible, but the culprits are anonymous.
  • Once the transaction is complete, it’s irreversible, remember?
  • The scammers then either transfer the stolen coins to a foreign exchange, convert it to other cryptocurrencies that are harder to track or convert it to cash. Mission completed!

The Crypto Market is the New Wild West

In 2016 alone, $28 million losses from crimes involving BTC were reported to the FBI, three times more than in 2015. The FBI numbers are based on voluntary reports from individual victims and don’t account for large-scale crypto heists of exchanges. So the magnitude of the total theft of Bitcoin is seriously underestimated.

At least three dozen crypto heists occurred since 2011. Many of the exchanges had to shut down as a result, and more than 980,000 of Bitcoins worth $4 billion were stolen. Very few have been recovered while scammed investors have been left empty-handed.

Three years after the hack, 25,000 users of Mt.Gox are still waiting for their compensation. Since Mt. Gox collapsed into bankruptcy after losing 650,000 Bitcoins (around $500 million), investors’ odds of getting their compensation are dim.

Last summer, thieves pillaged some $72 million in BTC form a Hong Kong-based Bitfinex. Users of US-based exchange Coinbase lose up to $5 million a year to hacks. Coinbase representatives say the hacks “help them learn,” which sounds like a weak consolation for the victims.

In mid-2017, a federal judge in Florida ruled that the owner of Cryptsy, a collapsed US exchange, must pay $8.2 million to its customers. Some 11,325 BTC had been stolen, but Cryptsy doesn’t seem inclined to pay, which caused one of the plaintiffs’ attorneys to say cryptocurrencies heists are “no different that the Wild West.”

Making matters worse, Bitcoin exchanges aren’t covered by the FDIC, or bound by any consumer protection laws. Moreover, when hackers breach investors’ accounts exploiting weaknesses in user endpoint devices and porting phone numbers, it is not exchange’s fault.

How Can You Protect Your Coins Then?

John McAfee recommends using nothing but hardware wallets, and always using a standalone, clean device for your Bitcoin operations. It won’t help if you keep your hardware wallet offline only to connect it to an infected computer or a keylogger-infected smartphone to access your keys. Also:

  • Contact your mobile provider and order a “do not port” service for your number
  • Use apps like Google Authenticator for two-factor authentication – do not rely on SMS
  • Maintain healthy password hygiene

Some users resort to medieval methods to protect their coins. They print out their private key on paper, cut it into pieces, and hide them in various places. They store it on encrypted USB sticks hidden in cookie jars, and whatnot. These “security” methods are rigged with self-inflicted losses. Isn’t it ironic for a revolutionary technology of the future to require such archaic security measures?

If you can spare 25 minutes to watch John McAfee’s explainer of Bitcoin security issues, you’ll have enough reasons to think twice before jumping on the crypto bandwagon.

The Future of Cryptocurrencies

Bitcoin emerged to bypass banks, not governments. The cryptocurrency allows people to transfer funds in a peer-to-peer fashion without ever having to trust and depend on the banks because it is the banking system that has earned itself a reputation of the world’s biggest villain.

Do Banks Fear Bitcoin?

According to a recent CNBC report, banks are most likely to be very afraid of Bitcoin. Financial advisers believe the harsh criticism coming from the likes of Jamie Dimon, JPMorgan’s CEO, is no more than a knee-jerk reaction of the banking system to a disturbing growth of crypto value.

Rising from zero in 2009 to $5,600 in 2017, BTC finally got the attention of Wall Street. Despite its inherent volatility and hacking issues, Bitcoin is gaining traction now that the general public is looking to invest in crypto instead of traditional assets controlled by banks.

Fear of Losing Control and Power

Banks enjoy a unique position of a trusted intermediary with zero accountability or transparency. For example, the Federal Reserve can just refuse to allow an independent audit of its $4.5 billion balance sheet.

The 2008 financial crisis saw stock markets collapse and some countries go bankrupt as banks robbed nations with an unprecedented immunity from prosecution. Every time banks victimize their customers, governments aren’t willing to seek jail time against financial institutions’ owners. It’s the taxpayers that get to bear the burden through inflation, government bailouts, lost homes and jobs, and higher fees.

“[Banks], frankly, own this place,” said Sen. Dick Durbin about financial lobby in the US Congress, basically confirming that banks and governments around the world are in bed.

No wonder millions of people are looking to eliminate the greedy intermediary. By contrast, blockchain logs every transaction enabling a complete transparency of its digital ledger, forcing no fees on its users.

Potential of Losing Money

Bitcoin lets people do what banks never allowed – invest and trade without any red tape because anyone can buy Bitcoin, and no paperwork is required for a crypto transaction to take place. Moreover, you don’t have to pay astronomical fees.

“People who could not access trade and finance ten years ago can do so today. This will lift many out of poverty,” said Chris Skinner, author of Digital Bank.

To get a better idea of how Bitcoin can leave banks without a significant piece of the pie, consider how banks use your money. When you make a bank deposit, your money is no longer yours – it’s your bank’s. While your money is with your bank, it doesn’t stand still – the bank is using it for various transactions to earn more for itself. And then, the bank charges you fees for storing your money. There are multiple layers of transactions, in which the bank is using your money - hence the 3-5 working days delay with most transactions. You never know the details of these transactions thanks to the legalized zero transparency.

Yes, banks have an infrastructure to manage, and employees to pay, but the odds never seem in your favor when you keep your money in a bank, especially if the 2008 scenario strikes again.

Now that blockchain solves the issue of double-spending, and increasingly more vendors accept Bitcoin, people choose to make their payments and investments in crypto. Bitcoin “disrupts the need for a bank to intermediate transactions,” says Vanity Fair. A report by BNP Paribas echoes by confirming blockchain “has the potential to transform the world of finance and beyond,” making traditional banks redundant.

According to a UK Banking Report, crypto is definitely a threat to banks because thanks to Bitcoin consumers choose to ignore the banks and transfer their money elsewhere:

“Bitcoin users can handle many of their daily payments needs themselves, without the need for interaction with banks, and avoiding the need to incur bank fees. In the same way, value stored in PayPal accounts moves outside of the bank’s payment systems, depriving banks of valuable payments revenue.”

Potential of Becoming Less Secure Than Cryptocurrencies

Crypto has quite a few security issues, as exchanges and wallets get hacked, and investors are left with no means of recovering the stolen funds or seeking justice. But let’s be honest – banks get hacked, too. Because banks are centralized, they are more vulnerable to hacking attacks.

The JPMorgan, Citigroup, TD Bank and Equifax hacks made the headlines because the information became public, but the true scale of data leaks in the financial sector is a well-guarded secret. Today, banks aren’t more liable for hacks than largely unregulated crypto exchanges.

As the security advantages of blockchain transactions are slowly dawning on banks, they don’t want to cede any ground to crypto, seeking to implement blockchain technology or participate in the crypto trade to secure their relevance in the new market.

Banks Want to Enter Crypto Market to Control It

Some say banks need to leverage blockchain and embrace Bitcoin to remain relevant. Instead, banks actively lobby for government regulation of crypto. These efforts aren’t always successful. For example, Hawaii requires for the exchanges to hold the cash amounts equal to the value of the crypto transactions, which urged Coinbase to pull out of Hawaii altogether. On the bright side, the US Commodity Futures Trading Commission granted LedgerX exchange approval, and now it is the first federally regulated exchange in the US, giving investors an opportunity to hedge against price swings. The move is set to attract users to federally regulated exchanges.

But overall, the evasive nature of the decentralized peer-to-peer network makes it impossible just to pull the plug on the entire market until it’s regulated. China and South Korea are trying to pull off the trick by banning crypto and exchanges. But they also risk stalling innovation and driving it someplace else with a better legal climate, like Japan.

Banks are notorious for unfair account manipulations, such as applying debits before credits and then charging customers for insufficient funds. With the nearly immediate availability of Bitcoin free from intermediaries, banks won’t be able to get away with such poor attitude to their customers for much longer. Chris Skinner says banks need to become more customer-friendly to compete with cryptocurrency in the long run.

American Banker, too, acknowledges crypto presents opportunities banks should seize:

“The roles banks could play include processing payments, providing escrow services, facilitating international cash transactions, helping customers exchange their money for Bitcoins, and even making loans in the currency.”

The financial system and governments are already entering the crypto market in an attempt to gain control over it. Japanese banks trade Bitcoin, while JPMorgan (the irony!) and Morgan Stanley are looking to create a blockchain-based Enterprise Ethereum Alliance. Russia created CryptoRuble, Citibank launched CitiCoin while the International Monetary Fund is looking to create its own version of crypto, too.

Christine Lagarde, IMF Managing Director, pictures IMF as a global regulator of crypto, noting that an IMF-created currency Special Drawing Right, or SDR, designed to be an international reserve, could incorporate crypto.

According to Lagarde, global financial organizations are taking risks by not understanding emerging fintech products with the potential to change the system. "I think that we are about to see massive disruptions," she said.

Is Bitcoin a Bubble?

Bitcoin adopters argue that, despite fear mongering and extreme volatility, Bitcoin has come to stay. John McAfee says crypto is not going anywhere anytime soon. At the same time, financial analysts and some early Bitcoin adopters cautiously warn - “Very bubble. Much scam. So avoid.” Somewhere in between is a group of Bitcoin investors who say “nobody knows if it’s a bubble at this point.”

Robert Shiller, a “god among economists,” also dubbed as Mr. Bubble who won a Nobel Prize for Economy in 2013, developed a checklist to test if an asset is a bubble, with the following markers:

  • Sharp increases in price
  • Public excitement
  • Media hype, with stories of people turning rich with minimum effort
  • Increasing interest in the asset of general public (the not-so-investment-savvy)
  • Unprecedented price surges are justified by “new era” (technology of the future?) theories
  • A decline in lending standards

There is no denying Bitcoin scores 6/6 here.

Some financial analysts argue Bitcoin, as money, fails on three critical fronts, based on the main characteristics of money:

  • A storehouse of value – with Bitcoin’s daily volatility being 5-10% and a history of major price swings, can BTC meet the criterion?
  • A unit of account – if it is a unit of account, analysts have yet to define for whom.
  • A medium of exchange – despite the hype, Bitcoin is not as widespread, adopted and accepted as to meet this criterion, either.

In most cases, analysts agree on two points:

  • The blockchain technology is disruptive and will lead to groundbreaking transformations, even if Bitcoin fails to survive.
  • BTC, most likely, is a bubble. Some early adopters will reap the rewards if they get out before the burst while the majority – especially those late to the party – will end badly.

As you can see, the two points are not mutually exclusive. Many believe even if Bitcoin dies, another crypto may take the lead. Or banks and governments will unleash a state-controlled cryptocurrency and marginalize unregulated crypto into the confines of the dark web, again.

Should You Invest?

You should be asking yourself some serious questions before you venture out into the crypto market. First of all, are you familiar with risks associated with investments in cryptocurrencies? How much do you know about blockchain and are you making your decisions based on facts, not media hype or wishful thinking?

As Ben Doernberg, a former Dogecoin Foundation board member, put it:

“When you have a situation where people stand to put in a dollar and take out a thousand dollars, people lose their minds.”

If you intend to invest your next paycheck into your first Bitcoin, stop and think:

  • Assess your finances – income, debts and associated interest rates, unforeseen expenses and total net worth. Account for things like having a compulsive spender in the household and having an emergency fund for three to six months to cover things like unplanned travel, illness, or, god forbid, unemployment.
  • Can you afford to lose the invested money? With Bitcoin’s high volatility and lack of anything to back it but public demand, you should be prepared to lose your investment and take it easy.
  • Think twice before investing if you have pending debts you’re better off paying, especially the high-interest ones.
  • Assess your goals – why are you investing and how much risk can you tolerate? If you are after short-term investments, you are better off with lower-risk options.

If you can afford to risk:

  • Do your homework and research the topic. Are you looking to invest in Bitcoin now that it hit an all-time high?
  • If you want to invest in an ICO, look for markers of scam, research the product and development team, and their track record of actually delivering a product rather than selling an idea.
  • According to financial advisers helping start-ups set up ICOs, a product should have blockchain at the core of its technology to be successful. So, look into tech start-ups that build their products on blockchain and offer tangible value in today’s market. Cybersecurity, cloud storage, secure inbox and things along the line are trending.
  • While you’re doing an ICO background check, research the development team’s business viability, transparency of their ICO process, and controls that govern funds release, as well as the availability of scam protection, and defined legal framework. Can the team manage collected funds efficiently?

Ironically, some crypto adopters say Bitcoin almost seems like a conservative investment when compared to the chaos ruling over the unregulated, euphoric ICOs.

Finally, consider that many analysts warn it might be too late to hop on the crypto/ICO bandwagon because we might soon see the bubble explode. Investing in an immature, unregulated, unbacked asset can turn out to be a dream come true if you outrun a possible storm. It could also be a nightmare if you don’t know what you’re doing.

VPN: Frequently Asked Questions

There is a disturbing trend in the VPN industry. The increased demand for online privacy and anonymity propelled the market growth. To stay relevant and competitive, many companies make false claims they provide complete anonymity and zero logs.

In reality, however, users get tricked by tech mumbo-jumbo whereas providers offer minimal – or no – transparency on the technology they use, or how they handle user data.

I compiled the following list of VPN Frequently Asked Questions with the aim of not only helping beginners sort out the basics of VPN but also casting light onto the common myths and untruths about VPNs.

Note: Before we get any further, there is one thing you should know – a VPN does not make you anonymous. It will improve your privacy provided you choose the right service. But a VPN is by no means a tool for illegal activities.

What is a VPN?

A Virtual Private Network is an online service that encrypts and tunnels your Internet traffic through its server. With a VPN:

  • Your Internet Service Provider can’t see what you’re doing online.
  • You can spoof your location, i.e., appear as if connecting from another geographical location.
  • You can bypass state censorship and access websites and services banned in your country.
  • You can access geo-blocked streaming and gaming services.
  • You can circumvent employer- or school-imposed restrictions.
  • Patent trolls won’t be able to track you.
  • You can enjoy P2P.
  • Hackers preying on unsecured public Wi-Fi hotspots won’t be able to intercept your traffic.

Where Can I Get a VPN?

To use a VPN, you need to subscribe to a VPN service. Prices differ, and many providers offer free trials. On average, expect to pay $4-$12 per month – long-term plans usually offer significant discounts.
Browse my Reviews section for a detailed breakdown of the VPN providers before making your decision.
Note: You still need your ISP-provided Internet connection to use a VPN.

Are VPNs Secure?

It depends on your threat scenario. If you want to access streaming and gaming services like Netflix, Hulu, or Steam US libraries, a VPN alone is enough. Likewise, if you use public Wi-Fi frequently, you’re safe with a reliable provider.

On the other hand, if you need to avoid state surveillance, you shouldn’t rely on a single privacy tool to protect you. A combination of a VPN, Tor browser, The Onion Router, or I2P is necessary to isolate one layer of security from another. With that in mind, you should understand that even advanced setup won’t help if state surveillance targets you.

If you need a VPN for online privacy, you want to investigate a prospective provider’s background, especially their jurisdiction, applicable data retention laws, privacy policies, and customer feedback.
A lot of countries ban VPNs (think China, Thailand, Russia, Saudi Arabia). In places like these, you can get in trouble for only using a VPN. You don’t want to be selling VPN access in such countries.

How to Choose a VPN?

Choosing a reliable provider with good work ethic is hard work in and of itself. Due diligence is inevitable. So, consider:

  • Privacy and Logging – All VPNs promise privacy and anonymity. However, there are ways to tell the truth from lies. See below for more information on privacy and zero logs.
  • Security – The provider must explain the technology used to ensure your secure browsing. Is OpenVPN supported? How good is encryption?
  • Cross-platform – If you plan to use VPN on various devices, desktop, and mobile, inquire into the availability of native apps. If there is no native app, will you be able to set up the open-source OpenVPN client?
  • Simultaneous Connections – How many devices do you plan to connect to VPN simultaneously? Does the provider allow multiple simultaneous connections, and if yes, how many?
  • Speed – Test, test, and test. Speeds, when using a VPN, differ greatly and depend on a variety of factors – your ISP speed, the location of remote servers, server load, and more.
  • Server Coverage – Check if the provider offers ample server coverage in the country into which you need to spoof.
  • Tech Support – Is live chat available 24/7? This is vital if you lack technical skills.
  • Free Trial – Sometimes, a brief trial is enough to see that a VPN doesn’t meet your requirements. Many providers offer free trials (several hours to several weeks).|
  • Money-back guarantee – Many providers have no-questions-asked money-back guarantee; others apply draconian restrictions on their refund policies. Always read customer feedback – some providers ignore such requests even though their ToS promise a rock-solid refund.

The criteria for choosing a decent VPN are many. Some users want access to Netflix US, and that requisite will govern their choice. The above are just a few factors you want to consider before you subscribe to anything.

What Does “Zero Logs” Mean?

You need to understand the difference between usage logs and connection logs.

Connection Logs:

  • Metadata about your connection, such as
  • The time you connect to a VPN
  • For how long you are connected
  • How often you connect to a VPN
  • Amount of data consumed

Usage Logs:

  • Your online activity while connected to a VPN
  • Websites you visit
  • Identities you use

See the difference? Usage logs are the most compromising. Some providers keep connection logs for a limited time (a few hours to three days), which is a reasonable practice for troubleshooting.

Note: If a provider does not even mention deleting connection logs – steer clear.

Do I Need to Read a VPN’s Privacy Policy?

You want to ask providers a series of critical questions to see if they are transparent, or pinpoint if something seems off. So, yes, you need to read the document.

Many providers claim to keep zero logs while in reality they are tracking and profiling their users.  Often, the lengthy Privacy Policies and Terms of Service (ToS) weave a complex web of shady legalese that does explain the extent of logging they deploy. In this case, providers hope users never read them. But since you agree to the ToS and Privacy Policy, you can’t blame the provider for lying.

In other words, it’s your job to read the fine print. Also, if security is a priority for you, make sure to read in-depth reviews before committing.

  • A decent VPN company is transparent about its logging practices and wipes the logs regularly.
  • Consider that in some countries, law enforcement can compel a zero-logs provider to record data on a particular user.
  • Avoid providers based in the Fourteen Eyes countries.

Other questions you should consider:

  • For how long does the company retain logs?
  • What personally identifiable data does the company retain?

How Credible are VPN Reviews?

You need to understand that VPNs are businesses that navigate in an unregulated online realm. Some engage in quite shady marketing strategies, where cash flowing through sponsored reviews and affiliate programs to bloggers and major websites inflates their ratings.

Competition in this business is anything but healthy. So you want to be critical of reviews and charts on the mainstream news outlets.

How to tell if a review is not trustworthy:

  • It praises a provider with a known track record of selling out its users.
  • A review gives a high score to a company that is criticized by security experts or is under investigation.
  • A review is too positive and lacks reasonable criticism, or sounds like an ad.
  • If a major website keeps rotating the same big-name providers in every single roundup.

Tip: One reasonable and trustworthy review is never enough, though. Browse for user feedback on Reddit or GitHub; ask a tech-savvy local community.
A Good Read: Beware of False Reviews – VPN Marketing and Affiliate Programs  

Am I Anonymous When Browsing Through a VPN?

No.
Many providers advertise complete anonymity online. What they’re not telling you is:

  • Their ToS and Privacy Policy contain the fine print that suggests logging.
  • Their Privacy Policy states “we don’t log” without going into the detail.

Example:
Hotspot Shield website:

Hotspot Shield Privacy Policy:

Also, you have no way of knowing how credible a zero-logs claim is, especially since running a massive IT infrastructure with NO logs is impossible.

Remember:

  • A VPN does not make you anonymous but greatly increases your security and privacy online.  
  • A VPN provider usually knows who you are and what you’re up to online.
  • So, if privacy is a concern, you want to choose a transparent vendor.

Additional things to consider:

  • Data retention laws – in many countries, law enforcement can compel a company to log user activity and hand it over to authorities. So, you must be aware of where the company is headquartered and what laws govern its customers’ data.
  • Switzerland, Romania, Seychelles, Hungary do not require that providers keep user logs.
  • VPN companies that focus on privacy will accept gift cards, cash, or Bitcoin, and will not require your real name, phone number, address, or banking details.

Good Reads:

What Are the Basics Of VPN Encryption?

Besides masking your IP address, a VPN also protects your data by encrypting it. In layman terms, encryption is data conversion from plain text anyone can read to cipher that can only be read by authorized users.

Encryption does not prevent hackers from intercepting your data. Instead, it makes your data unreadable.
To encrypt your data, a VPN uses protocols – PPTP, L2TP, OpenVPN, SSTP, and IKEv2. While these are quite technical, you should know that:

  • OpenVPN is the current golden standard for all privacy wonks out there.
  • Avoid PPTP at all costs.
  • L2TP IPSec is not recommended for use on mobile devices.

A Good Read: Don’t Use L2TP IPSec, Use Other Protocols.

What is a VPN Kill Switch?

A VPN connection might occasionally fail even with a reliable provider. When the VPN connection drops, your real IP address is revealed. To prevent the occasional connection drops from exposing your data, many VPN providers embed a kill switch into their software.

A VPN kill switch shuts down all your Internet connection whenever your VPN drops out and until the VPN connection is re-established.

Alternatively, some VPNs come with a firewall solution that can be configured to act as a kill switch for particular programs instead of shutting down all Internet connection.

What Is Smart DNS?

If the only reason you need a VPN is to bypass geo-blocks from the likes of Netflix, and you couldn’t care less about privacy or security, you’re good with Smart DNS:

  • It’s cheap.
  • The speeds are fast.
  • There is nearly no learning curve with Smart DNS.

The technology behind Smart DNS is much simpler than in the VPN:

  • No encryption.
  • Supports most Internet-enabled devices, even those that can’t run a VPN client (Smart TVs, gaming consoles).

Commercial VPNs vs Free VPNs

You’re better off with a paid subscription because if a provider’s customer base is 90%+ free users, their monetization model is based on tracking you and selling your data.

Many reputable VPNs offer free limited accounts to entice users into subscribing to their paid plans. For instance, if you need a VPN once in a blue moon, you might as well make do with such a limited account.
If you intend to use VPN on a daily basis, consider paid subscriptions.

Are VPNs Legal?

In most Western countries – yes.  In countries with authoritarian regimes – no.
Currently, a host of countries in the Middle East, as well as countries with authoritarian, pro-Muslim regimes, have banned the use of VPNs.

China, North Korea, Saudi Arabia, India, Turkey, Iran, Russia, Thailand, and another couple of dozen of countries have banned VPNs. In these countries, using a VPN is illegal, but selling access to VPN can land you a prison sentence.

Is Torrenting Through a VPN Safe?

If a provider explicitly permits P2P, and lists servers that support torrenting – you’re good. Do run a few security checks for DNS leaks to make sure your VPN does not leak your real IP address.

When you are torrenting, everyone downloading the same file can see your IP. With VPN enabled, they will see your fake, VPN-provided, IP.  

So, VPN providers routinely receive copyright infringement notices. Some providers will hand over the customer details of infringing users. Others may just disconnect repeat offenders.
Some companies “silently ignore” DMCA notices. If you want to engage in P2P, look for the latter.

What Are Patent Trolls?

Another reason why you don’t want to leak your real IP while torrenting is patent trolls. These are law firms that monitor popular torrenting websites and track down copyright offenders to charge them monumental fines.

You don’t want to engage in file-sharing without a VPN in countries with strict anti-piracy laws – Germany, Japan, USA, UK, France, and others.

What Can’t VPNs Do?

While VPNs improve your online privacy and security, they can’t:

  • Provide complete anonymity.
  • Prevent websites you visit from tracking you (cookies, browser fingerprinting, beacons).

Am I Safe When Using Public Wi-Fi Hotspots with a VPN?

In most cases, yes. VPNs encrypt the traffic between your device and VPN servers. So, hackers won’t be able to read your data. If you happen to connect to a fake Wi-Fi hotspot some entrepreneurial hackers set up in public places, and they manage to intercept your traffic, all they will see is encrypted gibberish.

Why Do Connection Speeds Drop When I Connect to a VPN?

First of all, to use a VPN you need to have a stable Internet connection with your ISP. You can’t have a Dial-Up connection. Assuming your base connection speeds are decent, some factors may affect your speeds when you connect to a VPN:

  • If you use an encrypted connection, such as OpenVPN 256-bit AES, your speeds will drop because encryption requires processing power and time. The stronger the encryption, the greater is the speed drop.
  • If you connect to servers located at a great distance from where you physically are, your speeds will drop even greater. The further the server, the slower your speed.
  • If you connect to a nearby server, your speed drop should be minor.
  • The server you’re connected to is loaded (too many people using it at the same time).

In some cases, your speeds may improve with a VPN if a provider has a large server coverage with ample bandwidth.

Tip: Connect to a VPN server that’s closest to a) your real location, b) the location of the service you need to access.

What is a Warrant Canary?

In the US, and beyond, some warrants come with gag orders that prohibit the provider from warning its users about the served warrant. A security expert Bruce Schneier dubs Warrant Canary a legal hack that helps providers notify their users.

A Warrant Canary is a web page some VPN providers maintain to publish information about secret subpoenas from law enforcement. If Warrant Canary is regularly updated, the provider has not been receiving subpoenas. Otherwise, the users are to assume the provider has received a subpoena.

Good Reads:

Wrapping Up

A VPN is a must-have tool if you want to protect your right to privacy. Providers are many, but with due diligence, you can really find a reliable – and affordable – VPN service. For a few bucks a month, you can protect your devices from getting hacked, and stop your ISP from snooping on you.

Don’t treat VPN as a panacea to all online threats and mass surveillance. It’s just a capable technology everyone should be using in these rough dystopian times.

I hope this guide helps you sort out the basics of VPNs and the VPN industry as a whole. Feel free to list your questions, if you have any. I’ll do my best to answer them as impartially as I can.

Online Privacy, Mass Surveillance, and the Future of VPNs

VPNs are on the rise; democracy is declining. As “civilized” Western democracies turn police into the force of oppression, Internet into the tool of censorship, and technology into the means of mass surveillance, the concept of privacy is being meticulously ridiculed and devalued.

Nothing to Hide?

If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place,” said Eric Schmidt, Google CEO. “Privacy is dead,” echoed Mark Zuckerberg. Get used to being watched, they say. If you have nothing to hide, why would you mind surveillance? 

The people in the avant-garde of unaccountable mass surveillance, however, go to extraordinary lengths to protect their privacy. Schmidt, for instance, used his position at Google to blacklist CNET in the search engine’s search results when the website published a contradictory piece about his salary, hobbies, political donations, and residence.

Ironically, CNET only Googled the publicly available information on Schmidt. Likewise, the Facebook CEO bought four adjacent properties around his Palo Alto mansion to have more… privacy.

Watch: Edward Snowden, Glenn Greenwald & Noam Chomsky – A Conversation on Privacy.

Google, Facebook Et Al. Thrive on Data Trading

The value of privacy gets diminished every time a tech company offers something “for free” in exchange for your private data. People either got conditioned to accept or are oblivious to the fact that:

  • Google reads user emails
  • Chrome is Google spyware
  • Facial recognition at Facebook is the world’s largest mass surveillance tool
  • Twitter keeps unpublished tweets
  • WhatsApp and Facebook share user data
  • Encryption in WhatsApp has a “design feature” that allows third parties to intercept messages
  • Popular fitness apps are selling user data
  • Audio beacons in YouTube commercials and TV ads trigger certain apps on your gadgets to ping back to advertisers’ servers

Audio beacons are particularly good – if you have one account for your desktop computer, another for your laptop, and then the third one for your smartphone, audio beacons urge the three devices to report to the advertiser’s server that all three devices belong to the same household.

Data is the New Oil

Nearly every piece of technology can – and does – track and profile its user. When your data isn’t analyzed to show you better-targeted ads, it’s sold and re-sold to numerous data brokers and analytical firms that go as far as influence presidential elections.

Your data has tangible monetary value for the tech companies and data brokers, marketers, surveillance agencies, and analytics companies. Your data is their product, and this product is the baseline of a whole industry that trades, analyzes and uses data to manipulate, control and thrive.

Hackers

Making matters worse, malicious third parties can and do exploit the backdoors, spyware, and other “design features” of mainstream apps while going after easy money. Identity theft, credit card fraud, ransomware, cyberbullying, honeypots at public Wi-Fi – the hoard of ill-intentioned and sick people successfully exploit the mass surveillance capabilities in our devices.

Last year, consumers lost more than $16 billion to identity theft while this year, ransomware rose 250%, hitting the U.S. hardest. So, VPNs aren’t going anywhere any time soon, as online threats become increasingly devastating and sophisticated.

Consent

Every time you register a new Google or Facebook account, install new software or buy a new device, you expose parts of your private life to third parties. And the irony is you consent to the extensive data collection and profiling.

When ticking the box “I Agree” next to any app’s or service’s Terms of Service, do you ever bother to read the document? If no, who’s to blame you have no privacy online?

A recent study says nobody reads the ToS and Privacy Policy that comes with software and new devices. In an experiment, 543 university students signed up to a fake social network they believed was real. The app’s ToS required the users to give up their first born while the Privacy Policy said their data was going straight to the NSA and employers. 

The anecdotal case only highlights the fact that data collection, profiling, and mass surveillance are legitimate because users sign away their privacy willingly. 

The Fourteen Eyes

Sitting on top of the hackers → tech giants → mass surveillance pyramid is an octopus representing a splice of corporations and states. These countries legitimized mass surveillance by signing an agreement to collect, analyze, and share intelligence cooperatively. Note: these states not only spy on their citizens but also spy on each others’ citizens and exchange that intelligence to avoid breaking domestic privacy laws. The pro-privacy groups dubbed the members of the treaty The Fourteen Eyes. The alliance currently consists of:

  1. Australia
  2. Canada
  3. New Zealand
  4. United Kingdom
  5. The United States of America
  6. Denmark
  7. France
  8. Netherlands
  9. Norway
  10. Belgium
  11. Germany
  12. Italy
  13. Spain
  14. Sweden

These states share quite a few things in common. Namely, an appetite for control and data retention laws. And you want to know about data retention laws when using a Virtual Private Network.

Why You Want to Avoid VPNs Based in The 14 Eyes Countries

VPNs headquartered in the Fourteen Eyes countries are not recommended due to extensive data retention laws, and gag orders that forbid the VPNs to talk about the state requests for user data.

Last year, the FCC introduced rules to block ISPs from selling customer data to advertisers. But the moment Donald Trump set foot in the White House, the pro-privacy rules were nullified.

In the Orwellian fashion, the Department of Justice pulls private account information of potentially thousands of Facebook users it deems as “anti-administration” while Google reports a record-breaking increase in state data requests for personal data in 2017.

At the same time, the Department of Homeland Security updated the Federal Register. DHS now collects  “social media handles, aliases, associated identifiable information, and search results” on immigrants, naturalized citizens, and permanent residents. That’s basically a list of people’s pseudonyms and online aliases they ever used online.

DHS also updates its Intelligence Records System database to store “public-source data” on citizens. This includes information from social media, commercial data providers, news media outlets, and the Internet. So, besides your name, date of birth, credit score, and Social Security number, the government wants to store your online identity and all the things you ever said online.

  • In a similar way, French ISPs store user data for a year. State agencies can access that data without a warrant. Moreover, the ISPs are obliged to monitor online behavior of their users and report anything they deem as suspicious. Law enforcement and ISPs install spyware and keyloggers on users’ devices. The French Intelligence Act and emergency powers allow authorities to search electronic devices of citizens without warrants.
  • Germany’s BND has extensive surveillance privileges, too. The German data retention laws let authorities keep user data for up to 10 weeks, while BND is allowed to spy on Germans and foreigners without a warrant.
  • The Australian state surveillance and censorship laws grant authorities unprecedented powers. The Australian Data Retention Act obliges ISPs to store user data for two years. In the meantime, any state entity from law enforcement to the post office have unrestricted access to that data.
  • The UK’s Investigatory Powers Act, aka the Snoopers Charter, grants the UK authorities permission to spy on all means of communication, including the Internet.

The combination of laws and international treaties allow the governments of the 14 Eyes countries to force VPNs to secretly hand customer data to spy agencies. This effectively turns VPNs into a powerful tool for mass surveillance.

The bottom line? Always research a VPN provider’s HQ location and the data retention laws that govern the company’s activities.

Countries That Have Banned VPNs

Traditionally authoritarian regimes such as China, Russia, North Korea, and Iran have banned or are in the process of enforcing new laws that ban the use of VPNs and other anonymizers.

Why countries ban VPNs:

  • To monitor citizens’ online activities
  • To censor the free speech
  • Silence the dissidents
  • Manipulate information
  • Cap protests
  • Out of religious considerations

For instance, Oman, Sudan, Singapore, Yemen, South Korea, Eritrea, Ethiopia, Saudi Arabia, Vietnam, Myanmar, Thailand, UAE, and Pakistan censor the free speech to preserve traditional social values. While Jordan, Lybia, Myanmar, Uzbekistan, and China – to maintain political stability. Cuba, Russia, Morocco, Turkey, North Korea, and India ban VPNs out of considerations of national security.

Top Internet-Censoring Countries

Well-intentioned users, bloggers, and journalists are finding it increasingly difficult to access the content that’s beyond the state-imposed limit of “permitted” information. Internet censorship is not just about blocking objectionable material because average people get prison sentences for blogging.

According to the Committee to Protect Journalists, top censoring states are also top countries with record numbers of jailed journalists for “crimes against the state.” China and Middle Eastern nations, as well as Muslim-dominated countries, are prominent censors of “subversive” content online.

  • North Korea is, unsurprisingly, one of the world’s leaders in Internet censorship, with only about 4% of the population enjoying access to the Internet, whereas the rest can only access the tightly controlled intranet.
  • Saudi Arabia censors the Internet out of religious considerations, blocking nearly 500,000 websites containing anti-Islamic content. The Royal Decree on Press and Publications, the Basic Law of Governance are boosted by the Ministry of the Interior Affairs that routes the Internet traffic of an entire nation through a central point, where it gets analyzed. To be a blogger in Saudi Arabia, you need a special license from the Ministry of Culture and Information.
  • Iran cracks down on journalists and bloggers. If you want to blog in Iran, you also need a license from the Ministry of Art and Culture. Posting content that’s anti-government and anti-Islam is a criminal offense that leads to a prison sentence.
  • Vietnam allows its citizens to access the Internet, but tech companies like Yahoo, Google, and Microsoft have to hand over the names of bloggers to the Vietnamese authorities.

Various social media sites are banned in China, North Korea, and Turkey. In the Western countries, the right to be forgotten sends shock waves across the nations. The French National Committee on Informatics and Liberties (CNIL), for example, ordered Google to comply with the EU rule, which makes it possible to manipulate publicly available information. The critics of the right to be forgotten say it is a powerful tool for the politicians, as any official competing for an elected position can “fix” their past.

The Future of VPNs

Considering the scale of tracking, censoring, and profiling, it’s no wonder that the VPN industry has exploded in the past few years. By encrypting your traffic and hiding it from Internet Service Providers, hackers, and snooping governments, VPNs restore the online freedom and privacy we lost.

More than 80% of Americans are concerned about how companies use their data while ad blockers, VPNs, and anonymizers are becoming the new norm for average users seeking privacy.

Every year, Global Web Index polls more than 200,000 Internet denizens in 34 countries about their online behaviors, including the use of VPNs. In 2017, the industry is booming since one in four people globally use a VPN to access the Internet. That’s 25% of the world’s population.

Asia and the Middle East are the leading consumers of VPNs, with Vietnam, Thailand, Saudi Arabia, Turkey, India, and UAE topping the charts.

The countries with least VPN usage are Canada, Australia, Japan, Poland, France, and the Netherlands. The respondents use VPNs to:

  • Access geo-blocked streaming services
  • Access state-censored networks and sites
  • Browse anonymously
  • Communicate with relatives abroad
  • Access news websites restricted by the government
  • Bypass employer-imposed restrictions when at work
  • Torrent
  • Have privacy when going online

The demand for online privacy continues to grow. At the same time, the urge to access geo-blocked streaming services will keep fueling the VPN industry even further. Even the governmental crackdown on VPNs doesn’t seem to be capable of closing the lid on the blossoming market – a market that sells online freedom and privacy.

Latest VPN News and Case Studies

VPNs have become an indispensable tool for privacy-minded denizens after Edward Snowden revealed the monumental scale of global mass surveillance. As security experts continue to advocate the use of VPNs – and governments step up online policing – millions of people turn to VPNs for protection.

The “control what you fear” mindset urges corporations, data brokers, and governments to seek control over the VPN industry. If imposing that control is impossible, authorities restrict VPNs. Staying on top of the legislative, geopolitical, and corporate news that affects online privacy is critical if you are a VPN user.

A VPN isn’t just for accessing streaming services, but also for work, freedom of speech, and privacy. So, state and private entities will continue to seek ways of imposing their control on the open, uncensored, free Internet without borders.

Netflix Cracks Down On VPNs

One of the most glaring cases of a corporate crackdown on VPNs is Netflix. The world’s largest film and TV streaming provider heavily invests in blocking VPN users from accessing its content. The company relies on a long outdated geo-based distribution model that divides its users into tiers. US-tier users have access to the significantly larger repository of Netflix content than everyone else. Subscribers based in other countries can only access the content Netflix makes available in their country.

Not only the availability of content is tiered by country, however. Pricing varies from country to country. Case in point – Australia, where the streaming giant hiked the prices by up to 20%. Not only Aussies get access to less content, but they also get to pay more than the US users. By aggressively blocking all VPN users Netflix also cuts out a significant number of US expats living or working abroad, and well-intentioned customers who use VPNs for privacy.

As a result, many VPN providers found some of their IP ranges blacklisted by the streaming service even before they were active. Industry experts believe Netflix blocks IPs from certain organizations by default. Some suspect Netflix also caps the number of logins from a given IP address. When that limit is exhausted, it blacklists the address, too.

Unsurprisingly, VPN providers report a lot of their shared IP addresses have been blacklisted. What that means for casual VPN users is even if a VPN successfully bypasses the Netflix VPN guard once, there is no guarantee it will happen the next time. Many – if not most – VPN providers advertise access to Netflix US as one of their bait features. In reality, however, more and more VPNs get blacklisted, and adding new servers provides only a short-term remedy.

China and Russia Ban VPNs

First the Chinese and then the Russian government announced their plans to block the use of VPNs. Given the history of blocking free speech and monitoring their citizens, the governmental crackdown on VPNs in these countries comes as no surprise.

China censors many websites, including YouTube and Twitter, so Chinese denizens rely on VPNs for basic freedom of speech. But now the Chinese authorities order the national ISPs to block VPNs starting February 2018. In the future, operating a VPN in China without a corresponding telecommunications license would be a criminal offense. Already, Apple has removed some of the VPN apps from its App Store, while people get prison sentences for distributing access to the Virtual Private Networks in China.

Russia may not block access to Twitter, but its censorship is of gargantuan proportions, too. When state- and corporate-owned media are corrupt, the anti-government opposition relies on the Internet and social media. So, Russian government chose to emulate the Chinese approach to Internet censorship, and ban the use of VPNs and other anonymizing technologies as of November 2017. Human rights and anti-censorship organizations express concern that these events are the shape of things to come. Governments worldwide increasingly monitor and censor the Internet activities of their citizens and citizens of other countries.

From Iran to the South and North Koreas, from Saudi Arabia, Syria, Vietnam, and Yemen to Cuba, India, and Turkey, VPNs get banned. Many hope the VPN ban in Russia and China may be temporary measures, but it’s clear governments are developing a growing appetite for online policing.

The concept of privacy online might become extinct if Western governments adopt the same approach. On a side note, many corporate and state players act discreetly. Instead of imposing draconian VPN bans that cause mass outrage, they take control over VPN services to monitor user activities. Case in point – Hotspot Shield.

VPN Providers Snooping On Users

Security experts blacklist all VPN providers based in the 14 Eyes countries because of data retention laws and mass surveillance in these countries. So, decent US businesses with great work ethic end up at the bottom of the list for privacy-minded folks.

Making matters worse, the recent news of a US-based VPN Hotspot Shield snooping on its users does a bad favor to all American vendors. A privacy advocacy group Center for Democracy and Technology (CDT) filed a 14-page long complaint to the Federal Trade Commission against Hotspot Shield for violating its own Privacy Policy.

While promising complete anonymity, the VPN provider allegedly engages in systematic intercepting, tracking, and collecting its customers’ data. The CDT and Carnegie Mellon University conducted a profound investigation of the providers’ practices and discovered that Hotspot Shield logs connections and monitors customers’ browsing habits.

Moreover, according to the research, the service also redirects online traffic to partner websites and sells users’ data to advertisers and data brokers. In the world of VPNs, such discovery is a death sentence. More so with the provider injecting Javascript code via iframes for tracking and advertising purposes.

Reverse-engineering of Hotspot Shield source code found that the VPN deploys more than five third-party tracking libraries. If that does not sound bad enough, the apps were found to disclose sensitive data such as names of wireless networks, device IMEI numbers, and unique identifiers like Media Access Control addresses.

These findings cast a shadow on the VPN industry as a whole. Since privacy and encryption are the current buzz words, opportunistic and downright malicious parties are jumping on the bandwagon. Offering great deals and promising complete anonymity online, they do exactly the opposite.

Opportunistic and Downright Malicious VPN Providers

A research paper by Commonwealth Scientific and Industrial Research Organization (CSIRO) all but destroys the niche of free VPN apps for mobile devices. Having studied 283 free Android VPN apps on Google Play, Australian researchers found that:

  • 75% use third-party tracking libraries
  • 82% access sensitive data such as text messages and user accounts
  • 38% are malware (spyware, trojan, adware)
  • 84% expose users’ real IP via IPv6 DNS leaks
  • Four apps intercept user traffic sent to secure HTTPS connections

Governments step up blanket surveillance; copyright trolls hunt down torrenters; corporations track and profile users worldwide. So, users turn to VPNs en masse. A sharp spike of interest in VPNs has given rise to a horde of opportunistic and malicious companies exploiting the trend. To filter out such ill-intentioned providers, consider the following:

  • Steer clear of free VPNs – if the VPN is free, the provider profits from selling your data.
  • Reputable VPNs do offer free services – but they are extremely limited because they aim to entice users into subscribing to the paid plans. If an offer sounds too good to be true, it most likely is.
  • Due diligence – always research a provider as you would research a car dealer. Read the BestVPN.org reviews, search for user feedback, and scrutinize providers’ Terms of Service and Privacy Policy.

Chances are you’ll blacklist many providers during the research stage.

Beginner’s Guide to VPN Terms

vpnforbeginners

Considering the scale of tracking, censoring and profiling, it’s no wonder that the VPN industry has exploded in the past few years. By encrypting your traffic and hiding it from Internet Service Providers, hackers, and snooping governments.

More than 80% of Americans are concerned about how companies use their data while ad blockers, VPNs, and anonymizers are becoming the new norm for average users seeking privacy.

A VPN is a must-have tool if you want to protect your right to privacy, your devices from getting hacked, and stop your ISP from snooping on you. Luckily, VPN providers are many, and with due diligence, you can realistically find a reliable – and affordable – one. Keep in mind, however, that to stay relevant and competitive, many VPN companies make false claims that they provide complete anonymity and zero logs when in reality users are tricked by tech mumbo-jumbo and the providers offer minimal – or no – transparency on the technology they use or how they handle user data.

I compiled the following list of VPN Frequently Asked Questions and common VPN terms with the aim of not only helping beginners sort out the basics of VPN, but to also cast light on the common myths and untruths about VPNs.

If you're just looking to start using a VPN, check out our top 3 VPN choices (along with reviews of the most popular providers).  

Note: Before going any further, there is one thing you should know – a VPN does not make you anonymous. It will improve your privacy provided you choose the right service. Don’t treat a VPN as a panacea to all online threats and mass surveillance. It’s just a capable technology everyone should be using in these rough dystopian times. A VPN is by no means a tool for illegal activities.

VPN Basics

What does “VPN” stand for?

Virtual Private Network. (It’s ok, a lot of people don't know.)

What is a VPN?

A VPN is an online service that encrypts and tunnels your Internet traffic through its server. By encrypting your data, your browsing activity is private and hidden from ISPs, hackers, and state surveillance.

Additionally, using a VPN allows you to stream and game content as you wish regardless of the location you're in – technically speaking, it unblocks geo-restricted websites. 

Lastly, browsing through a VPN allows you to bypass censorship from political, religious, or corporate entities for unbridled freedom of speech. 

What are other benefits to using a VPN?

  • Protect your personal information online with encryption
  • Shop safely with a static IP
  • Access geo-restricted media content
  • Unblock VoIP applications (i.e., Skype, Google Voice, etc.) from countries that block them (e.g., Belize and Dubai)
  • Use public Wifi securely
  • Prevent your ISP from snooping on you
  • Keep hackers, data brokers, and surveillance agencies at bay

Why use a VPN?

VPNs mainly restore online freedom and privacy that is lost in the internet of today. One in four people globally use a VPN to access the Internet. (That’s 25% of the world’s population.)

I just mentioned some of the reasons you'd use a VPN, but there are even more. Here are the most common reasons people tend to use VPNs:

  1. Access geo-blocked streaming services
  2. Access state-censored networks and sites
  3. Browse anonymously
  4. Communicate with relatives abroad
  5. Access news websites restricted by the government
  6. Bypass employer-imposed restrictions when at work
  7. Torrent
  8. Have privacy when going online

If you've ever traveled extensively – or if you live in a country that prohibits certain websites/online tools/apps – you know that a using a VPN is essential for a smooth and seamless online experience.

Do I need a VPN?

Not everyone needs a VPN – but just about everyone could benefit from using one. Not to mention, there are certainly people that should start using a VPN immediately. Are you one of those people? 

You are if any of these benefits sound like indispensable benefits to you:

  • Your Internet Service Provider can’t see what you’re doing online
  • You can spoof your location, i.e., appear as if connecting from another geographical location
  • You can bypass state censorship and access websites and services banned in your country
  • You can access geo-blocked streaming and gaming services
  • You can circumvent employer- or school-imposed restrictions
  • Patent trolls won’t be able to track you
  • You can enjoy P2P sharing
  • Hackers preying on unsecured public Wifi hotspots won’t be able to intercept your traffic

Think you don't need a VPN? That's OK – but keep in mind that the following applies to all of your internet activity (including your phone, tablet, and other internet-connected devices).

  • Your unencrypted traffic goes through your Internet Service Provider (ISP)
  • Your ISP can see all of your online activity
  • Hackers can intercept your data
  • Data Brokers can profile you
  • State Surveillance knows what you’re up to online
  • Your experience of the internet can be censored/restricted
  • Your IP address is generally exposed
  • Your personal information is not secure
  • You can’t express opinions freely
  • Your ISP will log your activities and throttle your speed when they see fit
  • Your ISP blocks content based on local censorship laws
  • You can’t access international sites that block access from foreign countries
  • Your devices are vulnerable to malicious attacks
  • Every time you connect to public Wifi, you run the risk of getting hacked

How does a VPN work?

Besides masking your IP address, a VPN also protects your data by encrypting it. In layman terms, encryption is data conversion from plain text anyone can read to cipher that can only be read by authorized users. Encryption does not prevent hackers from intercepting your data. Instead, it makes your data unreadable. To encrypt your data, a VPN uses protocols – PPTP, L2TP, OpenVPN, SSTP, and IKEv2.  While these are quite technical, you should know that:

  • OpenVPN is the current golden standard for all privacy wonks out there.
  • Avoid PPTP at all costs.
  • L2TP IPSec is not recommended for use on mobile devices.

What can’t VPNs do?

While VPNs improve your online privacy and security, they can’t:

  • Provide complete anonymity.
  • Prevent websites you visit from tracking you (cookies, browser fingerprinting, beacons).

Are VPNs legal?

In most Western countries – yes.  In countries with authoritarian regimes – no. Currently, a host of countries in the Middle East, as well as countries with authoritarian, pro-Muslim regimes, have banned the use of VPNs.

China, North Korea, Saudi Arabia, India, Turkey, Iran, Russia, Thailand, and another couple of dozen of countries have banned VPNs. In these countries, using a VPN is illegal, but selling access to VPN can land you a prison sentence.

Unsurprisingly, Asia and the Middle East are the leading consumers of VPNs, with Vietnam, Thailand, Saudi Arabia, Turkey, India, and UAE topping the charts. The countries with least VPN usage are Canada, Australia, Japan, Poland, France, and Netherlands.

How do I use a VPN?

To use a VPN, you need to subscribe to a VPN service. Prices differ, and many providers offer free trials. On average, expect to pay $4-$12 per month – long-term plans usually offer significant discounts.

Note: You still need your ISP-provided Internet connection to use a VPN. 

VPN Security

Are VPNs secure?

It depends on your threat scenario. If you want to access streaming and gaming services like Netflix, Hulu, or Steam US libraries, a VPN alone is enough. Likewise, if you use public Wifi frequently, you’re safe with a reliable provider.

On the other hand, if you need to avoid state surveillance, you shouldn’t rely on a single privacy tool to protect you. A combination of a VPN, Tor browser, The Onion Router, or I2P is necessary to isolate one layer of security from another. With that in mind, you should understand that even advanced setup won’t help if state surveillance targets you.

If you need a VPN for online privacy, you want to investigate a prospective provider’s background, especially their jurisdiction, applicable data retention laws, privacy policies, and customer feedback.

Is torrenting through a VPN safe?

If a provider explicitly permits P2P and lists servers that support torrenting – you’re good. However, you should first run a few security checks for DNS leaks to make sure your VPN does not leak your real IP address.  

When you are torrenting without a VPN, everyone downloading the same file can see your IP. With a VPN enabled, they will see your fake, VPN-provided IP address.  

Lastly, here's an important note regarding copyright infringement notices: VPN providers routinely receive copyright infringement notices (because, in the end, you are using their IPs). VPN companies take different approaches Some providers will hand over the customer details of infringing users. Others may just disconnect repeat offenders. Some companies “silently ignore” DMCA notices. If you want to engage in P2P, look for companies that do the latter.

Am I safe when using public Wifi hotspots with a VPN?

In most cases, yes. VPNs encrypt the traffic between your device and VPN servers. So, hackers won’t be able to read your data. If you happen to connect to a fake Wifi hotspot some entrepreneurial hackers set up in public places, and they manage to intercept your traffic, all they will see is encrypted gibberish.

Am I anonymous when browsing through a VPN?

No. Many providers advertise complete anonymity online. What they’re not telling you is:

  • Their ToS and Privacy Policy contain the fine print that suggests logging.
  • Their Privacy Policy states “we don’t log” without going into the detail.

Example:

Hotspot Shield website:

Hotspot Shield Privacy Policy:

Also, you have no way of knowing how credible a zero-logs claim is, especially since running a massive IT infrastructure with NO logs is impossible.

Remember:

  • A VPN does not make you anonymous but greatly increases your security and privacy online.  
  • A VPN provider usually knows who you are and what you’re up to online.
  • So, if privacy is a concern, you want to choose a transparent vendor.

Additional things to consider:

  • Data retention laws – in many countries, law enforcement can compel a company to log user activity and hand it over to authorities. So, you must be aware of where the company is headquartered and what laws govern its customers’ data.
  • Switzerland, Romania, Seychelles, Hungary do not require that providers keep user logs.
  • VPN companies that focus on privacy will accept gift cards, cash, or Bitcoin, and will not require your real name, phone number, address, or banking details.

Why do connection speeds drop when I connect to a VPN?

First of all, to use a VPN you need to have a stable Internet connection with your ISP. You can’t have a Dial-Up connection. Assuming your base connection speeds are decent, some factors may affect your speeds when you connect to a VPN:

  • If you use an encrypted connection, such as OpenVPN 256-bit AES, your speeds will drop because encryption requires processing power and time. The stronger the encryption, the greater is the speed drop.
  • If you connect to servers located at a great distance from where you physically are, your speeds will drop even greater. The further the server, the slower your speed.
  • If you connect to a nearby server, your speed drop should be minor.
  • The server you’re connected to is loaded (too many people using it at the same time).

In some cases, your speeds may improve with a VPN if a provider has a large server coverage with ample bandwidth. 

Tip: Connect to a VPN server that’s closest to a) your real location, b) the location of the service you need to access.

Choosing a VPN

How to choose a VPN?

Choosing a reliable provider with good work ethic is hard work in and of itself. Due diligence is inevitable. So, consider:

  • Privacy and Logging – All VPNs promise privacy and anonymity. However, there are ways to tell the truth from lies. See below for more information on privacy and zero logs.
  • Security – The provider must explain the technology used to ensure your secure browsing. Is OpenVPN supported? How good is encryption?
  • Cross-platform – If you plan to use VPN on various devices, desktop, and mobile, inquire into the availability of native apps. If there is no native app, will you be able to set up the open-source OpenVPN client?
  • Simultaneous Connections – How many devices do you plan to connect to VPN simultaneously? Does the provider allow multiple simultaneous connections, and if yes, how many?
  • Speed – Test, test, and test. Speeds, when using a VPN, differ greatly and depend on a variety of factors – your ISP speed, the location of remote servers, server load, and more.
  • Server Coverage – Check if the provider offers ample server coverage in the country into which you need to spoof.
  • Tech Support – Is live chat available 24/7? This is vital if you lack technical skills.
  • Free Trial – Sometimes, a brief trial is enough to see that a VPN doesn’t meet your requirements. Many providers offer free trials (several hours to several weeks).|
  • Money-back guarantee – Many providers have no-questions-asked money-back guarantee; others apply draconian restrictions on their refund policies. Always read customer feedback – some providers ignore such requests even though their ToS promise a rock-solid refund.

The criteria for choosing a decent VPN are many. Some users want access to Netflix US, and that requisite will govern their choice. The above are just a few factors you want to consider before you subscribe to anything.

What makes for a good VPN provider?

  • Has a reputation of excellence
  • Offers broad network of servers
  • Does not log your activity
  • Does not censor the Internet
  • Provides prompt and professional support
  • Supports OpenVPN, PPTP, L2TP, and SSTP
  • Does not leak your real IP address
  • Does not throttle your speed
  • Does not limit data transfer amount
  • Delivers reliable speeds
  • Supports many platforms
  • Does not make false promises
  • Is transparent about its technology, privacy policies, and jurisdiction
  • Allows to subscribe and pay anonymously

What makes for a bad VPN provider?

A research paper by Commonwealth Scientific and Industrial Research Organization (CSIRO) all but destroys the niche of free VPN apps for mobile devices. Having studied 283 free Android VPN apps on Google Play, Australian researchers found that:

  • 75% use third-party tracking libraries
  • 82% access sensitive data such as text messages and user accounts
  • 38% are malware (spyware, trojan, adware)
  • 84% expose users’ real IP via IPv6 DNS leaks
  • Four apps intercept user traffic sent to secure HTTPS connections

Governments step up blanket surveillance; copyright trolls hunt down torrenters; corporations track and profile users worldwide. So, users turn to VPNs en masse. A sharp spike of interest in VPNs has given rise to a horde of opportunistic and malicious companies exploiting the trend.

To filter out such ill-intentioned providers, consider the following:

  • Steer clear of free VPNs – if the VPN is free, the provider profits from selling your data.
  • Reputable VPNs do offer free services – but they are extremely limited because they aim to entice users into subscribing to the paid plans. If an offer sounds too good to be true, it most likely is.
  • Due diligence – always research a provider as you would research a car dealer. Read the BestVPN.org reviews, search for user feedback, and scrutinize providers’ Terms of Service and Privacy Policy.

Do I need to read a VPN’s privacy policy?

You want to ask providers a series of critical questions to see if they are transparent, or pinpoint if something seems off. So, yes, you need to read the document.

Many providers claim to keep zero logs while in reality they are tracking and profiling their users.  Often, the lengthy Privacy Policies and Terms of Service (ToS) weave a complex web of shady legalese that does explain the extent of logging they deploy. In this case, providers hope users never read them. But since you agree to the ToS and Privacy Policy, you can’t blame the provider for lying.

In other words, it’s your job to read the fine print. Also, if security is a priority for you, make sure to read in-depth reviews before committing.

  • A decent VPN company is transparent about its logging practices and wipes the logs regularly.
  • Consider that in some countries, law enforcement can compel a zero-logs provider to record data on a particular user.
  • Avoid providers based in the Fourteen Eyes countries.

Other questions you should consider:

  • For how long does the company retain logs?
  • What personally identifiable data does the company retain?

Commercial VPNs vs. free VPNs

You’re better off with a paid subscription because if a provider’s customer base is 90%+ free users, their monetization model is based on tracking you and selling your data. Many reputable VPNs offer free limited accounts to entice users into subscribing to their paid plans. For instance, if you need a VPN once in a blue moon, you might as well make do with such a limited account. If you intend to use VPN on a daily basis, consider paid subscriptions.

VPNs on mobile devices

A VPN makes use of the Internet but protects your privacy by implementing tunneling protocols, encryption, authentication, and other security procedures. VPNs secure your data to and from your devices. Traditional VPNs for desktop platforms are based on OpenVPN, SSL, IPSec and other protocols, and can provide a high level of security if configured properly.

VPNs and challenges of mobile connectivity

VPNs on desktop platforms work well when connected to a fixed remote access point, such as your LAN or WiFi characterized by low delay and jitter and high bandwidth. But they don’t handle some of the challenges your mobile devices face on a regular basis:

  • Coverage gaps
  • Inter-network roaming
  • Bandwidth limitations
  • Battery drain
  • Limited memory of mobile devices
  • Limited processing power of mobile devices
  • Lack of support for tunneling protocols in some mobile platforms

Although smartphones and tablets are becoming more powerful with each new generation, the above problems persist. As a result, not all VPNs will work on your smartphone or tablet.

A mobile device often roams, loses coverage or hibernates to save power, so these connectivity problems are common. When wired VPN technology is applied to mobile devices, you experience data loss, slow speeds, multiple login attempts to re-establish the connection.

For instance, when you are on the move, your phone bounces from WiFi to 3G or 4G and back again, or from one 4G network to another. It’s not uncommon for VPNs to lose connection each time a phone switches networks. Some VPNs get disconnected never to reconnect until you do it manually. Others get caught in endless loops of reconnecting and failing to secure your connection. And the only way to troubleshoot this is to reboot your VPN app manually.

Also, a VPN that provides the ultimate protection in its desktop version may actually use weak encryption and vulnerable tunneling protocol in its mobile version due to mobile OS limitations. In which case, your data is not nearly as protected as with a desktop VPN. As a result, your mobile VPN may be leaking your IP, location, and identity.

Some VPN providers provide OpenVPN and strong encryption for mobile platforms, but their solutions aren’t always user-friendly and apt for average users. Installing a third-party OpenVPN app and adding configuration files may be easy if you’ve done it a hundred times. But for a first-time user, it’s a tedious, mind-numbing process.

Apple’s iPhone users are especially affected since Apple makes it harder for VPNs to support OpenVPN. It’s no wonder few VPNs offer OpenVPN for iOS and those that do come with a complicated setup.

VPNs optimized for mobile

A VPN for your phone must be optimized to handle the problems of mobile communication and mitigate for, minimize, or bypass them:

  • Mobile VPNs typically deploy advanced data compression to increase the throughput and improve performance in wireless networks with limited bandwidth.
  • A well-optimized VPN for mobile has a much smaller memory footprint and consumes less processing power than its desktop VPN version.
  • An optimized mobile VPN app doesn’t clog your device’s resources, enabling other apps to run faster, while the battery lasts longer.

A mobile VPN should provide the session persistence and seamless roaming to achieve reliable connectivity and smooth user experience when your phone switches networks. It should keep you connected while maintaining the same session, and without interrupting your apps. You should be able to switch from WiFi to mobile data or from one 4G network to another without having to reboot your network or VPN manually.

Many mobile VPNs are actually harmful

The booming popularity of VPNs gave life to an avalanche of VPN services that do a sub-par job of protecting your data. It is especially true when it comes to VPNs on mobile devices.

Australia’s Commonwealth Scientific and Industrial Research Organization (CSIRO) recently tested 283 most popular Android VPN apps on Google Play:

  • 18% don’t encrypt traffic in their tunnels, leaving users exposed to MITM attacks and eavesdropping
  • 75% use third-party tracking libraries
  • 82% access sensitive data, including user accounts and text messages
  • 84% don’t encrypt traffic properly
  • 66% marketed themselves as improving user privacy
  • Tens of millions of users run these VPNs

In layman terms, the majority of mobile VPNs don’t offer the privacy and security that are the entire point of VPNs in the first place. In fact, there are more dubious – and harmful – VPNs for mobile platforms than reliable ones. Many mobile VPNs, in essence, abuse users’ trust and lack of technical skills to analyze their specs for potential flaws.

The biggest privacy offenders are, of course, free VPNs. In most cases, a free VPN’s business model involves logging and selling user data, as was the case with Hotspot Shield, Hola, and many others. You might want to give my roundup of the worst VPNs and scams a quick read.

But using a paid VPN doesn’t always guarantee reliability. Although paid VPNs are financially motivated to protect your privacy, they do not necessarily deploy strong security and privacy protections on mobile.

That’s why you shouldn’t choose a VPN based on its price tag alone but account for its technical specs, logging policies, as well as its jurisdiction, and transparency.

If in doubt, opt for a company that’s well-known, has a positive reputation, is headquartered beyond the 14 Eyes territories, and at least makes an effort to be transparent about its mobile technology and privacy policy.

When to use a mobile VPN

You are well-advised to use a VPN on mobile:

  • When you travel or commute to address inconsistent network performance
  • When you work remotely to protect your sensitive data
  • Always with public WiFi
  • When streaming music and videos online to bypass your ISP data throttling and buffering
  • Always when streaming with Kodi while circumventing geo-restrictions

If you rely on your mobile devices to stay productive, consider installing a reliable VPN vetted by security experts rather than a popular free app.

How credible are VPN reviews?

You need to understand that VPNs are businesses that navigate in an unregulated online realm. Some engage in quite shady marketing strategies, where cash flowing through sponsored reviews and affiliate programs to bloggers and major websites inflates their ratings. Competition in this business is anything but healthy. So you want to be critical of reviews and charts on the mainstream news outlets.

How to tell if a review is not trustworthy:

  • It praises a provider with a known track record of selling out its users.
  • A review gives a high score to a company that is criticized by security experts or is under investigation.
  • A review is too positive and lacks reasonable criticism, or sounds like an ad.
  • If a major website keeps rotating the same big-name providers in every single roundup.

Tip: One reasonable and trustworthy review is never enough, though. Browse for user feedback on Reddit or GitHub; ask a tech-savvy local community.

VPNs, Censorship, and Privacy Rights

Which countries have banned VPNs?

Traditionally authoritarian regimes such as China, Russia, North Korea, and Iran have banned or are in the process of enforcing new laws that ban the use of VPNs and other anonymizers.

Why countries ban VPNs:

  • To monitor citizens’ online activities
  • To censor the free speech
  • Silence the dissidents
  • Manipulate information
  • Cap protests
  • Out of religious considerations

For instance, Oman, Sudan, Singapore, Yemen, South Korea, Eritrea, Ethiopia, Saudi Arabia, Vietnam, Myanmar, Thailand, UAE, and Pakistan censor the free speech to preserve traditional social values. While Jordan, Lybia, Myanmar, Uzbekistan, and China – to maintain political stability. Cuba, Russia, Morocco, Turkey, North Korea, and India ban VPNs out of considerations of national security.

  • North Korea is, unsurprisingly, one of the world’s leaders in Internet censorship, with only about 4% of the population enjoying access to the Internet, whereas the rest can only access the tightly controlled intranet.
  • Saudi Arabia censors the Internet out of religious considerations, blocking nearly 500,000 websites containing anti-Islamic content. The Royal Decree on Press and Publications, the Basic Law of Governance are boosted by the Ministry of the Interior Affairs that routes the Internet traffic of an entire nation through a central point, where it gets analyzed. To be a blogger in Saudi Arabia, you need a special license from the Ministry of Culture and Information.
  • Iran cracks down on journalists and bloggers. If you want to blog in Iran, you also need a license from the Ministry of Art and Culture. Posting content that’s anti-government and anti-Islam is a criminal offense that leads to a prison sentence.
  • Vietnam allows its citizens to access the Internet, but tech companies like Yahoo, Google, and Microsoft have to hand over the names of bloggers to the Vietnamese authorities.

Why avoid VPNs based in the 14 eyes countries?

Sitting on top of the hackers → tech giants → mass surveillance pyramid is an octopus representing a splice of corporations and states. These countries legitimized mass surveillance by signing an agreement to collect, analyze, and share intelligence cooperatively. VPNs headquartered in the Fourteen Eyes countries are not recommended due to extensive data retention laws, and gag orders that forbid the VPNs to talk about the state requests for user data.

The pro-privacy groups dubbed the members of the treaty The Fourteen Eyes. The alliance currently consists of:

  1. Australia
  2. Canada
  3. New Zealand
  4. United Kingdom
  5. United States of America
  6. Denmark
  7. France
  8. Netherlands
  9. Norway
  10. Belgium
  11. Germany
  12. Italy
  13. Spain
  14. Sweden

Note: these states not only spy on their citizens but also spy on each others’ citizens and exchange that intelligence to avoid breaking domestic privacy laws. The bottom line? Always research a VPN provider’s HQ location and the data retention laws that govern the company’s activities.

Common VPN Terms

What does “zero logs” mean?

You need to understand the difference between usage logs and connection logs. Usage logs are the most compromising. Some providers keep connection logs for a limited time (a few hours to three days), which is a reasonable practice for troubleshooting. If a provider does not even mention deleting connection logs – steer clear.

Connection Logs:

  • Metadata about your connection, such as
  • The time you connect to a VPN
  • For how long you are connected
  • How often you connect to a VPN
  • Amount of data consumed

Usage Logs:

  • Your online activity while connected to a VPN
  • Websites you visit
  • Identities you use

What is a VPN kill switch?

A VPN connection might occasionally fail even with a reliable provider. When the VPN connection drops, your real IP address is revealed. To prevent the occasional connection drops from exposing your data, many VPN providers embed a kill switch into their software.

A VPN kill switch shuts down all your Internet connection whenever your VPN drops out and until the VPN connection is re-established. Alternatively, some VPNs come with a firewall solution that can be configured to act as a kill switch for particular programs instead of shutting down all Internet connection.

What are patent trolls?

Another reason why you don’t want to leak your real IP while torrenting is patent trolls. These are law firms that monitor popular torrenting websites and track down copyright offenders to charge them monumental fines. You don’t want to engage in file-sharing without a VPN in countries with strict anti-piracy laws – Germany, Japan, USA, UK, France, and others.

What is smart DNS?

If the only reason you need a VPN is to bypass geo-blocks from the likes of Netflix, and you couldn’t care less about privacy or security, you’re good with Smart DNS:

  • It’s cheap.
  • The speeds are fast.
  • There is nearly no learning curve with Smart DNS.

The technology behind Smart DNS is much simpler than in the VPN:

  • No encryption.
  • Supports most Internet-enabled devices, even those that can’t run a VPN client (Smart TVs, gaming consoles).

AES

Advanced Encryption Standard, the current golden standard for encryption being the 256-bit AES cipher used by the surveillance agencies. If privacy and security are your priority, always look for VPN providers that rely on AES-256 encryption.

Backdoor

A deliberate weakness in a code that can be used by the developer, law enforcement or hackers to snoop on user activities. The authorities of the Five Eyes countries insist that the tech companies embed backdoors in their products for the sake of national security. This is bad for privacy since backdoors inevitably get exploited by hackers. It’s also bad for business as privacy-minded users turn their backs on the US/Canadian/Australian/British VPNs because tech companies based in these countries can be compelled to cooperate with the three-letter agencies.

Bitcoin

Virtual cryptocurrency that lets you pay for goods and services online and remain anonymous. It’s open-source and peer-to-peer (think BitTorrent). A pro-privacy VPN provider will support Bitcoin payments. If you pay with Bitcoin, the VPN provider will know your IP, but not your real name. Do note, however, that payments made with Bitcoin don’t qualify for a refund with many VPN providers.

BitTorrent, also P2P or File-Sharing

A peer-to-peer (P2P) file-sharing protocol that lets you share files efficiently. The technology itself is legit, and there are many good uses for it, but BitTorrent is also widely used to share copyrighted content illegally. The catch with torrenting is that it’s easy to trace the IPs of all connected seeders and leechers (those downloading and sharing files). That’s where a VPN comes handy to hide your real location. So, if torrenting is on your mind, look for a VPN that allows P2P and has a clear stance on torrenting. The rule of thumb when torrenting is to choose the servers located outside the countries with strict copyright laws like Germany, France, Japan, USA, or the UK.

Browser Extension or VPN Add-On

Some VPNs offer a browser extension (i.e., for Chrome, Firefox, Opera). Whereas a desktop VPN program tunnels all your traffic through the VPN, a browser extension only tunnels your browser traffic, letting your other applications connect to the Internet the usual way.

Cipher or Protocol

A math algorithm VPNs use to encrypt your data like the OpenVPN, PPTP and L2TP/IPSec. The golden standard for the VPNs is the OpenVPN protocol.

Connection Logs or Metadata

Records that the VPN providers might keep on you. The catch is that most VPNs claim to be zero-logs, but in reality do log some of your data (your IP, when you connect and for how long, etc.). What they log varies by provider. For instance, some keep no activity logs but keep metadata logs, and some keep no logs at all. Still, and I can’t stress this enough, never commit to a long-term subscription without reading VPN’s ToS and Privacy Policy.

Copyright Trolls

Legal firms that hunt down users sharing copyrighted content via P2P torrenting. They monetize on legal prosecution and cash settlements. Copyright trolls monitor websites like The Pirate Bay to track users’ IPs and then identify the offender. In some countries like Germany and France, copyright trolls are a tangible threat, so VPNs have become indispensable protection tools for those looking to torrent.

Data Authentication

A cryptographic hash used to verify encrypted VPN connections. OpenVPN uses SHA-1, while the providers that are at the top of their game offer more secure SHA256, SHA512, or SHA3 data authentication.

DNS

Domain Name System that translates the websites’ web addresses (URLs) into their numerical IP addresses used by computers. Every device and connection have their unique IP address. Traditionally, DNS translation is handled by your internet service provider (ISP).

DNS Leak

Since the IP address of the server that translates your computer’s numeric address into web address is easy to detect; a VPN should route all your DNS requests through the VPN tunnel. When you’re using a VPN, the VPN provider must resolve these DNS requests, not your ISP. You can check if your VPN is leaking your DNS by running this quick online test. If the test detects a DNS leak, your DNS requests are processed by your ISP, and not your VPN provider. Look for a provider offering a DNS leak protection.

Data Retention

Many countries have data retention regulations that compel the internet service providers to keep users’ data and share it with law enforcement or surveillance agencies. In some countries, the data retention period is 12 months, in others as long as 2-5 years. In Germany, for instance, ISPs are authorized to install keyloggers on citizens’ devices. It’s important to know the jurisdiction of your VPN provider because in some countries VPNs can be compelled to cooperate with law enforcement, keep logs, and share them with the surveillance agencies without prior notice to the user. Privacy advocates recommend steering clear of the VPN providers based in the Five Eyes countries, and be cautious with providers headquartered in the 14 Eyes countries due to their intrusive data retention laws.

Encryption

Scrambles or encodes your traffic to protect it from unauthorized access using a sophisticated cipher. It may take years for a computer to break strong encryption. Without encryption, just about anyone can snoop on your online activities. Currently, encryption is the only accessible tool for the common folks who seek to protect their privacy and security online. Still, not all encryption is made equal. Many providers advertise end-to-end encryption since it’s a buzz word that sells, but embed a backdoor that enables covert snooping (think WhatsApp encryption). Overall, if a provider holds the encryption keys, you must have valid reasons to trust they’re not using them to snoop on you.

End-to-End Encryption

Your data is encrypted while in transit (as it travels the Internet) and at rest (as it resides in your cloud storage or email server). When you and only you, or you and your trusted recipient, have the encryption key, end-to-end encryption works. When the provider (cloud storage, email provider, or the VPN provider) holds the keys, the security is controversial. For one, a provider can be hacked – think Yahoo hack that exposed the passwords of a billion of Yahoo users. Also, when a provider keeps your keys, they can be compelled to hand them over to law enforcement. Therefore, only zero-knowledge providers (that don’t have access to your keys) offer truly-secure service. But you won’t be able to request a password recovery with a zero-knowledge provider. In the world of the VPNs, end-to-end encryption is considered reasonably secure, but some other factors need to be considered like data retention laws, jurisdiction, and logging and privacy policies.

Five Eyes

Australia, Canada, New Zealand, United Kingdom and the United States of America cooperatively collect and share intelligence not only on their adversaries but also on each other’s citizens and share that data to avoid breaking domestic surveillance restrictions. If you seek privacy, avoid VPN providers based in these countries.

Fourteen Eyes

the countries of the Five Eyes cooperate with and share intelligence on foreigners and their own citizens with other countries (Denmark, Netherlands, France, Norway, Belgium, Germany, Italy, Spain, and Sweden), and spy on each other.

Geo-Blocks, Geo-Restrictions

An outdated, medieval and barbarian if you ask me, but still relevant monetization model used by some streaming services like Netflix, Hulu or BBC iPlayer. Geo-restriction blocks access to the service, or parts of it, to users located outside of a certain white list of locations. For instance, you can’t access BBC iPlayer from outside the UK. Netflix US is inaccessible from anywhere but the US. Worse yet, Netflix uses region-based fees that force non-US users to pay up to 20% more than what the US users pay (I feel your pain, Aussies). Some VPNs unblock these geo-restrictions, others only claim they do, while some providers explicitly say they don’t. Netflix invests heavily into its anti-VPN force, so the list of providers that unblock Netflix is always changing, as the streaming service keeps blacklisting more and more VPNs.

Geo-Spoofing or Spoofing

Pretending you’re accessing the Internet from a location other than your actual location by using a VPN, proxy or SmartDNS. Spoofing lets you bypass geo-restrictions and censorship.

IP Address (or just IP)

Internet Protocol Address is a unique numerical identifier assigned to every device accessing the Internet. IP addresses can change each time you connect to the Internet, but the very gist of using a VPN is to hide your true IP. The VPN provider, however, still can see it.

IP Leak

What happens when a VPN fails to hide your actual IP. This can happen for a variety of reasons, but generally, you need to test a VPN for IP leaks before committing to a long-term subscription.

IPv4 and IPv6

as of now, IPv4 is the default DNS system that defines the numerical IP address values. IPv4 supports 32-bit internet addresses that amount to ~4.29 billion addresses, and right now we’re running out of those. IPv6 came about as a solution to that problem, as it uses 128-bit addresses which amount to a 39-digit total (2^128) of web addresses. You should check for the IPv4 and IPv6 leaks when choosing a VPN provider.

ISP

Internet Service Provider is the telecoms company that provides you with the Internet connection. The ISPs traditionally monitor users’ traffic and often throttle, or limit, your bandwidth if you’re torrenting large files. Besides throttling, ISPs in some countries have extensive surveillance authority. For instance, German ISPs can install keyloggers, steal passwords, log and store your activity data for years and hand it over to law enforcement or get you nailed if they receive a copyright infringement notice. The VPNs are so high in demand because they encrypt and hide your data and traffic from the ISPs. The ISPs have powerful political lobbies, so I don’t expect these to become pro-privacy, transparent or accountable in the foreseeable future.

Kill Switch (or kill-switch)

An important VPN feature that shuts down your access to the Internet in case a VPN connection fails for some reason. Thus, it protects you from exposing your real location and traffic. Even the most reliable VPN connections occasionally drop out, so a kill switch is vital. The term used by a VPN provider may be different, though. I’ve seen the kill switch dubbed as a network lock, secure IP, and whatnot. When in doubt, always inquire with the provider’s support if their software offers a kill switch feature.

L2TP/IPsec

Encryption and VPN tunneling protocol built into most Internet-enabled platforms. It’s pretty secure if done right but unfortunately it’s hacked by the NSA.

Metadata

Information about who accesses the Internet (or makes a phone call, sends a text message, email – you get the idea), when, from where, for how long, and to whom they send it. It’s not the contents of your communications, but it’s enough for in-depth profiling, identification of your social circles, locations, and lifestyle. The three-letter agencies all over the world love metadata as it tells them pretty much everything about you.

NAT Firewall

A VPN feature that blocks third parties from connecting to your VPN-protected system. Nat Firewall blocks unrequested incoming connections while the VPN is running.

Network Latency

The time it takes for a data packet to travel from one point to another, or rather the delay in data transfer. Small delays = low latency; long delays = high latency.

OpenVPN

The golden standard protocol for a VPN to use in combination with a strong AES-256 encryption. It’s open-source, so frequently reviewed by independent experts for vulnerabilities. OpenVPN is considered to be safe against state surveillance so far. You can download OpenVPN client and set up your own VPN if you don’t mind some mingling and reading, or you can rely on a commercial provider offering OpenVPN protocol. If privacy and security are on the table, go for a VPN that supports OpenVPN.

Perfect Forward Secrecy

Generates a unique private encryption key designed to make HTTPS connections more secure. It’s new for every session, so every session with a HTTPS service has a unique set of keys. VPNs deploying PFS are considered pro—privacy.

PPTP

A VPN protocol that’s quite old, so most VPNs support it. The advantage of PPTP is it’s easy to set up on just about any VPN-capable device or platform. It’s also highly insecure, so use it only when nothing else is available and only for non-confidential data.

Proxy Server or Proxies

An intermediary computer between your PC and the Internet. When you’re browsing – or routing your traffic – through a proxy, you appear with the proxy’s IP address. Although public proxies are not safe and don’t encrypt your traffic, you can still use them for basic, non-confidential browsing that requires an IP other than your true one.

Shared IP

A method used by most VPNs when they assign multiple users the same IP address (shared IP) to increase users’ privacy. That way, it’s more difficult for the VPN provider itself and any outside party to identify users.

Simultaneous Connections

The number of devices you can connect to the Internet simultaneously using one VPN subscription. That number differs by the vendor.

SmartDNS

DNS servers located in various countries that enable VPN providers to bypass geo-blocks from the likes of Netflix efficiently. SmartDNS is much faster than VPN since no encryption is at play, but it’s also not secure or private for the same reason. So, if all you need is to bypass Hulu or BBC iPlayer geo-blocks, SmartDNS is a good option.

Tor (the Onion Browser)

A browser and a network for anonymous browsing. Unlike VPNs that can see your real IP, Tor routes your traffic through multiple nodes. Each node only knows the IP of its preceding node, so in the end, your IP is hidden beneath layers and layers of IPs. Hence, the onion name. It’s considered safer to connect to Tor with a VPN on instead of using a Tor feature embedded in a VPN.

Usage Logs

Some VPN providers log your Internet activities like the websites and services you visit. It’s the worst case scenario, and some providers go that far without disclosing their practices in ToS. One way to determine if a provider keeps some usage logs is to read carefully through ToS and Privacy Policy. Some providers mention they can restrict your access to certain content, which implies censorship. Thus, they do know what you’re doing online. Other providers inject ads and redirect you to their partner sites to monetize your traffic. Some VPNs store only temporary usage logs for troubleshooting. If you ask me, any form of usage logs compromises your privacy to a certain extent. It’s up to you to decide what risk is acceptable.

VPN

Virtual Private Network, a technology that allows you to access the Internet and appear as if you are connecting from a location of your choice instead of your real location. It allows you to bypass geo-blocks and censorship, but also encrypts your traffic and hides it from your ISP, advertisers, marketers, and other snooping parties. A VPN provider runs a network of servers located across the globe and routes your traffic through them so that you appear as if connected from a different location. Do inquire if the provider manages its servers, or leases them because it affects the quality of service and the privacy of your traffic. VPNs are must-have tools if you frequently use public Wifi hotspots that are plagued by hackers.

Warrant Canary

Some VPN providers set up a Warrant Canary page to warn users in case the company receives a gag order. The gag order doesn’t allow the provider to alert anyone about the request for data disclosure. That’s why some countries have made Warrant Canaries illegal. The Warrant Canary has to be regularly updated. Otherwise, the provider might have been compromised. Running a Warrant Canary page is good practice for a VPN, but in the end, it doesn’t guarantee anything.

WebRTC

Web Real-Time Communication, tools that enable P2P connections between browsers for video chats, file-sharing, browser games, or VoIP calls. Most browsers support WebRTC, except for Safari and IE. Even though it uses encryption, WebRTC may leak your real IP address, so you can either disable it, or use browsers that don’t support it. Always test your VPN against a WebRTC leak.

1 5 6 7