In the U.S. there is a lot of noise around the fact that ISPs now have the ability to sell user data – browsing history, time online, devices and so on. Does using something like OpenVPN make a difference? Should you as a consumer even care? Ultimately, deciding if it something that should concern you comes down to personal comfort and whether you want to give that data away to a service provider who is already charging you $100+ per month. Most of us are already giving our data away for free to mobile phone providers, through our computers and even through use of grocery cards or other “membership” activities where we willing signup and give our details away for some type of benefit.
What makes this particular change difficult to accept is that it was a decision taken without input. In most cases mentioned above, I purposely make a choice to give Google my information when I use Gmail or Android. For ISPs, most people only have 1 or 2 options in their locale and with that there is no ability to opt-out without going through significant effort.
Using VPN to protect my data
So what can we do? There has been a lot of chatter around the internet about VPN. Does VPN provide adequate protection against ISPs selling your data? Are all VPNs created equally? Who is OpenVPN? Whats the difference between paid and free VPNs. All are great questions and should be considerations when looking at VPN providers but there is one more factor that would weigh heavily on my own decision making process. I would also suggest looking at the VPN provider to verify where and what they do with your data when it hits the end-point and is decrypted.
You should be careful to recognize that VPN traffic is not end-to-end encrypted: it eventually emerges, decrypted, somewhere else. That means the 3rd party VPN provider can and may still be able to keep an eye on your traffic. As an example, VPN providers may keep logs that can in turn be sold to or accessed by third parties (including the government), depending on their own privacy policies. Some paid VPN providers limit access to this data, but others where VPN is a free service most likely do sell that data. They’ve got to make money somehow.
I have been personally reviewing services from F-Secure, NordVPN, and ExpressVPN. Each provides flexible locations, fast servers and they don’t track and record your data. So what other options are out there? Another simple option if you want to control your own destiny is to setup your own VPN server.
Can I build my own VPN using OpenVPN?
The long and short answer is yes. Today, it is easier than ever to build a VPN server and with flexible web hosting options available you can build and deploy the server and configuration of the VPN as you see fit. My first step in this is to get my server (in my case Canadian Web Hosting provides the server) and MacBook Air setup for VPN. I mention where I host because similar to the above, my VPN traffic is encrypted from MacBook Air and my server with Canadian Web Hosting. In theory, Canadian Web Hosting could track my traffic once it leaves the server, but knowing that Canadian Web Hosting has strict privacy policies and is a Canadian company I am confidant that this won’t happen.
One other consideration is that all my traffic will originate from my Canadian Web Hosting server that uses a static IP address. If I am not careful, and only used http protocols, I will be transmitting information that can be tied back to my dedicated IP address. Its a good thing I already have an available https web server running and masking my IP. So, as a next step I am going to go ahead and setup an OpenVPN Access Server. Most providers today have a prebuilt template, or you can use someone like Bitnami which has an open source install image that can be quickly deployed in the cloud. If you search around the web there are articles to help you deploy OpenVPN on CentOS or Debian with minimal effort.
OpenVPN to protect your data
OpenVPN for Mobile