How to use VPN to defeat deep packet inspection

ISPs and other network providers can use deep packet inspection to monitor all the data transmitted to and from your computer; encryption via a virtual private network keeps your data transfers private.

Dennis O'Reilly Former CNET contributor
Dennis O'Reilly began writing about workplace technology as an editor for Ziff-Davis' Computer Select, back when CDs were new-fangled, and IBM's PC XT was wowing the crowds at Comdex. He spent more than seven years running PC World's award-winning Here's How section, beginning in 2000. O'Reilly has written about everything from web search to PC security to Microsoft Excel customizations. Along with designing, building, and managing several different web sites, Dennis created the Travel Reference Library, a database of travel guidebook reviews that was converted to the web in 1996 and operated through 2000.
Dennis O'Reilly
4 min read

Imagine a technology that can stop spam and malware, identify and block illegal downloads, and allow ISPs to prioritize the data they transmit by content as well as by type. Sounds pretty good.

Now imagine a technology that gives network managers and governments the ability to monitor everything you do on the Internet, including reading and recording your e-mail and other digital communications, and tracking your every move on the Web.

Of course, it's the same technology--deep packet inspection by name. That's how governments around the world are able to spy on their citizens' online activities and control their access to the Internet.

Bills pending in U.S. Congress and Canadian House of Commons propose making it mandatory for ISPs to retain for 12 months the information the companies collect about their customers and deliver it on demand to law enforcement agencies. This information includes IP addresses, credit-card numbers, and other private data.

ISPs have long been able to record every site you visit and track what you do on those sites. They can and do block access to specific sites.

But only recently has it become practical from a bandwidth and resource perspective for network providers to read all the data in the packets sent from and delivered to their customers' computers without slowing their networks to a crawl.

North Korea, China, Iran, and other countries routinely use deep packet inspection to block Internet content and keep tabs on their citizens, according to a synopsis on TechCrunch Europe.

(CNET Crave writer Edward Moyer reports on the Tor Project's attempts to help Iranians overcome that country's disruption of encrypted data connections.)

The primary sponsor of the Protecting Children from Internet Pornographers Act is House Judiciary chairman Lamar Smith (R-Texas), who also sponsored--and recently pulled--the controversial Stop Online Piracy Act.

While the fate of the proposed legislation is uncertain, many people are rightly concerned about having a record of their Internet activities stored in a huge repository that will likely be the target of data thieves.

The easiest way to cover your Web tracks is to encrypt your data and network connection. The most popular encryption services use a virtual private network.

Free VPN services come with a price
The free HTTPS Everywhere Firefox add-on from the Electronic Frontier Foundation automatically encrypts connections on sites that support the technology. Unfortunately, not all sites support HTTPS, among other limitations.

A more thorough technique for preventing your Web activities from being recorded is to establish a VPN connection. The Tech Support Alert site rates several free VPN services in its guide to anonymous-surfing products.

Topping the list are CyberGhost VPN, ProXPN, and SecurityKiss, the last of which I wrote about in a post from last February.

I tried the free versions of ProXPN and OpenVPN's Private Tunnel, but the first is too slow (and annoying), and the second gives you only 100MB of data transfers. The paid versions of both products remove these limitations, as you might have guessed.

Quick and simple setup, but painful performance in the free version

ProXPN dialog box
Connect to a ProXPN VPN server by clicking the lock icon, choosing connecting, and selecting a location. Screenshot by Dennis O'Reilly

It took only a few minutes to install ProXPN and sign up for a free account. Click the red lock icon that appears in the Windows notification area or Mac menu bar to establish an encrypted connection.

ProXPN connection-information pop-up
Information about the VPN server you're connecting through is shown when you hover over the green lock icon. Screenshot by Dennis O'Reilly

Once your VPN connection is established, hover over the green lock icon to view the IP address and other information about the VPN server you're linking through.

The free version's slow 100Kbps maximum transfer speed harkens back to the pre-broadband days of dial-up modems. Also, when you open your browser you have to click through an annoying ProXPN "upgrade now" screen to get to your designated home page.

According to the company's site, the ProXPN Premium service has "no bandwidth restrictions, all available ports are open, PPTP VPN enabled (in addition to our standard OpenVPN), full access to all proXPN servers world-wide, and port selection." The premium version costs $10 a month or $50 for six months; the company offers a 7-day free trial.

Not much encryption offered by the free version of OpenVPN's Private Tunnel
Apart from the 100MB data limit, the open-source Private Tunnel service is a breeze to sign up for and use. But most Internet users will burn through the free version's data-transfer allotment in a couple of days. As with ProXPN, Private Tunnel places an icon on the desktop that you click to establish an encrypted connection.

OpenVPN encryption service
The OpenVPN data-encryption service gives you only 100MB of protected transmissions for free, which most people will use up in no time. Screenshot by Dennis O'Reilly

The service offers 50GB of protected data transfers for $12 a year, 100GB for $20 per year, and 500GB for $50 per year; the company estimates that most people transfer between 50GB and 100GB of data per year.

By comparison, the free version of the OpenVPN-based SecurityKiss service provides up to 300MB of encrypted data transmissions per month for free. An account allowing up to 20GB per month costs $3.97 for one month or $31.71 for one year; while the service's unlimited plan costs $13.25 for one month or $119.26 for one year. (Three-month and six-month plans with various data limits are also available.)

Many people will respond to the privacy threat posed by deep packet inspection with a big yawn. After all, if you don't want to be tracked, don't use the Internet. But privacy advocates such as the Electronic Privacy Information Center and the Electronic Frontier Foundation are unanimous in their opposition to indiscriminate online eavesdropping, whether it's done by public or private entities. For the time being, it remains possible to keep the trackers at bay. Use it or lose it.