Follow us on RSS or Twitter for the latest updates.

March 24, 2012

How to use VPN to defeat Deep Packet Inspection


Imagine a technology that can stop spam and malware, identify and block illegal downloads, and allow ISPs to prioritize the data they transmit by content as well as by type. Sounds pretty good.

Now imagine a technology that gives network managers and governments the ability to monitor everything you do on the Internet, including reading and recording your e-mail and other digital communications, and tracking your every move on the Web.

Of course, it's the same technology--deep packet inspection (DPI) by name. That's how governments around the world are able to spy on their citizens' online activities and control their access to the Internet.

ISPs have long been able to record every site you visit and track what you do on those sites. They can and do block access to specific sites.

But only recently has it become practical from a bandwidth and resource perspective for network providers to read all the data in the packets sent from and delivered to their customers' computers without slowing their networks to a crawl.

North Korea, China, Iran, and other countries routinely use deep packet inspection to block Internet content and keep tabs on their citizens.

The easiest way to cover your Web tracks is to encrypt your data and network connection. The most popular encryption services use a virtual private network(VPN).

Free VPN services come with a price
The free HTTPS Everywhere Firefox add-on from the Electronic Frontier Foundation automatically encrypts connections on sites that support the technology. Unfortunately, not all sites support HTTPS, among other limitations.

A more thorough technique for preventing your Web activities from being recorded is to establish a VPN connection. The Tech Support Alert site rates several free VPN services in its guide to anonymous-surfing products.

Topping the list are CyberGhost VPN, ProXPN, and SecurityKiss.

I tried the free versions of ProXPN and OpenVPN's Private Tunnel, but the first is too slow (and annoying), and the second gives you only 100MB of data transfers. The paid versions of both products remove these limitations, as you might have guessed.

Quick and simple setup, but painful performance in the free version

It took only a few minutes to install ProXPN and sign up for a free account. Click the red lock icon that appears in the Windows notification area or Mac menu bar to establish an encrypted connection.

Once your VPN connection is established, hover over the green lock icon to view the IP address and other information about the VPN server you're linking through.

The free version's slow 100Kbps maximum transfer speed harkens back to the pre-broadband days of dial-up modems. Also, when you open your browser you have to click through an annoying ProXPN "upgrade now" screen to get to your designated home page.

According to the company's site, the ProXPN Premium service has "no bandwidth restrictions, all available ports are open, PPTP VPN enabled (in addition to our standard OpenVPN), full access to all proXPN servers world-wide, and port selection." The premium version costs $10 a month or $50 for six months; the company offers a 7-day free trial.

Not much encryption offered by the free version of OpenVPN's Private Tunnel
Apart from the 100MB data limit, the open-source Private Tunnel service is a breeze to sign up for and use. But most Internet users will burn through the free version's data-transfer allotment in a couple of days. As with ProXPN, Private Tunnel places an icon on the desktop that you click to establish an encrypted connection.


The service offers 50GB of protected data transfers for $12 a year, 100GB for $20 per year, and 500GB for $50 per year; the company estimates that most people transfer between 50GB and 100GB of data per year.

By comparison, the free version of the OpenVPN-based SecurityKiss service provides up to 300MB of encrypted data transmissions per month for free. An account allowing up to 20GB per month costs $3.97 for one month or $31.71 for one year; while the service's unlimited plan costs $13.25 for one month or $119.26 for one year. (Three-month and six-month plans with various data limits are also available.)

Many people will respond to the privacy threat posed by deep packet inspection with a big yawn. After all, if you don't want to be tracked, don't use the Internet. But privacy advocates such as the Electronic Privacy Information Center and the Electronic Frontier Foundation are unanimous in their opposition to indiscriminate online eavesdropping, whether it's done by public or private entities. For the time being, it remains possible to keep the trackers at bay. Use it or lose it.