Virtual Private Networks

December 15th, 2010   Submitted by Paul Rosenberg

You may have heared the term “VPN.”It stands for Virtual Private Network. Now, presuming that you already understand what a computer network is, I’ll proceed to explain the Virtual and Private parts.

A private network would involve separate physical cables between offices. The cables would be connected between certain computers and those only – no outside connection at all. This would create a “private network.”

To make a “virtual” private network, we simply substitute encrypted (secretly coded) transmissions for the separate cables. Only those people who have the keys to unlock the encryption can see what is being sent through the network. To anyone else, it is a long, fast stream of gibberish. This is called a “virtual” network. Instead of private cables, it uses private, unreadable signals.

This Virtual Private Network arrangement can also be called a Virtual Tunnel. The meaning is the same: It creates connections between computers that can only be understood by the people who have the proper codes. It creates a “tunnel” between your computers and others – a tunnel that no one else can see into.

Here is a diagram of a VPN, which may help:

So, a VPN is not a physically separate network, but a “virtually” separate network. It operates over the regular Internet, but it is completely private. Instead of doors and walls keeping intruders away, encryption (mathematics) keeps them away. In actual use, a good VPN can be setup in only a few minutes, then will run with almost no attention at all.

HOW ONLINE ANONYMITY IS ACHIEVED

The VPN tunnel shown above is a fine technology, but it isn’t enough to beat professional snoops and thieves. By watching the traffic that comes to your ISP and matching it with what comes out the other side of the tunnel, they can pick up the trail without much trouble.

In order to beat professional surveillance, two more steps are required:

1. Obscuring the traffic much better.

2. Removing your “return address.”

These two things are accomplished with an anonymity network. Here is a simplified view of the Cryptohippie network that I am associated with:

In this illustration, the client is in the US and a VPN tunnel runs from their computer to one of our entry nodes in either Canada or Panama, where the return address is also stripped-off. This means that a single surveillance operation is likely to lose the traffic here. Then, the traffic goes through one or more cascades. Think of this as a Mixmaster for data.

Finally, it comes out the other side in still another jurisdiction, where Cryptohippie’s return address is added, so the sites you visit can respond to you (anonymously).

There is more to our operation than this (we do a few exotic things like rotating IP addresses), but the basics are illustrated here. The network is the key to the operation, and it is the thing that separates us from simple VPNs and proxies.

A network of this type allows you to surf the web, use voice communications like Skype, email, chat, download files, etc., while remaining anonymous. At any point, it can be seen that signals are being sent, but the point of origin (and with it your identity) remains unknown.

THE 1990S WAY

There is another, simpler anonymization method called an anonymous proxy. It is a fine technology, and was very, very cool in the 1990s, when people in the (much smaller) Internet community would send lists of anonymous proxies back and forth. It was fun, and effective for the time.


The anonymous proxy is the same (or almost the same) as the VPN link illustrated at the beginning of this article. It is a secure connection between you and the proxy, with only their information visible from the other side. The technology is fine by itself, and they are very cheap to operate.

The problem with the proxy (properly, a single-hop proxy), is that surveillance technology has passed it up. By spying from two or more points, it is cheap and simple to connect A to B. Lots of spies, commercial and otherwise, do that every day. The simple proxy just doesn’t cut it anymore. You need multiple hops in widely-scattered locations, and unseen links in-between.

The real problem with the single-hop proxy is not the tech, but reliance on it. The technology is old. It was great in its day, but that day is over, unfortunately.

YEAH, YOU HAVE TO PAY

If you are going to take security seriously, you have to pay professionals. There really isn’t any such thing as a free lunch. Remember, there are plenty of bad guys working forty, sixty or eighty hours per week to gather every possible piece of your information. If you think you’re going to counter them with a free or discount service that shows you flashy graphics, you’re kidding yourself. You do get what you pay for.

Do I have a vested interest in you paying for anonymity? Sure I do, but what I’ve written is true just the same.

If you’d like more information on Cryptohippie, just email them: support@cryptohippie.com

Paul Rosenberg is the CEO of cryptohippie.com

18 Responses to “Virtual Private Networks”

  1. Seth KingNo Gravatar says:

    Assuming an individual does have good enough skills to install and properly operate Tor(The onion router) why should they decide to go with a for-pay VPN instead? What are the differences between Tor and private VPN’s?

  2. PaulNo Gravatar says:

    The TOR technology is cool, but application has been full of troubles; we don’t recommend relying on it. I’ll try to explain in the next article.

  3. Seth KingNo Gravatar says:

    Operating under the cloak of a VPN is definitely something the government does not want us to do. Even if I play devil’s advocate and assume that the government CAN track what we do and where we go despite using a VPN, it is clear to me that they could only do so with the use of considerable resources. Therefore, the more people and businesses that operate under VPN’s, the resources needed to engage in mass surveillance becomes prohibitive. So, it seems to me that the VPN that makes it most difficult for governments to spy on the better. This is why I want to know why I should choose Cryptohippie over other VPN’s.

    After having read this article:

    http://www.lewrockwell.com/green-p/green-p12.1.html

    as well as Cryptohippie’s website, it seems there are a few things Cryptohippie does that give me pause, namely the keeping of logs, the rationing of bandwidth and the number of hops and locations of servers.

    Can you address why Cryptohippie does these things and why we should choose Cryptohippie’s VPN over others?

    • PaulNo Gravatar says:

      Answers:

      Logs: We keep 24 hour logs in a couple of places, where we are required by law. No matter, they refer to crypto-tokens, not IP address or account names. And we purge. (The other option is to be shut-down.)

      Rationing bandwidth: Nothing is free. We have to pay for it. Unlimited bandwidth = go broke and disappear. We don’t sell magic.

      Hops, locations: Ummm, what’s the problem?

      • Seth KingNo Gravatar says:

        Can individuals contract for more bandwidth per month if they need it?

        How many hops are in the Cryptohippie VPN? What is industry standard?

        If the government launched a full frontal assault against Cryptohippie and seized all of their assets, would my information ever be in jeopardy?

        Would it ever be possible to operate an agorist VPN, and if so, why don’t any exist already?

        Cryptohippie seems to have a higher yearly cost than many of their competitors. I do see that secure email accounts come with the terms of service, which normally cost money and are not usually provided by other VPN’s. Is this what accounts for the higher cost, or is there more to it?

        Again, why should I choose Cryptohippie over others?

  4. HelioNo Gravatar says:

    Thanks for the article and the info. How does Deep Packet Inspection factor into all of this? I would assume that encrypted packets would be immune to DPI, but I am not a security expert.

    • PaulNo Gravatar says:

      Deep packet inspection is a real threat. I don’t have the tech info in front of me, but our people are more than aware of it and have addressed it.

  5. PaulNo Gravatar says:

    Answers:

    > Can individuals contract for more bandwidth per month if they need it?

    I think you are talking about Traffic, not bandwidth, but the answer is still no. However, if you go over consistently, we’ll just shorten your account accordingly. (This happens very rarely and we’re not interested in ‘nickel and diming’ our customers.)

    > How many hops are in the Cryptohippie VPN?

    2 multi-jurisdictional hops or more, depending.

    > What is industry standard?

    There ain’t none. We’re out here on the frontier. 🙂

    > If the government launched a full frontal assault against Cryptohippie and seized all of their assets, would my information ever be in jeopardy?

    Not really. Sessions are encrypted with ephemeral keys, so they would vanish real fast, and as I said above, the sessions aren’t associated with IDs or meat-space identifiers. They could, of course, grab our bank records and find out who has paid via credit card, but it would stop there – that info is not associated with use data. I suppose they could try to lock us in cages, etc, but that method probably wouldn’t work very well either.

    They could, however, cause us to close-up. It wouldn’t be easy, but it is possible. That would be the more likely attack vector.

    > Would it ever be possible to operate an agorist VPN, and if so, why don’t any exist already?

    Well, I think ours is an Agorist VPN. I’m not sure how it would differ any. Send us some silver or gold – we’ll connect you. 🙂

    > Cryptohippie seems to have a higher yearly cost than many of their competitors.

    Right, the competitors (with one exception, I think) are single-hop proxies – WAY cheaper to operate.

    > I do see that secure email accounts come with the terms of service, which normally cost money and are not usually provided by other VPN’s. Is this what accounts for the higher cost, or is there more to it?

    Nope, that’s just an extra feature. We designed a system that we wanted to use first, then opened it up to others.

    > Again, why should I choose Cryptohippie over others?

    Real security, provided by professionals who know what it is to have their ass on the line. Here’s the techie stuff: https://secure.cryptohippie.com/tech_used.php

    • Seth KingNo Gravatar says:

      What do you mean when you say it’s by professionals who know what it is to have their ass on the line?

      Do you use VPN 100% of the time, or are there times you do not? If so, when?

      Lot’s of times when one takes more security measures on line, it often comes with a price. The price is convenience. Is it so with VPN service as well? Will I have to log in every time I visit a frequent site because it no longer can collect cookies? Will I be able to view youtube videos with ease? Will javascript have to be disabled?

      Do you believe VPN service will become as common as email someday? If so, do you imagine prices dropping precipitously?

      I appreciate all of your answers. They are very helpful for me as well as readers. Thank you!

      • PaulNo Gravatar says:

        > What do you mean when you say it’s by professionals who know what it is to have their ass on the line?

        No details here, sorry.

        > Do you use VPN 100% of the time, or are there times you do not? If so, when?

        Almost 100% On rare occasion I’ll turn it off for some purpose, such as editing Wikipedia.

        > Lot’s of times when one takes more security measures on line, it often comes with a price. The price is convenience. Is it so with VPN service as well?

        Yes. A multi-jurisdictional VPN will definitely slow you down. Usually it’s not that much, but if you live for ever-faster speeds, you’ll have to make a choice.

        > Will I have to log in every time I visit a frequent site because it no longer can collect cookies?

        We don’t scan your traffic, so we can’t remove cookies, etc. We recommend that you set your browser to delete them on closing, but that’s your choice.

        > Will I be able to view youtube videos with ease?

        Mostly. Some have geo-restrictions, and they may be hidden from you. Download speed will be reduced a bit.

        > Will javascript have to be disabled?

        Your choice. Again, we don’t watch your traffic. We recommend the NoScript extension for Firefox.

        > Do you believe VPN service will become as common as email someday?

        Good question. I don’t know, but it *should*.

        > If so, do you imagine prices dropping precipitously?

        No, not really. There aren’t great economies of scale in adding crypto-cascades. Our costs are generally dropping, but slowly.

        > I appreciate all of your answers. They are very helpful for me as well as readers. Thank you!

        My pleasure. You caught me at a good time. 🙂

  6. JustSayNoToStatismNo Gravatar says:

    Good article. Especially good comments though. I have wondered about Cryptohippie before, and it’s good that very tough questions are being asked and answered.

  7. PabloNo Gravatar says:

    As a novice user of cryptohippie I have a question about sending and receiving Emails using cryptohippie. I know that while sending when connected the message is encrypted and goes through the VPN to the recipient. My question is when the recipient, who doesn’t have cryptohippie, replies to my Email is his reply to me encrypted through the VPN I established or is it sent to me unencrypted and thus visible to a hacker? In other words, if I am connected to cryptohippie, will Emails sent to me from non users be visible to hackers?

    • PaulNo Gravatar says:

      Pablo:

      Your email (and all your traffic) is always encrypted inside our network. But if we encrypted the last link of an email to your friend, he couldn’t read it. So, the last link is exposed (In both directions) unless he cooperates with you. We still hide your location, identity, etc.

      To get fully secure requires:

      1. Your friend joins our system too, in which case no can see that you ever talk at all.

      Or…

      2. Both of you can use text encryption, such as PGP or GnuPG.

      Best,

      Paul

  8. Tony FreemanNo Gravatar says:

    Hi there, I have a few tough questions:
    -how do I know that the VPN company is not a covert gov agency, or a data mining operation?
    -for most VPNs you need to download a software (Road Warrior for example) so you are giving the VPN providers access to your computer and your data. Isn’t this a great leap of faith?
    -other VPNs that claimed that they were erasing their logs, just like Cryptohippie, were found to be actually keeping the logs and rendered them to the authorities upon the issuance of a search warrant. So what’s the difference between them and the ISP if they both surrender the data?

  9. JennyNo Gravatar says:

    “Every day, more and more people want to protect their privacy on the Internet. Governments around the world are different types of restrictions on Internet connections of their citizens. VPN is the solution for all that allows you to bypass all restrictions and protect your privacy. Many experts predict that VPN is the future of Internet freedom. I use http://www.sunvpn.net/ to open blocked sites. Its very easy to handle for various uses.Its very cheap and affordable.

  10. In this post, you have shared in-depth information about VPN. I really enjoyed reading it.

  11. Doug BrownNo Gravatar says:

    Just would like understand how to do it, how to get to the website