Not all VPNs protect you from the Snooper’s Charter. These will.

Published by on November 23, 2016 in VPN & Privacy

spying
The UK’s Investigatory Powers Bill, colloquially known as the “Snooper’s Charter”, has completed its parliamentary procedure and is set to become law before the end of this year.

It’s up to Brits to take their privacy into their own hands, now. The best means of fighting against the Snooper’s Charter is to employ a VPN. Short for virtual private network, a VPN encrypts the internet traffic traveling to and from a device, and then routes it through an intermediary server in a location of the user’s choosing.

ISPs and the government cannot see the final destination of a VPN user’s web traffic–only that their data is being sent to a remote server. The contents are hidden as well thanks to encryption.

But even that might not be enough to prevent British authorities from monitoring your online activity. The VPN should also be logless, meaning it stores no record of user activity, their IP address, or any other identifying information. British users should also avoid VPNs based in the UK, as they will be susceptible to government demands for information.

Finally, even though the traffic is encrypted and its destination is hidden, an ISP could still detect whether a VPN is being used. This might not be an issue, but if it is, then a VPN with some sort of obfuscation feature is necessary. Obfuscation, in regards to VPNs, means the encrypted traffic is “obscured” to look like normal, un-encrypted traffic.

To make the search for a suitable VPN easier, we’ve compiled a list of the best VPNs to thwart the snooper’s charter. It’s based on the following criteria:

  • No logs containing identifying information are stored on company servers
  • Strong encryption
  • Not based in the UK (and preferably not the US)
  • DNS leak protection
  • Dynamic, shared IPs
  • Bonus points for obfuscation features

ExpressVPNexpressvpn android 2

ExpressVPN is based in the British Virgin Islands, outside the jurisdiction of UK law. By default, all connections are established using a 256-bit encrypted OpenVPN protocol, which is as strong as it gets. ExpressVPN logs some diagnostic information, but not any activity or identifying information. That includes dates (not times), choice of server location, and the total amount of data transferred per day. It does not log the contents of internet traffic or users’ IP addresses. DNS leak protection can be toggled on in the settings. ExpressVPN is also great for unblocking US Netflix and Hulu, and it allows torrenting. No obfuscation features are included.

Update, December 30, 2016: ExpressVPN is offering 3 months’ free with 12 month plans here. This also includes a 30 day money-back guarantee so you can try it risk free.

Read our full review of ExpressVPN.

NordVPNnordvpn android app

NordVPN offers some powerful security and anonymity features for those who feed a normal VPN just isn’t good enough. That includes a “double hop” VPN, which feeds traffic through two VPN servers, and Tor over VPN, which directs traffic through the Tor Network after exiting the VPN server. OpenVPN encrypted with a 256-bit algorithm uses 2,048-bit SSL keys. NordVPN boasts a true zero-logs policy, meaning it stores absolutely no information about individual connections. The provider is based in Panama, beyond the scope of UK laws. NordVPN supports an obfuscation tool called Obfsproxy, but it must be set up manually with a third-party app.

Read our full review of NordVPN, or take advantage of their winter sale deal here.

AirVPNairvpn_logo

Despite being far from intuitive to use and offering a poor user experience AirVPN is the cream of the crop when it comes to security features on a VPN app. OpenVPN over SSH and SSL are both supported. A kill switch, DNS leak protection, DNS routing, and port forwarding are built-in options. AirVPN only uses the OpenVPN protocol, which is 256-bit encrypted. No traffic or connection logs are recorded. AirVPN is based in Italy, so while subject to some EU regulations, it is not in the jurisdiction of the Snooper’s Charter.

Stay tuned for our full review of AirVPN.

IPVanishipvanish-3-0-desktop

IPVanish leverages 256-bit AES encryption, and most servers support our preferred OpenVPN protocol. The company does not log any personally identifiable information. The Windows and Mac apps allow users to specify how often their IP address changes for greater anonymity. A “scramble” disguises packets to make them look normal and un-encrypted so ISPs will have a hard time detecting that the VPN is being used. The company is based in the United States, which might put off some users wary of the NSA and FBI. The Snooper’s Charter does not put US companies under any obligation to divulge information, though.

Read our full review of IPVanish or save money on their 12 month plan here.

LiquidVPNliquidvpn android

LiquidVPN allows users to choose from three “topologies”, or types of IP addresses: private static IP, shared dynamic IP, or modulating IP. The modulating option changes your IP address every time you connect to a different web server, making it extremely difficult to trace. Connections use 256-bit encryption and the OpenVPN protocol. The Liquid Lock feature functions as a kill switch while also preventing DNS and WebRTC leaks. Users can select from 10 different ports to use, and LiquidVPN is one of the few providers to use perfect forward secrecy. Like IPVanish, the company is based in the United States, but LiquidVPN maintains a warrant canary on its website. LiquidVPN doesn’t store any identifying info, but it does record your last VPN logged into, the total number of logins, and bandwidth used.

Read our full review of LiquidVPN or save 20% on any plan here (you will also need to add the code ‘COMP20’ at checkout).

StrongVPNstrongvpn connected

StrongVPN doesn’t support OpenVPN on all servers, but it supports 256-bit encryption on those that do. A kill switch prevents unencrypted traffic from leaking to your ISP should the connection drop. The scramble feature obfuscates traffic to avoid detection as a VPN. The port list can be edited to allow or disallow traffic to and from specific apps. The service is completely logless. All IP addresses are dynamic and shared, making it difficult to trace any activity to an individual user.

Read our full StrongVPN review or save 15% here, by using this link and adding the code ‘SAVE15’ at checkout.

VPNs to avoid

HideMyAss

HMA, a VPN provider based in the UK, has gotten into hot water in the past for divulging customer information that led to the arrest of one its users, a member of hacking collective LulzSec.

Free VPNs

In general, don’t use free VPNs. They often mine your data, sell that data to advertisers, and then inject ads into your browser. Furthermore, most cap data and bandwidth. If you must use a free VPN, check out our list of the more reputable options.

What is the Investigatory Powers Bill?

The bill, criticized by both privacy and human rights advocates, imposes new regulations on British internet service providers and expands the authority of British intelligence agencies. Advocates argue the bill is necessary to fight terrorism.

The Snooper’s Charter consists of five key components:

  • ISPs must keep a record of every subscriber’s web history for up to 12 months, data that is accessible to several government agencies
  • The GCQH can utilize bulk data collection on the personal assets of of people not accused of wrongdoing, but whose data was gathered from the large number of devices in a targeted area
  • Companies must decrypt data on demand
  • Companies must notify the government before new security features are launched
  • Intelligence agencies like the GCQH may hack into the devices of citizens

No matter how the bill is justified, it will undermine the right to privacy for British citizens. Even if the new regulations have good intentions, no one can guarantee a hacker won’t gain access to ISP records or the collected bulk data. Just a single person with access to that data could steal and/or abuse it on a whim.

Do UK citizens support the Snooper’s Charter?

In a survey of 1,000 Brits commissioned by Comparitech in August, 60 percent of respondents said the government should be able to monitor mass communications. Nearly half agreed that national security is more important than individual rights. Only one in five completely disagreed with the practice.

Terrorism and criminal activity were the two most oft-cited scenarios in which the government should be allowed to exercise such powers, the survey takers said. Nearly half of respondents said they think the government snoops on their data, while nearly 40 percent said they don’t know.

Two months after that survey was conducted, Comparitech commissioned a second survey. This one came just after the Investigatory Powers Tribunal ruled bulk data collection by UK Government agencies GCHQ and MI5 over a 17-year period to be illegal. Survey takers were asked similar questions

Now knowing that the government collected their data illegally, the disposition of respondents dramatically shifted. 70 percent thought the UK government should delete all personal data it has acquired through illegal means. Only 23 percent were in favor supported bulk data collection, down from 60 percent in the previous survey.

Now that the Investigatory Powers Bill legalizes the same sorts of data collection, will the tide turn yet again in its favor?

Why not just use Tor?

You can absolutely use Tor in lieu of a VPN to encrypt and anonymize your online activity. Tor is a free an excellent resource.

But Tor has some limitations. Using Tor, even for innocuous purposes, is enough to draw attention from ISPs and law enforcement. Tor is often used to engage in criminal activity, so even connecting to the Tor network can draw attention.

Tor is also slow. It’s run by a network of volunteer nodes around the world. Streaming video or downloading torrents will be a tedious endeavor and puts undue strain on the Tor network.

Finally, Tor doesn’t work with all web pages and apps. Some sites might block connections from Tor exit nodes.

Tor might be sufficient for some people, but a VPN overcomes all of these problems. You can always combine the two as well: connect to a VPN and use the Tor browser to access the web.

Spying” by Global Panorama licensed under CC BY-SA 2.0

6 thoughts on “Not all VPNs protect you from the Snooper’s Charter. These will.

  • Your top two recommendations (ExpressVPN and NordVPN) don’t even support IPv6, and will therefore potentially leak your true IPv6 address (as they both admit).
    There’s even a paper published on this topic here:
    https://vpntesting.info
    So you definitely need to add a HUGE caveat to your claim that these sub-standard VPNs that you recommend will protect people (but I would say that’s flat out false information).

    • Pretty much no commercial VPN provider supports IPv6 DNS servers. Most of them just block IPv6 altogether and route all requests through IPv4. If you’re worried about IPv6 leaks then just disable IPv6 on your device.

  • If you are technically inclined you can roll-your-own excellent VPN using a cheap DigitalOcean or AWS instance and the open-source VPN service Streisand. It’s a really excellent service.

Leave a Reply

Your email address will not be published. Required fields are marked *