“When your data passes through a public network—such as the Wi-Fi at the coffee shop or airport—it is at risk.” I’ve been writing variations on that sentence for 10 years now, and I expect I’ll be writing it for many more. That’s because it’s easy to snoop on such networks, and the data on them isn’t safeguarded against those prying eyes. You have to take action to keep your data safe. Fortunately, doing so doesn’t have to be hard.
You could encrypt networked data one service at a time, by securing your email sessions or configuring your Twitter and Facebook accounts to use HTTPS. (Actually, I recommend both steps regardless of whatever other security measures you take.) But that means adjusting settings in lots of different apps, one at a time. There’s a more comprehensive solution: a virtual private network (VPN).
When you set up a VPN on your Mac or iOS device, client software encrypts all of your outbound data (wrapping it in something often called a secure tunnel) and sends it to a secure server. That server has the appropriate encryption keys and other credentials to unwrap the data and send it along to wherever it’s supposed to go. Likewise, the server returns data—requested webpages, email messages, or even streaming audio and video—to the client through the same tunnel; only the client can unravel those responses or streams.
VPNs are valuable because several segments of the path between you and the Internet are easy to exploit. It could be the segment from your Mac, iPhone, or iPad to the coffeeshop’s Wi-Fi network. It could be the ethernet network behind the counter to which that router connects. In some cases, such as countries without a firm grasp on the idea of free speech, the weak link could even be the ISP that connects that coffeeshop to the Internet at large. VPNs can help protect your data along all of those vulnerable segments. (That’s why VPNs have become critical tools for dissidents worldwide.)
Corporations use VPNs all the time, to keep communications to and from remote workers as secure as those that take place inside the office. Companies often require mobile workers and telecommuters to use the corporate VPN to connect to internal, for-employees-only servers. Using such secure links, those remote workers can also take advantage of the company’s Internet connection—including filtering, virus-checking and firewall—for general Net access.
If you don’t have access to a corporate VPN, you do have an alternative: VPNs-for-hire that anyone can use, which provide many of the same protections as those company VPNs. These services rent VPN access by the month or by the year. Their servers live in data centers around the world, and you use the client software built into OS X or iOS to protect connections between your machines and those servers.
Settings and apps
Virtually all of these services try to take the pain out of configuring VPN connections by offering step-by-step instructions for entering all the specs—server, password, connection type, and other details—for the major software platforms, including iOS, Mac OS X, Windows, and Android. Still, this setup process almost always requires some tedious data entry; fortunately, you only have to do it once per VPN for each device. (Some services do offer downloadable packages for desktop operating systems which automate setup.)
In Mac OS X, you enter VPN details and manage those connections in the Network pane of System Preferences. It’s a good idea to check the Show VPN Status in Menu Bar option for any VPN connection you set up in that pane; you can then connect to, see the status of, and disconnect from your VPN connection without reopening the Network pane.
In iOS, you use the Settings app (General -> Network -> VPN) to configure a VPN; once you’ve done that, a VPN on-off switch appears in the main Settings view.
There are also several iOS apps that seem to provide VPN services, but they are not quite what they seem: They’re really conduits for payment to private VPN services, rather than VPN clients per se. They use in-app purchasing to let you subscribe to a specific VPN for a period of time; some also allow you to purchase a fixed amount of bandwidth to be used in that period.
These apps do provide you with the necessary configuration details, but you must still enter those details manually in the Settings apps. A few of them can also provide a mobileconfig file customized for your account. These files download then prompt you to accept them; when you do, they auto-configure your VPN account. Then you can just use Settings to activate or deactivate a VPN connection.
A few examples
These services differentiate themselves in their support for VPN protocols. Some of those protocols—L2TP-over-IPsec and PPTP—occasionally fail on public networks because the routers on those networks intentionally or incidentally block portions of the connection those protocols require. (On any given network, both might fail, or one might fail while the other works.)
PPTP is considered the weakest of the common VPN protocols from a security standpoint, because short PPTP passwords can be cracked. (If you do use that protocol, make sure to use a password of 12 or more characters that mixes text and numbers nonsensically.) If you’ve subscribed to a service that uses only PPTP, you might be stuck; subscribing to a more expensive offering, even from the same provider, could give you more flexibility.
Another way these apps/services differ: Some providers (especially those targeting iOS) may limit your monthly bandwidth, throttle overall speed, or recommend against video streaming (or require special configuration for it). Others offer multiple server locations, which you can choose to speed up a connection or to route around governmental snooping.
There are tons of private-VPN providers. Looking at three that have stood the test of time as examples, you can get a sense of the differences that distinguish all of them:
Witopia: Witopia has two services: personalVPN (Basic), which costs from $6 per month to $50 per year, and personalVPN Pro ($40 for 6 months or $70 for a year). Both versions support PPTP, L2TP-over-IPsec, and the Cisco flavor of IPsec used by iOS. The Basic flavor excludes a desktop SSL option, which may be needed in some countries or networks. Witopia provides unlimited bandwidth. WiTopia offers a desktop VPN management program that handles connections, bypassing the Network preference pane. But it also provides manual setup guides for mobile and desktop operating systems.
publicVPN: A combined PPTP and L2TP-over-IPsec provider, publicVPN charges $7 a month or $70 per year, with no bandwidth limits. You have to type or tap in the configuration details manually.
TunnelBear: Works in Mac OS X and Windows only, and requires a software installation. A free version includes 500 MB of use each month, while the $5 per month and $50 per year offerings get rid of the bandwidth limits. It’s optimized for video streaming, especially to get video services that aren’t available in your country.
Those are only three. A search of the Web and the iTunes App Store will find dozens of other options. If one of those three doesn’t meet your needs, you shouldn’t have too much trouble finding one that does.
Glenn Fleishman is a senior contributor to Macworld, and is one of the writers of the Economist’s Babbage blog. He is also the author of Take Control of Your 802.11n AirPort Network (2012, Take Control Books.
Author: Glenn Fleishman, Senior Contributor
Glenn Fleishman’s most recent books include Take Control of iOS and iPadOS Privacy and Security, Take Control of Calendar and Reminders, and Take Control of Securing Your Mac. In his spare time, he writes about printing and type history. He’s a senior contributor to Macworld, where he writes Mac 911.