VPN services are a vital tool for protecting free speech. Following the death of net neutrality, their business model is more vulnerable than ever. If they don't adapt to protect themselves from ISPs, they'll become obsolete.

Yesterday's virtual private networks were designed to give employees remote access to corporate servers. Today that same technology is used to anonymize internet activity using random exit nodes across the globe. It protects journalists, activists, and everyday citizens who don't want their personal browsing history stored, analyzed, and sold.

The best VPN services allow signups with gift cards and anonymous email accounts, and offer at least two high bandwidth servers. The loss of net neutrality has changed the game, and forward-thinking services will need to encrypt traffic with a minimum cipher of AES-128, and allow users to route traffic over multiple ports - including port 443. Together, all of these options will help protect users' identity and hide traffic from the prying eyes of ISPs and state actors.

Why AES And 443?

Without net neutrality, ISPs can eliminate VPN use by blocking the ports on which they operate. Private Internet Access operates over many ports, but only a handful (501, 502, 1197, 1198) support AES encryption. These are trivial to block. Other ports (53, 80, 443, 8080) cannot be blocked, but are limited to the outdated BF-CBC cipher. Not only is this an insecure protocol, it precludes use on network appliances such as home routers.

For VPNs to continue making money, protecting their user base is paramount. If ISPs force these companies to close up shop, there will be no turning back.

Published January 05, 2018

We depend on the support of readers like you to fund research initiatives and product development.