VPN in Thailand: necessary from a security perspective?

[hobobo]

10 minutes ago, Pib said:

 

Not using VPN 24/7??!!....well, you are going to hell for sure when you die.

 

Disclaimer:  this is a paid advertisement/statement from the VPN Providers Association.

And I guess VPN for Idiots never got published? Shame that...

[JayBird]

I use VPN when in a public Wi-Fi hotspot. On Phone or tablet. As well as when I'm on a laptop in a hotel.

 

I also use it to get around some throttling true move does (on Monday evenings they like to block my access to some gaming sites but no problems the rest of the week)

 

Otherwise its only for geo location.

[TallGuyJohninBKK]

2 hours ago, hobobo said:

 In the last year or so, however, I get at least five messages/notifications a day to warn me of the pitfalls of using internet without VPN, and the True hell experience if I'm ever caught. Should I be worried?

Messages/notifications from whom? Junk/spam mail or from True itself, or ???

 

 

[TallGuyJohninBKK]

2 hours ago, JayBird said:

I use VPN when in a public Wi-Fi hotspot. On Phone or tablet. As well as when I'm on a laptop in a hotel.

 

I also use it to get around some throttling true move does (on Monday evenings they like to block my access to some gaming sites but no problems the rest of the week)

 

Otherwise its only for geo location.

 Depending on your VPN provider, I think you might also find that by using a good VPN with True as your ISP you're likely to get considerably faster international connection speeds than if you were just using True Online alone.  I certainly did in my years with True.

 

[TallGuyJohninBKK]

3 hours ago, Katia said:

How do you all get your VPNs to make your internet *faster*?  Everyone I've ever known who uses one, finds it makes their internet *slower* (mine, horribly so-- I need to muck about with settings and ask on my VPN's forums).

 

Yes, I've had that problem, too.  Imagine me trying to get through the Google Play Store in Thai because that's what my phone defaulted to!

 The faster part probably depends on the combination of what Thai ISP you're using along with whether you're using a quality VPN, how your VPN is configured, and where it's connecting to.

 

In my experience, the speeding up for international connections works with both True Online and 3BB internet providers. But it seems to have little or no benefit for AIS fiber customers, based on user comments here. Not sure about TOT, which is typically marginal at best for international connections.

 

The best kind of VPN protocols to use to gain speed performance are ones like PPTP or L2TP.   Those don't do the same kind of data encryption that VPN protocols like OpenVPN use, and it's the encryption element that likely is a contributing factor to people experiencing slowdowns when using VPN. Another factor, of course, is not all VPN services are created equal and have the same quality of networks, so that can vary considerably depending on which provider you're using.

 

Generally here in Thailand, if you don't need a particular geo IP location but can use any, a VPN connection to a Singapore server is probably going to be the fastest available. If you need a VPN connection to a particular other city or country, then obviously, it's going to depend in part on how far it is from Thailand and how the data connections are between here and that distant locale.

 

Edited February 25, 2017 by TallGuyJohninBKK

[Skeptic7]

VPN...Don't surf the web without one! Privacy, Security, Piece of Mind. 

 

PIA and Noord seem to always be at the top of the lists and good values. Many other decent choices available too.

[TallGuyJohninBKK]

6 hours ago, johnmcc6 said:

Opera operating system has free V P N. I go from Firefox for most things then jump to Opera for others. Easy to  use with some good features. Never had a problem with either system. Good however to get around blocked content on some sites and articles.

I've used the Opera VPN before for some non-essential things and it was fine.

 

But the one thing that makes me nervous about using Opera VPN is that Opera the browser company was bought out/sold to a Chinese company sometime back. And while I've long respected Opera for their business when they owned it themselves, I get a bit wary anytime the Chinese start getting into my VPN connections. They're typically more interested in breaking cyber security than they are in protecting it.

 

And, Opera has been providing their VPN service as an entirely free service for quite some time -- which kind of brings to mind the question -- given that they're a business in business to make a profit, how exactly does their business envision making a profit from the endeavor?  I've never heard/seen any explanation to that interesting question.

 

Edited February 25, 2017 by TallGuyJohninBKK

[chubby]

so pib, tallguy, etc. 

as a run  for  online banking, investment, most security needed logins, do you use  the VPN on or off .

seems to me a guess, as to do you trust your local ISP more than whatever VPN provider you've chosen. I'm not sure how trustworth Thai ISPs  are vs. USA ones?

 

of course if your using wifi the equation might change a little , i prefer VPN while on any wifi, however  100% if not  my router ......

[StraightTalk]

13 hours ago, Chicog said:

One thing a lot of people don't consider is just how secure their VPN is at the termination point.

 

However, since I don't do anything nefarious, I don't really worry about it too much.

I'd bet that at least a few of the VPNs are probably owned by NSA shell companies.

 

 

15 hours ago, Headgame said:

I am concerned about privacy first and security second.

I use a VPN 24/7 on both my laptop and cell phone.

Just think about where you live.

Should answer why.

Location has absolutely nothing to do with Internet privacy/security!

[StraightTalk]

13 hours ago, Chicog said:

One thing a lot of people don't consider is just how secure their VPN is at the termination point.

 

However, since I don't do anything nefarious, I don't really worry about it too much.

 

Flawed reasoning. You wouldn't publicize your e-mail password(s), would you?

It is however most essential to read thru the terms of agreement issued by the provider of the vpn and comprehend the written words & their consequences.

[hobobo]

13 hours ago, TallGuyJohninBKK said:

Messages/notifications from whom? Junk/spam mail or from True itself, or ???

 

 

TallGuyJohninBKK, I get them from True itself, while on sites like IMDb or Pirate Bay I guess they are spam to make me think I'm about to be arrested...

[Pib]

6 hours ago, chubby said:

so pib, tallguy, etc. 

as a run  for  online banking, investment, most security needed logins, do you use  the VPN on or off .

seems to me a guess, as to do you trust your local ISP more than whatever VPN provider you've chosen. I'm not sure how trustworth Thai ISPs  are vs. USA ones?

 

of course if your using wifi the equation might change a little , i prefer VPN while on any wifi, however  100% if not  my router ......

I do not use VPN for my connections to financial websites like my banks, PayPal, etc., because such sites automatically use a https connection which is a secure/encrypted connection.   And I'm no longer concerned about my financial institutions seeing me logon from a non-US IP address location.    I only use VPN when it's a geo-location thing/need another countries IP address or signing up for a new financial account.

 

Now if using public, open Wifi like at malls or airports (which I don't in today's 3G/4G speed world) I would be inclined to use VPN more.

 

When I was on a True DOCSIS/cable 15Mb plan using a VPN helped my international speed quite a lot.  But now that I'm on an AIS Fibre 100Mb plan VPN usually gives me a significantly slower international connection than a non-VPN connection.   This is probably just an AIS thing or maybe my VPN service (PureVPN) when dealing with high speed plans vs lower speed plans like around 30Mb or lower.

[Katia]

13 hours ago, TallGuyJohninBKK said:

 The faster part probably depends on the combination of what Thai ISP you're using along with whether you're using a quality VPN, how your VPN is configured, and where it's connecting to.

 

In my experience, the speeding up for international connections works with both True Online and 3BB internet providers. But it seems to have little or no benefit for AIS fiber customers, based on user comments here. Not sure about TOT, which is typically marginal at best for international connections.

 

The best kind of VPN protocols to use to gain speed performance are ones like PPTP or L2TP.   Those don't do the same kind of data encryption that VPN protocols like OpenVPN use, and it's the encryption element that likely is a contributing factor to people experiencing slowdowns when using VPN. Another factor, of course, is not all VPN services are created equal and have the same quality of networks, so that can vary considerably depending on which provider you're using.

 

Generally here in Thailand, if you don't need a particular geo IP location but can use any, a VPN connection to a Singapore server is probably going to be the fastest available. If you need a VPN connection to a particular other city or country, then obviously, it's going to depend in part on how far it is from Thailand and how the data connections are between here and that distant locale.

 

Thanks.  Yes, I'm using True and yeah, OpenVPN (and yes, you're correct, it is the encryption I'm thinking of in things being slowed down.  Maybe it's just that most people I'm hearing of are indeed using it for encryption purposes).

 

I don't find too much of a speed difference between the Singapore server and the one in Bangkok.  However, an IT friend recently questioned my use of the Bangkok server since my reasons for using VPN are security.  I suppose this might come into play if, for example, the "one gateway" thing came to pass and one was attempting to use VPN to get around it (if that's even possible)?  But does it matter otherwise?

[TallGuyJohninBKK]

Couple of points:

 

--The faster PPTP and L2TP VPN protocols I mentioned are great and preferred for video streaming. They are encrypted, but only about half as much as the OpenVPN standard.  Normally, for video streaming, the content security of the data flowing across the internet isn't an issue. However, AFAIK, no one recommends using PPTP or L2TP as VPN protocols for security.

 

--The OpenVPN protocol, I gather, is considered a decent one for security purposes. Although from what I understand, it is subject to something called DPI (Deep Packet Inspection) that, for properly equipped snoopers, can enable them to get into the contents of what's being sent/received.

 

--There are other VPN protocols (that go by different names with different providers) that supposedly are even more resistant to snooping and even that supposedly would prevent most would-be snoopers from even being able to detect that a VPN encrypted connection is being used.

 

As for BKK vs. Singapore, someone on the forum here claimed the other day that most "Bangkok" VPN servers used by VPN providers are really disguised Singapore-based servers. I have no idea whether or not that's true. But I do know from my own past experience with True Online, that I'd tend to get very slow performance (as in, about the same as True with no VPN for international connections) from my VPN provider's "BKK" server and much faster performance when I instead connected with the same provider's Singapore server.

 

[Chicog]

6 hours ago, SouthernDelight said:

Flawed reasoning. You wouldn't publicize your e-mail password(s), would you?

It is however most essential to read thru the terms of agreement issued by the provider of the vpn and comprehend the written words & their consequences.

You have a lot more faith in T&Cs than I do.

I bet if you read them closely you'll find a little loophole there somewhere.

 

[Chicog]

39 minutes ago, Pib said:

I do not use VPN for my connections to financial websites like my banks, PayPal, etc., because such sites automatically use a https connection which is a secure/encrypted connection.

 

You should compare certificate chains both in and out of VPN to ensure that there isn't an intermediary certificate being issued.

 

I'm guessing this is why Thailand wants this single gateway nonsense, and why they're a Bluecoat customer.

 

 

 

 

 

 

[Chicog]

And to rub salt in the wounds...

 

List of Sites possibly affected by Cloudflare's #Cloudbleed HTTPS Traffic Leak

 

https://github.com/pirate/sites-using-cloudflare/blob/master/README.md

[TallGuyJohninBKK]

I use my VPN to log-in to all my financial account sites, every time, mainly to get a consistent home country IP address. And if doing so also helps with the security factor, all the better.

 

[chubby]

On 2/25/2017 at 9:06 PM, Chicog said:

 

You should compare certificate chains both in and out of VPN to ensure that there isn't an intermediary certificate being issued.

 

I'm guessing this is why Thailand wants this single gateway nonsense, and why they're a Bluecoat customer.

 

 

 

 

 

 

https://addons.mozilla.org/en-US/firefox/addon/requestpolicy-continued/?src=api

 

https://addons.mozilla.org/en-US/firefox/addon/certificate-patrol/?src=ss

Edited February 27, 2017 by chubby
wrong url

[Chicog]

Not updated since 2011.

 

[chubby]

54 minutes ago, Chicog said:

Not updated since 2011.

 

but afaik it's what there is ; unless you know something else ?  ; i don't actually ever used it, myself, just a reference  fwiw 

[chubby]

On 2/26/2017 at 0:38 AM, Chicog said:

And to rub salt in the wounds...

 

List of Sites possibly affected by Cloudflare's #Cloudbleed HTTPS Traffic Leak

 

https://github.com/pirate/sites-using-cloudflare/blob/master/README.md

though, I always do use this :

https://www.eff.org/https-everywhere

 

though, I think certificate system remains fairly broken, not sure on the latest , re: which browsers allows which root certificates, etc

[Chicog]

51 minutes ago, chubby said:

though, I always do use this :

https://www.eff.org/https-everywhere

 

though, I think certificate system remains fairly broken, not sure on the latest , re: which browsers allows which root certificates, etc

 

Well that isn't a bad idea, but I believe it simply tries to enforce HTTPS, I don't think it does any certificate validation.

 

 

[Rc2702]

I use HMA pro VPN and it's great and I use it 24/7 for upto 5 devices.

 

Security issues are minimal I can do banking etc with no problems. 

 

Sometimes I might access QB and get a security alert requiring them to send a prove your you email to me with a code but it's a matter of 30 seconds before I'm in.

 

I think this solution is great and gives peace of mind.

 

To quickly check it's working is also a bit of fun too.

[chubby]

11 hours ago, Chicog said:

 

Well that isn't a bad idea, but I believe it simply tries to enforce HTTPS, I don't think it does any certificate validation.

 

 

no never said it did, but what is your suggestion or do you have one?

use vpn for financial /bank  login sessions?

 

[Chicog]

1 hour ago, chubby said:

no never said it did, but what is your suggestion or do you have one?

use vpn for financial /bank  login sessions?

 

I do, yes.

It still uses HTTPS and there is less chance of it being intercepted.

Why my bank hasn't started two-factor authentication though, I have no idea.
 

FYI I use Ironsocket.

[DaveBKK]

On 2/26/2017 at 1:34 PM, TallGuyJohninBKK said:

Couple of points:

 

--The faster PPTP and L2TP VPN protocols I mentioned are great and preferred for video streaming. They are encrypted, but only about half as much as the OpenVPN standard.  Normally, for video streaming, the content security of the data flowing across the internet isn't an issue. However, AFAIK, no one recommends using PPTP or L2TP as VPN protocols for security.

 

--The OpenVPN protocol, I gather, is considered a decent one for security purposes. Although from what I understand, it is subject to something called DPI (Deep Packet Inspection) that, for properly equipped snoopers, can enable them to get into the contents of what's being sent/received.

 

--There are other VPN protocols (that go by different names with different providers) that supposedly are even more resistant to snooping and even that supposedly would prevent most would-be snoopers from even being able to detect that a VPN encrypted connection is being used.

 

As for BKK vs. Singapore, someone on the forum here claimed the other day that most "Bangkok" VPN servers used by VPN providers are really disguised Singapore-based servers. I have no idea whether or not that's true. But I do know from my own past experience with True Online, that I'd tend to get very slow performance (as in, about the same as True with no VPN for international connections) from my VPN provider's "BKK" server and much faster performance when I instead connected with the same provider's Singapore server.

 

 

There's quite a bit of false information here that I'd like to correct:

 

1) PPTP is a very old protocol and uses a very very weak encryption method. It is possible to break the encryp tion on PPTP. So *ONLY* use it for location shifting. Anything you do requiring security or privacy, absolutely avoid PPTP.

 

2) OpenVPN vs L2TP (or IPSec) - neither one really uses significant different amounts of overhead. Actually with both different ciphers can be used to actually encrypt the payload. So using 1 or the other will not alone determine speed or overhead issues.

 

3) OpenVPN is probably more secure that L2TP at this point, as it uses TLS. OpenVPN uses SSL/TLS for it's secure protocol which secures data at the Transport level, while IKEv2/IPSec secures data at the IP level. You can get more detailed info on the differences here: http://security.stackexchange.com/questions/63330/are-there-any-reasons-for-using-ssl-over-ipsec

 

4) Deep packet inspection WILL NOT reveal the contents of your VPN encrypted session, unless whoever is snooping on you is able to break the encryption (extremely unlikely and would take tremendous resources probably spent better elsewhere), or the snooper intercepted keys you're using somehow.

 

What deep packet will do is reveal that you ARE using a VPN. That's all. 

 

5) L2TP / IPSec is actually notoriously difficult to set-up and it's quite easy to make mistakes (handshake process extended, etc.)  If you're using L2TP/IPSec make sure whoever set it up for you absolutely knows what they are doing.

 

Most of the stuff above matters if you are relying on a VPN for security or privacy. Not so much for simply location shifting. 

 

 

[Pib]

1 hour ago, DaveBKK said:

 

5) L2TP / IPSec is actually notoriously difficult to set-up and it's quite easy to make mistakes (handshake process extended, etc.)  If you're using L2TP/IPSec make sure whoever set it up for you absolutely knows what they are doing.

 

I've never, ever had a problem setting up a L2TP/IPSec connection....in fact, L2TP/IPSec is native to Windows.  When setting up a L2TP manual connection in Windows you only have one choice of L2TP type connection...and that is a L2TP/IPSec connection.

 

 

[TallGuyJohninBKK]

Perhaps you should read what I actually wrote more carefully:

 

1 hour ago, DaveBKK said:

 

There's quite a bit of false information here that I'd like to correct:

 

1) PPTP is a very old protocol and uses a very very weak encryption method. It is possible to break the encryp tion on PPTP. So *ONLY* use it for location shifting. Anything you do requiring security or privacy, absolutely avoid PPTP.

Re above, I specifically recommended PPTP for video streaming and NOT for privacy issues. But for video streaming, it's probably among the best protocols, regardless of age. You don't need encryption for video streaming.

 

1 hour ago, DaveBKK said:

 

2) OpenVPN vs L2TP (or IPSec) - neither one really uses significant different amounts of overhead. Actually with both different ciphers can be used to actually encrypt the payload. So using 1 or the other will not alone determine speed or overhead issues.

 

3) OpenVPN is probably more secure that L2TP at this point, as it uses TLS. OpenVPN uses SSL/TLS for it's secure protocol which secures data at the Transport level, while IKEv2/IPSec secures data at the IP level. You can get more detailed info on the differences here: http://security.stackexchange.com/questions/63330/are-there-any-reasons-for-using-ssl-over-ipsec

 I've done a lot of comparative VPN testing over the months and years, and OpenVPN almost always tests and runs slower than PPTP. So if speed and not security is your priority, PPTP or even L2TP are better choices.

 

1 hour ago, DaveBKK said:

5) L2TP / IPSec is actually notoriously difficult to set-up and it's quite easy to make mistakes (handshake process extended, etc.)  If you're using L2TP/IPSec make sure whoever set it up for you absolutely knows what they are doing.

 

It's easy to set up a L2TP connection in Windows networking, takes 2 minutes, a monkey could do it, and I've never had any problem with those connections.

 

And if that didn't work, my VPN provider offers a dialer application that makes choosing an L2TP connection as easy as clicking the choice for that protocol and then choosing the server city that's desired. I wouldn't classify that as "notoriously difficult."

 

All in all, though, between L2TP and PPTP, I seem to have better overall, more consistently good performance from PPTP connections (for video streaming purposes!!!)

[DaveBKK]

I've never, ever had a problem setting up a L2TP/IPSec connection....in fact, L2TP/IPSec is native to Windows.  When setting up a L2TP manual connection in Windows you only have one choice of L2TP type connection...and that is a L2TP/IPSec connection.
 

 

L2TP / IPSec is simple on the client side....but not on the SERVER side. This is where it's much more complicated and easy to make a mistake.


Sent from my iPad using Thaivisa Connect