VPN in Thailand: necessary from a security perspective?

[TallGuyJohninBKK]

2 minutes ago, DaveBKK said:

 

L2TP / IPSec is simple on the client side....but not on the SERVER side. This is where it's much more complicated and easy to make a mistake.

 

 

Except, the audience reading here is generally going to be setting up the VPN protocol on the CLIENT side... not the server side. Whether they're doing it thru the Windows OS or via their VPN provider's client software application. Which kind of makes your original point, off-point.

 

 

[KylieLopez]

The eyeball of identity thefts and hackers are everywhere not just in Thailand specially take your protection serious during connected to public WiFi's. Get a VPN app installed in your phone, desktop and tablet etc.. I will suggest you to configure vpn with your internet router as well at your home so this way all of the devices will be protected.

[Pib]

27 minutes ago, TallGuyJohninBKK said:

It's easy to set up a L2TP connection in Windows networking, takes 2 minutes, a monkey could do it, and I've never had any problem with those connections.

Not if the monkey is eating a banana at the time....that's why I always put my banana down when setting up a L2TP connection.  

[Pib]

Here is PureVPN's webpage talking strength and weakness of the major VPN protocols.  And one protocol that don't get much advertisement for encryption is the SSTP protocol, which could very well be the most secure protocol based on stuff I read about a year ago when getting really interested in the various protocols.   But since SSTP protocol is proprietary to Microsoft and since it's  not an open protocol  it gets undue negative press especially from the open software community.  Nor does SSTP work on Apple products.  SSTP will usually be slower than L2TP but is possibly the most secure VPN protocol.

 

 

https://support.purevpn.com/vpn-protocol-strength-weakness

Quote

 

VPN Protocol Strength & Weakness

• Last Updated February 21, 2017 
• Created October 3, 2014 
• Author admin 
• Category PureVPN Protocols
• Comments 7 Comments
• Estimated Time 3 minutes, 41 seconds

The following guide will help you understand the benefits of different VPN protocols being offered by PureVPN. However, before you proceed, it is necessary to remember that each protocol provides a unique combination of security and speed.

Benefit of (PPTP) Protocol:

 

• PPTP is the fastest protocol and does not compromise your internet speed. Security, on the other hand, is at the lowest scale when connecting with PPTP protocol. It provides encryption up to 128bit.
• It works on TCP Port 1723  and IP port 47 Generic Routing Encapsulation (GRE).
• PPTP protocol is best for streaming and other browsing situations when you are connected to a comparably safer network.

Benefit of (L2TP/IPSec) Protocol:

• L2TP/IPSec is more secure than PPTP and provides encryption level up to 256 bit .
• L2TP is a combination of PPTP and Layer 2 Forwarding (L2F), a technology developed by Cisco Systems, Inc. L2TP uses IPsec in Transport Mode for encryption services. The combination of L2TP and IPsec is known as L2TP/IPsec.
• It works on UDP Port 1701, 4500 (Used by IPSec) and 50 (sed by data path (ESP)

Benefit of (SSTP) Protocol:

• SSTP is the safest protocol among all. However, your internet speed, will definitely be compromised when connecting with SSTP protocol.

• SSTP protocol is best suited for highly confidential online activities like banking transactions, e-commerce transactions or business communications.

• SSTP VPN is Microsoft’s SSL VPN which encapsulates PPP packets over an HTTPS session, it’s more secured than PPTP/L2TP and it’s difficult to be block by ISP. Not like PPTP/L2TP connection, SSTP VPN connection work on 443 port.

• It is best of school network or office network where PPTP and L2TP are blocked.

Benefit of IKEv2 Protocol:

• IKEv2 is a tunneling protocol that uses the IPsec Tunnel Mode protocol over UDP port 500

• IKEv2 encapsulates datagrams by using IPsec ESP (UDP Port 50) or AH headers for transmission over the network.

• It provides encryption level up to 256 bit.
• IKEv2 VPN provides resilience to the VPN client when the client moves from one wireless hotspot to another or when it switches from a wireless to a wired connection

Benefit of (OpenVPN) Protocol:

• OpenVPN is an open source technique utilizing Virtual Private Network to construct an encrypted bridge between two end points.
• We offer OpenVPN on UDP Port 53 and TCP 80.
• OpenVPN Provides encryption level up to 256 bit.
• It is most commonly used in devices like Routers. OpenVPN protocol gives you the best speed with reliable online security.

Please use the comment box for your suggestions & feedback. For additional help, please submit support ticket with errors and screen shots (if possible) OR Contact our 24/7 live chat.

 

 

 

And here's a couple more websites talking the pluses and minuses of the various major VPN protocols, to include one from ExpressVPN which I see quite a few posters talking about....they too say SSTP is a very secure protocol.

 

https://www.bestvpn.com/blog/4147/pptp-vs-l2tp-vs-openvpn-vs-sstp-vs-ikev2/

 

https://www.expressvpn.com/internet-privacy/protocols/

 

 

 

 

Edited March 1, 2017 by Pib

[TallGuyJohninBKK]

Quote

PPTP protocol is best for streaming and other browsing situations when you are connected to a comparably safer network.

 

Hmm.... I know I've read that idea before somewhere...but where????

 

Could it be??

 

On 2/26/2017 at 1:34 PM, TallGuyJohninBKK said:

 

--The faster PPTP and L2TP VPN protocols I mentioned are great and preferred for video streaming. They are encrypted, but only about half as much as the OpenVPN standard.  Normally, for video streaming, the content security of the data flowing across the internet isn't an issue. However, AFAIK, no one recommends using PPTP or L2TP as VPN protocols for security.

 

 

Edited March 1, 2017 by TallGuyJohninBKK

[Pib]

You must have got your info from PureVPN and bunch of other VPNs which pretty say the same thing.

[TallGuyJohninBKK]

9 minutes ago, Pib said:

You must have got your info from PureVPN and bunch of other VPNs which pretty say the same thing.

That comment was really more of a response to Dave. But actually, they probably copied it from ME! 

 

Either way, it's clearly a case of great minds thinking alike...

Edited March 1, 2017 by TallGuyJohninBKK

[Pib]

For those who want some more opinions on using VPN to speed up your Thai ISP speed, you might want to review this below thread I started in June 16.  It's full of results/posts/VPN results from various folks over 5 months.    In June 16 I was on a True DOCSIS/cable 15Mb plan....in July 16 I switched to AIS Fibre.

 

 

[Chicog]

If you have a VPN subscription that's compatible with OpenVPN then on Android at least there is an OpenVPN Connect app which works very well, and doesn't have a noticeable impact on things like browsing.

I have it on both of my phones, using Ironsocket's servers, and I'm very happy with it.

[JayBird]

And to try to help bring this conversation back down to what the lay-person needs to know:

 

1) If you only want to change your location, use any VPN at any security level (PPTP, IPSEC, whatever)

2) If you want to ensure your connection is encrypted make sure the software you use to connect to your server (bank, whatever) is secured (should be HTTPS if web site, or offer SSL if a dedicated application)

3) If you want to conceal your browsing habits from possible casual observers use any VPN and/or TOR.

4) If you are trying to conceal your activities from government agencies that are out to get you -- you have bigger problems to worry about than which VPN to use.

 

 

[Chicog]

5 hours ago, JayBird said:

 

4) If you are trying to conceal your activities from government agencies that are out to get you -- you have bigger problems to worry about than which VPN to use.

Yes but you didn't offer a solution. let me help.

 

 

 

[Sambora]

I signed up a NordVPN trial period and like their services so far. They actually told me that I enjoy the same level of security/encryption when using the Thailand VPN server - is that statement correct? The VPN connection only encrypts the traffic to their end point, so if the government wants to them to hand information over they would still not be able to do so because they have a zero-log policy?

 

Or, is it overall safer to connect to VPN servers in countries which naturally have a lower level of surveillance e.g. Norway?

 

Please enlighten me.

[Pib]

1 hour ago, Sambora said:

I signed up a NordVPN trial period and like their services so far. They actually told me that I enjoy the same level of security/encryption when using the Thailand VPN server - is that statement correct? The VPN connection only encrypts the traffic to their end point, so if the government wants to them to hand information over they would still not be able to do so because they have a zero-log policy?

 

Or, is it overall safer to connect to VPN servers in countries which naturally have a lower level of surveillance e.g. Norway?

 

Please enlighten me.

No it's encrypted all the way from/to your computer and the server you are connecting to on the other end somewhere in the world.  Assuming you have your VPN connection set for encryption.  Some VPN apps allow  you to turn off encryption...and when using a Windows manual VPN setup you can also turn off encryption if the VPN server allows it.   Probably do the same in Apple VPN products.

 

I expect what the NordVPN rep meant was regardless of which one of their VPN sites you connect to, be it in the U.S., Europe, Japan, Thailand, or just anywhere the level of encryption is the same.

 

The rep probably just meant if you don't need the IP address of another country and you are just looking for encryption, just using the nearest NordVPN VPN server to you....like their Thailand VPN server ....then you may get faster speed than if connecting to one of their VPN servers in far off FarangLand.    And don't be surprised if the Thailand VPN server is really a "Virtual" server which just issues out Thailand IP address along with encryption but the actual VPN server is really else where like in Singapore. 

 

VPN providers make big use of Virtual servers....although they may have VPN selections in many, many countries they will "not" have their actual  servers and employees in all countries...instead they will use Virtual servers in other countries which they lease from other internet service providers....providers who provide a whole range of internet services to businesses around the world to include VPN servers and country-specific IP addresses.

 

Take a look at below tow Hidemyass VPN and PureVPN explanation of their virtual servers.

https://support.hidemyass.com/hc/en-us/articles/202722036-What-are-virtual-locations-and-what-do-I-need-them-for-

https://support.purevpn.com/virtual-servers-and-when-you-should-use-them

 

So, if you are just looking for encryption only and don't care about/need the IP address in another country, just use the nearest VPN server to you....such as one in Thailand.  But if you do need an IP address of another country like for geo-location restricted services like streaming video and want encryption also then connect to a VPN server in that country.    

 

Heck, you can even setup a VPN connection "not" to do any encryption...end result is it's just acting like a proxy server giving you an IP address of that VPN server location....no encryption is occurring.    

 

[janclaes47]

On 3/2/2017 at 1:42 PM, Chicog said:

Yes but you didn't offer a solution. let me help.

 

 

 

You think so?

 

https://torrentfreak.com/vpn-searches-soar-as-congress-votes-to-repeal-broadband-privacy-rules-170329/

 

Last week the US Senate voted to do away with broadband privacy rules that prevent ISPs from selling subscribers' internet browsing histories to third parties. Congress followed suit yesterday, with a 215-205 vote in favor of repeal. But as the news sinks in, US citizens are apparently considering counter-measures, with searches for VPNs quickly going skywards.

 

 

“The Administration strongly supports House passage of S.J.Res. 34, which would nullify the Federal Communications Commission’s final rule titled ‘Protecting the Privacy of Customers of Broadband and Other Telecommunication Services’,” the White House said in a statement yesterday.

[Pib]

It was pretty much a party line vote...Republicans voting Yes; Democrats voting No. A yes vote was to reduce privacy protection...allow more internet companies to sell you data.

[chubby]

https://thatoneprivacysite.net/choosing-the-best-vpn-for-you/

 

https://krebsonsecurity.com/2017/03/post-fcc-privacy-rules-should-you-vpn/

 

https://www.eff.org/pages/tor-and-https

[Katia]

18 hours ago, Pib said:

So, if you are just looking for encryption only and don't care about/need the IP address in another country, just use the nearest VPN server to you....such as one in Thailand.  But if you do need an IP address of another country like for geo-location restricted services like streaming video and want encryption also then connect to a VPN server in that country.    

 

Heck, you can even setup a VPN connection "not" to do any encryption...end result is it's just acting like a proxy server giving you an IP address of that VPN server location....no encryption is occurring.    

 

Thanks-- helpful.  This was what I had thought, too, but once when I mentioned to a coworker in the IT section that I was using VPN for security, on the VPN's Thai servers, he gave me a funny look and said, "you're using the Thai servers... when you want it for security...?" and I thought maybe I was wrong and started using Singapore instead.  (I don't really notice a difference in speed either way anyway.)

[NeilHines]

Well, it's not only about Thailand but VPN is a pretty good anonymity tool for anyone residing in any country. Like you guys must have seen the huge uproar about VPNs recently in US after the internet privacy repeal got signed. Well, without diverging from the topic, every country has it's specific data retention laws and if you do want to use a VPN in Thailand, look for the ones which are established in countries like Hong-Kong where data retention policies are not that strict. 

[RichCor]

On 4/1/2017 at 9:15 AM, Katia said:

Thanks-- helpful.  This was what I had thought, too, but once when I mentioned to a coworker in the IT section that I was using VPN for security, on the VPN's Thai servers, he gave me a funny look and said, "you're using the Thai servers... when you want it for security...?" and I thought maybe I was wrong and started using Singapore instead.  (I don't really notice a difference in speed either way anyway.)

 

WHO are you trying to secure your Internet traffic/transactions from?  A VPN can encapsulate and hide your Internet traffic between you and the VPN endpoint.  And how well do you trust the endpoint, the company that operates the VPN, the people working at that company, the 3rd-party service they contract with, the government(s) they reside in?  

 

I can understand why the coworker gave you a funny look.

[A1Str8]

I use a VPN because it encrypts all my traffic and Firefox with duckduckgo browser instead of the idiotic Google which tracks every f... thing I do. Not to mention the f... personalized advertisements which I never asked for. 

 

[wpcoe]

7 hours ago, A1Str8 said:

I use a VPN because it encrypts all my traffic and Firefox with duckduckgo browser instead of the idiotic Google which tracks every f... thing I do. Not to mention the f... personalized advertisements which I never asked for. 

 

If you're not logged in to a Google account, does it still track?  If so, how does it log searches that you've done over time and attribute them to you if your ISP assigns you a random IP number?

[chubby]

1 hour ago, wpcoe said:

If you're not logged in to a Google account, does it still track?  If so, how does it log searches that you've done over time and attribute them to you if your ISP assigns you a random IP number?

you might not really wanna know :

https://www.whonix.org/wiki/Comparison_Of_Tor_with_CGI_Proxies,_Proxy_Chains,_and_VPN_Services#Comparison_of_Tor_and_VPN_services

[wpcoe]

2 hours ago, chubby said:

you might not really wanna know :

https://www.whonix.org/wiki/Comparison_Of_Tor_with_CGI_Proxies,_Proxy_Chains,_and_VPN_Services#Comparison_of_Tor_and_VPN_services

Not sure how that helps Google know that it's the same person when I search via Google on different days and my ISP has assigned me a different IP address (and I'm not logged on to a Google account.)  Can you elaborate?

[RichCor]

3 hours ago, wpcoe said:

If you're not logged in to a Google account, does it still track?  If so, how does it log searches that you've done over time and attribute them to you if your ISP assigns you a random IP number?

 

Normally it's all done through shared tokens stored in cookies.

But having any android phone connected to your WiFi will act as a tattle-tale device, as Google uses the phone's ID and GPS location to identify and match the network connection, for anyone on it.

[A1Str8]

5 hours ago, wpcoe said:

If you're not logged in to a Google account, does it still track?  If so, how does it log searches that you've done over time and attribute them to you if your ISP assigns you a random IP number?

Sure it still does. It's based on cookies etc. It doesn't need your account. 

[wpcoe]

@RichCor:  Ah!  I hadn't factored in tokens and cookies.  Yep, I'm sure they've figured out how to do it. 

 

[edit:]  And, credit to @A1Str8, for the same thing, s/he posted as I was posting.

Edited April 27, 2017 by wpcoe

[TallGuyJohninBKK]

Well, this has got me stumped...

 

Lately I've been trying to sign up for a Google-related service that's only available to people located in certain U.S. cities.

 

When I attempt to sign up, my IP is in one of those cities, I've cleared all cache/cookies/history etc data previously, and per Rich's advice above, I've made sure I have no mobile devices connected to the same network.  And the answer still comes back, service is not available in your area.

 

I tried it using my house wifi with the correct IP address signed. And then later I tried it via my home PC's Ethernet connection with a PC-based VPN providing the correct IP, and it still failed that way.

 

BTW, this above happened to be attempted while using the Opera PC browser.

 

Edited April 27, 2017 by TallGuyJohninBKK

[RichCor]

26 minutes ago, TallGuyJohninBKK said:

Well, this has got me stumped...

 

Lately I've been trying to sign up for a Google-related service that's only available to people located in certain U.S. cities.

[...]

BTW, this above happened to be attempted while using the Opera PC browser.

 

Don't forget to shut down WebRTC.

 

Another way is to do the sign up using a Remote Desktop Connection (RDP, TeamViewer, LogMeIn, Google Remote Desktop, etc).

[TallGuyJohninBKK]

9 minutes ago, RichCor said:

Don't forget to shut down WebRTC.

 

Sneaky little devils!!! 

[TallGuyJohninBKK]

I tried it again after specifically disabling WebRTC via an Opera browser extension.

 

And followed all the prior steps I mentioned above. But something is still leaking thru.

 

MY IP shows as U.S.  But when I type just "Google" in the browser search bar (and not signed into any Google account), the Thai version of Google search comes up.

 

Maybe I need to try with a different version browser other than Opera, and see if that makes any difference.

 

It's strange, I never used to get the Thai language Google search page in the past when using a U.S. IP address, but that started changing some months back, and recently I get that TH language Google page all the time, no matter what kind of connection I have. Not sure what changed along the way to cause that.