 So with privacy being a concern for everyone, especially in March of 2018 with all the recent Facebook stuff People have been asking me more and more about VPNs just in general. So I figured I would talk about VPNs I recommend a VPN service one that seems pretty good, but I'm gonna put some caveats out there for all of them first It's March 2018 I'm sharing the data as I know it in March of 2018 because something horrible could be discovered about this VPN company And then my views would dramatically change about them, but I have my 10-fold hat on about any VPN companies just so you know So the short answer with all VPNs is the same thing. You're just changing who you trust So you say I have my internet provider of Comcast I do not trust them not to sell my data So I want a VPN and what the VPN does is hide in a tunnel the data from Comcast Comcast can still see that you're connecting to a VPN and do what they want with that information But they can't see everything else you're doing So that's kind of what I wanted to talk about. So that means you're just moving who you trust PIA I reviewed them before we've done the PF sense before I like some of the things they're doing because they've also paid for like public audits of open-source software They're very forward and open company in general with a lot of the information they use Open VPN as the VPN Tool of choice. So those are all great things. They seem pretty straightforward as a company, but Any of these VPN companies they all claim they don't have logs And we have found out from some of them when they've turned over their logs or worked with authorities that they are clearly keeping logs I'm not going to go over each one of them I think I have a video or two I've done about those companies before So there's no matter what it is and some people said well, it's a US company so they're subject to US laws Yeah, but if they're a company in another country, how do you know that they've not decided to work with US authorities? It's not like they wave a flag and tell you So there's always and yeah, lots of information I did like someone tweeted the other day work with the Chinese companies because the Chinese companies don't interest in selling it to the American companies I I don't know the reality is the internet was not designed for anonymity. So take that for what it's worth That's all my caveats If you're running a VPN you just have to think about that now good things about VPNs The VPN can if you're in an open internet Make it harder for people as you're in a coffee house or somewhere with public Wi-Fi You don't want them to track you so you want a VPN you are encapsulating all the data from there So that does work for that scenario as well And if you're wondering what's on the screen here, this is my testing I am going to show you how I have this set up so we can show you kind of the difference between all the noise a Computer makes and I specifically chose a windows one because I mentioned the majority of you are running windows It's gonna be a lot different for Linux But this by the way is PA is supported in both Linux Windows and even PF sense And I've got a video on how to set it up PA up in PF sense as well So I've already done that video for those of you wondering I'm pretty sure even though PF sense is on a new version the video holds up Plus they have in they have documentation step-by-step on theirs so Because someone mentioned I think they moved to port on something but it's easy enough. They they will document their internet So this is our windows box sitting over here. This is yet by the way everyone likes to ask what tool I'm using for this This is free you can go download this So this is my crude rendition. This is my windows box at 192 168 40.102 This is my PF sense lab box at 192 168 40.1 as the gateway on the land side So the only device actually on this network is this this is just a lab environment The WAN side connects to my office network at the three network And then here's our main PF sense office and that goes out to the internet now I'm not running on top on this one because there's just lots of things in between and we want to Localize a single device on the internet So this is the segmentation of this and in case you're wondering these are both virtual machines And I've done a tour as well of my entire virtual lab and how I have that set up So this is how it's going to get out to the internet, but this box here We're going to be running the end top on so we can really take a look at what data comes out of windows And it's kind of interesting. So let me bring all this close this down and start bringing stuff over So this is not an RDP connection. Just so you know this connection is done via a Into the Zen server, I'll minimize it real quick so you can see I'm using the console And the reason for this is I want no other connections Interfering with it. So if I were to RDP into this or use any of our remote tools, we would be adding more connections So this is just going to show you the connections that are coming from there Now the first thing we're actually going to do is show you what it's doing now and what happens on restart So right now, this is just your generic install of windows 10. So I'm going to go back to full screen Generic install windows 10 and we're going to go and restart it while we're restarting I'm a drag a window over here for you guys to see There we go This is the couple things that's going on right now Microsoft has their data collectors inside of windows 10 for those who don't know and it's called something was it called vortex that when dated up Microsoft com and Breaks down the detail for things that are going in it. This is just windows 10 and it's it's telemetry system For say by the way, that's not blocked by VPN. What I'm showing you is not Is what a provider can see so end top PNG being as it sets right in there? Let's say end top PNG this particular machine would be the coffee house that wants to watch all your traffic This is what they're going to see So this is what traffic is going on now and what I find interesting. It's still restarting is when windows restarts How many more things it starts doing so me refresh it? Okay, nothing right now And here comes all the different connections that it makes So this is as it starts up it starts looking at more and more Microsoft stuff starts talking and Starts talking more This is just interesting in general to see all the data that starts getting sent in general as the windows 10 just on startup Look licensing that Microsoft comm and everything else, you know got a phone home make sure the licenses are good So if you ever just wonder how much data windows 10 does just as soon as you start it up It starts going to being I don't understand this one. I it connects to Twitter I don't know why I'm guessing it's part of the being So all I did was restart this machine and that many connections popped up This is someone related to this, but it's interesting. So let's go ahead and log in here. All right So we're logged in. Let me see if there's any more Any more data that Microsoft wants to send because I logged in Decent amount what we have 37 connections in here just for logging into windows for all the things I don't understand the Facebook one either. I don't know what on here is going to Facebook That's a whole another video. Maybe I'll do a packet trace on this But just give you an idea of all the things on there, but obviously you can see all of them So if I'm a coffee house, and I'm giving you free internet These are all the things I can see this is all the things Comcast can see is when your box connects online These are all the publicly available information now because the traffic itself is encapsulated in SSL You don't get to see inside the traffic. They only know where you connected to because of DNS That's how I can see what the connections you don't know because of SSL the Contents of that connection and that's also why I people ask me about proxies all the time And I'm like they're trouble set up because you have to add more trust to get inside the SSL certs, but Before I digress too far All those connections are doing here. Let's open up private internet access Yep, go ahead and say yes I didn't run through the install the install is a couple of necks and yes It's arbitrary to install this tool. I've already put my username and password in there And waiting for it start up now I told it not to run on startup But one of the options for private internet access is to run and startup So as soon as the computer starts it goes connects. It also has the option. Yep. You're disconnected Because I told it not to Cancel don't stop. I have audio. It's All right, so Go to settings most run through the settings real quick here Advanced settings so you can see so here's all the basic settings for a start application at login auto connect at launch Show desktop notifications. You can also tell it to kill your internet So you have no internet access until it starts up that's another way to being protected If you care about all that So we are going to leave it all the defaults here one nice thing of else they have here as well is the Request for port forwarding this comes up a lot When you want to port forward and you're running a VPN because you're moving where your public IP addresses People have to connect to that. They have to she support this It's limited because obviously with lots of people requesting ports. There's not like you can just have any port you want So you have to can work with the VPN provider and their tool has an ability to Request port forwarding on their end just so you know it is available. I've not done much use Much with it. I've had I've seen some people having some trouble with it If you're running a VPN generally port forwarding is not not really must I'm wrong I don't know how good it works. I haven't tested it a little while But I'm not going to really get into that it supports IPv6 leak protection enable debug mode other things It's kind of neat about them. They have some information under website if you say I want to use this for torrenting They actually have some work instructions for that with PA which is Interesting because normally VPN companies don't want you to do any of that and they're like oh, here's not only can you do it? Here's a work instruction kind of clever anyways, so Here's what it looks like save and we're gonna head and Close it and we're gonna go ahead and click connect We hit connect and you can choose where you want to be so that's kind of cool Got a bunch of different USA USA West USA East. Maybe you want to just choose somewhere close to you I'm gonna say USA East seems pretty close Connecting the USA East Alright, and we should see the little green guy here. You are now connected USA East and you can hover over you see your green You're safe. So let's see what my IP address is Where it thinks I am I Can assure you that is not my public IP address so It's on North American coax 173 pretty cool. So they definitely change your IP address You're not able to see the traffic, but of course let's get to the point of What do we see in N top PNG here? I see the connections die down. Here's all these connections now What you have to do with N top it takes a little bit before it drops all these connections So we're gonna go and force them by doing this Go over here and restart the N top PNG service it takes a second restart And that will when it restarts. It's gonna just lose all the connections. Yeah, it should fail Until it start again, sometimes it doesn't restart that's normal If it set us it just stops and I thought I maybe I didn't restart but not the look of the video All right. Now. It should ask me to log back in go over here to host Huh now much here Protocols unknown unknown unknown. Oh Yeah, that's what your ISP would see now So now we are back to simulating, you know ISP or that free coffee house as you're getting that and as you can see Nothing nothing in here at all the one connection that it's going here UDP because and the reason it says UDP just in case you're wondering Not as a seller something like that for the type of protocol is being used is specifically because that's the way open VPN works It just creates a UDP session and they can see this so we went from we can see everywhere You're going back to this nothing. So they move this out of the way. Let's surf the web a little bit Open up my website. It's got lots of stuff on it We track everything of course, you know, we got Google analytics on here. So it's making calls all over the place So there's my websites pulling up cool I'm not logged into Facebook here So we'll go to news.google.com. So we've pulling up all kinds of stuff Tesla's in the news cool. All right, there's Elon. All right, we went to surf some websites Let's go look at our coffee house or internet provider can see the amount of data used and that's it Nothing else. So it does in fact do a great job. Now. This is also testing for something else You noticed all the DNS requests that were in there before so this does in fact prove that PAA is Filtering all the DNS and not leaking any of it, which is nice, too I'm sure you could play with advanced settings and break it or misconfigure it But so just so you know it does work It does hide all of the protocols traffic everything from whoever the private is this is kind of important thing I didn't want to just say hey PA. He's cool. I like them. They didn't sponsor this video by the way I do have an affiliate link. So yeah, I get a couple dollars if you sign up That's that's as honest as I can be there's not any Other reason I have them they did not reach out to me to make this video or anything like that. Now. This is interesting I just seen one more Something went around it. Oh, that's interesting. I did not see this in my test before I did the video So where did this go? So Microsoft still had something that sent out a packet around it Let's look at that real quick. That was unexpected. I did this test before and didn't notice this And now it's back. So interesting even with the VPN running This protocol whatever is running here. It's just doing a standard HPS is going around the VPN so that's uh It's very I mean, it's two packets very very tiny amount of data But still interesting that apparently Microsoft is deciding to go around this now Just so you know as well and open up the adapter settings to show you I Disabled IPv6 so it's not even an option for to send data out in another method So as you can see right here the IPv6 is unchecked. So Microsoft sends a packet out Apparently to themselves because that is a Microsoft destination on there All right, I'm gonna leave you guys a link to this This is so I don't have to do a follow-up video because a quick Google search of that IP address landing me on this website And basically what someone did was they did what I talked about just doing a whole raw dump of everything that happens in Windows 10 telemetry. What's interesting to me is the fact that the VPN Is being bypassed by Windows 10 for this so and I and this isn't a believe any fault at all of Running PIA. I believe this is completely just a design of Windows 10 that it does not care that you have tried to force everything into a VPN Microsoft says no, we still need to collect telemetry data about you using Windows 10 So take that for what it's worth All right, I'm gonna move on from this topic But just in short from those articles that I will leave the links in the comments below These are just the Windows telemetry servers that is a trade for running Windows 10 They get telemetry on you. There's that article kind of breaks down what what we know is in the data or at least some of What we know is in the data. I'm not gonna go down that rabbit hole right now. We know Microsoft does quality feedback stuff But just so you know That doesn't go around the VPN, but even if it went through the VPN It's still Microsoft calling out whether it gets wrapped through the VPN or not It's still going to Microsoft either way. So this does not Stop any that like I said the focus of this is showing what data a ISP may collect about you and how a VPN will hide that Like I said, I don't believe it's any fault to them. It's a base of the operating system being Windows 10 issue All right, and the last thing I want to talk about is VPN speed testing. So Here's the speed breakdown that they have right on their site and they have it per They have a nicely grouped. It's a nice here So if you want to pretend you're in a protect Republic, here is what the speed limit is there if you want to say you're in Finland Here's what the speed limit is there That's one thing about VPNs first They're adding overhead because you're encapsulating all your traffic over the VPN and coming up somewhere else So there's a certain amount of overhead added for that The next thing is the speed test in general now. We have a 50 mag circuit here and I'm connected to their Chicago I think that's when I went. Let's look where I'm connected to Or did I just choose East? So if I go here Yep USA East So USA East is limited to that speed test there. So let's do a speed test real quick See what kind of speed we're getting There's just there's your ping test Yeah, 20 1819 not bad. I ran this test on another window just to make sure our speed is fine There's no one here because it's Saturday. There's not much data going across our network and I had no problem We have a 50 mag pipe and we pretty regularly get about 55 and any speed test Pretty pretty consistently. I got a speed test just not when I pause the video I did it and came back to it and yeah, so you're gonna lose this This is one other thing about a VPN. You are going to lose some speed But it's gonna get you around things like geographic restrictions if you happen to not be in the US but you want to appear to be in the US that's Option there. It's going to besides the Microsoft telemetry as we discovered which ignores VPNs apparently you're gonna hide from your ISP where you're going on the internet and In fact, all of our surfing did not produce any DNS leaks that we noticed when we're looking through the net flow data. So That that was a good thing overall. It's definitely Works as intended as as they said Doing all the surfing we just did like I said the speed test. I went right back over here to the flows That's it. The only other packets that got sent out the other couple of ones were these couple packets to Microsoft for telemetry, but Well, the net PA seems fine or whatever VPN you want to use is going to give you an idea of what you're getting with a VPN What you're hiding with a VPN and what the results are going to be? So that's kind of what this talks about. So like said if you ask a recommendation PA seems pretty good March 2018 That's what I believe. I don't know what the future holds for any of these VPN companies the bigger overall thing I want you to always think about the internet was not designed for you to be anonymous It's designed to collect data about you and that's how the advertisers when they find out how much data There is to be discovered about you ie Facebook and all the other related stories That's what they do for targeting and things like that So this is just to raise some awareness and kind of show you what it does and give you kind of an overall View of it, but that's it and we discovered with me at the same time to telemetry stuff I'll leave the links below so you if those you want to do a deeper dive on how Windows 10 does its telemetry Those articles seem pretty well written as far as they break down the TCP details of what what they know is in that traffic All right Thanks for watching if you like to content here like and subscribe if you want to suffer PAA as I said the beginning was not sponsored by Them, but I do have an affiliate link below if you're interested in signing up for them as a VPN company Thank you very much