Advanced Technical Info

1.1 Split-Tunneling

When working from home, many employers provide their employees and contractors with a VPN to access the office LAN, allowing them to use local office files and software. These employer-provided VPNs often only tunnel the employee's connection to and from the office LAN; all of the employee's other traffic bypasses the VPN to save bandwidth and VPN computing power. However, this means that all the rest of the employee's traffic is not secure. VPN Alliance’s customers can use our service in addition to their employer-provided VPN to stay truly secure. The customer’s employer-provided VPN allows them to access their office LAN, while VPN Alliance tunnels and encrypts the rest of the customer’s traffic, meaning that they can remain totally protected while working from home (1). 

1. wikipedia.org split tunneling

 

1.2 Geo-restrictions

Additionally, certain employers may have their employee portals geo-restricted. This means that their employees can only access the portal while they are in a certain geographic region e.g. the United States (2). If the employee is not provided with a work VPN or their work VPN is malfunctioning (a very common occurrence), they will not be able to access their work portal while outside the country. With VPN Alliance, the customer can use an IP address in the United States and bypass their employer’s geo-blocking, allowing them to continue to work abroad. 

2. wikipedia.org geo-blocking

3. wikipedia.org LAN whitelists

 

1.3 Anonymity

In recent years, many Internet and Cellular Providers have been caught collecting and selling their customer data to third parties such as advertising agencies (5). In addition, there have been major hacks of large corporations and examples of backdoors being placed in commonly distributed chipsets. The only way to protect personal data from all of these breaches of trust and attacks when on the internet is to use a VPN that tunnels and encrypts all web traffic. There will always be other ways data can be compromised, but using a high-quality trusted VPN is the safest way to use the internet. 

4. wikipedia.org AES

5. ftc.gov privacy practices

 

1.4 Safe Public WiFi

When unprotected devices connect to unsecured public WiFi such as at libraries and cafes, they are vulnerable to a variety of attacks. Hackers are able to compromise an unsecured WiFi router and intercept any traffic passing through the router to the internet; this is known as a WiFi man-in-the-middle attack (6). Using a VPN eliminates this attack vector; with all traffic sent and received by a device tunneled and encrypted interception is impossible, and even if it was somehow intercepted it would be impossible to interpret. There are a variety of other similar attacks that using a VPN also prevents including HTTPS man-in-the-middle attacks and downgrade attacks.

6. wikipedia.org MITM attack

7. wikipedia.org downgrade attack

1.5 Industry Experience

VPN Alliance was started by a group of cybersecurity experts in United States with over 10 years of experience in network-building, maintenance, and high-grade network security. This results in a VPN with optimally engineered infrastructure to protect the data of its customers. VPN Alliance is very familiar with all of the various attacks hackers can use to steal customer data, and we are equally familiar with the defenses needed to prevent them. A Virtual Private Network (VPN) works by creating a private network within a public network using a tunneling protocol in combination with high-level encryption (9). In the case of VPN Alliance, there is the added integration of advanced DNS filtering for increased security. 

8. wikipedia.org tunneling protocol

9. wikipedia.org VPN

Technical Details:

2.1 Encryption

VPN Alliance fully encrypts all of the customer’s internet traffic using the Advanced Encryption Standard with 256 bit key size, also known as AES-256. AES-256 is the strongest encryption standard that exists and is the same standard of encryption used by the federal government (10). The key size of 256 bits means that there are 2^256 or 1.1 x 10^77 possible key combinations. This means that with modern computing technology, AES-256 is practically unbreakable by a brute force attack.

10. wikipedia.org AES

2.2 DNS Filtering

VPN Alliance uses dynamic DNS filtering with an expansive IP address blocklist drawn from multiple independent sources to ensure that our servers never interact with bad IPs attempting to distribute spam, malware, or other attacks by bad actors. Some of our IP blocklist and DNS filtering sources include: GreenSnow, Quad9, and 1.1.1.1. This DNS filtering prevents customers’ devices from accessing domains known for phishing or other malicious action (12). 

11. wikipedia.org blacklist

12. wikipedia.org DNS blocking

13. wikipedia.org OpenDNS

14. quad9.net

2.3 Peering

VPN Alliance maintains full peering between our network of servers and the servers of major internet service providers and streaming services. Peering, the free exchange of traffic between users on different networks, results in a better user experience by creating a more direct path between the user and the content they are accessing (15). This lowers cost and increases efficiency, improving the customer’s experience overall. Peering also increases network redundancy and resiliency.

15. wikipedia.org peering

2.4 VPN Protocols

The protocols used by VPN Alliance include SSTP (Secure Socket Tunneling Protocol), OpenVPN, L2TP with IPsec (Layer 2 Tunneling Protocol), and PPTP (Point-to-Point Tunneling Protocol). SSTP is the recommended option if a customer is a Windows user, as there is a one-click setup file for it. SSTP creates a secure SSL tunnel over port 443 and has encryption on the transport layer, making it ideal for bypassing firewalls - recommended for some international users (16). OpenVPN is recommended for all users who do not use Windows, as it is about equally high performance and has a convenient client app for both desktop and mobile (17). The client app ensures any relevant security updates are consistently applied. L2TP is the highest speed protocol supported by VPN Alliance, and works by transmitting all packets over UDP in combination with IPsec to provide confidentiality and strong authentication (18). PPTP uses a “TCP control channel and a Generic Routing Encapsulation tunnel to encapsulate PPP packets” (19). PPTP is supported to provide a VPN connection for legacy Windows users and is recommended ONLY if the user’s device does not support one of the other protocols provided by VPN Alliance.

16. wikipedia.org SSTP

17. openvpn.net connect

18. wikipedia.org L2TP

19. wikipedia.org PPTP

2.5 No Squid Proxy

Something that sets VPN Alliance apart from many other VPN services is that VPN Alliance makes no use of squid proxies. Squid proxies are used to cache documents and other files that are frequently accessed (21). However, squid proxies are vulnerable to attacks including cache poisoning. When a squid proxy’s cache is poisoned, the cached content can be replaced by hackers. VPN Alliance never uses squid proxies, so customers know the documents and data they request are always coming from whom they expect. 

20. squid proxies hacked

21. wikipedia.org squid reverse proxy

22. squid servers attacked


 

2.6 Zero Attack Vector

The VPN Alliance network is built in such a way that there is zero attack vector for hackers to exploit. The VPN servers are completely separate from the billing servers and all customer facing systems; the CRM system is isolated entirely from the public internet. VPN Alliance collects as little customer information as possible to process billing, no name is even required. Billing is processed externally using single-use tokens for increased security and anonymity. Email authentication is required for customers to manage their accounts, which further increases security. Additionally, VPN Alliance has one of the most strictly enforced no-logging policies. Other than the small amount of information required for billing, VPN Alliance does not log or collect any data. VPN Alliance does not collect or log customer browsing history, connection timestamps, IP addresses, DNS queries, or traffic logs.

2.7 Unlimited Bandwidth

VPN Alliance provides all of its customers with unlimited bandwidth regardless of their selected service plan. The VPN Alliance server backbone consists entirely of 1GB to 10GB connections on all servers; this is not the cheapest way to build a VPN, but it is the most robust and highest quality. The higher price a customer may pay for using VPN Alliance translates directly to a higher quality service and connectivity. Each service plan by default includes up to 10 simultaneous device connections. This measure is only a precaution to prevent network abuse; a customer who needs more simultaneous connections must only contact VPN Alliance, and that customer’s account will be modified to allow a higher number of simultaneous connections.

2.8 Connection Killswitch / Seamless Tunnel

A common vulnerability in many other VPNs is that if the VPN application crashes or the connection tunnel momentarily breaks, your internet connection continues and your traffic immediately becomes unprotected, leaving you trackable and vulnerable (23). When you use the one-click Windows setup or the OpenVPN Connect app, our configuration ensures you are fully protected from IPv6 leaks, DNS leaks, and webRTC leaks. Additionally, when using the OpenVPN App, a killswitch (seamless tunnel) ensures that if your data connection pauses for any reason, like when your device first turns on or switches from mobile data to WiFi, your internet connection will pause until the VPN connection is restored. This means that no traffic will be transmitted without being protected by VPN Alliance. 

23. connection kill switch features

2.9 No Leaks

IPv6 leaks occur because many VPNs only work with IPv4 requests but leave IPv6 requests open and enabled. This means that even when your VPN is running, IPv6 requests could leak your location and leave you vulnerable (24). VPN Alliance eliminates this problem by ensuring the redundant IPv6 functionality is completely disabled when the VPN is running, meaning that there is no way to leak. A DNS leak is a security flaw common to many other VPN services in which your device’s DNS queries can be revealed even when the VPN is on (25). This means your Internet Service Provider or savvy hackers would still be able to see what websites you visit. VPN Alliance does not suffer from this problem as long as you correctly use the one-click Windows setup or OpenVPN Connect app. With VPN Alliance, all DNS requests are encrypted and sent over the VPN for full anonymity. 

24. check if your VPN leaks your info

25. wikipedia.org DNS leak

26. free VPNs are not safe