For years people have used VPNs for all sorts of reasons, but it’s origin lay quite simply in the security they provided. International companies will normally insist that their employees use VPN services when remotely connecting back to their servers using the internet. It makes sense, otherwise important information and credentials would be trusted to the owners of coffee shop wifi or the administrator of your local Premier Lodge or hotel chain.
The concept is simple, create an encrypted tunnel which ensures that all the data which normally is passed in clear text instead is encrypted and unreadable. Of course, this security means that as well as being safe from computer criminals and identity thieves – it’s also secure from intelligence services and state controlled snoopers too. It should come as no surprise that anyone who opposes free speech generally hates VPNs and the protection that they give.
So when we hear stories about different organisations and companies from the Netflix to the Chinese Government trying to block VPNs what are they doing. Well it depends, obviously the situation that leads to thousands of BBC iPlayer VPN not working is going to be slightly different to the Chinese throwing billions at the great firewall of China. However the general techniques are basically the same as a small company want to achieve the same thing.
One of the most common options is to block the ports used by these services. Most VPN tunnelling protocols operate on standard ports, e.g using PPTP or LTP. They need to establish these connections to transfer and receive data, without them the service won’t function. Other methods include identifying and blocking specific IP addresses or ranges which are being used by VPN services. It is these two methods that are mostly used by the big media companies like Hulu and the BBC.
These methods can be time consuming though and it’s possible to switch address and some services allow you to configure alternative ports too. The Chinese Government as you would expect have gone one step forward and use more sophisticated techniques like deep packet inspection. These involved looking at the data itself to identify if a VPN is being used to transport it. For example if you are unable to read any data because none of it’s in clear text then there is the likelihood that it is being encrypted. Of course, there are other methods which encrypt data like SSL so you need to be careful that you don’t block other traffic, it’s a risk that the Chinese would probably be happy to take however.
Even these methods are not foolproof and VPN companies can scramble things like the meta data to make identifying the use of a VPN even harder. It is worthwhile noting that many people in China still use VPNs routinely and so if the huge resources available to the Chinese State can’t block their use – we should be ok to have a BBC VPN like this for the foreseeable future.