I watched the Snowden movie a little while back now, and after watching it I had that paranoid itch. Being iOS only there is very little I can do to make my systems more private and it seemed that the one gaping hole was my web connection itself. Which spurred me to think about getting a VPN service to run full time while I used my devices, even when I am on my home network. Both to encrypt my data streams, but also to better anonymize the web traffic.
So for the past few weeks I have been testing through three different setups:
- My self-owned VPN through my Mac mini server
- Private Internet Access (PIA)
PIA was the only one new to me, but it gets very high marks for quality, speed, and privacy — so I figured I better test it. My server encrypts the traffic, but does nothing about anonymizing it — in other words instead of coming from my device, it’s coming from a server I clearly own. Cloak is one of the easiest systems to use, works well, and while not being privacy minded, does what I label a “solid job” with it.
Let me run through how it went using two iPads, and one iPhone on a VPN network 24/7.
iOS has two classification for VPNs: the first are the VPN configurations you set up yourself and the second is what they call “personal VPN” which are added by apps like Cloak to iOS. What’s interesting here is that you cannot set a non-Personal VPN to auto connect, which is a damn shame.
Despite how finicky VPNs are, iOS does a fairly decent job keeping the connection persistent. But, when a connection breaks, you don’t always know there is an issue with the VPN service and you are left to wonder if the internet is down, or the VPN is down.
All in all, just as annoying and just as good, as on a Mac. That’s actually a tad disappointing as I would have hoped for better. (Though I will note, VPN service on iOS devices seems to get better on iOS every year, unlike the Mac.)
Lastly, if you watch a lot of streaming video then you should know that many services like Hulu and Netflix won’t let you stream with a VPN. So you will have to disconnect to watch shows from those networks, and then all of your traffic is going back out as normal. There’s no way to limit the non-VPN traffic on iOS to just video streaming apps.
My Mac mini VPN
I’ve long used my own VPN from my macOS based server to encrypt my stuff while I travel and use public WiFi. Since there is no additional cost to me, and the data is nearly unlimited, there is little downside in using it in lieu of paying — or so I thought. There are two huge downsides of my VPN solution as I dug into this further:
- I have to manually set it up on iOS, which means I cannot have it auto-connect and therefore there will be times my device is not using the VPN. If I switch networks, the connection will do nothing to try and persist.
- It’s not particularly fast.
The auto-connect stuff is a big issue if you are trying to stay anonymized and protected 24/7. You can’t know when it disconnects if you are sleeping and then your phone goes to backup. It’s a good solution for sporadic protection, but not if you want to be as protected as you could be.
What’s more annoying is that it’s not particularly fast. Even though the server has plenty of bandwidth, and it’s more or less dedicated to me, it’s not very fast. I dropped from 123mbps down to 15mbps. That’s substantial and across all three devices I tested with.
The upsides of it already being in place, and being dedicated, do not out weight the downsides of the system. Perhaps there are faster setups to run, but I cannot find any reference for tips to speed up the VPN configuration on the server. I also don’t know what (if anything) is being logged on my server, nor am I able to jump around IPs, so while I am keeping my browsing from the prying eyes of the network I am on, I am not hiding it from the network my server is on.
Private Internet Access (PIA) was the first paid service I tried. It comes very highly reviewed across many sites for both privacy considerations as well as speed and availability. It has it’s own iOS app to keep you connected and to manage the VPN itself, and only costs $40/year for an unlimited plan (you can even pay with Bitcoin for privacy).
The PIA service proved to be much faster than my own server, but only during non-peak hours. Come the evenings and morning times, the service slowed to a crawl often. It never got slower than my personal Mac mini VPN, but it would often match it. For most of the work day, it was 30% or so slower than my network without a VPN running, and sometimes I would spike to full speed.
The iOS app isn’t great, but it gets the job done. However there is one glaring flaw with PIA: it disconnects a lot. About 2-3 times an hour my internet would be interrupted on my device and I would have to wait upwards of a minute for it to reestablish and begin working. That is annoying, to put it mildly. I would get interrupted from a network connected game, or a call would drop entirely.
Additionally, some sites just wouldn’t load unless I dropped off the VPN — and I have no clue why. Sometimes the VPN would be fine during video calls, other times it would stall out and disconnect me from the call.
Overall PIA wasn’t bad for the price, but I found it far too annoying to use on a daily basis where using a VPN is already overkill for me. There’s a joke to be made here about it being a pain in the ass, and I think that’s accurate. If I truly wanted a lot of privacy, this might be the most user friendly option I can get, but it is a high price to pay on the annoyance scale.
I’ve been a user of Cloak for a very long time now and it seems every time I let my subscription expire, it’s only a short time before I pay for another year. The downside of Cloak is simple: it is a service made to keep you safe from nefarious people, not from the government, nor is it to try and anonymize everything you do.
In other words, it’s for most people, but not (as we started this article with) for someone like Snowden. Cloak says they retain information for 16 days at most, and they keep as little information as possible, but do collect some to see how the service is being used in aggregate. I see no mention of them anonymizing your information, but it’s a VPN, so there is a level of this at play by the very nature of VPNs.
Here’s the thing about Cloak: if you buy a year of it and set it to auto-secure your device you can be pretty certain that your traffic is secure without giving it another thought for the next year. Cloak will keep apps from using the internet, just like PIA when it is trying to establish (or reestablish) a VPN connection, will auto-secure, and has the added benefit of allowing you to trust your home networks so you never have to struggle as I did using the VPN on a network you should be modestly secure on.
Unlike the other two methods, though, Cloak is damned fast. In my tests I was at most losing 20% of my network speed and seeing speeds at about 100mbps down. That’s enough that I consider any further speed gains to not be able to be realized by the things I do on my devices. In short: I effectively take no speed hits using the service, no matter the time of day I tested.
Which means there’s only one other consideration: can it stay connected more than PIA? Kind of. This isn’t something which is easy to measure, so all I have is anecdotal evidence. That evidence suggests that Cloak is slightly better at maintaining the connection, but still problematic. I find the disconnections to be just as lengthy, and just as difficult to regain as they were with PIA.
The speed of Cloak alone gives it the edge over everything else. However, it remains a problematic service for maintain consistent internet. If I had to guess, disconnections happen every hour or two. For me, that’s enough to drive me mad, but likely not noticeable when I am traveling.
Is This Any Good
It is terribly annoying, that’s what it is. Using a VPN full time is slower and reminds me of internet from 10 years ago — choppy on the best of days. You don’t use a VPN because it is seamless, which is annoying, but you use it to protect your privacy at a greater level.
I’m not knowledgeable enough to speak to where the line between convenience and privacy sits here. What I can say is that if you don’t like things just working, then you will hate any of these VPNs. For me, personally, I won’t be using them full time any longer. It was an interesting experiment, but more frustrating than worth. I will continue to use them when I am not on a network I control, and for those times I’ll be testing through the three.
If you want privacy on iOS, PIA seems like one of the best options, but you are going to pay the price on Internet speed. Your own VPN is hit and miss, but a good option if you don’t want to shell out any more money, but want to use Starbucks WiFi. Cloak, though, is what I am going to be using the vast majority of the time, and what I’ll be setting up on my Wife’s device for when she is not home.