The rise of obfuscated VPN servers and their use cases: A guide
VPNs continue to be used extensively as tools to protect data security and user privacy. Yet, as to be expected, there are many providers available, and many options within those providers – so buyer confusion can reign.
A virtual private network, by itself, is the secure, private connection between your device and your intended destination. When dealing with VPN servers, the options start to broaden. There are a number of server categories to choose from; standard servers, double VPN servers, where the traffic is encrypted twice, ‘Onion over VPN’, which involves the Onion network, dedicated IP servers, P2P servers, and obfuscated servers.
Increasingly, obfuscated VPN servers are becoming a useful tool, particularly for users in countries with limited internet access. So what are obfuscated VPN servers? How do they work? And what are your options?
What is an obfuscated VPN server?
An obfuscated server can bypass internet restrictions such as network firewalls. In countries with restricted access, these types of servers are recommended. Why is this necessary? Although many people feel as if the internet should be free to roam and use as they wish, that’s not always the case. Consider VPN blocks – they aren’t just for government entities. You will find VPN blocks like ISPs, streaming services, universities and schools that also prevent the use of VPNs.
Obfuscation, also known as OBFU, restricts reverse engineering in programs, making it hard for hackers to access metadata. In other words, this VPN helps take data and makes it look like a jumbled mess.
An example of VPN obfuscation
Some people may refer to this as “stealth” or “camouflage” mode. VPN providers can’t physically put their VPN servers in countries that have strict censorship rules, so they use virtual servers with obfuscation to bypass their firewalls. It disguises data passing through the VPN app to look like regular HTTPS traffic.
Here’s a good example of an obfuscated VPN server and how it can be used. Consider Netflix and how it distributes shows among regions at different costs. In Australia the service may be $7.10, while in Australia that same service could cost $11.90. The server levels the playing field, allowing the user to get the $7.10 deal instead of having to pay $11.90. For online gamers, this is gold. If their ISP is charging more for gaming but a lesser price for general browsing, the VPN traffic can be altered to look like the user is just browsing the web. While the ethics of this can be questioned, there is no doubt that this trend helps drive VPN usage.
Banned VPN countries
Even with the ability to use an obfuscated VPN server, a handful of countries have banned the use of VPNs or have otherwise made them illegal. Here are those countries and why:
China: China has the Great Firewall (GFW) that was designed to filter and block restricted websites and services. It is one of the largest and most intricated technologies designed for censoring and mass surveillance. China passed CL97 legislation that not only criminalizes cybercrime, but people found to use VPNs in some parts of China can be fined or worse. Some of the websites blocked from mainland China include Google, Gmail, Instagram, Pinterest, YouTube, Dropbox, The New York Times, Facebook and Twitter.
Russia: Russia is another country that bans the use of VPNs to restrict the spread of extremist and unlawful conduct. The Russian government wants to restrict what content can be accessed in the country. Anyone found using an VPN can be fined up to $5,100, and VPN providers can be fined up to $12,000.
Iran: Iran has given harsh penalties to anyone using a VPN in their country since 2013. There are a few government-approved VPNs regulated by the government that are allowed. If caught using a VPN, the user can face up to one year in prison.
UAE: The United Arab Emirates also considers VPN usage a federal offense or crime. If found using a VPN, the user can be fined between $136,000 to $544,000 U.S. dollars. This ban is only imposed on individuals using VPNs for personal use. Banks and other institutions can freely use VPNs. Law No 5 of 2012 states local residents can only use state-owned VPNs and can face life imprisonment.
Are there providers that offer an obfuscated VPN?
With countries continuing to block VPN servers, there are only a few providers which offer this type of functionality:
Surfshark: Surfshark currently has 1040+ servers in over 61 countries, including Russia and the UAE. Known for its privacy, speed and performance, it has outstanding customer support and features.
VyprVPN: VyprVPN has developed their own proprietary VPN protocol called the Chameleon. It effectively obfuscates 256-bit OpenVPN encrypted traffic and transmits it using the port 443. The Chameleon protocol has been said to bypass restrictions in China, Russia, India, Turkey, Iran and Syria. It is available for all major platforms including Windows, Mac, iOS, and Android, along with features such as VPN kill-switch, NAT protection and Smart VPN.
NordVPN: NordVPN effectively bypasses regional firewalls like the GFW and passes all regional geo-restrictions. They have 5000+ servers and offer a dedicated list of obfuscated servers. They also have features such as Kill Switch, Smart play, double VPN and military encryption.
ExpressVPN: This provider does not log user data and users can obfuscate their network traffic to bypass the China GFW. They operate at very super-fast speeds and have a server park of 2000+ servers around the world. Their MediaStreamer technology works as a Smart DNS serve to help unblock geo-even the most heavily restricted content.
IPVanish: IPVanish does not have a dedicated obfuscation mode but makes it very simple to obfuscate traffic with the flip of a toggle switch. Additionally, obfuscation can be enabled on both desktop and mobile applications. They have 1,300+ servers in 75+ locations around the world.
How VPN obfuscation works
Most of the time, when connecting to an obfuscated server, a mechanism steps in that makes it impossible to block the VPN tunnel. Then, OpenVPN data packets with a Header and Payload work together to activate the encryption. XOR Obfuscation then removes all the metadata from the packet header, transforming it into meaningless information which prevents the identification of a VPN protocol. That VPN data then becomes HTTPS encrypted web traffic and the data packets go through a second layer of encryption with SSL or TLS protocols. Then the VPN data is assigned to port #443.
There is another method of obfuscation developed by the TOR Network called Obfsproxy where data is wrapped into an obfuscation layer that used pluggable transports. These scramble the VPN traffic, allowing users to bypass firewalls and geo-restrictions while protecting users from VPN detection and blockages.
When considering which type of VPN would be most useful, the obfuscated VPN server works well in instances where communications may be filtered or blocked. Businesses could benefit from using this type of VPN server when communicating with employees who may be traveling to those areas that have severe restrictions in place. Completely different from a standard VPN, it's important to outline the reasons and usage of this type of VPN server.
It is also important to determine whether there will be a record of activities, especially if the goal is to keep an identity anonymous. With cyber crime being so prevalent around the world, taking all steps to ensure the safety of data and sensitive information is key. If searching for complete online privacy, a secure connection, and safe content accessibility anywhere in the world, it's worth a deeper look to figure out which provider offers the most features and security.
Obfuscated or not, the value of a VPN goes beyond price, but offers a level of security most people need when surfing the web or conducting transactions. Taking into account data privacy laws, restrictions and new regulations that continue to hinder online activities, putting this type of protection in place for personal or business reasons should work to mitigate some potential risks that could stop productivity and other essential functions.
Editor's note: This article is brought to you in association with Surfshark.
- » Netskope secures $340m in funding at $3bn valuation to further cloud security mission
- » The top 10 cybersecurity companies to watch in 2020: How AI and ML is a key differentiator
- » Hybrid cloud environments: A guide to the best applications, workloads, and strategies
- » DataOps preparation: It’s time to get your data out of silos and into the action
- » Spotting the elephant in the room: Why cloud will not burst colo’s bubble just yet