Introduction to VPN Guard

Published: 9 Apr, 2021

#VPN#Feature#VPN Plus

Recently we have launched our new security enhancing measures: VPN Guard. In this post, we'll introduce in more details what VPN Guard does and why you should start using that.

DNS

Firstly, let's revisit DNS. We have already seen what DNS does in previous post when we offered DNS over VPN functionality. In one word, DNS allows your browser to know where to find "www.google.com", or any domain name, by telling it the IP address of the website.

Malicious domain

While "www.google.com" is definitely an authentic and safe website to browse in, there're tons of websites out there, containing malicious codes. These websites would try to look exactly the same as your bank's Internet banking interface, misleading you to believe that's your bank's website so that you would "log in" and hand in your Internet banking password to whoever setup that phishing website.

Some other websites may contain malicious codes that are downloaded to your computer when you open up the webpage. These codes would do harm to your computer, for example, they could try to log your keyboard activities so that they could know your Internet banking password again, or they could lock all your files and you'll have to pay a big sum to unlock them.

These websites, i.e. malicious websites, have one thing in common. That is, they don't own the domain name of your authentic Internet banking website. So they have to go with some other domain name, and that's why we could tell the difference between safe websites and malicious ones.

How VPN Guard works

Remember when we started DNS over VPN, we said that all domain name resolution processes will be handled by the DNS server residing on the same machine as your VPN server?

Now we've taken a step forward with VPN Guard, which could be regarded as a security guard in the DNS server watching for our safety. With VPN Guard enabled, whenever your computer sends a domain name resolution request to the DNS server, i.e. your browser asks for the IP for www.google.com domain name, the DNS server would check the domain name against a database before serving the IP address back to your computer.

The database is maintained by reputable sources who are dedicated in providing a comprehensive and updated list of malicious domains. These sources would collect informations from cybersecurity research institutes, users who report malicious sites, and search engines who scan websites for any security threats before indexing them.

With the database in hand, we would be able to identify malicious domain names accurately. As a result, users don't have to play a "spot-the-difference" game to verify whether a website is an authentic Internet banking website or a phishing website. They wouldn't be able to open those phishing websites in the first place with VPN Guard enabled.

What's more, even though a user's computer might have been installed a malicious software, its connections to hackers' servers would still be blocked as the malicious software wouldn't know the IP addresses of the servers. Sensitive informations would not reach the hackers in this case.

With the Internet facing increasing security threats everyday, we have therefore enabled VPN Guard for all our users to protect them against any malicious website.

Privacy

Your privacy is one of the greatest concerns here at OneMole VPN. Hence we would like to promise that VPN Guard would not log any of your queries in any form. No one will be able to know your browsing history. It is 100% your choice to enable or disable VPN Guard at any time.

There's more to offer

Besides malicous sites, users who subscribed to our VPN Plus plan could enjoy more features from VPN Guard.

Adult contents

Users could optionally choose to filter adult contents. All requests to resolve domain names that are categorized in "Adult contents" would not be served by our DNS servers once you decide to block those contents.

Advertisement

We understand advertisements are essential for long-term development of the Internet, especially for websites such as wikipedia, personal blogs, and those run by nonprofit organizations. We love those nice-looking and non-intrusive ads too.

However, we do find some websites with excessive advertisements are quite annoying. Firstly, it could take forever to load all those fancy (or ugly) advertisements. Secondly, those ads would drain your phone's battery quickly, overheat your phone, and eat into your data plan. Most importantly, those ads generally track your online activities as well. They would try to identify you, send your browsing history to advertisers so they could "understand you", or more precisely, target you. This would surely trigger privacy concerns.

As a result, we decide to leave the option to allow or disallow advertisements to our users.

As a VPN Plus user, you would see the option to enable Ads blocker to different levels.

Currently we're offering 3 levels:

  • Simple, which blocks most commonly seen annoying ads and tracking codes;
  • Comprehensive, which loads additional database to block more ads;
  • Aggressive level will try its best to match and stop all ads, ransomware, malware, and analytical and tracking codes.

During our tests, we find Simple level is suffice for everyday use. It's fast, blocking a great percentile of ads, and leaving most websites and services running normally.

While Comprehensive level would stop almost all ads on different websites, it breaks some websites occasionally. We wouldn't recommend Aggressive as it may lead to false alarms, and more web services could break down.

We'd like to do a quick demonstration here, showing you the difference between loading time and number of connection requests made by the same page before and after enabling VPN Guard ads blocker at comprehensive level.

no\_VPN\_Guard\_ads\_blocker.jpg

This is the network requests chart when no VPN Guard ads blocker is enabled. Over 400 requests were made, more than 10 MB data was downloaded, and the loading time exceeded 40 seconds.

with\_VPN\_Guard\_ads\_blocker.jpg

This shows how things were improved with VPN Guard ads blocker. Only 36 requests, a little less than 3 MB data, and half the loading time were observed. (Still a loooong loading time though.)

Limitations

Of course there would be limitations to the ability of filtering domain names by VPN Guard. Firstly, it is impossible for the database to cover every single malicious domain name in a timely manner as it only takes hackers less than 1 minute to register a new domain name. Secondly, the Internet has been greatly integrated with the existing advertising and tracking system, it would be impossible to filter out all advertisements and trackers without breaking normal web services. Thirdly, domain name filtering will not work if people serve ads using the same domain name as the contents.

Therefore, VPN Guard will be best used together with other techniques such as browser ad-blocking extensions. Yet VPN Guard still finds its credits especially on mobile devices. You don't have to do anything or download any APP to your phone, just connect to OneMole VPN and enable VPN Guard, and you can start enjoying a greatly improved web surfing experience.

So sign up and upgrade to VPN Plus today!


Authored by OneMole on https://www.onemole.net/blog
Licensed under CC BY-NC 4.0 except otherwise stated. © 2021