Perfect Privacy services
OpenVPN is considered to be one of the safest and reliable encryption protocols. We use 4.096 bit public key encryption for the key exchange and AES-256 bit for encryption of the traffic data.
As soon as the OpenVPN connection is established all Internet traffic is routed through the VPN automatically, regardless of the client software being used. Our configuration files can be used with the OpenVPN client software or the Perfect Privacy VPN Manager, which also installs the OpenVPN client.
OpenVPN lends itself if you want to use strong encryption, and possibly want to cascade multiple VPN servers, or want to direct your traffic through an additional proxy. An OpenVPN connection requires more CPU power and is perhaps slower than an IPSec connection.
The IPSec protocol, standardized by the IETF, represents another encryption alternative. Almost all modern operating systems support IPSec on its own, so usually no additional client software has to be installed.
Like OpenVPN, IPSec routes all Internet traffic through an encrypted tunnel. IPSec offers itself especially when high speed is desired. An IPSec connection is usually faster and requires less CPU power than an OpenVPN connection.
The disadvantage is that the user is required to trust the certification authorities (Root-CAs) that come along with the operating system. While unlikely, this allows a theoretical Man in the Middle attack by the Root-CA itself. This is not possible with an OpenVPN connection since the Perfect Privacy VPN manager uses hard coded certificates.
For maximum flexibility we offer SSH2 tunnels with AES-256 bit encryption, which can be used with specific apps. Such a tunnel may be used with selected software to tunnel its traffic.
All other software (every program not specifically configured to use the SSH2 tunnel) still uses the regular unencrypted Internet connection. This is a practical method of using a VPN with certain client software only.
There are open source as well as proprietary SSH clients for all common operating systems (Windows, Mac OS X, Linux) available. Perfect Privacy also offers its own, easy to use Perfect Privacy Tunnel Manager for Windows users.
We trust in open-source technology
With Squid proxies we provide proxy servers specialized for use with HTTP, FTP, SSL, TLS, HTTPS and Gopher on our infrastructure, which can be used either separately or in combination with a VPN.
These proxies not only replace the IP address with the one of the respective proxy, but also remove header data such as “X_Forwarded_For” and “HTTP_VIA” et cetera and make it impossible to detect a proxy is being used at all.
Additionally among others the data of the headers “User Agent” and “Operating System” are replaced with other valid values. Squid proxies however do not offer encryption on its own, therefore this has to be ensured separately.
Besides Squid proxies we also offer using our SOCKS5 proxies. Socks5 proxies in contrast to Squid, work protocol independent and in principle can handle any type of traffic. Many clients support the use of a SOCKS5 proxy and allow the externally visible IP address being the one of the proxy server in use.
Like Squid, SOCKS5 proxies can be used either separately or in combination with a VPN. But like Squid, SOCKS5 proxies do not offer encryption on its own, therefore this again has to be ensured separately.
Besides OpenVPN and IPSec using the PPTP VPN protocol, which was developed by Microsoft, is a possibility. Our PPTP uses MPPE-128 (128 bit key length) using the DC4 cryptographic algorithm.
Even if PPTP is less CPU intensive and therefore can offer more speed, it is clearly less secure than OpenVPN. The main advantage lies in the fact, it is already available on most operating systems (Windows, Mac OS X, iOS, Android, et cetera), without the need of additional client software being installed.
Our advice is, not to use PPTP if a truly secure encryption is required, since nowadays it is possible to decrypt it. Nevertheless PPTP may be useful, for example if you just want to hide your IP address but don’t have particular value placed on encryption.