VPN and related questions

muncybob

Just recently started to use a VPN for various reasons. Is it a good idea to switch connections periodically or does it not matter?

Also, what is the difference between an APK and IPTV(for streaming)?

....and....Is there a service that provides live TV streaming of local channels...I'll resolve that in the spring with an outdoor antenna, but until then it would be nice to have.

Kex

No idea about your VPN question, but as for streaming live local channels, you are not going to like the answer.

The short answer is that the two main providers are Hulu and YouTube. It basically costs $83 per month (YouTube is about $10 less now, but will increase in January).

One cheap option is available if you have a streamer, such as an Apple TV, Roku etc., you can stream individual channels by installing their app, if they have one for whatever platform you’re using. It’s a different experience, but it’s mostly free.

Some comparison information HERE.

treitz3

They will get you kicked off of certain forums. FYI...

Tom

billbillw

Muncybob, You are maybe confused and mixing up terms. APK is a file type for side loading an android app (vs using the Google Play store). IPTV just means streaming TV from a websource to your streaming box. Unfortunately, most of the IPTV sources are shady and would be considered illegal in most places. They are often low quality or unreliable too. They get shut down often and have to relocate to different servers/domains. Your use of VPN will probably keep you from getting into any trouble from streaming those sources, but be careful either way.
To answer about local broadcast: there are no legitimate services that provide streaming of locals other than the expensive ones that Kex mentioned. An antenna will definitely solve that issue. I've been using an antenna along with an old Tivo Roamio (set with lifetime service) for many years and I love not paying for cable.
Kex mentioned using Apps to play content from individual channels. For most of those apps, you need to have your paid TV login credentials to make them play back the majority of content. For locals, you may find an app for the local station, but they typically only stream the local news on those apps and it is in a loop of earlier news casts. They won't have the network programming.

muncybob

OK, thanks for the info...a bit clearer now. Looks like a spring time project will be an outside antenna, which is something we had 30+ years ago when we bought this place so coming full circle I guess.

Jstas

I'm not sure what you are meaning about changing connections in regards to a VPN.

VPN stands for Virtual Private Network.

What it allows you to do is log into a network from your local network. You then access everything you need to access on another network via that VPN instead of your own egress point on your network.

They are used most often when a connection needs to be secured. Like, when you are on your home network with your laptop from work. You cannot access the work resources you normally would at the office because you are not authenticated on the work network and that means you don't have a gate pass to get through the network firewalls.

The VPN allows you to reach an access point that has a door in the firewall that you can get through. But, you need a VPN client on your system with the correct certificate pair that says you are who you say you are and that you know who the VPN is. So your VPN client hits that door and the bouncer asks for certs and creds. If you are on the list, you get in, if not, you get stared at blankly until you leave.

Once you are in, the VPN client on your system is then brokering a secure connection for you that lets you access the work resources securely so you can do your job. Your local system is not actually on the work network. It is on a virtual network that the VPN set up for you and everything you are doing is going through this virtual network on your behalf. It's like, instead of telling the chef at the restaurant what you want by walking directly in to the kitchen and telling them, the waiter is accessing your location and relaying your instructions to the chef in the kitchen. This keeps you out of the kitchen and the kitchen safe. It also means that unauthorized people can't walk in the kitchen behind you and start asking the chef stupid questions that break everything. The waiter is the VPN. In this ingress case, the only way you are going to be able to change connections is if work has multiple entry points for the VPN and even then, you still need a certificate for those entry points. There's no value for changing that connection aside from performance. Usually companies will have multiple ingress points across the country so that a guy in NYC isn't dealing with the latency on performance by having to log in to a VPN based in, I dunno, Palo Alto, CA.

The other way a VPN is typically used is when a private user on their home network wants to browse the internet at least privately if not privately and securely. It all works the same way but, instead of logging in to work or something, you are using the VPN as a security layer and treating the internet as a network you are logging in to which, in all honesty, is exactly that. The Internet is just one big network with a top level, all-encompassing domain structure that you log in to from your endpoint every day. It's like the universe where at each level, each entity is treated like a node on the universe network. So a galaxy is a node on the universe network but the galaxy has star systems embedded in it so it's a pile of small networks under the galaxy level domain and each star system has planets with moons so that's another level. So it'd be http://www.universe.com/galaxy/star/planet/moon is your location domain and you log in universe.com to be able to jump between galaxies and stars and planets. That's over simplified but you get the idea.

What happens here is you are on your home network, say, a Comcast router in your living room from your network "FBI Surveillance Van 038" 'cause you're unique and hilarious. You, however, want to troll an audio forum with baloney about electric vehicles just to be a nuisance because even bad attention is still attention. Anyway, you can't do this without incurring the wrath of the local admin who will quickly know who you are as your connection info is logged and traceable.

So, you gotta hide, right? How do we do that? Many ways but the easiest and most accessible is a VPN. Now, you can run your own VPN but, it's co-located with the source of the trolling and it's fairly simple to figure out who it is. If you sign up with a VPN service, like NordVPN or something, then you get the Nord Client. The Nord Client has a bunch of stuff in it including certificate pairs for a loooooong list of access points for the Nord VPN. Your Nord Client will test multiple AP (access points) for performance and chose the fastest one which may not necessarily be the closest one. Just the fastest one to respond. Your closest AP in your little EV Troll village might be swamped by your fellow trolls so you have to go to the next village over's VPN.

So you log in to Nord's VPN and Nord sets up a secure connection Nord to you for just you and only you. Then, you get to go out to the interwebtubesnet and just be a complete bastardo because, the Nord VPN has many, many egress points to the internet from it's network and you are now a needle in a Nord VPN haystack. Additionally, unless you committed a crime and Nord is served a warrant, your local connection and location are not accessible even if someone finds your VPN egress point and shuts you down. You just look like one of millions of connections with no face or name comingfrom the Nord domain.

The biggest benefits to this are that you can browse privately without having stuff traced back to you or tracker stuff being able to "spy" on you and it makes it harder for evil doers to do evil to you. But, most people who put up with the hassle of a personal VPN are trying to hide something or think they have something to hide. A small business might be able to leverage a VPN service like Nord but, the VPN would not be for egress, it would be for ingress so this second use case isn't applicable. Otherwise, I use a VPN when I want to spoof my location so I can do something like watch a video that is "blocked in my country" or if I want to go to a news site that has a different set of pages for a U.S. citizen than, say, a European Union country. I used it a bunch during COVID to find out what was really going on outside of the U.S.

Anyway, changing your connection frequently in the egress connection use case doesn't really get you anything either. Unless your VPN service is sharing your location data on a pass-through setup, no matter where you log in to, you're still going through your VPN service's connections. If one is compromised, they all are unless the problem is on your end but then, the bad actor likely wouldn't let you use any connection but the one they are redirecting you to anyway.

Now if you REALLY want to be sneaky, you can run your own VPN, put a virtual machine behind that and then use that VM to log into another VPN and then start hopping to different VPN services at different connection points around the globe. Usually after about 9 connections, you become incredibly hard to trace, especially if you are on a VPN somewhere in your string of connections that round robins connections on a timed basis. But at that point...what are you hiding, bro?

mrbigbluelight

Most excellent explanation Jstas.
Once again you've enabled me to gain a boatload of information while I just sit here in my LazyBoy recliner, sipping on Yahoos and snacking on Utz Honey BBQ chips.
Well done, straight up 👍

muncybob

Wow, almost everything I wanted to know about VPNs and then some! You got me interested enough to educate myself a bit further on data pockets, Double VPN, obfuscated servers, etc. Thanks for the info! Those last 2 items seemed to have advantages (if needed) but at the cost of a slower connection. Thankfully we don't have a need (that I know of) because our connection speeds are slow enough as is.