Using a VPN makes your Internet browsing safer and more anonymous because this tool masks all of your online activities, protecting them from prying eyes or monitoring for marketing purposes, for example.
In some contexts, however, such as corporate networks, schools, or countries with strong censorship, virtual private networks may be prohibited or limited, and for this reason, solutions must be found to hide that you are using a VPN. The first option is to choose a virtual private network that uses all the most cutting-edge technologies, such as obfuscated servers or “double VPN.”
It should be noted that although VPNs are legal in most Western countries, you can be punished when you use them for illegitimate purposes. In this regard, you should always consult the conditions of services and apps (downloading illegal material, committing crimes, etc.) or the countries you visit.
Why Hide Your VPN Usage
Hiding that you are using a VPN is advisable in some situations and necessary in others; here are the most common scenarios.
Geographical restrictions
It is a good idea to hide the use of the VPN to overcome some geographic restrictions and access sites or content available only in other countries. More and more services recognize the traffic generated by the virtual private network or identify the server used as a “proxy” and prevent access. For example, streaming platforms often use packet inspection (as we will see later) to block VPNs.
Government censorship
This is where hiding VPN usage is vital. In a country with heavy censorship, the use of “free” VPNs may be prohibited. The level of information control is such that the authorities need to know what searches are performed, what sites are visited, and, in general, what the intentions of users who surf the web via national providers are.
For those who live in these countries, it is not advisable to encrypt your traffic with a virtual private network, but as tourists passing through for a short time, using this tool is the only way to access the apps and sites you usually visit at home on a daily basis.
Business/School Monitoring
If your company or school has a firewall, no one can use a VPN and leave your internal network without checking the pages and sites you visit. In these scenarios, a virtual private network may work fine with a firewall, but if your company tightens its controls, you may need to hide the traffic generated by your VPN service.
It should be remembered that avoiding corporate monitoring could constitute a violation of regulations and, in the worst-case scenario, a breach of contract. Before acting, it is, therefore, better to protect yourself by reading the clauses of your agreement and the internal regulations to avoid penalties or dismissals.
ISP Checks
Internet providers monitor user traffic and can collect information about the protocols used, including traffic generated by the VPN. This control is also used to apply restrictions on the speed of the line, which becomes operational as soon as “suspicious” traffic or massive downloads over encrypted protocols are identified.
By hiding your VPN usage, providers will never know that you are generating traffic on a virtual private network, as all traffic generated by your devices will be identified as normal web traffic.
What is Deep Packet Inspection?
Deep Packet Inspection is a technique for analyzing the flow of data that passes through any network. When this technique is active, information about individual packets that pass through the network is retrieved, thus identifying the protocol in use. What the packet contains is not analyzed, but the tunneling generated by the VPN identifies the use of encrypted traffic.
This means that, even if the VPN traffic remains secure and untraceable, anyone using the DPI can discover that you are using a VPN and identify the connection protocol in use. This makes it more difficult to use a virtual private network since as soon as the DPI identifies the encrypted traffic, blocks or slowdowns can be triggered depending on the intentions of the entity using this technique. Furthermore, the VPN service used will be traced.
To avoid being monitored, you can use a series of advanced techniques provided only by the best VPN providers , to be activated as soon as you suspect that you are being subjected to advanced control of your network traffic (corporate firewalls, countries with strong censorship, access to the dark web, etc.).
How to Hide Your VPN Usage
To effectively hide the use of a VPN, you can use obfuscated servers, camouflaged protocols, Double VPN services, use a VPN on the Tor network, equip yourself with a kill switch, and count on strong encryption. In the following chapters, you can find out how the various techniques work and which services support them.
1. Obfuscated Servers
Obfuscated servers work by modifying the data packets generated on the encrypted tunnel, making them unrecognizable to automatic DPI checks. Using obfuscated servers, no one will notice that you are using a VPN unless a manual inspection of the data packets is performed.
Data packets are hidden using additional SSL/SSH encryption or by hiding metadata from the packet header. To a normal firewall, it will appear to be HTTPS traffic with generic information, without any trace of the virtual private network.
The services that provide obfuscated servers are NordVPN and Surfshark . To use these servers it is preferable to activate the OpenVPN TCP/UDP connection protocols , so that you can correctly connect to the provided servers and browse in complete anonymity.
2. Protocols
The best protocol for hiding your VPN usage is OpenVPN TCP/UDP, on which you can enable Surfshark’s Camouflage mode and access NordVPN’s obfuscated servers.
Another protocol used to hide network traffic is Shadowsocks , which is implemented only on some virtual private network services and is also able to bypass the Chinese firewall. At the moment it is not possible to completely obfuscate the WireGuard and IKEv2 protocols, widely used for their high speed but less effective for those who want to obtain maximum privacy.
3. Double VPN
Another effective way to hide your VPN usage is Double VPN. NordVPN and Surfshark have very effective configurations of this type. When you activate the function, the starting VPN server encrypts the traffic and makes it unrecognizable, then connects to the second VPN server. This server generates additional protocol encryption, making it completely anonymous in the eyes of firewalls and DPI-based monitoring systems. Again, Double VPN is accessible from apps using OpenVPN TCP/UDP as the connection protocol.
4. Onion Over VPN
Among the best systems used to hide the use of VPN is Onion Over VPN, which is a special server provided by NordVPN. When you choose one of these, the VPN connection is routed on the Tor network, thus making it very difficult to trace even by advanced control systems.
The downside is a slower connection than traditional VPN servers, but this is a negligible detail for those who want to effectively protect their privacy and avoid any type of monitoring or censorship.
5. Killswitch
The kill switch is a highly sought-after feature on VPN services. When it is active, the device’s Internet connection is immediately interrupted as soon as a problem with the VPN or the encryption active on the protocol in use is detected.
This prevents your identity from being revealed in situations where network monitoring is very aggressive, where even a second can make the difference between anonymity and exposing your identity to the authorities involved in network control. For these reasons, it is advisable to always leave it active when you want to hide the use of a VPN.
6. Encryption
Encryption is very important to hide the use of a VPN as effectively as possible. NordVPN and Surfshark use the best encryption available for the OpenVPN TCP/UDP protocol, which is used to access obfuscated servers or Camouflage mode.
NordVPN uses the AES-256-GCM encryption algorithm with a 4096-bit DH key for each connection activated on obfuscated servers. The same algorithm is active on servers dedicated to Double VPN and servers assigned as Onion over VPN.
Surfshark uses the AES-256-GCM encryption algorithm with a 2048-bit RSA key . This encryption is used on any Surfshark server within the app, with Camouflage mode if you choose OpenVPN as your connection protocol.
Wrapping-Up
To hide the use of a VPN, you need to rely on a reliable and secure service equipped with all the tools to bypass any monitoring system applied by providers, streaming services, corporate or school firewalls, or national firewalls.
NordVPN and Surfshark, for example, provide all the necessary technologies to ensure that their users cannot be traced back to the use of the connections themselves, thus bypassing Deep Packet Inspection or any type of control.
Obfuscated servers, double VPN servers, and servers that use the Tor network are convenient and fast to use on NordVPN. If these servers are not visible in the NordVPN list, activate OpenVPN in the app settings to immediately display all the servers designed for the guide.
On Surfshark, all the servers provided can camouflage the use of the VPN thanks to the presence of Camouflage Mode, but even in this case, it is necessary to activate the OpenVPN protocol from the settings to be sure of using this technology.
