Lately I have been using a VPN service. Using a VPN for daily browsing has many advantages and everyone should use it. A great feature of browsing through VPN is that the websites are fouled to believe that you reside in different countries than the one you actually do. Unfortunately, this is the route of many problems, as it seems that many websites contain services that function based on the user’s country. This matching is being performed by the user’s IP address. I will call these types of services “location oriented services”.
Types of location oriented services and security
Normally, location oriented services, should include types of services that are complementary to a web sites functionalities, like advertisements. However, a lot use user’s location to apply security practices. For example, paypal or facebook, when accessed from a different location than usual, they might request you to confirm your real identity, change passwords etc.
In security terms, changing country practically means nothing. People travel all the time; others use corporate VPNs every day to work remotely, while others use VPN for anonymity. Therefore, people may appear to be in different countries than they reside for a number of legitimate reasons. Consequently, applying security practises based on the switching of countries is a clear confession of failure. Web sites should not depend on user’s location in order to draw any kind of conclusion.
A better approach
An argument to this could be the adjustment of language. Many multilingual websites use the user’s country in order to display the correct language. There is an alternative approach to this that could produce more accurate results; automatically, switch website to the user’s “accepted languages“. The accepted languages can be set by the OS automatically, or by the user and are part of the HTTP protocol, which practically means that there is native support to all web programming languages.
In general, if the web site needs to provide any type location oriented services, except security, the “Accept-Language” is the way to go. Security location oriented practices should not be accepted.
A critical aspect of the location oriented services, which are based on the IP address, is the matching of user’s IP address and country. Critical questions arise here about who provides this information, and if sharing this is legal. Moreover, is the sharing of this information part of the contract with the ISP? As this is a huge issue, it becomes a great candidate for a future article.
In stead of conclusion, two things:
1. Use VPN, its for your own good!
2. Resist in sites that use your IP to detect your country and provide services based on that!
P.S. As a VPN provider, I am using, for almost a year, those guys Private Internet Access and I am super happy with their services!