This article is the English translation of “Melindungi Diri di Ruang Digital dengan VPN” by former EngageMedia Learning Specialist Yerry Borang. Read the original column in Bahasa Indonesia on Kompas.
The source material is part of EngageMedia’s project on expanding digital rights networks in Indonesia. Check out the project page to learn more about our work in the country.
Since 2016, Indonesia is recorded to have the highest number of VPN (virtual private network) users in the world. In 2019, Indonesia became the number one country with the most VPN downloads, beating both China and India.
Despite being the most populous country in the world, internet users in China face government restrictions in using VPN. As a result, many have turned instead to shadowsocks, explaining the lower use of VPN. Like Indonesia, India’s high VPN users are arguably due to the high population and the local government’s content restrictions.
This article discusses what a VPN is, what drives its high usage in Indonesia and how one can safely choose a VPN for daily use.
What is a VPN?
A VPN is a Virtual Private Network, a connection service on the internet that serves as a secure and private communication line by changing the connection network. This is done by adding a server in the communication line and equipping them with tools to hide data exchange activities.
Why are so many Indonesians using VPN?
One of the biggest reasons for high VPN usage in Indonesia is the government’s censorship and blocking. VPN providers themselves risk being blocked at the ISP level if they do not have adequate permissions from the government.
The government has used several arguments to justify online censorship and blocking, chief among them are containing threats to “national security”, safeguarding business interests under State-Owned Enterprises (SOEs) and preserving social morality.
The following are some examples of censorship and blocking of both websites and the internet in Indonesia:
1. Entertainment sites
VPN is often used to access entertainment sites that do not pass government censorship, as demonstrated in the Netflix case. Telkom Group, a state-owned ISP, blocked Netflix on January 27, 2016 for their users, including those using Indihome, WiFi.id, and Telkomsel.
Following protests against the move, Telkom released an official statement asserting that they took the step due to the company’s inability to comply with the Indonesian regulations. At the time, the Minister of Communication and Informatics, Rudiantara, even praised the network’s move to block Netflix via a series of tweets.
Though Indonesians can freely access Netflix today, the ‘Netflix block’ of 2016 forced thousands, if not millions, of Indonesian to get acquainted with VPNs.
Another reason that significantly contributes to the high numbers of VPN users in Indonesia is to access adult sites. Accurate data in this regard is limited. But, pornography is frequently brought up during governmental discussions on censorship.
Content has been censored randomly without sufficient review in the past. For instance, Tumblr was blocked under the allegation of spreading pornographic content. Similar reasons have been used to censor several sites with “LGBT content.” Blocking was done on the basis of arbitrary morals without any clear, let alone just, legal basis.
3. Accessing blocked websites
Popular social networks such as Reddit and Vimeo have faced repeated government blocks in Indonesia in recent years. This has forced Indonesians to find ways to access these websites. VPNs proved to be a popular workaround.
4. Content access restriction
In May 2019, during large-scale protests rejecting the results of the presidential election, Indonesians found several social media services were almost inaccessible or only partially functional, especially for sending media, including images, sound or video. During widespread demonstrations in Papua in August 2019, internet access was cut off altogether
The utility of social media and the internet for citizens is not merely to update their status. Social media and the internet are deeply intertwined with business and other aspects of use. Even teachers use them for educational purposes. For example, teachers use Facebook to coordinate their learning, especially now that physical attendance in schools is limited.
How can we choose and use a secure VPN?
Throughout this article, we see that a kind of vicious, whack-a-mole circle emerges — sites get blocked, people use VPNs to circumvent those blocks, and because people continue to access blocked services, the blocking gets even stricter and more widespread, and so on.
In a statement in 2020, Telkom cited a study that found that of 283 VPN services, 38 percent of the sample contained malware. Free VPNs dominated the list, although that does not mean paid VPNs are guaranteed to be more secure than free VPNs. Therefore, one has to carefully choose a VPN to ensure the safety of one’s personal data.
The consequences can be manifold. Stolen data can have economic, social and political ramifications, like break-ins into financial accounts online. Unsafe VPN applications that carry malware can do more harm than just stealing user data. Furthermore, damage to the operating system can occur on smart devices or computers, so that the costs borne by users will be even more significant.
The question is, are there any secure VPN services out there? Of course, the word security can be interpreted broadly, and as the old saying goes, there is no such thing as 100% security. But I propose at least two possible indicators that can help us to find a secure VPN.
Many factors can technically indicate a good and safe VPN service. One of them is that a good VPN service should allow users to send and receive data online while maintaining privacy and confidentiality or reducing the collection of personal data.
This usually means having sufficient encryption. But there will be many technical aspects to unpack if we get into this discussion. In this limited space, I propose two simple criteria that ordinary users can consider. I feel that if one of these is fulfilled by a VPN provider, it demonstrates that the service is sufficiently reliable.
The first is whether the codes are open source. With open-source applications, any code and commands used by the application can be analysed by the public. And for this, ordinary users only need to search for information on a search engine for the VPN application in question.
The second criterion is whether an independent security audit has been conducted for the VPN service. These audits are often published on the VPN services’ websites. However, the results of these audits are often expressed in highly technical language which can be inaccessible to an ordinary person. But there are some services that can help you.
What are some recommended VPNs to choose from?
There are sites that compare chat application security using easy-to-read materials, such as the Secure Messaging Apps website. Ordinary VPN users can also read reviews from experts who compare several VPN services, such as those from VPN Mentor, and ZDnet.
I recommend the ProtonVPN service, which provides a free plan, is open source, has strong encryption, and has publicly announced independent audits.
TunnelBear is also one of the VPN services I recommend (disclosure: EngageMedia has partnered with TunnelBear in providing free VPN subscriptions for human and digital rights defenders) as it has been audited independently and has a strict no-log policy.
NordVPN seems to be a favourite among users of paid VPN services, especially for those looking to bypass streaming blocks, although, in 2019, NordVPN experienced a significant data breach.
Today, more than ever, we need to be more cautious about our online activities. This is necessary if all parties are to join hands in fixing data breaches, which continue to occur. The use of a secure VPN in our daily internet surfing activities is one of the ways we can mitigate these risks.