How to secure Mac and iOS devices with the Cloak or PIA VPN | Dafacto

The personal website of Matt Henderson.

How to secure Mac and iOS devices with the Cloak or PIA VPN

02 February 2015

A while back, I ran across an article (which for the life of me I can’t find now) in which the author meets with a computer hacker at a public location—a Starbucks coffee shop—and demonstrates the surprising amount of information he can collect by intercepting the traffic between the Starbucks public wifi and the locally connected customers. It is truly scary!

If your Mac or iOS devices connect to public wifi networks, you can protect yourself by using a VPN (virtual private network) service. When activated, a VPN service running on your device will access the internet through an encrypted connection to the VPN provider’s servers; basically creating an encrypted “tunnel” through which all your internet traffic securely travels.

There are other reasons for using a VPN service as well. When accessing the internet through a VPN, your IP address will correspond to that of the VPN provider’s server. People use this feature to both hide their geographic location, and to “spoof” their location to access geographically-fenced content and services. For example, commercial services like Netflix, as well as certain features of my online banking interface, are only available to US-based IP addresses. Such restricted content is accessible from abroad when connected to the internet via a US-based VPN server.

On my devices, I actually run two paid VPN services, and the rest of this article explains why.


Cloak, from a user-experience point of view, is the perfect VPN service for anyone accustomed to traditional Apple ease-of-use. (Which is quite surprising, when you learn it was created by former Microsoft engineers!)

When it came to market, Cloak made two big advances with respect to all other products at the time.

  1. The product's user interface, on both Mac OS X and iOS, hides all the complexities of VPN technology from the user. Whereas other VPN services begin their installation process asking if you want to use "pptp" or "l2tp", using Cloak is as easy as pressing some big buttons.
  2. The killer feature of Cloak is that it will automatically connect your device—both Mac and iOS—to the VPN whenever you connect to an untrusted wifi network. Furthermore, during that short period of time between connecting to the untrusted wifi network and when the VPN service is enabled, Cloak will block all internet traffic. (How they got all that working in iOS appears to be magic. But it works!)

That second feature is really important. For reasons I’ll discuss below, I had to connect to a hotel wifi in Gibraltar this week using a different VPN service, which involved a couple of moments of being connected without VPN security. Of course, apps on my Mac are continually making connections to the internet, and just a few moments after being exposed to that hotel network, I got an email from Google alerting me to a suspicious login attempt on a private Gmail address I use (which is secured with two-factor authentication.) Could be coincidence, but who knows!

So Cloak makes it dead-easy to use a VPN, and best of all doesn’t require you to remember to enable it.

Cloak offers subscription plans and one-off access coupons to fit pretty much any budget. I pay $10 per month for the unlimited plan, since I am frequently connected to public wifi networks and don’t want to think about whether I’ve exhausted a data transfer limit. And that one subscription protects all my devices.

If Cloak is near perfect, why would I run a second VPN service? There are two reasons:

  1. Sometimes I need to specifically connect to a VPN server in Switzerland. Although Cloak has server options around the world, it unfortunately does not yet have any in Switzerland.
  2. There's a certain type of hotel wifi system which, for whatever reason, doesn't get along with Cloak. (It's those systems where the wifi is unprotected via password, but requires you to connect through a web browser.) When connected to these wifi services, Cloak's connection is sometimes unstable—experiencing frequent interruptions and re-connects. Also, there are some geographical regions where Cloak has difficulty connecting, e.g. it had difficulties connecting when I was visiting the United Arab Emirates. So for these rare situations, I need an alternate option.

Private Internet Access

Private Internet Access claim to be one of the world’s biggest, most popular, most private and most secure VPN services, and offer servers in virtually ever corner of the world.

From a user-experience point of view, you can see they don’t hold a candle to Cloak:

No control to close the window; just a “Save” button. And I won’t scare you by revealing what’s behind that “Advanced” button!

The biggest downside to PIA is that it doesn’t offer the network-dependent auto-connect feature of Cloak.

  • On the Mac, you can either have it permanently connected, or you have to remember to connect.
  • On iOS, you have to launch an app (OpenVPN Connect) in order to activate the VPN connection.

On the other hand, there’s a lot to like about PIA:

  • In my experience, it has proven extremely stable. In circumstances under which Cloak has had some issues, PIA has never failed.
  • $39/year (about $3 per month) gets you unlimited access and data throughput, on all your devices.
  • PIA have live chat support, 24/7, which in my experience has always been friendly and effective.


So in conclusion, if you connect to public wifi networks, you need to use a VPN service. Cloak provides a great user experience, and just as importantly, is designed to work even when you forget you need it. For most people, it will be the perfect solution. If you travel around enough to run into those rare situations in which Cloak has issues, Private Internet Access is a great backup alternative.

Enjoy this article? — You can find similar content via the category and tag links below.

Questions or comments? — Feel free to email me using the contact form below, or reach out on Twitter.