You probably downloaded a Virtual Private Network (VPN) to protect your privacy. But what if the VPN itself proves to be the real threat? It may sound a little paranoid until you actually stop to think about what a VPN is and what it does.
Most people will sign up for a VPN to prevent Internet Service Providers (ISPs), cybercriminals and unreliable Wi-Fi networks from monitoring their online movements. Yes, it’s a smart move. But now, all of that traffic has to go somewhere, right?
Every website you visit and every search you run now flows through another company’s servers instead. And you actually know who’s sitting on the other end of that tunnel?
What A VPN Actually Does – And What It Doesn’t
There is often some degree of confusion around VPNs. It’s a misunderstanding that VPNs can give you some sort of invisible cloak online like something out of Harry Potter. They simply shift who can see your data.
When you don’t have a VPN, your ISP can see which sites you visit and advertisers can track you for marketing purposes. And public Wi-Fi networks? They are literally an open window for everyone to see what you’re up to.
A VPN encrypts the data and your traffic gets routed through its servers instead. Meaning, your ISP and anyone else can only see the IP address of the VPN, not yours.
It does protect you from outside threats but it also means, in theory, that the VPN provider can now see everything that your ISP used to be able to. Whether that’s a good move depends entirely on which VPN you use.
Not Every VPN Is On Your Side
Here’s where the conversation around VPNs may get a little uncomfortable. Some VPN companies – in most cases, the free ones – actively sell your data to advertisers. Even though you downloaded a tool for privacy, it’s actually doing the complete opposite.
In 2021, research was conducted on hundreds of free VPNs and it was discovered that almost all of them contained trackers and requested excessive access to your device controls. Additionally, some of them even redirected your traffic through third-party servers with no transparency regarding where your data was ending up. Alarm bells should be going off at this point.
Why do they do that? Simply because free VPNs need to make money. If users aren’t paying money for subscriptions, they’re generally paying with their data. Not really ideal.
Does that mean every paid VPN is automatically a saint? Not quite, but they at least have a business model that doesn’t require monetising your browsing habits.
More from VPNs
What Does A “No-Logs” Claim Really Mean?
A lot of VPNs will advertise a “no-logs policy” which means that the provider will not keep records of your online activity. If the VPN servers were to ever get hacked, your data would essentially be safe.
It sound reassuring, yes. However in practice, the term is thrown around so loosely that it’s practically meaningless without verification.
The gold standard in this case is to choose a VPN provider with an independently audited no-logs policy. The more reputable companies have undergone third-party audits regarding their infrastructure and policies. Of course nothing is guaranteed, but it’s a meaningful step beyond just taking the provider’s word for it.
Things To Check Before You Commit To A VPN
The good news is that you don’t need to be a cybersecurity expert to determine whether a VPN provider is trustworthy or not. You just need to know what to look for – and what to run from.
Pay For One
There are naturally some exceptions but free VPNs are almost always a red flag when it comes to privacy. A reputable VPN provider can cost you between £2 and £8 per month. That’s cheaper than a latte at a high-street café. Your security is worth it.
Confirm Who Owns It
There are VPNs out there who market themselves as these guardians of your privacy when they are actually owned by massive advertising conglomerates. Finding out who the parent company is of a VPN provider can tell you a lot about what they may do with your data.
Look For Audited No-Logs Policies
Don’t just look for the claim, look for real evidence. It’s very easy for a provider to claim that they have a no-logs policy and ordinary users wouldn’t generally question it. If the company has published independent security audits, they are usually a safe option.
