But, for all the benefits the internet brings, it also brings risks. And, to protect ourselves from different online threats, many of us are thinking of or have already turned to VPN technology.
On paper, VPNs seem like the perfect tool for the job. They encrypt and anonymize our data, keeping it secure and away from prying eyes.
In practice, however, are VPNs safe? Things definitely get a little complicated.
When you use a VPN, you’re handing your traffic over to a third party (the VPN provider), trusting them not to violate your privacy. That makes being careful crucial when choosing a VPN provider. If you pick wrong, you may end up swapping one privacy nightmare for another.
So let’s take a look at what threats to your privacy exist online, and exactly how you can choose a trustworthy VPN service to avoid them.
To VPN or Not to VPN
The most obvious online threats are criminal. Thiefs often go to great lengths to steal and profit from user data like login credentials, personally identifiable information, and credit card numbers.
But, criminals are hardly alone in trying to get their hands on your information. Internet privacy protections are falling to the wayside in many countries (assuming they existed to begin with).
ISPs and Data Collection
You would be stunned to find out how much data the average internet service provider (ISP) collects about their users. And they love to do it too. Some go as far as offering discount pricing if you consent to them spying on you (details which are nicely tucked away in the fine print).
Why gather all this information? To sell it to the highest bidder, of course. It’s a very profitable business model.
The data that your IPS may and quite possibly is collecting about you can include any of the following:
- Individual non-encrypted web pages viewed
- Domains and encrypted pages visited
- Online services used
- Individuals files downloaded
- Senders, recipients, and possibly the contents of unencrypted emails
From that information, an ISP can develop a shockingly accurate picture of you.
For example, they can build a partial medical profile based on which illnesses you read information on or what medical services you search for.
They may be able to figure out your sex and approximate age based on the types of sites you most frequently visit.
They may even learn your political leanings, sexual orientation, or any other personality trait shown through your behavior online.
And, perhaps most frighteningly, you can’t even audit the data that’s collected to, at the very least, double check its accuracy.
How VPNs Can Protect You
When you use a VPN, you leave your ISP in the dark. A VPN creates an encrypted connection (or tunnel) between your device and a server controlled by the VPN provider.
But default, all your internet traffic will go through that tunnel. As long as that is the case, your ISP will be unable to figure out anything about your online activities.
Everything is encrypted and routed through the VPN server. So, your ISP won’t know where the data is going, who it’s coming from, or what it contains.
As mentioned, though, this only shifts the burden of trust away from the ISP and onto the VPN service. If you don’t end up using a trusted VPN provider, you’re just swapping out who gets to profit from your personal information, and not much else.
Why a Trustworthy VPN Provider Is Important
When using a VPN service to protect yourself against an ISP or another unauthorized third-party, you’re trusting the VPN to not be like them. You’re trusting them not to log or track your internet traffic or to sell your online habits, or personal information to the whoever’s willing to pay for it.
In fact, since every VPN provider requires you to sign in to use one of their servers, you’re explicitly tagging your traffic as belonging to you. If the VPN service decided to catalog your activities, things could get even more compromising.
The sad reality is that there are always dishonest VPN providers, looking to cash in on uninformed users. Ever time there’s a privacy scare, they turn up in the market in droves.
Failing to choose a VPN provider carefully could leave you in a much worse situation than you started in, and can jeopardize your privacy and security in a whole new way.
How Safe and Secure Is a VPN
Let’s first put aside the policies and behaviors of individual providers.
The technology behind most commercial VPN services is very sound and offers excellent protection of your security and privacy.
Generally speaking, a correctly set up VPN makes it close to impossible for any unauthorized person or organization to analyze your internet traffic and connect any activity back to you.
It’s important to remember that a VPN will only encrypt data between your device and the VPN server. Once it leaves that server to travel to its ultimate destination, it’s just as vulnerable to interception as any non-VPN traffic would be.
However, by that point, the VPN server is considered the source of the traffic. It would be very difficult for anyone to trace it (and whatever online activity is being performed) back to you.
What to Look for in a Safe VPN
So, from a technology point of view, a VPN is safe. But, since the privacy and security it provides can be easily undermined by its provider, picking a reputable and transparent VPN service is beyond critical.
If you fail to do so, you’re defeating the entire purpose of paying for a VPN service for privacy and security. You’re throwing money down the drain.
There is a list of things you should look for to make sure a VPN will give you the best level of protection. To begin with, any provider you’re considering should offer these technical features:
- 128-bit or 256-bit encryption
- DNS leak protection
- A large number of servers in countries you’re interested in connecting to
- Shared (not dedicated) IP addresses for better anonymity
- Cross-platform support
- Choice of TCP or UDP protocols
When these are all available, you’re getting a robust and secure VPN service that offers maximum flexibility and broad compatibility. At least from a technology point of view, that is.
Once you find such a provider, you must then turn your attention to the company and their various policies that may have an impact on your security and privacy. Make sure they have all of the following:
- A clear policy outlining user data collection practices
- No logging of traffic source or destination
- No tracking of user logins or logoffs (times at the very least, ideally, nothing at all)
- No 3rd party access to servers or clients
- A Terms of Service agreement you can actually understand
When a VPN provider checks all these boxes, on top of meeting all the technical requirements, there’s an excellent chance you’re data will be in good hands with them.
That said, don’t always just take their word for it. Do a bit more reading and see if you can find instances where the provider didn’t follow their policies or was discovered to be collecting data they said they weren’t.
Are Free VPNs Safe
It’s not that easy to find a free VPN service that is safe, secure and meets the requirements I’ve covered above (which, in my mind, are musts). But many people use them anyway.
Most free VPNs make bold claims about their security features and levels of anonymity they grant. But, almost none ever live up to them.
The simple fact is that servers and bandwidth cost money. A “free” VPN has to cover those costs somehow, and selling your personal information and online habits can be surprisingly profitable (more than any form of ad revenue, another common income source for free VPNs).
Several well-known free VPN services have already been uncovered as insecure and lax with their data collection practices.
For example, Hola has been caught red-handed selling the bandwidth of their VPN users to third parties. Their software even contained a flaw that would let an attacker take full control of a user’s device.
Betternet, a widely used free mobile VPN service was found to contain as many as 14 individual tracking libraries embedded in their app. Arguably, using Betternet was worse for your privacy than using no form of protection at all.
Personally, I’ll always choose a paid VPN over a free one. With a few exceptions I can count on one hand, I consider every free VPN questionable at best, if not downright dangerous. Maybe I’m the minority, but when you can get a quality provider like Surfshark or CyberGhost for as little as a couple of dollars per month, for me, the decision is a no-brainer.
Choose Wisely, Stay Secure
Choosing a reliable, safe, and trustworthy VPN is not a trivial matter and has consequences if you get it wrong. Using a VPN service puts all of your internet activity and data into their hands. In some cases, that could be worse than trusting your ISP.
Follow the advice in this article to find an honest provider with high standards of security and privacy. Spend a bit of time doing your research.
There are many safe VPNs out there that are likely to do everything in their power to protect you and your data. Using one of them is, arguably, the best that any of us internet users can do.