When the internet was created, the main focus was put on speed: transferring data from one point to another as fast as possible. Information traveled from node to node, finding the quickest route in a network of computers. However, because nodes were often faulty and lead to connection drops, the focus shifted on delivering the packets successfully, thus ensuring data integrity. Little attention was given to security since the internet was meant to be a public, free-for-all space, where anyone could access anything online.
A lot of time has passed since then, and most of us are now aware of the dangers of the web. Anyone with a bit of technical skill can get hold of your personal information, like credit card details or email account passwords, in order to use it for personal gain. Software applications dedicated to security have emerged to fight back, such as VPN tools specialized in creating secure channels for isolating your precious information from the public internet, all thanks to an intricate tunneling system backed by encryption, privacy, authentication and authorization features. Even if the info protected by VPN got somehow acquired by hackers, they would not be able to decipher the message without the key.
How VPN works
What a VPN does is give you a new online identity by dropping your real IP address and swapping it with a fake one. This way, you can surf the internet and perform activities without worrying that relevant information about yourself will be collected by websites and sold to third parties for profit. Although data is still collected, it has nothing to do with your real identity, so you can always disconnect from the VPN to return to your real online ID. For more info, check out our article about how VPN works.
Assigning a new identity that cannot be associated with your real one is all thanks to the security and privacy features provided by virtual private network tools. Each application designed for VPN may have different features, but they all essentially revolve around few things: a safe, speedy and steady internet connection that can give you access to more information. Nevertheless, you might be wondering how safe VPN really is.
Does VPN guarantee your privacy?
In short, no. And this is exactly what we are discussing in the current article. If you have doubts about the safety aspect of a virtual private network tool, you should first understand what it involves: internet privacy and how it is affected by VPN, privacy-related differences between personal and corporate VPN, or what your ISP sees when you use a personal VPN.
We are also showing you how your online privacy can be affected when using a free, freemium or premium VPN, as well as why you should be careful with VPN logging, privacy policies and jurisdiction, countries where VPN is banned or only those approved by the government can be used. However, we are not letting you go without first giving you some pointers on how to strengthen your online privacy aside from using a VPN.
What internet privacy really means
Internet privacy is part of information privacy and refers to the right of any online users to protect their digital privacy, which includes data about their online identity, location, history of browsed pages, and so on. If action is not taken, your data can be sold to third-party marketing websites to help them create personalized, more attractive ads, banners, offers and other marketing content they think you might find more relevant than usual.
One of the many advantages of using a VPN application is that it creates a new connection that separates you from your real world and which is unrelated to your real identity, location and browsing preferences. As long as you use this VPN connection, your internet privacy linked to your real connection is protected.
How VPN affects internet privacy
However, there’s a catch to internet privacy: if you log in with a personal account on Facebook and click on an ad, then your privacy is compromised. This happens because, in this case, the digital information that a marketing company has on you is linked to your personal accounts, not necessarily your IP address. So it’s not 100% possible to remain anonymous while surfing the web with a VPN. You have to give it a helping hand, too, by avoiding any online services that are directly linked to your digital identity.
What’s more, the VPN service provider cannot control the website policies employed by the pages you visit. For instance, a website may collect info from your Facebook account if you logged in while connected to the VPN, in order to determine your real identity. Besides, it’s generally a good idea to not fully trust the websites you visit if they claim to store no kind of information on you. These rules are constantly changing and there’s no way of knowing when you will fall into their trap. To add a layer of anonymity when browsing pages, you can use mix networks like the Invisible Network Project (I2P) or Tor.
Corporate VPN and privacy
Corporate VPN services provided by your employer will surely not guarantee your online privacy. Since your computer activity can be monitored by your network administrator while you’re working at the office, this rule must apply for employees working from remote locations, too. It’s essential for a place of business to keep tabs on their employees’ activity and make sure that time dedicated to working hours is not spent by doing anything else.
Furthermore, the network administrator is responsible with the security of the corporate’s servers and confidential data that can be accessed through the web. Although an intranet is designed to protect the contents of business information from anyone on the outside looking in, this creates vulnerability holes when exposing the intranet to remote devices based on VPN. Which means that it’s completely normal for your online activity routed through the VPN to be traced by your employer, unless you use split tunneling. In this case, the VPN facilitated by your office cannot guarantee your privacy.
What does your ISP see when you’re using a personal VPN?
When you connect to a virtual private network, you get associated with a new IP address that has no relation to your real one. Your Internet Service Provider can tell that you’re using a new IP address, which means the ISP can tell you’re connected to a VPN. They also have information on the amount of sent and received data, together with timestamps. In fact, if you don’t use a VPN service, your ISP might throttle your bandwidth.
However, it’s impossible for them to see what websites you are trying to reach or what other activity you do when connected to the VPN. All the ISP gets is encrypted data that cannot be deciphered without the key. Hiding your tracks from your ISP is actually one of the main reasons why people go with a virtual private network app, as it keeps your data encrypted throughout the entire session. In general, you shouldn’t worry about your ISP snooping around if you’re not trying to conduct illegal operations over the VPN.
Free VPN vs freemium VPN vs premium VPN
As a general rule, free VPN services should be avoided because it means that few or no people are employed by the VPN provider to look after them. Since the employer must earn income in some way, this can translate to something less intrusive like displaying ads to others more serious like selling user information to third-party marketing companies for profit. In some cases, the free VPN provider can also use you as an end point or to provide extra bandwidth for other, paid customers. A good example for this is Hola, which was caught selling user bandwidth and exposing users to DDoS attacks.
Freemium VPN are premium tools that usually give you a glimpse of their essential features for free. You can test the service to see what you can get with the premium version, either with some features unlocked forever (demo), with all features unlocked for a limited amount of time (trial), or any combination out of the two (demo/trial). It’s a fair approach taken by serious VPN providers who want to show their potential customers that nothing can go wrong if they buy their product.
Lastly, the premium VPN model means that the product must be bought from the get go. If your top concern is internet security and privacy, then your best bet is to go with a freemium or premium VPN.
VPN logging and privacy policy
If you’re the type of person who blindly accepts terms and conditions when installing a piece of software, without reading any word of it, we’re sorry to tell you that it has to stop when it comes to VPN services. Since you basically put your whole online security in the hands of one of these programs, it’s crucial to read everything, at least twice, just like you would read a contract at the bank before signing it. Further, you should raise an eyebrow when coming across questionable, unclear words and expressions, like “100% anonymity” and “zero logging policy”.
Developers love claiming absolute power, and this rule applies to VPN, too. Even if their presentation says “no logging”, this is rarely the case. Some VPN providers simply lie about keeping no types of logs when they actually get hold of your personal info such as name, email address, IP address, connection timestamps, or bandwidth data.
In other situations, the developers come clean and explicitly say that some, non-essential logs are kept, like information necessary for resetting passwords if forgotten, for refunding your money if requested. In the best case scenario, VPN providers really keep their promise and have a strict no-logging policy. What you should draw out from this is to not trust the presentation but deeply inspect the privacy policy instead.
VPN jurisdiction
Depending on where the company of the VPN service is physically located, it might be subjected to the local laws. Red flags should be particularly raised if the region is part of 5 Eyes, 9 Eyes or 14 Eyes. Created as surveillance alliances operating on a global scale, these organizations collect and share information about online users, so they are in their legal rights to demand logs from VPN service providers if necessary.
You might think that the VPN companies with a no-logging policy will have nothing to turn over to the authorities. Although this sounds realistic, history has shown otherwise. For instance, PureVPN which claims “no logs” but actually stores some personal information, handed over logs to the US Department of Justice, as detailed in a complaint about a cyberstalking case. Hotspot Shield VPN was caught violating its own privacy policy in a complaint issued by a non-profit organization fighting for digital rights in the US. On the other hand, when the zero-logs policy of Private Internet Access was tested by the FBI, no relevant logs were found to identify the suspect, thanks to the company’s strict no-logging policy.
When scouting the web for the best possible VPN application that suits your needs, it’s a good idea to put in balance the logging and jurisdiction aspects. It’s okay if the VPN provider might be compelled by the local authorities to share logs, as long as it doesn’t actually save logs in the first place, at least not with relevant information that can be used to track you down (strict no-logging policy). In all other policy scenario, it’s better to move on to a VPN whose country has no rules defined at the moment when it comes to cyber privacy. Even so, you should watch out for news about the country’s laws since they can change overnight.
Run a background check on the VPN service provider
If you are still unsure about the intentions of a particular VPN service provider, you can run a simple background check to see if it was involved in any scandals in the past. And if it’s true, it’s important to find out how the company managed the situation (everybody makes mistakes but deserve second chances only if they put the effort into it).
Background checks are becoming an essential weapon nowadays for anyone who wants to get a second opinion from the internet. From employees who check up on a candidate’s past, to candidates who want to make sure that the company they want to get a job at was not involved in anything suspicious. And the same rule should apply to any online service that you’re willing to put your faith and your money into.
Is VPN legal to use?
Online services made for virtual private networks are generally legal to use. Compared to what we previously discussed about VPN jurisdiction where the thing that matters is the location of the VPN company, what matters this time is where you are physically located at the moment of using a VPN. In some cases, laws may be different for residents and tourists, but even so, you should do a little research on the matter when planning to visit a foreign country.
In some countries like China, Russia and Iran, only VPN tools approved by the government may function legally. However, depending on what terms and conditions the VPN company agrees to, user privacy might be compromised. These kind of services are restricted for individuals in the United Arab Emirates, though, although they can be used by companies. VPNs were fully banned in North Korea, Iraq, Turkmenistan, and Belarus.
How to strengthen your online privacy
As previously mentioned, a VPN cannot help you achieve anonymity without your help. In fact, even after taking all the necessary precautions, you’re still at risk of exposing your true identity, depending on what questionable activity you’re performing online and who is watching. Nevertheless, casual users shouldn’t concern themselves over this. As long as you’re not breaking any laws, there’s probably nothing to worry about.
Even so, if you want to increase your level of online privacy, you can do the following things:
Clear/disable browser cookies
HTTP cookies are made to be helpful tools for temporarily remembering important information about your current browsing session, like how many items you added to the cart for checkout while you are still exploring the store, or whether you are logged in or not (authentication cookies). But if the cookies fall in the hands of a hacker, they would be able to extract the information required for impersonating you by gaining access to your accounts, for example.
Browser cookies can be easily deleted when quitting your web browser. Apart from opening the settings menu to perform this operation manually, you can also instruct your browser to clear cookies automatically when you exit or after a certain period of time has passed. But you can also disable browser cookies altogether. This functionality is also facilitated by browser extensions, like Cookie AutoDelete for Firefox, EditThisCookie for Chrome or Self-Destructing Cookies for Opera.
Disable tracking cookies
You might be more familiar with tracking cookies, though, such as third-party tracking cookies used to collect information and remember the history of your browsing habits. They seem harmless, but it can quickly become annoying to see the same old ads everywhere you look (sometimes even after already purchasing the item in question).
Things take a turn for the worse if you are browsing the internet for a surprise gift for your special someone, who also has access to your PC, since they will probably see the same ads and put two and two together. Thankfully, most web browsers have “Do Not Track”, so you just have to make sure it’s activated.
Disable Flash and zombie cookies
When website marketers caught on the fact that users could disable browser cookies, they came up with Flash cookies and zombie cookies (evercookies). It used to be a popular method for storing user information on top of websites. Based on JavaScript, zombie cookies kept multiplying and saving themselves all over the user’s computer in order to avoid complete deletion.
Flash cookies are based on Adobe Flash and operate similarly, saving data about the user like preferences and Flash games info. Most modern web browsers keep Flash and JavaScript deactivated by default, but you should check this nevertheless, especially if you want to start incognito/private browsing sessions. To add an extra level of security, you can install a browser addon designed to keep Flash and JavaScript disabled at all times, like Flashcontrol for Chrome, Disable JavaScript for Firefox or JavaScript Switcher for Opera.
Disable WebRTC
WebRTC is a relatively new feature implemented into web browsers to enable direct peer-to-peer communication between the websites you visit and audio/video channels. There’s a risk of WebRTC leaking your real IP address even if you are currently using a virtual private network application, if the VPN service provider hasn’t yet integrated WebRTC disabling features with their product.
Most top web browsers have WebRTC enabled by default, which means that you have to do a bit of digging around before browsing the web with your VPN. However, just like in the previous cases, browser extensions have already surfaced to keep WebRTC deactivated at all times, so all you have to do is install one. Examples include WebRTC Leak Prevent for Chrome, Disable WebRTC for Firefox or WebRTC Leak Prevent for Opera.
Turn off location reporting
Whether we’re talking about your smartphone, tablet, notebook or desktop, it’s a good idea to turn off location reporting when it’s not required for something important like searching for a location on Google Maps or requesting an Uber ride. Microsoft, Google, Facebook and other giants can keep track of you at all times and commit this to history, thus exposing personal information that you might want to keep private. Furthermore, you can dig deep in your browser’s settings menu to disable annoying location requests made by the websites you visit.
Use private browsing sessions
Incognito/private browsing session prevents the web browser from recording your browsing history, cookies and site data, and autofill data in forms. However, your browsing activity is still visible to the visited websites, employer and ISP. Private browsing sessions are ideal when you’re temporarily using a friend’s computer to check your inbox or Facebook account without signing off your friend or without worrying about leaving your accounts opened on their device by accident. Just remember to close all private windows when you’re done.
Install an ad-blocker
Not all software applications made for virtual private networks comes with built-in ad-blockers, which means that you will still get to see ads, banners, pictures, multimedia content, popup messages, and other forms of ad-supported content when browsing the internet. Besides the fact that your online activity may get interrupted every time one of these ads are triggered, this also has a negative impact on your online privacy.
Unless you use a VPN with an integrated ad-blocker, there are a lot of options to choose from, such as browser extensions like uBlock Origin, Ghostery, Adblock Plus and Privacy Badger, all featuring intuitive options for casual users. If you’re looking for more control and have the necessary skills, you can take a look at uMatrix and NoScript.
Enable DNS security and use HTTPS
If you use a protocol for securing your DNS, like DNSCrypt, this prevents hackers from spoofing your DNS to divert network traffic to the hacker’s computer (or someone else). Meanwhile, HTTPS represents the secure version of HTTP, making sure that data packets you exchange with a visited page remain encrypted throughout the session. HTTPS is particularly important for websites dealing with sensitive info, like banks or shops. You can use a browser extension like HTTPS Everywhere to forcefully switch websites to HTTPS if they support it, and optionally block any websites with no HTTPS.
Be wary of browser fingerprinting
Browser fingerprinting is an intelligent technique used to identify your unique web browser configuration based on the browser preferences you specify. The more similar you are to other users, the less likely is the chance for someone to track you down. AmIUnique is a pretty cool online tool that can determine your browser fingerprint by taking into account the name and version of your web browser, operating system, primary language, time zone and technical details like User agent, list of installed plugins, and font type.
What we’re trying to point out is, whenever you use a VPN application, you should turn to a freshly installed web browser that can be left with the default configuration, making online trackers think you’re taking the lazy approach toward web browsing. But you should still tweak the privacy-related features of the web browser as well as install the necessary extensions.
Use a multi-hop VPN configuration
If you want to strengthen your internet connection even deeper, you can turn to a VPN application that supports multi-hop configuration. A VPN tool normally works by connecting to a VPN server and keeping the connection alive until you turn it off or switch to another server. What a multi-hop VPN does is automatically switch to several servers, in order to further enhance anonymity for your connection. While multi-hop VPN puts emphasis on a higher level of encryption and privacy, it’s generally slower due to the multiple hops it has to connect to.
Switch to a better, more secure web browser
While Google Chrome, Opera or Microsoft Edge may seem like attractive and easy-to-use web browsers, they are actually the last thing you need when it comes to online privacy. Chrome syncs everything to your Google account, Opera has a free built-in VPN service that you should stay away from, while Microsoft Edge is a Windows 8 browser that most definitely tracks everything you do on the computer due to the unfortunate Microsoft policy.
Instead, you can switch to other, better options like Mozilla Firefox (plenty of built-in customization settings for security and privacy), Brave (easy to use, with options for disabling ads and enforcing HTTPS) or Tor Browser (a more secure variant of Firefox with a vast range of security and privacy mods). It’s not mandatory to get rid of your favorite browser just because it’s not secure enough. Instead, you can keep it installed along your secure browser and toggle the two whenever necessary.
Switch to a better, secure search engine
If you truly want to be cautious when it comes to your online privacy, perhaps it’s time to consider dropping favorite search engines like Google Search or Bing in favor of secure alternatives. As previously mentioned, Google and Microsoft collect user information on a mass level. For example, DuckDuckGo is advertised as “the search engine that doesn’t track you”, featuring built-in options for blocking advertising trackers and maintaining your search history secret. It also has a browser extension that can grade other websites by privacy.
Startpage is another search engine that puts emphasis on security and uses only one cookie for remembering the user’s search preferences (only if you want) to, which automatically gets deleted if unused for 90 days. Wolfram Alpha is yet another good example for a secure search engine, which answers factual queries using data from external sources after filtering the information.
How to test your VPN for IP, DNS and WebRTC leaks
A good virtual private network tool should be able to keep your information safe by preventing any leaks related to your online identity, including IP and DNS addresses, along with WebRTC. As soon as a hacker gets their hands on these details, they will be able to track you down. Therefore, when measuring a VPN’s capabilities, make sure to perform some simple tests on your own using multiple servers, in order to find out if there are any security holes and if there are any ways to fix them.
For example, a leaky WebRTC can be fixed by manually disabling WebRTC from the web browser instead of relying on your VPN to do it. You can check out IPLeak, IP X, DNSLeak or BrowserLeaks. Some of these online services can also return results about your browser fingerprinting. Accidental data leaks shouldn’t happen if your VPN application is equipped with a kill switch that actually works.
In conclusion
Virtual private network utilities cannot 100% guarantee your privacy because they depend on variables that cannot be controlled, like if you log into personal accounts that can be definitely linked to your identity, even when using VPN. However, by understanding what internet privacy is, you can get good idea of how to better preserve it. It’s also healthy to turn to various tools for helping you prevent security leaks.
Leave a Reply