Virtual Private Networks (VPNs) are never far from the news, be that discussing privacy, security, accessing geo-restricted content, or otherwise. While using a VPN is a great idea, it really does depend on who your VPN provider is.

Google now, too, offers a VPN as part of its Google One subscription cloud storage service, which has set tongues wagging.

Put simply, can you trust a Google VPN?

What Is Google VPN?

VPN by Google One, to give the service its proper name, is a security service available to Google One customers. The Google VPN is available for US-based subscribers to the 2TB storage plan and any above that level for the time being.

Depending on the success of VPN by Google One, the service will eventually filter down to smaller storage plans, too.

How Does VPN by Google One Work?

VPN by Google One is a regular VPN service, according to the white paper [PDF].

When you switch the VPN on, your internet traffic routes through a Google VPN server before heading back out into the wider internet. That's the general picture as to how VPN services work. Google identifies a weak link in the standard VPN structure whereby user identity is compromised by linking online activities with a session ID.

VPN by Google One proposes to eliminate this issue by "separating the authentication of the subscriber from the use of the service."

What this means is that, each time you fire up VPN by Google One, the service inserts a special cryptographic block, known as a blinding algorithm, between your identity and your session ID, further distancing you from your online activity.

vpn by google one blinding algorithm

As ever, you should note at this point that a VPN doesn't stop online services registering when you access your accounts. Facebook still knows you're logging into Facebook, regardless of your VPN. It just doesn't know where you're logging in from, that's all. That's not to downplay how useful a VPN is, but understanding how one works will help you use it properly, within reasonable expectations and limitations.

Related: Tor and VPN: What Are They and Should You Use Them Together?

Is VPN by Google One Logless?

As the white paper sets out, the VPN by Google One is a logless service. That means Google will not collect a log of information on your internet session while using its VPN. Logless VPNs are important as they mean there's no trace of your browsing or internet session on the VPN server if the provider receives a request for data from the authorities.

The white paper states that "the following data is NOT logged by the VPN":

  • Network traffic, including Domain Name System (DNS)
  • IP addresses of the devices connecting to the VPN
  • Bandwidth utilized by an individual user
  • Connection timestamps by user

Whereas, the following kinds of data are collected:

  • Aggregate throughput
  • Aggregate VPN tunnel uptime
  • Aggregate VPN tunnel setup latency
  • Aggregate Total bandwidth rate
  • Aggregate Packet loss rate
  • Aggregate VPN tunnel failure rates
  • Aggregate VPN tunnel retries
  • Aggregate Service/Server CPU and memory load
  • Aggregate VPN tunnel setup error rates

VPN by Google One will open-source its VPN-client libraries via GitHub, allowing anyone to audit the VPN source code. Google will also submit their server-side and end-to-end systems for third-party auditing, something the best VPN services do to validate their claims of privacy.

Can You Trust a Google VPN Service?

The big question is whether you can trust a VPN service under the control of one of the world's largest advertising companies. A lot of hype and hyperbole surrounds anything to do with Google, not least a product typically associated with privacy.

So, can you trust VPN by Google One to protect your privacy?

Privacy-focused ProtonVPN (operated by Proton Technologies, who also run ProtonMail) does not believe so. The company released a passionate call to resist VPN by Google One and reject Google's advances in the VPN sector.

"VPNs have long been essential online tools that provide security, freedom, and, most importantly, privacy. Each day, hundreds of millions of internet users connect to a VPN to prevent their online activities from being tracked and monitored so that they can privately access web resources. In other words, the very purpose of a VPN is to prevent the type of surveillance that Google engages in on a massive and unprecedented scale."

Strong words from ProtonVPN. But for many privacy advocates, they hit the nail on the head. On countless occasions, Google has shown that privacy will eventually fall to the wayside in search of profit and greater market control.

The ProtonVPN piece centers around the assertion that VPNs pose an issue for Google, stopping the company from hoovering up your data and lumping you into advertising profiles. The white paper acknowledges that "up to 25-percent of all internet users accessed a VPN in the last month of 2019," obscuring their internet activity from Google.

vpn by google one phones

The introduction of the Google VPN changes this. Many see the introduction of a Google VPN as a direct grab on that 25-percent of internet users attempting to increase their privacy. Instead of sending their data through a private VPN, they'll funnel their data through Google-owned VPN servers instead. That's without mentioning the other 75-percent of internet users that Google will target, too.

This isn't the only issue with VPN by Google One.

For example, Google is a US company and is, therefore, subject to US law. If the government comes knocking on the door of Google VPN, Google has little choice but to turn over any information it holds. Of course, if the claims that VPN by Google One is logless are accurate, that will not be an issue.

Security and Privacy Matter to Consumers

Consumers are waking up to the threat of privacy violations from major tech companies and the lack of recourse they have. In 2020, Facebook's number of users declined in the US and Canada for the first time, with many user comments citing privacy concerns alongside the social network's potential for societal harm.

Just as Apple promotes the iPhone as a privacy tool, Google is attempting to persuade and assure users they are trustworthy; that you can trust them with all of your data, all of the time.

No matter who you are, concerns about Google's core business model—advertising and data monetization—are real.

Major tech companies have previous with VPN abuse, too. Facebook launched its Onavo VPN service and was met with a similar reception, not just from those with a strong interest in privacy. Facebook used Onavo VPN to collect user browsing habits, allowing the social media network to effectively monetize browsing habits conducted within a secure and private environment.

In short, it was a serious but completely expected breach of trust, and Onavo VPN was pulled from the market. Notably, Apple removed Onavo VPN from the App Store for breaching data collection rules, whereas the app remained active on Google's Play Store.

Related: Bad VPNs You Must Avoid to Protect Your Privacy

VPNs Are Important, But Should You Use VPN by Google One?

There are countless excellent VPN services out there that categorically do not track you, do not log your user sessions, and do not reside in the US.

For example, ExpressVPN is consistently rated as one of the best VPN services around, has submitted its source code for third-party auditing, and will keep your data safe. I use ExpressVPN myself and have never been disappointed in their service. If you're looking for a new VPN, use our link to grab an exclusive 49-percent off an ExpressVPN subscription.

"If you use Google's VPN, you are placing your trust in a company whose business model is surveillance."

VPNs are important for user privacy. It's entirely understandable that users don't trust Google with their privacy when there are better options available. Furthermore, when the other major tech companies inevitably make moves into the VPN sector, such as Amazon, we advise considerable caution too.