Virtual Private Networks are a vital element of your online security. While you may be confident in your home or work network security, there is no way to use public Wi-Fi safely without a VPN.
But setting up a VPN comes with a very important trust issue — that no one is able to find out what websites you’re accessing. This is as vital for keeping your bank details private as it is for concealing other personal online activity — and the nature of secure transactions and data encryption means that you cannot have one without the other.
However, not all VPNs are as secure as you might think. While they might offer a range of all-important, impressive-sounding security bells and whistles, the truth is that few of them — if any — offer a truly private experience. Here’s why.
1. Complete Anonymity Is a Lie
How much are you paying in VPN subscriptions? $100 a year? More? All for that guarantee that your privacy is being maintained — that you are anonymous online.
Well, we’ve got news for you. You’re not anonymous. While your VPN provider may well be promising that their service is anonymous, with no logging, there is no way that you can verify this. Indeed, it’s quite a leap of faith, under the circumstances.
“…you have absolutely no way to know for sure how safe a ‘No logs’ claim really is. Trusting your life to a no logs VPN service it is like gambling with your life in the Russian roulette.”
-Wipe Your Data
What is most important from a VPN provider — anonymity, or transparency? We reckon finding a VPN that you can trust trumps any fake notion of anonymity and the avoidance of keeping logs. The trick is finding a VPN that truly appreciates your anonymity and privacy, and we’re afraid that such networks are in very short supply.
2. Anonymity Does Not Equal Privacy
Some VPNs provide tools to control your privacy. Such features can be used to manage access to your personal data, but they don’t eradicate all data that can be used to identify you.
Even if you were to combine a VPN with Tor and encrypted messaging, you still would not be completely anonymous; all of these tools can be forced or subverted to track, should you become a “Person of Interest” to the authorities. While your activity would remain private, thanks to encryption, the fact that you were online, engaged in some form of exchange, would be recorded.
As Edward Snowden stated:
“…basic steps will encrypt your hardware and … your network communications [making] you…far, far more hardened than the average user – it becomes very difficult for any sort of a mass surveillance. You will still be vulnerable to targeted surveillance. If there is a warrant against you, if the NSA is after you, they are still going to get you.”
3. The “No Logging” Myth
VPNs vie for your attention and hard earned cashed by enticing you with the promise of not logging your activities. This “no logging” selling point is hugely attractive, but is, sadly a myth. Even with our selection of the best VPN services.
Let’s set this straight now: you cannot run a server without logs. Without logs, a VPN provider would be unable to handle DNS requests, prevent abuse, troubleshoot connections, or limit VPN accounts based on the subscription type you’ve chosen, such as putting a cap on the amount of data you can use.
VPNs are good, but their weakness is the single point of failure: hack or subpoena that one point to see everything. https://t.co/iUxkbJsoK2
— Edward Snowden (@Snowden) December 30, 2015
With many occurrences of VPNs advertising a “no logging” service subsequently handing data over to law enforcement agencies, it should be quite obvious that “no logging” either doesn’t mean what you think it does, or has become a de facto advertising term in the VPN sector that we should more or less ignore. Those VPNs that don’t require a sign-up and can only share the information that they collect? They’re low quality, unreliable services that often make browsing the web privately less fun than a dental operation.
Concerned about your VPN’s use of logs? Find a reference on their website that shows exactly what information they do retain, and use this to make a decision as to whether the service is for you. If the VPN doesn’t provide any information as to how they handle logging and what information is retained, it’s time to move on.
In almost every case, your IP address, username, operating system, and times of connection and disconnection from the service are the very minimum that is collected by the VPN’s logging system. Doesn’t sound particularly anonymous, does it? So much information can be gleaned from this skeletal collection of facts.
5. Rented Cloud Servers Necessitate the Use of Logging
There are, it seems, two types of VPN: those that use their own servers, and those that rely on cloud solutions. As we’ve already seen, it is very difficult to run a server without using logs, and even tougher to run any subscription-based online account — if not impossible.
With the vast majority of VPN providers using third party servers, it is virtually impossible for these services to run without logs being collected. While the VPNs themselves might not be creating logs, the servers they are renting do, by design of the hosting providers.
Here’s a great example: the EarthVPN customer who used the supposedly anonymous service to make a bomb threat. He was apprehended after Dutch police obtained a court order to seize the server from a third party datacenter, where they found the person’s IP address logged (no doubt as part of the datacenter’s strategy to combat DDOS attacks).
The Surprising Shortcomings of VPNs
Whether you’re using a VPN to do some secure online shopping from the comfort of a comfy chair and latte in your local café, or attempting to avoid detection of your torrenting activity, the fact remains that no VPN service is as secure as you believe it is.
For an added sense of security, you might look into using a VPN kill switch.