Privacy: What to consider when choosing a VPN
VPNs are not the interchangeable commodity service they first seem like, giving the user an equal privacy boost regardless of the brand name. Even without diving into the technology specifics, there are significant differences between individual VPNs which can hit users at that very point where they first went for a VPN – personal privacy.
Privacy is not automatic with a VPN
An effective and well-managed VPN is an invaluable privacy enhancer that can securely encrypt your activities, keep your ISP or other parties from reading your messages, and unlock doors to content where you have been locked out before based on your geographic location. But, this is not an automatic privacy upgrade. Studies have found numerous examples where VPNs actually damaged user security by leaking their traffic details, adding ads, not fully encrypting user data, and selling user data. The difference has to do with how the VPN postman works and the basic business model.
The VPN mailman knows a lot
VPNs are often described as a private tunnel for two parties to securely communicate through. And that is not quite right. At Avira, a VPN is described as a registered, certified mail that both the sender and the recipient have to sign for before they can open that envelope. This metaphor is more accurate as a VPN is a three-party effort where the provider is the mailman who knows what’s coming and going.
With the VPN provider as a de facto mailman, he is (hopefully) placing your communication into an encrypted envelope and moving it along securely to the destination. And, you are also trusting that he is not opening those magazines in a dark corner or talking about what letters went where. The simple point is that like a mailman – the VPN has lots of private information and metadata about who is sending and receiving letters. Otherwise, the post office just can’t make the connection.
The critical difference between a postman and a VPN provider is that the government usually enforces standards on mailmen. While some magazines might be read and dogeared before they reach their destination – most get there intact. But with VPNs, the definition of what and how they do are far more nebulous. And, there are limited enforcement options for weeding out the suspect ones. Here are six privacy points to consider when selecting a VPN.
1. Who is logging my data?
Every VPN provider has access to data about what you do and where you go – whether or not they admit to logging your activities on a moment-by-moment basis. If a VPN provider promises to not log any user data, it’s just that – a promise that that this information is not recorded for posterity. It also is a promise that is impossible for you to verify by yourself.
2. Who is selling my data
Some VPN providers resell data on and about their user’s activities. After all, holding the funnels where data passes through from thousands of users provides them with an interesting stream of data on activities and interests. This can lead to the VPN displaying targeted ads – just the situation VPN users want to avoid in the first place.
3. How am I going to pay for this?
VPNs usually come with some bandwidth restrictions – especially the free ones. This is where your lifestyle and location can make a big difference. If you are streaming or downloading a lot of media content, your bandwidth requirements will be much higher. In addition, if you use a VPN on your mobile device, you can also use a significant amount of bandwidth with navigation services.
4. Can the government get my data
Some VPN marketing is built on allegedly providing you with government (free) data security. Their premise there is that the only really secure VPN is one based outside in a country which is not party to the 5 Eyes, 9 Eyes, and 14 Eyes Alliance Agreements, where intelligence agencies can exchange information between themselves, tap into VPNs operating in their jurisdiction, and watch everything.
5. Is data handling up to GDPR levels?
If a VPN provider is operating in the EU, they are bound to secure and protect data collected from users under the GDPR regulations. Failure to do this means public reporting requirements, potential penalties, and a damaged reputation. This requirement does not exist equally in all countries. Like it or not, GDPR puts the onus on companies based in Europe to be more careful with the private user data collected and stored. Contrast this to companies sited in a no or low-data protection environment.
6. How transparent is my VPN?
Transparency matters, especially when it comes to privacy. During 2018, Avira recorded 13 requests for information on Avira Phantom VPN user – which resulted in no disclosures of user information. Even more important, there were no National Security letters, no gag orders, or warrants received from any government organization