Home   Business   Article

Subscribe Now

When a guardian becomes a threat: The case of VPN providers




Sponsored Editorial

Recent developments around the Investigatory Powers Act (fondly known as the Snoopers' Charter) and the new Online Safety Bill have again stirred conversations about people's right to digital privacy. Security researchers and privacy advocates have warned that undermining encryption technology, even with the best intentions, could threaten people's future online safety and security.

In this climate, VPNs are being hailed as the last sanctuary for maintaining some online privacy, as witnessed by increases in keyword search terms like “Free VPN” and “Is NordVPN good?”

.

A VPN can be the answer to the average citizen's concern about random digital surveillance, provided you choose the VPN service provider carefully.

What does a VPN do?

A VPN offers two essential security features. Firstly, it obscures and protects your IP address to prevent websites, snoopers, and hackers from pinpointing your location and identity.

Secondly, it protects data "in transit" while moving over a network between devices. For example, when you visit a website, your device requests the information, and the data from that webpage travels from the website's servers to your browser. While in transit, the computers passing along the data can examine the contents of the exchange.

Your VPN first encrypts the data to make it unreadable to the computers that will handle it along the way and then passes it on via a secure, private communication channel directly to the destination. Snoopers can't read or divert messages, so your online activities remain hidden from your ISP and other enterprising individuals.

Can you trust your ISP?

According to UK law, your ISP must log and save a record of your traffic, including who connected to what app or website, where they were at the time, and when they did so. Your VPN supplier is under no obligation to do so. When you buy a VPN subscription, you sidestep your ISP's data collection obligation by transferring the (non-)burden to your VPN.

However, that means you now place all your trust in your VPN. VPN providers can, technically, keep full user data logs if they choose to. Unfortunately, some premium VPN providers do this despite claiming a no-logs policy. That is why picking a VPN provider with an audited and proven no-log policy is critical. If you choose the wrong VPN, you're just swapping your user data from one server to another.

The darker side of the VPN industry

It is not uncommon for VPN providers to log your data and sell it for profit. Many VPN companies claim a "no logging" policy. However, a different picture emerges after diving into their opaque privacy policies.

ISPs in the US have had the right to sell users' data since 2017. In the EU, the GDPR protects user data.

The UK's data laws are still based on GDPR and don't allow ISPs to harvest personal data for sale. However, ISPs may "share" your data with business partners, including ad networks, and incidentally reap returns much like Meta and Google's business practices. That's the case even for some VPN companies that advertise a "no logging" service.

Is privacy a moot point in the UK?

Several years ago, five countries signed an agreement to share information, including digital data, for their respective national security purposes. The alliance has grown to fourteen member countries who, by agreement, disrespect the privacy laws and digital anonymity expectations of their citizens.

The Eyes Alliance countries collect data from your digital activities, such as web browsing and emails, as well as phone calls and messaging apps, and share the collected intelligence among member countries. They can force VPN providers based in the 14 Eyes Alliance to reveal their client’s private information and activities.

The effect of the 5/9/14 Eyes Alliance on your choice of VPN provider

In some countries, including the US and UK, ISPs must keep logs. They've been the intelligence agencies and law enforcement's first line of surveillance for years. A UK- or US-based provider could be forced to provide access to your data, even if it's encrypted, as has happened on at least a few occasions. A gag directive may accompany such an order, so you'll be kept in the dark until it's too late.

The 5 Eyes states are home to many prominent tech and cybersecurity businesses, such as IPVanish (which was caught logging despite their no-logs policy in 2016) and HideMyAss (which is UK-based).

- HideMyAss is a UK VPN provider and must log user data and provide it to the UK government on demand under the Snoopers' Charter. They have repeatedly handed over customer records to authorities.

- IPVanish is a very prominent US-based VPN that claims to have a no-logs policy but has provided the FBI with user logs on at least one occasion in 2016.

This information leads to a straightforward conclusion: Your VPN provider should be based outside the 5 Eyes Alliance and outside any of the 5/9/14 Eyes Alliance countries.

Additional risks to choosing the wrong VPN

Free VPNs carry many risks to users. They often lack adequate security measures or contain backdoors, making users vulnerable to cyber threats such as malware, hacking, and phishing. Mobile phone app stores are also awash with malicious free VPN apps.

Free VPNs also typically offer slow internet speeds because their servers are overloaded. Some do not properly hide your IP address and lack the resources to protect your privacy.

However, the most significant risk comes from their business model. Free VPN providers may sell your browsing history to ad networks. Since your network traffic passes through their servers, they have full access to all your activities and data, which means that using a free VPN could defeat the purpose of using a VPN.

How to select a trustworthy VPN service

Choosing a VPN service provider is not a trivial matter. This company will be handling your most intimate digital secrets. Here are some features you should look for:

- Audited no-logs policy: A reliable VPN will never track or store your online activities and must be able to prove this.
- Strong encryption: Look for VPNs that use advanced encryption protocols like AES-256.
- Based on OpenVPN and WireGuard secure VPN protocols: The app should also have a kill switch, DNS leak protection, and IPv6 support.
- Responsive customer support: It must have 24/7 personal customer support through multiple channels.
- Extensive server network: It provides better connection speeds.
- Compatibility: It must support all popular platforms like Windows, Linux, and Mac. Choose a VPN that you can install directly onto your router. That way, you can protect all your IoT devices and make your home network more resilient against hackers.
- Kill switch feature: This ensures your IP address is not exposed if the VPN connection drops.
- Split tunnelling: You can route some of your traffic through the VPN while the rest uses a regular internet connection.
- Transparent ownership and jurisdiction: An important factor for its legal obligations.

Don't leave your privacy to chance

Some may argue that only those with something to hide would care about being watched. However, governments may not be as benevolent as we perceive them to be. And, as speculated in the US press, countries could become more oppressive almost overnight.

VPNs can protect you against digital surveillance if you choose a VPN with a strict "no-logs" policy outside the 5/9/14 Eyes Alliance. Thoroughly vet the privacy policy, or you will leave your privacy to chance.



This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies - Learn More