Are VPNs Really Safe?

That depends what you mean by ‘safe’. Different people have different reasons for using a VPN so you can make a case for both sides of this issue depending on just how much safety you’re looking for. So, in this post, I’ll try to look at both sides of the issue and let the VPN user decide if it offers the degree of safety they are looking for.

The Case for Using a VPN

Just what is a VPN anyway? To understand its safety features, you first have to understand precisely what it is capable of doing.

Not all VPNs (virtual private networks) are created equal. For this reason, there are a lot of misleading diagrams of how they work. Most such diagrams don’t include the ISP, though this plays a role in all VPN-related connections. The diagram below, modified from SunVPN, is closest to depicting how a VPN actually works. (It should not be interpreted as any form of endorsement.)

vpn connection

When you connect to the internet, you do so with the help of an ISP (internet service provider). They will help you access the servers for web pages you want to look at. In so doing, they know what websites you are visiting. They routinely keep logs of such visits in case such information is needed later.

If you use a VPN, you get an encrypted connection to the VPN server that you requested. The ISP will only see that you requested a particular IP address. After you connect with the VPN server, the ISP will have no idea of what websites you are visiting. You could even connect to another VPN.

It is possible for an ISP to block you from accessing certain sites. Repressive governments frequently do this. However, if you use a VPN, they cannot block this access. This is why VPNs are used in China to visit certain websites that the government doesn’t want their citizens to see. It is also the reason why Russia is considering banning VPN use.

If you live or visit a foreign country, you may find that there are a number of U.S. sites that will not give you access. Certain YouTube videos, for example, will give you the following message.

vpn youtube

In fact, I first became aware of the benefits of a VPN when I was living in Afghanistan and wanted to download some videos for my students. I was able to spoof my IP address by using a VPN server in the U.S. to make it appear as if I was in the U.S. and everything was fine. This is called, ‘geo-spoofing’.

Your company, school, or organization may also try to restrict your browsing for any number of reasons. Perhaps, they even keep a record of where you’ve been online. Enter VPN. Now, they will only see that you connected to the VPN and nothing more.

Using free public WIFI servers is always dangerous as it leaves you open to attack. Bypassing the local servers with a VPN is always recommended.

File sharing sites offer downloads of movies, TV shows, and music via peer-to-peer sharing. Some governments frown on such ‘sharing’ and may even prosecute those who download material using these sites. In such cases, VPNs can be used to hide your identity.

Since your IP address gives away your location, companies will often target you for certain, location-specific ads. This can be annoying if you are in a foreign country and are suddenly given content in the local language rather than the language you are used to. Google has the bad habit of trying to foist their localized version on you whether you like it or not. VPNs can get around this by the same geo-spoofing techniques outlined above. At least the ads that target you will be in a language you can comprehend.

The Case Against VPNs

How much do you trust your VPN provider? The answer to this question will help you decide whether a VPN will meet your needs. Although your local ISP will not be able to see your browsing history when you use the VPN server, the VPN provider can. Many VPN providers will promise you anonymity but, again, can you trust them? It would be a relatively easy task for government agencies to learn what VPN you use and then pressure the company to hand over its records on your browsing history. If the company does not maintain such records, law enforcement can pressure them to begin recording your browsing history. Let’s face it, few VPN providers would want to risk their businesses over the browsing history of one questionable user.

When I used Skype to speak to a friend in China, I was surprised to find that it was possible. After all, Skype has been banned in China since last year. Actually, this is not really true. It seems to depend on what server you use Skype on, because, as long as the government has access to the servers in control of Skype-based communication, it wouldn’t really matter. The person I spoke to was using a VPN. On the surface, that sounded promising, but would China allow any VPN to be used that did not allow it access? In fact, China would not license any VPN that did not agree to give it access to its records. Sure, you may be able to use Skype and even a VPN from your hotel in China, but I doubt if your communication is as secret as you may think it is.

Privacy experts suggest that you do not use VPN servers located in the following countries.

U.S.
U.K.
Australia
New Zealand
Canada
France
Norway
Denmark
The Netherlands
Belgium
Italy
Germany
Spain
Sweden

Although these countries may not be considered repressive, they have all been known to spy on their citizens or pressure VPN companies for information. Of course, most people don’t worry about maintaining such a high level of privacy, but, for those who do, all VPN communications should be directed through more neutral countries. Some privacy experts claim the safest servers are located in Switzerland, Romania, or Panama, though others say that no VPN can offer complete privacy.

There are a few reasons why you may not want to use a VPN for downloading files or videos from file sharing sites. The most practical reason is that VPNs will slow down your browsing and downloading. In addition, some VPNs will block you from downloading from major file sharing sites. Also, keep in mind that whatever you download may be recorded by the VPN provider.

It is not necessarily true that a VPN will protect you from targeted ads. Some VPNs come with built-in ad programs that will try to lead you to a variety of sites. Some will also track your browsing in order to present targeted ads. Keep in mind that free VPNs aren’t providing their services just because they like you. Mostly, they make money by doing something else, like selling your personal information. This doesn’t mean they are useless for most people, but they do have limitations in terms of privacy.

For Those Concerned with Greater Privacy

Good VPNs need to be paid for. They generally cost between $3 to $5 a month. They should offer strong encryption, anonymity, numerous servers, and be located in a relatively non-repressive country. They should not keep logs of activity and should permit torrenting (P2P) connections.

Some privacy experts say that VPNs offer only promises and nothing more. They suggest using the Tor browser with a VPN for maximum privacy. Remember that all browsers offer privacy settings that can be maximized, but none are ultimately as safe as Tor. On the other hand, Tor slows down browsing.

Concluding Thoughts

Nothing you do will guarantee 100% privacy online, but for most people a good VPN will serve their needs. Although free VPNs have a number of shortcomings, they will still give basic VPN services and that’s enough for most people. However, if you have a job with an organization that could be a target of government agencies or hackers, and you are connected to its network, consider stronger security actions. Most companies and organizations will require those with connecting privileges to meet basic security guidelines. Those guidelines may or may not include the use of a VPN. In such cases, weaknesses in the VPN could be exploited by malicious actors. VPNs alone do not offer enough protection for a corporate or organizational network that is trying to protect sensitive information. More state-of-the-art architectures are needed for that.

In short, VPNs should be considered a good first step in protecting your privacy, but nothing more.

 

About Steve Mierzejewski

Marketing consultant for InZero Systems, developer of the next generation in hardware-separated security, WorkPlay Technologies, TrustWall and Mobile bare-metal virtualization. I've worked in Poland, Japan, Korea, China, and Afghanistan. I'm a writer, technical editor, and an educator. I also do some work as a test developer for Michigan State University.
This entry was posted in Uncategorized and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s