4 July 2024
If you’re a frequent user of the Internet, you might have come across a sponsored advertisement for a commercial VPN (Virtual Private Network)*. Marketed as a privacy must-have, VPNs are said to protect your online activity from malicious actors and even your own Internet Service Provider (ISP).
This article explores the truth behind this claim and provides a non-salesman perspective to commercial VPNs and their contribution to user privacy.
* Commercial VPN services are different from workplace VPNs which, while using the same technology, generally serve a different purpose (remote connection into the office network).
How does it work?
A VPN allows you to establish a secure connection over the Internet. The way this works is, your traffic is routed through an encrypted tunnel to a VPN server, masking your current IP address and location. Once your traffic exits the tunnel, it will look like it’s coming from the VPN provider.
Do VPNs protect your privacy?
Generally, a VPN does two things:
1. Hides your IP.
Masking one’s IP can be useful to prevent bad actors, advertisers and your ISP from tracking your online activity and profiling you.
Your ISP particularly has a lot of power to see what websites you visit, just not what you’re doing on them. But a VPN can hide even which websites you visit.
Many VPN providers claim they keep a no-log policy, keeping all your activity private, but this claim must be taken with a grain of salt. Many no-log VPN companies have been caught keeping logs. And no one really knows what a ‘no-log policy’ actually means, and a true no-log policy would be terrible from a crime prevention perspective – imagine all the nefarious activity that a no-log VPN could enable. Many VPN companies still maintain usage logs to various extents because of this reason and legal requirements.
If you choose the right VPN, one that isn’t free (because their business model is built on selling your data), and keeps minimal logs, it’s a great way to reduce your trackable online presence, but it doesn’t eliminate it; your IP address is not the only thing used to profile you.
2. Keeps your traffic encrypted (although HTTPS already does that).
Most websites nowadays use the HTTPS protocol, which encrypts your traffic. Hence, an attacker that manages to intercept your traffic would not be able to read the information without the decryption key. The padlock icon on some browsers tells you the website uses HTTPS and is safe.
However, some use HTTP, the outdated and unsecured version of HTTPS. With HTTP, your traffic is sent in unencrypted plaintext which can be read and manipulated by bad actors. A VPN can help obscure your traffic while browsing these unencrypted sites.
HTTP is especially problematic if you’re using a public Wi-Fi network. A malicious actor sitting on an unsecured public Wi-Fi network can monitor, intercept or manipulate your traffic. This is called a man-in-the-middle (MITM) attack. For example, if you log in to a website, the username and password you submit could be snatched by someone sitting between you and the website.
Having a VPN to encrypt all your web traffic even when stumbling on an unencrypted site can protect you against such attacks.
Why you might not need a VPN
VPNs may be good for bamboozling trackers and putting on an extra layer of encryption.
There are still caveats to using VPNs as a privacy tool.
- Skeptics argue that a VPN is only redirecting your traffic to a VPN provider from your ISP. Hence, even if your ISP can’t see your online activity anymore, your VPN will be able to. You’re essentially handing over your information from one tech company to another tech company.
- Others say that the internet is already secure enough that a VPN is redundant. Most websites nowadays use HTTPS. Why pay for a VPN to encrypt your traffic when it is already encrypted?
- If you choose to use a free VPN, it may do the exact opposite of protecting your privacy, as the business model for many free VPNs is built on harvesting and even selling data.
- VPNs slow down your Internet connection for little returns on private browsing.
Why you might need a VPN – but not for privacy
However, a VPN can be excellent for other uses that aren’t privacy-related, such as bypassing geo-filters to watch another country’s streaming content, or accessing content restricted by censorship. For this reason, a VPN is not a choice but a must for individuals in some jurisdictions.
Takeaways
VPNs may help with privacy, if you choose the right one. Before you do choose to subscribe to one,
-
Think about the level of exposure on the internet that you’re comfortable with, and who might be compromising that limit.
-
Weigh the costs of not using a VPN and using one; for some, it’s 100% worth it, for others, it might be unnecessary.
For example, if you are a political activist in a restrictive country or a social media influencer, you may want to protect yourself against the government or potential doxxers. If you are someone whose online presence is not particularly targeted, you might be hiding from nonexistent threats – although precaution is not a bad thing.