VPN tools put to the test
Data espionage, and alleged surveillance used against citizens and organizations are hitting the headlines more than ever before. The General Data Protection Regulation (GDPR) has also provided a great deal of discussion in recent months worldwide.
VPN has become a generally discussed topic amongst the media and the average consumer. At one point we all know that the use of VPNs can protect you from being tracked when you browse the internet. Recently, however, there are articles around claiming exactly the opposite—that VPN is just a myth.
What’s the truth behind this?
The subject of anonymous browsing and VPN proxy has gone through several stages as far as the interest of the population is concerned. A few years ago, only hackers and computer enthusiasts used VPNs and knew how to hide their IP addresses. Through numerous cases of copyright infringement notices from firms—mostly caused by music downloads using torrent software—even ordinary computer users have shown an increasing interest in anonymous web surfing with VPNs. Shortly thereafter, the issue of protection flared up. An endless amount of new VPN providers entered the market.
Security of VPN tools
On one hand, to simply claim that VPNs are not secure and would not provide adequate protection is not correct. It’s also wrong to suggest that VPNs offer 100% protection against all kinds of activities on the internet.
The question is, what kind of security can we really expect from the VPN providers?
A preliminary survey showed that most of the articles talking in absolutes and claiming that VPNs are not secure have been written by journalists and writers who are actually not VPN experts, let alone have computer science backgrounds. Most of the writers I could see so far are columnists with different areas of expertise, none of them around computer science. These articles should be read with a grain of salt.
More recommended and reliable sources include magazines such as WIRED, Linux Journal, MIT Technology Review, Popular Mechanics, and Popular Science (also known as PopSci). These sources so far responded favorably regarding VPNs.
Be very skeptical about the contributions of websites such as GoldenFrog, RestorePrivacy, and MakeUseOf.com. The message there is that VPN services are mostly a lie and everything around VPN is nothing but a myth. However, these articles do not put any weight on the different technical aspects of the topic, and also do not provide any proof whatsoever.
Dubious VPN providers are all around
First of all, it should be noted that there are a lot of VPN providers. Among them are dubious providers which tend to ride the trend and offer inadequately developed VPN software. There are also VPN providers who pretend to be VPN tools, but in fact are viruses and trojans—be very cautious: you should stay away from free VPN tools. Incidentally, we have provided a list of reliable VPN providers and reviews in our VPN provider list of 2019.
What data do VPN providers collect?
Since VPN providers demand money for their VPN service, they store the payment data of the user, such as their PayPal email, credit card numbers, and/or bank account details. The VPN servers however are anonymous—that is, in the case of a trace back, an agency or organization would only know that somebody used a VPN service. Non-traceable, however, is the traffic, i.e. the transmitted data. In this respect, your anonymity is secured in the data flow if you use legitimate VPN tools. That’s a fact.
We can’t confirm that the VPN providers allegedly create logfiles and also monitor the traffic—at least none of the reviewed VPN tools do. The rumors circulating so far could not go beyond mere speculation and assertion. So far, no case has become known in the public in which a user received a legal letter or notice despite the use of VPNs. Thus, it is clear that even when using torrent software and downloading copyrighted material data without the consent of the copyright holder (movies, music etc.), the authorities are unable to trace the data and IP of those users.
It turns out that the VPN connection failed or was configured incorrectly in all cases where users reported warnings in internet forums. And even then, all providers we listed below already responded to this issue and have so-called kill switches built in—this means if the VPN connection fails while using a VPN, the whole internet connection will be interrupted automatically. VPN tools such as NordVPN have shown the successful integration of such kill switches.
Vulnerabilities of Anonymous Surfing with VPNs
The weak spot is the computer, not the software. Even though organizations and authorities cannot track your data due to a VPN usage, the data would still be stored on your PC. Therefore, the evidence is right there on your PC; it’s just not traceable through your internet connection.
However, a search warrant can’t be issued just because of the fact that someone was using VPN software if there is no other incriminating evidence.
Fact is, during a VPN connection, not only is the IP disguised, but also the entire traffic is encrypted and therefore unreadable for anyone tapping into it. That is, only a presumption of an illegal act is not enough for a house warrant, at least not in countries such as the USA, Canada, Australia, New Zealand, and all of Europe.
Inevitably, that brings us to the debate of illegal actions. Of course, VPN was originally not intended to disguise illegal acts, even if it is very well suited exactly for this purpose. It is true that many users use VPNs for dubious actions. But since there are no empirical studies about the reasons why people are using VPN, it’s not possible to assume what it is being used for overall. All we know so far is that it has become extremely popular.
Nowadays, there are thousands of government reports available on the internet. In all cases, prosecutors as well as district attorneys failed to use the traffic in VPN’s as evidence as it was not readable due its encryption.
Interestingly, users have been involved in very different offenses, so the prosecution could ultimately find evidence by other means. There were cases in which the investigators were able to access unencrypted data on USB sticks, DVDs and hard disks. However, these cases were not built upon any evidence that was retrieved from internet traffic. Many people just can’t imagine tapping into internet traffic as the only way for investigators and authorities to gather evidence. Even so the internet traffic was secured via VPN, many legal cases were able to gather evidence from other vulnerable sources other than internet traffic. The internet traffic of users is not the only way for investigators and authorities to prove their point. Long story short, if you use VPN tools, authorities will have to up with other methods to collect the necessary evidence—and it won’t be your internet traffic as the VPN would have covered that at least.