It’s safe to say that plenty of the shenanigans you get up to online are being tracked, logged, or monitored by someone. Whether it’s an advertiser getting your attention based on the window shopping you did during Prime Day, Facebook suggesting friends for you based on your interactions on Instagram, or your Internet Service Provider (ISP) sending you a cease and desist letter for trying to download an illegal copy of Midsommar, someone probably knows what you’re doing online.
Which is why a Virtual Private Network (VPN), a service that obfuscates your online activity, can sound so appealing. A VPN creates a secure, encrypted connection from your device to the web, disguising your IP address and online traffic. From there, depending on your VPN of choice, you can essentially pretend to browse the web from anywhere without revealing where you actually are. They won’t make you completely anonymous online, but they can help to keep your browsing data private, usually at the expense of a small dip in internet speeds.
“VPNs have exploded in the marketplace since the rollback of the Federal Communications Commission’s broadband privacy rules in 2017, because people usually don’t trust their ISP,” says Jerome Joseph, policy counsel at the Center for Democracy and Technology, an online privacy advocacy organization. “And they saw VPNs as a way to avoid the watchful eye of their ISP.” The repeal, signed into law by President Donald Trump, gives your ISP carte blanche to sell your web traffic-related data to marketers, finance companies, and other interested parties, all without your consent.
Now that ISPs are able to sell and profit from your web traffic, it makes sense that so many people are interested in protecting their activity. But even VPNs might not be a silver bullet when it comes to privacy, experts say.
“More often than not, VPNs just shift your risk,” says Gennie Gebhart, associate director at the Electronic Frontier Foundation (EFF), a digital privacy advocacy group. “They don’t eliminate privacy risk.” That’s because a VPN, like your nosey ISP, still has to see your web traffic in order to protect it — so if you want to use one, you should make sure it’s one you can trust.
How can you tell which VPN is on your side? And which ones are playing fast and loose with your data? Pricing is a huge giveaway. “In general I think users should stay away from free VPNs,” says Joseph. “There is no such thing as free; your data is their product.” The most popular paid VPN services usually cost around $10 a month.
Other factors, like a VPN’s server location or locations, data logging policies, and past responses to requests for data by law enforcement, are all worth considering as well to consider, but don’t guarantee protections. “The laws might change in the country where [a VPN is] based,” says Gebhart. “It’s such a moving target, choosing the right VPN.”
There are tools that can help you pick a VPN. VPN database That One Privacy Site makes it easy to compare and contrast different services depending on your needs. Still, with over 180 entries to look through, you could be there for a while.
While you might not be able to fully trust your VPN when it comes to protecting your sensitive data, that doesn’t mean using one is inherently bad. Some VPN companies, like TunnelBear, have gone a bit further to earn users’ trust, turning to independent security firms for an unbiased audit of their services. In 2016, the company hired Cure53, a security firm that tests sites and services for vulnerabilities. The benefits of that move are twofold: it provides companies like TunnelBear with information necessary to bolster their security measures, and inspires confidence in potential customers. Since TunnelBear’s audit, companies like NordVPN — which says it doesn’t log user data — have also participated in independent security audits. While Gebhart says this is a step in the right direction, it’s still no guarantee you’re completely safe. “It doesn’t mean I can recommend them,” she says. “And it doesn’t mean you can trust them. But it is a relevant fact.”
Still, the benefits of using a VPN mean it’s worth considering one, depending on what you’re looking to accomplish. They can help keep your data safe from ISPs and other trackers, sure. But if you’re thinking of using one to protect yourself from hackers, you may not need to bother. The Internet’s increasingly widespread adoption of the HTTPS security protocol, which encrypts traffic between yourself and an HTTPS-supporting site, has led to a more secure internet overall, WIRED reports. And it’s only getting better. A report from W3Techs, which tracks various technology standards used online, says 65% of the top million websites use HTTPS encryption. Even more secure standards like HSTS — which completely rejects all unsecured web traffic — are being adopted as well, although only 10% of the top million sites use the newer security protocol so far.
Want to protect yourself without coughing up some dough? Gebhart believes people should master the basics of safer browsing before considering paying for a VPN. That means choosing a privacy-focused web browser like Brave or search engine like DuckDuckGo, keeping an up-to-date password manager for creating and securely storing unique passwords, and enabling two-factor authentication on your devices and services wherever possible.
As for keeping yourself secure from the boogeyman that’s trying to see your internet traffic? “A lot of the risks we used to worry about are less prevalent now,” Gebhart says. “One might even assert that they are gone.”