How Secure is a VPN Connection?

Over the past few years, it has become more common to use virtual private networks (VPNs) for extra security when browsing the web. Originally used for workers to connect to their company’s network from different locations, it has been expanded into private use with an overall goal of privacy. In addition, VPNs can be utilized to get around political and geographic blocks on the internet.

The Demand For VPN

Because of the rise in popularity, hundreds of different service providers have popped up in recent years in an effort to capture some of the massive demand in VPN services. Geographically separated servers, high levels of encryption, protection from different browsing vulnerabilities, and no logging policies are some of the benefits these service providers tout, though some live up to promises and others fall incredibly short.

Customers investing in VPN technologies put a lot of faith in the service providers, but how secure are they? The answer is- it depends. It depends on many factors to include location, how true the provider is to their stated policies, technologies being employed, and even what you are attempting to accomplish using a VPN.

Why Using a VPN is More Secure

The internet, as advanced and expansive it has become, is still a digital jungle- where stepping in the wrong place or not watching your back leads to hackers easily stealing sensitive information or authoritarian regimes restrict your access. For all the different types of attacks and traps that are hidden in public networks, it is best to avoid the cesspools all together by employing a VPN.

Browsing the Internet

Using public Wi-Fi hotspots, like the ones found in an airport, coffee shop, or hotel lobby should be avoided due to the risk of a bad actor hijacking or snooping on your connection. Internet Service Providers may even be infringing on your privacy by selling and sharing your personal information.

If you find yourself connecting to an unsecured, public WiFi network, you are risking putting all of your traffic and potentially even your computer’s hard drive at risk. Let’s say you are checking your bank account while connected to a public access point in the Mall. All it would take for someone to see the activities and systems of everyone else connected to the same network is a simple browser plugin.

Encryption Protection

A VPN has the ability to encrypt, or scramble, data so that a hacker is unable to snoop in or tell what a person is doing online. It acts as a tunnel that cannot be penetrated. Anything that goes through this tunnel cannot be viewed.

When you connect to a public WiFi network via VPN, your real IP address will also be masked. This will make your location and browsing activities much more difficult to be monitored. This time, when you check your bank account, you do not have to worry about someone snooping where they should not be.

Circumvent Geographic Locations

Any technology that is utilized to refrain users from having access to specific websites or content on the web is known as geo-blocking. Many broadcasts and companies attempt to restrict the locations in which content can be viewed in order to prevent it from being streamed in other countries.

An example is attempting to watch a US sports stream from the US or vice versa. You might be blocked or required to pay a fee.

VPN Masks Your IP Address

A VPN can sidestep these restrictions by making your connection take on the mask of an IP address in a different country. The same feature of VPNs that allow this also helps keep individuals safe from authorities at the state and local level around the world.

Many non-democratic countries block certain websites within their borders with the goal to censor what is viewed. This gives governments control of thought and makes it harder for people to organize protests by using online sources.

Malware Avoidance

Some of the VPNs come equipped with standard security features in an effort to combat and prevent fraud. Bundled with antimalware, antispyware, and even anti-adware, some VPN service providers will protect you from threats from viruses and malware. If a virus is attempting to steal personal information, the VPN will detect a viral signature and stop the download long before the transfer is able to complete.

Certain anti-phishing features may also exist, preventing anyone from attempting to steal usernames/passwords the moment you try to log into a service that looks real, but maybe a malicious site. While some services may not function as well as some of the big proprietary names in the market, the fact that VPN developers are implementing an all-encompassing approach to security makes their products that much more attractive.

Issues with VPN Security

While it has become commonplace to employ virtual private networks for privacy in security, there are definitely pitfalls and shortcomings that need to be taken into consideration. These shortcomings and vulnerabilities are caused by law and federal policy, systemic issues, configuration, geographic location, and more.

IPv6 Leaks

IPv6 is a new communications protocol to replace the old deprecated IPv4. It is a protocol for communicating on the web and has more built-in security and is able to support an infinite amount more devices than its predecessor.

While IPv6 is newer technology, many devices are still not using it because ISPs are slow to adopt it. So now there exists an internet where many systems are communicating via IPv4 and others by IPv6. When an IPv6 device tries to communicate with an IPv4 device and vice versa, a mismatch and possibly a leak can occur.

Research of Cyber-Attacks

This article details researchers who tested different VPN providers by attempting cyber-attacks. They ended up finding 11 of 14 providers that were tested leaked information to include websites the user was accessing, as well as communication information. Leakage can occur because of misconfiguration, there are still VPN providers only protecting IPv4 traffic. This is definitely something that needs to be researched before selecting a VPN provider.

Monitoring and Logging

In order to ensure the security of a VPN, all internet traffic must pass through between a user’s computer and the VPN server, all through an encrypted connection. You need to have the assurance that your connection information, between you and your VPN provider, is not being logged. Depending on location, VPN companies can monitor all online activity that occurs. This can include actual user traffic.

How The Data is Used

When this data is logged and retained, it can be available for legal entities to view should the organization come under an audit or other legal issues. Logs can be kept to help maintain servers, or even to collect every bit of information on you they can to nefariously sell it to a third party. Not only does this defeat the purpose of employing a VPN, but you could potentially have your information leaked and sold.

Look At The VPN Provider’s Policy

When it comes to the logging of connecting data, internet traffic, and browsing habits. Simply stating that log collection does not occur on the website doesn’t mean you should trust it at face value.

Laws and regulation of where the server as well as where the originating company provides may force log collection. Look at policies and terms/agreements to also confirm any concerns you might have with logging that may be performed.

Cookies and Web Trackers

Even while using a VPN, where your internet traffic and data is encrypted, certain websites such as Google and Facebook are easily able to see your activity through the use of cookies. Cookies tend to be used in order to allow user customization when it comes to changes through the website. This is what makes your search history function. Information stored in cookies can include your name, location, IP address, authentication data, saved preferences, and other activities.

What Cookies Are Used For

Once personal information is obtained through cookies, some websites will use the collected data to send to targeted ads. This information is no longer in the control of you or the website once it falls in the hands of advertisers.

Even on and off the VPN, cookies can still connect your identity. It is best to use a completely different browser in incognito mode for any browsing activity, and then connecting through a VPN. This is the only way to mitigate cookies collected/created during a regular browser session do not bleed over into your VPN connection.

Payment and Identity

Privacy is a major goal for many individuals who use a VPN service. Protecting your identity and activities is paramount and expected. A VPN, though, does not make you completely unidentifiable.

Rather, you are hiding your information from your ISP, but the servicing company providing the VPN knows who you are. While this goes hand in hand with whether your VPN service provider keeps logs or not, how it takes payment can also matter.

Third Party Payment For VPN

If you are not able to anonymously pay for your VPN service through the likes of bitcoin or through a secure third party provider like PayPal, you are potentially exposing private information to a company overseas that may use it for nefarious purposes.

A VPN service might also require more personal information when registering such as name and address. Anything requested outside of an email address should be avoided.

Lying About Location and Technology

Some VPNs will lie about their server locations to attract more customers.  The ones who claim able to browse as if you were in Iran or North Korea, as well as smaller territories are most likely lying as these locations are incredibly hard to obtain private internet in.

Some services have also been flagged for not actually providing the level of encryption or tunneling protocols advertised. Rather than use SSTP or OpenVPN, certain VPN services either used obsolete technologies like PPTP, or saved the more powerful encryption for a higher level subscription.