CybersecurityIs your VPN secure?
About a quarter of internet users use a virtual private network, a software setup that creates a secure, encrypted data connection between their own computer and another one elsewhere on the internet. Many people use them to protect their privacy when using Wi-Fi hotspots, or to connect securely to workplace networks while traveling. Other users are concerned about surveillance from governments and internet providers. However, most people – including VPN customers – don’t have the skills to double-check that they’re getting what they paid for. A group of researchers I was part of do have those skills, and our examination of the services provided by 200 VPN companies found that many of them mislead customers about key aspects of their user protections.
About a quarter of internet users use a virtual private network, a software setup that creates a secure, encrypted data connection between their own computer and another one elsewhere on the internet. Many people use them to protect their privacy when using Wi-Fi hotspots, or to connect securely to workplace networks while traveling. Other users are concerned about surveillance from governments and internet providers.
Many VPN companies promise to use strong encryption to secure data, and say they protect users’ privacy by not storing records of where people access the service or what they do while connected. If everything worked the way it was supposed to, someone snooping on the person’s computer would not see all their internet activity – just an unintelligible connection to that one computer. Any companies, governments or hackers spying on overall internet traffic could still spot a computer transmitting sensitive information or browsing Facebook at the office – but would think that activity was happening on a different computer than the one the person is really using.
However, most people – including VPN customers – don’t have the skills to double-check that they’re getting what they paid for. A group of researchers I was part of do have those skills, and our examination of the services provided by 200 VPN companies found that many of them mislead customers about key aspects of their user protections.
Consumers are in the dark
Our research found that it is very hard for VPN customers to get unbiased information. Many VPN providers pay third-party review sites and blogs to promote their services by writing positive reviews and ranking them highly in industry surveys. These amount to advertisements to people considering purchasing VPN services, rather than independent and unbiased reviews. We studied 26 review websites; 24 of them were getting some form of kickback payment for positive reviews.
A typical example was a site listing hundreds of VPN companies that rated more than 90 percent of them as 4 out of 5 or higher. This is not illegal, but it skews evaluations that could be independent. It also makes competition much more difficult for newer and smaller VPN providers that may have better service but lower budgets to pay for good publicity.
