With US Smartphone users spending an average of 10 hours per day online and legislation in the United States (and other countries) allowing Internet Service Providers to sell their users’ information to the highest bidder, people turn to VPN services to protect their privacy. But is a VPN enough for privacy?
Though a VPN is a great starting point, it can in no way guarantee complete online privacy when used alone. Your VPN provider can still keep a log of your online activity, which could still lead to your data leaking online depending on the VPN service’s terms and conditions.
Online privacy is similar to physical privacy. Hanging curtains in your windows will not protect your privacy if you don’t close them. Getting an alarm to protect your car isn’t adequate if you keep your car unlocked, uninsured, and leave the keys in the ignition. Similarly, a VPN can be beneficial to protect your privacy when used with some fundamental wisdom and care.
Why A VPN Alone Is Not Enough For Privacy
There are a few reasons why using a VPN on its own might not be enough for privacy. Without going into the territory of conspiracy theories, here are the most prominent reasons:
1. VPNs Are A Commercial Service
A VPN is a service that is owned and run by a commercial company. The company is out to make a profit, and there are expenses involved in building and maintaining the servers used to route and encrypt your traffic. To cover these costs, the VPN service company needs to get income from somewhere.
This is bad news for users of free VPN services. When a company offers you their VPN service free of charge, their only source of income is your private information. They can and will sell this information to cover their expenses and make a profit.
2. A VPN Still Tracks Your Data
When you create an account with a VPN provider, they ask for certain information like your email address, phone number, and so on. The VPN’s servers also keep logs of activity. These logs can easily be associated with your user account.
3. VPNs and Geolocation Data
We all use apps on our smartphones with different permissions. One of those permissions involves Geolocation, or “Location Tracking.” Using geolocation makes sense in navigation apps or weather apps, for example, but often some apps have permission to use your location when there is no logical reason for it to do so. We blindly accept and grant the permission.
A VPS cannot hide the data gathered by these apps. So even if you were to browse the web using a VPN on your smartphone, some apps on your phone might still be logging all the places you visit on a day-to-day basis and possibly sharing this information with the highest bidder.
4. Physical Address Logging
Every device that accesses a network through cable or WiFi connections has a hard-coded physical address (called a MAC Address) built into it. These addresses are unique across devices and indicate, among other things, the brand of the networking device you are using.
These MAC addresses are separate from IP addresses that tend to change regularly.
A VPN service can effectively block an IP address, but MAC addresses are often still traceable. Though this may seem unimportant, ISPs can still find some handy information by tracking your MAC address.
5. DNS Requests
A DNS (Domain Name Service) server is similar to the contact list on your phone. You search based on the name of the person you are looking for, and the contact list converts that into the number that you can dial. Similarly, when you want to open a website, a DNS server is contacted to convert the URL (for example, www.google.com) into an IP address that the device can link with.
Your Internet Service Provider usually owns these DNS servers. Though your VPN encrypts your connection to the website you are accessing, the DNS requests are not encrypted. This means that your ISP still has a list of all the websites you are accessing, even if they don’t have details about exactly what you do there.
Tips For Better Privacy While Using a VPN
Even though a VPN in itself is not enough for privacy, thankfully, there are some ways you can keep your private information safe.
1. Don’t Use A Free VPN
Seriously. Don’t. As mentioned before, the VPN owners need to get an income to maintain the service and profit. When you use the service without paying for it, the company can only make money by selling your information. Remember, if you’re not paying to use a service, you are not the customer – you are the product.
2. Use A Reputable VPN With Limited Logging
Most VPNs track data and keep logs of this for between 14 and 30 days. Opt for a VPN provider that tracks as little as possible and does not keep records for long.
Many VPN services are claiming that they do not track any user activity or keep data logs. These are the ideal VPN services to choose from.
3. Take Note Of App Permissions
One of the most shocking activities you can do is go through your smartphone’s app permissions list. Sometimes the results can be scary. Apps that do nothing but show you the news, and yet they “need” permission to access your location, phone call logs, and your contact list. This is just one example – there are too many to mention.
Do yourself a favor. Evaluate the list of apps installed on your devices and see what permissions they have. Disable any permissions they don’t explicitly require for it to work, and take note of the permissions you allow to stay on. These permissions could lead to vast amounts of data being leaked that the VPN has no control over.
4. Use VPN Tunneling
VPN tunnel mode has to be configured explicitly in your VPN client. It allows your device to deliver all traffic to the VPN server instead of your ISP’s servers, including DNS. Using VPN tunneling, the VPN server will resolve your DNS requests instead of using your ISP’s server, which in turn means that your data remains safe.
5. Use Alternative DNS Servers
If VPN tunneling isn’t an option for whatever reason, you can still configure most devices to use different VPN servers. Google offers their DNS servers free of charge, but this is not a good idea for privacy either (remember the quote about a free service?).
There are free public DNS options, though, like FreeDNS. Commercial companies do not own these servers, and they do not keep logs or track data. You can configure your device or your VPN to use these DNS servers rather than the default one offered by your ISP.
Not all VPNs are created equal. While some are great and offer a reliable service, others are less effective at protecting your privacy. The fact remains, though, that no VPN is enough for privacy on its own. You still have to do everything that you can, along with a good VPN, to ensure that your data is safe and only shared when you choose to.