A VPN logo.
BERK CAN/Shutterstock.com

The best way to determine if a VPN is worthy of your trust is how transparent it is about how it handles your data. Look for blogs explaining its practices and third-party audit reports verifying the provider’s trustworthiness.

VPNs love to claim that they keep users’ data private and their browsing anonymous. However, because of the way VPNs work, you’re taking them at their word on most of this, meaning that you’re trusting them to keep you safe. Should you, though?

It’s not an easy question to answer. There are VPNs that shouldn’t be trusted for any number of reasons, and there are also ones that are likely safe to use. After all, we have a selection of the best VPNs we recommend to our readers; we wouldn’t do that if we felt there were no trustworthy VPNs.

Why Do You Need to Trust Your VPN?

Let’s take a look at why the question is even important, first. We use virtual private networks to hide what we do online and to spoof our location. The reason we’re hiding our online activity can be simply to avoid scrutiny from marketers, or could be because we’re torrenting files or trying to avoid surveillance from authoritarian governments.

However, while you may be hiding from Big Brother, the VPN also has the potential to have a lot of information about you. For example, most of them will have your email address, and if you paid by credit card, they likely have your name and home address, too—it’s why we recommend signing up anonymously.

On top of that, VPN providers also could know what you were doing online the whole time you were connected, negating much of the VPN’s usefulness entirely. To prevent this from happening, VPNs promise that they’re no-log VPNs, services that destroy any record of your online activity. After all, if there’s no record, there’s nothing to sell to marketers or to hand over to the authorities.

However, it’s very hard to prove that logs are destroyed, meaning that the claims VPNs make of protecting your anonymity are taken on faith. Thankfully, there are a few things you can do to make sure a VPN is worth your trust.

History Matters

Just like with people, one important way to predict a VPN provider’s future behavior is to look at its past actions. After all, if you lent your buddy Bob 20 bucks two months ago and he never gave it back, you’d probably not lend him another $20 if he asked again.

So, if you like a certain provider, but you’re not sure about it, we recommend you do some sleuthing to examine its past. For example, if you were thinking of signing up to Hola VPN, but searched the term first, you’d quickly come face to face with a litany of reports about the company’s past problems—the report by CNET is the most comprehensive.

In short, Hola VPN works by letting users use each other’s bandwidth—effectively letting you use another person’s computer to access the internet from their location. However, because of its poor security, it was easy for botnet operators to run amok, hijacking users’ internet connections and even enslaving users’ computers into their botnets.

Another example is PureVPN, which a few years ago assisted the FBI in catching a cyberstalker. There’s no doubt the person in question was deeply unpleasant, but it still worried a lot of PureVPN’s customers that the company had so readily cooperated with law enforcement—or that it had any information to hand over in the first place.

PureVPN defended its actions by pointing out that it has a policy against cyberstalking as well as a no-logs policy. Also, PureVPN threads the needle a bit by saying that the logs it shared with the police weren’t browsing logs, but instead connection logs. It seems like a razor-thin distinction, and we dinged PureVPN pretty badly in our review.

Does Your VPN’s Location Matter?

Another factor you may consider is where your VPN is based. If VPN marketing materials are to be believed, being headquartered in Switzerland, the British Virgin Islands, Panama, or wherever else is almost a guarantee your data will be safe.

In practice, though, it’s not as clear-cut. Naturally, a VPN that’s based in China is likely not too trustworthy, seeing as how the internet is curtailed there. Other than that, though, location doesn’t matter too much. As long as your VPN destroys your data, you should be safe. The question becomes, then, how do you know that your VPN actually does that?

A Look Into the Kitchen

Probably the most important factor to consider when choosing a VPN, though, is whether or not it’s open about its operations. To that end, many VPNs will now let auditors run loose in their operations for a while, after which a report will be published that gives a recommendation for consumers.

It’s a pretty good system, though it comes with some issues. Some auditors have a stellar reputation—take Cure53, for example, a non-profit foundation—while others, like the major accounting firms, do not. Accusations of corruption surrounding the Big Four accounting firms abound, and as such, it’s important to know who performed the audit and draw your own conclusions from there.

Better yet are VPNs that will tell you how their system works. A good example here is ExpressVPN, which in a detailed blog post went over how its TrustedServer technology worked—we say “worked” because the original post has been taken down, though you can still read our discussion of TrustedServer.

VPN Transparency

The best solution of all is if a service is entirely transparent. This is the sales pitch for decentralized VPNs, which promise to use blockchain technology to give users insight into how their VPNs work. That said, so far none of them have made it happen, and there’s no indication when they will.

Interestingly enough, there are also VPNs that are very honest about what they can and cannot do. One good example is IVPN, which on its web page explains what VPNs are designed for and when you don’t need to sign up for one. Though it may hurt the company’s bottom line, its honesty is refreshing—and inspires confidence.

However, the most promising development of all may be what’s called a user-audited VPN. The service that coined the phrase is Mullvad, a Sweden-based VPN with a great reputation and track record for privacy—read our Mullvad review for more.

According to a blog post, the goal is to eventually set Mullvad up in a system where any user at any time can see how it works. Of course, you wouldn’t be able to see what anybody else using the VPN is doing, but you could track what’s going on with your data.

Should You Trust Your VPN?

If trust is the goal, then Mullvad’s transparency effort will likely become the gold standard soon. It would mean that we no longer have to take VPNs at their word, nor even would need to trust auditors and the credibility issues some of them have. This way, you would be able to remove trust from the equation entirely: you could check for yourself if a service is treating your data with the respect it deserves.

That kind of transparency makes it easier to trust a VPN, and should make choosing the right one a lot easier.


Source link