We are skeptical of VPN providers, and you should be, too
VPNs are practically everywhere. In editorials, in advertorials, and featured by influencers on your favorite YouTube shows. There are ads for VPNs on websites, during television commercials, plastered on billboards, and on subway ads. There might even be a VPN ad somewhere on this very webpage right now.
VPNs, or virtual private networks, are a booming industry that claim to protect your privacy by keeping you anonymous on the internet by hiding your browsing history.
Don’t believe it. VPN providers are generally not good for your privacy.
Many people turn to VPNs, or virtual private networks, thinking that these companies can protect you from internet providers selling your browsing history, governments spying on you, and tech titans collecting huge amounts of data that track you across the web.
But where VPNs try to solve a problem, they can also expose you to privacy risks. That's why we're skeptical of VPN providers and their claims, and why you should be, too.
Cue our skeptics' guide to VPNs.
We have a simple flowchart that can help you decide whether a VPN is right for you and your circumstances. If a VPN isn't for you, we look at the tools that will improve your online privacy. And, if a VPN does fit your needs, the best VPN is one that you create, set up, and control yourself. And we have an easy guide that shows you how to set up your own encrypted VPN server.
Why we don't trust VPN providers
TechCrunch’s Romain Dillet has an explainer on everything you need to know about VPNs. In short, VPNs were designed for employees to virtually connect to their office network from home or while on a business trip.
These days, VPNs are more widely used under the guise of hiding your online internet traffic and tricking the streaming services you use into thinking you’re in another country when you’re not. That same technique has historically helped activists and dissidents bypass censorship systems in their own countries.
VPNs work by funneling all of your internet traffic through a virtual private "tunnel" to the VPN server, making it more difficult for anyone on the internet to see which sites you are visiting or which apps you are using.
But VPNs don’t inherently protect your privacy or give you anonymity. VPNs simply divert all of your internet traffic from going to your internet provider’s systems into the VPN provider’s systems instead.
That brings up the question: Why should you trust a VPN that promises to protect your privacy more than your internet provider? The simple answer is that you can’t, and you shouldn’t.
By far, some of the worst offenders are free VPN providers, which provide their services for no cost in exchange for monetizing your data. That means taking your internet traffic and selling it to the highest bidder to serve you targeted ads while you’re connected to the VPN. All of this to say, free VPNs offer little to no privacy protections.
Paid VPNs also don’t solve the problem of funneling all of your internet traffic to a potentially untrustworthy company. It's also reasonable to be suspicious of the offerings provided by some of the biggest tech companies, some of which make money from selling ads.
Some VPN providers also claim to protect your privacy by not storing any logs or tracking which websites you visit or when. While that may be true in some cases, there’s no way you can be completely sure. Privacy policies make promises, but we only have the provider's word for it. Some VPN providers have claimed they don’t store any logs but were proven false following large amounts of VPN user data leaking from data breaches, or by responding to legal requests that provide to police the kind of data the providers claimed they wouldn’t even store to begin with.
The best VPN is one you've set up yourself
It’s not to say that all VPNs are unscrupulous or invading your privacy. A core problem with VPN providers is that you can’t look under the hood and see what’s going on with your data.
That's why if you think you need a VPN, we recommend that you set up your own encrypted VPN server using software that has been inspected and audited by security researchers. We also show you how to get started.
You can also create and control your own VPN server through a cloud service, like Amazon Web Services, DigitalOcean, Google Cloud, Microsoft Azure, and others. The internet traffic that flows across your private tunnel is encrypted using a private key that only you possess. That means not even the cloud provider hosting your VPN server can see the data inside your private tunnel. Even if authorities secretly seize your server, the VPN data remains encrypted with your private key. In other words, the authorities will have to come directly to you to demand access to your private data.
VPNs can be useful for specific purposes, but it’s important to know their limitations. Don’t rely on VPN providers to protect your privacy or your anonymity.
If you think you need a VPN server, start here.