When is a VPN Unsafe?

A VPN should secure your internet traffic, rather than compromise your data. Therefore, the choice of which VPN service to purchase is an important consideration. There are many VPN providers today, all of which offer very similar services, but apparently, not all VPNs are created equal.

At some point, a VPN becomes a security liability. For instance, VPNs are a security liability in countries where they are regulated since, according to WHSR, regulation defeats the purposes of VPNs: security and anonymity.

Having a VPN that compromises security and anonymity is as good as having no VPN. Spotting an unsafe VPN is not particularly difficult if you know what you are looking for. Some important factors you must consider in choosing a VPN provider include:

  • Activity logging policy
  • Encryption protocol
  • Service reputation

Usage/Activity Logging

Browsing with a VPN is basically routing your internet traffic through your VPN’s server. That means the VPN service has access to all your usage data and your internet activity can be traced back to your device. Given that anonymity and privacy are predominant reasons for VPNs, it is not safe for a VPN service to keep logs of user activity.

This brings us to the different policies that VPN services implement regarding activity logging. The types of logs a VPN service can keep are connection logs (metadata, diagnostics data, IP address, etc.) and traffic/activity logs (browsing history, downloads, purchases, etc.) Activity logs are the most critical and a safe VPN service must, at least, keep no such logs. Also connection logs must not be kept for longer than is necessary. Ultimately, the safest approach is a zero-log (or no-log) policy.

However, the problem is there are VPN services that claim to keep no (activity) logs but do otherwise behind users. You can’t simply take a VPN’s no-log policy at face value. To be sure of such claims, you must dig into their terms of service and privacy policy for logging information.

It is not enough to not log internet activity; after all, connection logs allow an activity to be traced back to you. If any logs are kept at all, by the company or a third-party, you need to know how long they are kept for.

Encryption Model

The best VPNs use the OpenVPN encryption protocol with AES 128-bit or 256-bit standard, which provides the highest level of security possible. At full capacity, it will take the most powerful computer in the world 885 quadrillion years to brute force a 128-bit AES encryption key. OpenVPN is an open-source encryption model subject to vetting by multiple third-party sources, working together to update the technology.

However, some VPNs are stuck with out-of-style technologies such as PPTP (point-to-point tunneling protocol). Its weak encryption makes it run very fast and easy to set up, but it also creates several security loopholes and can expose your infrastructure to man-in-the-middle attacks. L2TP, which is an extension of PPTP has similar issues. L2TP, because of its lack of native encryption is usually paired with IPSec and can support encryption algorithms up to AES 256-bit level. However, greater encryption slows performance.

You would require a VPN that works at peak levels without compromising security and safety. This is what an OpenVPN protocol offers. So does the newer IKEv2/IPSec protocol, which operates faster than preceding protocols and offers up to a 256-bit encryption level. Its major drawback is the limitation of supporting platforms/devices.

Another encryption feature to look out for is Perfect Forward Secrecy. PFS uses a temporary private key to encrypt VPN communications by sessions. Therefore, the scope of a breach is limited by default since only the data in transit is compromised while future data remains secure. A VPN service that does not have PFS enabled is a safety red flag.

Reputation

The reputation of a VPN service goes a long way in determining its credibility. You can spot many unsafe VPNs by reading reviews of their services from users. Sometimes, these VPNs offer too-good-to-be-true perks in order to cover their flaws and attract unsuspecting users.

In particular, be wary of free VPNs. It costs a lot of money for a VPN provider to maintain its servers; if they offer their service to you freely, then you can be almost certain that they are making money through some other means.

One of the means by which free VPNs make money is by serving personalized ads. Such ads are based on data provided by logging your internet activity, which as discussed above, is unsafe. Some of these VPNs steal data from your logs and sell them to third-parties.

Note: if a VPN has a free option does not mean it is not credible, but if the free option gives you access to the full range of available services, then you should be suspicious.

Another important consideration is support. How does the VPN respond to the concerns of its customers/clients? What channels of communication are available? Shady information regarding this is a sign that such a VPN is not right for you.

It is better to be without a VPN than to use one that is a security liability. Watching out for the signs explained above helps you keep your data safe and secure. Always note that a VPN provider is as safe as they are transparent.


Daniel Moayanda is a content writer, thought leader, and Entrepreneur. Founder of SEOorNothing.com, a digital marketing agency that provides topnotch web content, white-hat SEO strategies, and other online marketing-related services to help businesses rank better on search engines.


What’s Hot on Infosecurity Magazine?