Think your VPN is Safe? Think Again.
VPN use is widespread and for good reason: it brings large security and privacy benefits to end-users as it shields internet usage from prying eyes. But what if the VPN provider you’re using is susceptible to foreign government interference?
What if your VPN provider’s host country provides little in the way of data protection legislation? Have you considered whether the owner of your VPN service takes data security seriously at all? VPN users don’t always ask these questions – but they certainly should.
Why private VPNs are so popular
VPNs have a traditional enterprise use case: remote users log into corporate systems using a dedicated VPN that tunnels traffic between the user’s device and the corporate network. However, this implementation is becoming less common as so much enterprise data is now hosted in the cloud. Nonetheless, VPNs are still very popular – for a very different reason.
When most current users refer to VPNs, they refer to a service which tunnels internet traffic through a remote server, often located in a different country, all under an encryption layer. VPNs are used to remove internet traffic from prying eyes – VPNs can effectively obstruct WiFi and ISP snooping. Users of a foreign-based VPN can evade local internet restrictions as well as local attempts to snoop on user behaviour.
The VPN ownership story
So, modern-day VPN use is all about security and privacy. Yes, in principle, a VPN can limit the exposure of internet traffic, but many VPN providers keep logs and records of your use of their services (some don’t). Furthermore, all providers render the VPN service in the first instance, so your VPN has access to all your internet traffic.
As a result, it matters who owns your VPN service, but this is not always clear, and a recent report by security research company VPNpro has caught many VPN users by surprise. To start off with, VPN users may be surprised to know that 97 popular VPNs are owned by just 23 companies. Furthermore, many VPN users will be surprised to know where the owners of their VPN services are located.
In one example, Chinese-owned Innovative Connecting owns three companies that offer VPN apps, including All Connected, Lemon Cove and Autumn Breeze – all in all the Chinese company operates 10 VPN products which appear to be unconnected at first glance.
Another example is Pakistan-based Gaditek, which owns seven of the most popular VPN services. Users of these services may not be aware that the Pakistani government can therefore access their data without obtaining a warrant – and that this data may be handed over to a foreign institution.
Several top IT news outlets have picked up on the story, including ComputerWeekly and Info Security Magazine, which correctly states that not all VPN services are created equally, pointing out that it is up to users to determine whether a VPN is reputable or not.
Why does VPN ownership matter?
If you’re using a VPN service in an attempt to guarantee data security and data privacy, it stands to reason that you need to know your VPN service of choice is relatively immune to government snooping and to security breaches.
From the data privacy angle, VPN users should be mindful of VPNs that are located in authoritarian countries like Russia or China, as very little stands between VPN users and government surveillance. Even though it’s unlikely that governments will be interested in day to day commercial VPN traffic, it is nonetheless a point of concern.
However, for most people, VPN use is about data security. The physical location of the owner of your VPN may be of less concern here, but the operator’s approach to data security is paramount. There is no point using a VPN to escape Wi-Fi snooping only for the VPN operator’s data streams to be laid bare to all and sundry.
That said, the location of your VPN operator does matter, because the median local approach to data privacy and security may simply not be up to snuff, compared to operators in the United Kingdom, Europe or the US.
How to ensure VPN privacy
A lot of use cases demand the safety that VPNs provide, employees who frequently use public Wi-Fi or who regularly travel around the world, for example. Yet equally important is choosing a VPN provider that you can trust.
Trust, of course, is difficult to establish and to some extent, it is down to due diligence. In other words, do your research and find out who owns your VPN. Also, read up on the VPN provider and see if the service has recently been in the news due to data leaks, or whether users are citing concerns.
It’s also worth looking into VPN functionality a bit more thoroughly – for example, does the VPN have a kill switch that will stop packets from travelling across the public internet when the VPN connection is lost? Indeed, is the VPN solution simple enough so that you can use it on a consistent basis whenever circumstances demand it?
VPN service with HTL
HTL provides our clients with resilient, trusted VPN services which enable access to enterprise networks, and act as a service that ensures data privacy and security while users are working remotely and travelling.
We’ve thoroughly vetted our VPN service partners to ensure that you can rely on HTL’s VPN service for end to end protection. Talk to us if you’re unsure about your existing VPN partners, or if you are just starting out with VPN use.