Are VPN companies tracking your browsing data? If you’re concerned, you should be. A recent study by the Electronic Frontier Foundation (EFF) found that some VPN providers are collecting and selling user data, including your location, activities and contacts. The EFF study surveyed more than 100 VPN providers and found that a majority of them collect and sell user data. The providers included in the study include ExpressVPN, TorGuard, NordVPN, and Private Internet Access. The EFF study found that some of the VPN providers were collecting data on users who had not explicitly asked for it and who had not specifically agreed to have their data shared with third-party companies. Some of the VPN providers also collected data on users who had used their services for months or years without incident but then suddenly stopped working or changed their policy without telling their customers. The EFF study is a warning to anyone who is concerned about how their personal information might be used by a VPN company. It’s important to remember that not all VPN companies are like these two examples mentioned above - some of them are actually good people who want to protect your privacy. But if you’re worried about whether a particular company is collecting user data, it’s best to research what they do and ask questions before using them.
Here’s the main point: You’re placing an immense amount of trust in the VPN provider you use. Choose carefully! Do you trust your VPN provider more than your internet service provider?
VPNs Can Track You, and They Might
The main selling point of using Virtual Private Networks, or VPNs, is to protect your privacy. They prevent attacks from malicious hackers, stop your internet service provider (ISP) from peeking at your traffic, and mask your information to websites that may collect your personal data. While these claims are generally true, there is one party that you should still be cautious about: the VPN companies themselves.
Before we get into how a VPN may track your browsing data, we’ll explain how a VPN works. A VPN essentially routes your internet connection, provided by your ISP, through a secure, encrypted network powered by the VPN. This changes the IP address that websites can see while simultaneously obscuring your ISP’s ability to see your traffic. These encrypted networks can simulate different IP addresses and locations, which is how you can trick a streaming service like Netflix into thinking you’re in a different country.
In this process, your traffic is passing through a third party, the VPN company’s server. A VPN company may log all the traffic passing through their system, which essentially gives them a full picture of a user’s online browsing behavior. While most reputable VPNs do not spy on their users and have no incentive to do so, it can happen, and there are several examples of this happening.
VPN Spying Incidents
The most high-profile incident of a VPN spying on its users came to light in 2018, with a controversy surrounding the Facebook-owned Onavo Protect app. Facebook released a VPN that claimed to protect and encrypt user traffic. Still, in reality, it was collecting sensitive information from users, such as websites they browsed and apps they opened on their devices. While Facebook did disclose that the app would forward information to Facebook, people that did not read the fine print may not have noticed.
Facebook would then funnel this data into the Facebook Research program, which powered Facebook ad sales and business development initiatives. It would also give Facebook insight into how users browsed competing apps, like Snapchat. You can read more on what happened in our piece on Onavo Protect.
Besides that, dozens of free VPNs were found to be spying on their users. A piece from Buzzfeed News reported that Sensor Analytics, an analytics platform used by investors and developers, owned multiple free VPN apps that collected user information without their knowledge. These apps had millions of downloads and did not explicitly state who they were owned by. The company would then migrate this browsing data into its analytics platform.
You should be especially cautious of VPNs that are free and do not seem to have a paid version or clear business model. There is a chance that these apps make a profit by harvesting user data and selling them to third parties.
No-Logging Policies & VPNs
So should you use a VPN? If you do your research and select a paid VPN with a good reputation, then the chances are low that your VPN is spying on you.
The best way to avoid incidents like these is to look for VPNs with no-logging policies. These policies are an assurance that these companies will not log user traffic at all. Many top paid VPNs such as NordVPN, ExpressVPN, and Mozilla VPN, have explicit no-logging policies on their websites and inside their apps. Having these on their websites means that they could be held liable if they break their policies.
Before you sign up for a VPN, make sure that you meticulously check its website and read some trustworthy reviews first. Here are some of the questions you should ask before you sign up for even a free trial:
Does the VPN have trustworthy ownership? Does it offer paid plans? Does the VPN have many trustworthy user reviews? Is the VPN verified by trustworthy third parties? Does the VPN have an explicit no-logging policy on its website?
RELATED: How to Choose the Best VPN Service for Your Needs
Securing Your Privacy
Protecting your privacy does not end with owning a VPN. There are plenty of ways that you can expose yourself if you aren’t careful. Even something as simple as using identical passwords across different websites can compromise your security.
And if you sign in to websites, you can be tracked by that site even if you’re using a VPN. If you’re signed in to Google with bob@gmail.com and you switch on a VPN—well, Google still knows that you are bob@gmail.com. Cookies on your browser stores can also identify you to websites, even after you connect to a VPN.