Should You Trust Your VPN?

Quick Links

Summary

The best way to determine if a VPN is worthy of your trust is how transparent it is about how it handles your data. Look for blogs explaining its practices and third-party audit reports verifying the provider’s trustworthiness.

VPNs love to claim that they keep users' data private and their browsing anonymous. However, because ofthe way VPNs work, you’re taking them at their word on most of this, meaning that you’re trusting them to keep you safe. Should you, though?

It’s not an easy question to answer. There areVPNs that shouldn’t be trustedfor any number of reasons, and there are also ones that are likely safe to use. After all, we have a selection of thebest VPNswe recommend to our readers; we wouldn’t do that if we felt there were no trustworthy VPNs.

Why Do You Need to Trust Your VPN?

Let’s take a look at why the question is even important, first. Weuse virtual private networksto hide what we do online and to spoof our location. The reason we’re hiding our online activity can be simply to avoid scrutiny from marketers, or could be because we’retorrentingfiles or trying to avoid surveillance from authoritarian governments.

However, while you may be hiding from Big Brother, the VPN also has the potential to have a lot of information about you. For example, most of them will have your email address, and if youpaid by credit card, they likely have your name and home address, too—it’s why we recommendsigning up anonymously.

On top of that, VPN providers also could know what you were doing online the whole time you were connected, negating much of the VPN’s usefulness entirely. To prevent this from happening, VPNs promise that they’reno-log VPNs, services that destroy any record of your online activity. After all, if there’s no record, there’s nothing to sell to marketers or to hand over to the authorities.

However, it’s very hard to prove thatlogs are destroyed, meaning that the claims VPNs make of protecting your anonymity are taken on faith. Thankfully, there are a few things you’re able to do to make sure a VPN is worth your trust.

History Matters

Just like with people, one important way to predict a VPN provider’s future behavior is to look at its past actions. After all, if you lent your buddy Bob 20 bucks two months ago and he never gave it back, you’d probably not lend him another $20 if he asked again.

So, if you like a certain provider, but you’re not sure about it, we recommend you do some sleuthing to examine its past. For example, if you were thinking of signing up to Hola VPN, but searched the term first, you’d quickly come face to face with a litany of reports about the company’s past problems—the report byCNETis the most comprehensive.

In short, Hola VPN works by letting users use each other’s bandwidth—effectively letting you use another person’s computer to access the internet from their location. However, because of its poor security, it was easy forbotnet operatorsto run amok, hijacking users' internet connections and even enslaving users' computers into their botnets.

Another example isPureVPN, which a few years agoassisted the FBIin catching a cyberstalker. There’s no doubt the person in question was deeply unpleasant, but it still worried a lot of PureVPN’s customers that the company had so readily cooperated with law enforcement—or that it had any information to hand over in the first place.

PureVPN defended its actions bypointing outthat it has a policy against cyberstalking as well as a no-logs policy. Also, PureVPN threads the needle a bit by saying that the logs it shared with the police weren’t browsing logs, but instead connection logs. It seems like a razor-thin distinction, and we dinged PureVPN pretty badly inour review.

Does Your VPN’s Location Matter?

Another factor you may consider iswhere your VPN is based. If VPN marketing materials are to be believed, being headquartered in Switzerland, the British Virgin Islands, Panama, or wherever else is almost a guarantee your data will be safe.

In practice, though, it’s not as clear-cut. Naturally, a VPN that’s based in China is likely not too trustworthy, seeing as how theinternet is curtailedthere. Other than that, though, location doesn’t matter too much. As long as your VPN destroys your data, you should be safe. The question becomes, then, how do you know that your VPN actually does that?

A Look Into the Kitchen

Probably the most important factor to consider when choosing a VPN, though, is whether or not it’s open about its operations. To that end, many VPNs will now let auditors run loose in their operations for a while, after which a report will be published that gives a recommendation for consumers.

It’s a pretty good system, though it comes with some issues. Some auditors have a stellar reputation—takeCure53, for example, a non-profit foundation—while others, like the major accounting firms, do not. Accusations ofcorruption surrounding the Big Four accounting firmsabound, and as such, it’s important to know who performed the audit and draw your own conclusions from there.

Better yet are VPNs that will tell you how their system works. A good example here isExpressVPN, which in a detailed blog post went over how its TrustedServer technology worked—we say “worked” because the original post has been taken down, though you can still readour discussion of TrustedServer.

VPN Transparency

The best solution of all is if a service is entirely transparent. This is the sales pitch fordecentralized VPNs, which promise to useblockchaintechnology to give users insight into how their VPNs work. That said, so far none of them have made it happen, and there’s no indication when they will.

Related:Why You Shouldn’t Trust Free VPNs

However, the most promising development of all may be what’s called a user-audited VPN. The service that coined the phrase isMullvad, a Sweden-based VPN with a great reputation and track record for privacy—read ourMullvad reviewfor more.

According to ablog post, the goal is to eventually set Mullvad up in a system where any user at any time can see how it works. Of course, you wouldn’t be able to see what anybody else using the VPN is doing, but you could track what’s going on with your data.