5 Things to Consider when Evaluating a VPN for Privacy

2 minute read
| Deep Dive

Yesterday we explained what a VPN is and covered the benefits of using one. Today we’re examining how to figure out if you have a trustworthy VPN provider. In place of your ISP, your VPN provider receives your browsing data, and it’s good to shop around and compare privacy policies.

What Do You Want?

There are many uses that a VPN can provide, but security and privacy are important ones. If security is your main concern, then most VPNs give you an extra layer of protection by encrypting data between you and the VPN’s servers. That protects it from local spying eyes, including your own ISP.

Having privacy as your main concern is a different story. You have to trust that your VPN provider itself isn’t watching what you do, including tracking and monitoring your data for profit, or for answering to their own local government’s warrants. In this, you’ll have to keep a careful eye out before you fully commit to a VPN.

Unlike your ISP in the U.S., there is little or no regulation for VPN providers in the U.S. or abroad. That doesn’t mean they’re automatically lying to you or doing bad stuff, it just means you are, by definition, forced to trust your VPN provider. But this is important, unlike ISPs, VPNs often make privacy part of their business model. More importantly, almost every VPN has a privacy policy, so let’s start with that.

trustworthy vpn with security

What To Look For

Whenever you sign up for a service, especially a VPN, you should take a look at their privacy policy and terms of service. If you’re using a free VPN, do as much research as possible. Free providers still need to make money, and if they don’t have a premium plan, it’s good to assume they are making money off of your data.

Paid VPN providers are different. You can start by looking for a provider that markets itself as a privacy service. You can mostly ignore marketing terms like “NSA Proof” or even “military-grade encryption,” but you should look out for something called logging. An easy way to do this is just to Google the provider name and “logging.”

Logging

Some VPN providers keep minimal logs, others keep no logs at all. Maybe the provider keeps access logs only in order to bill you. If they do log, make sure they delete them after a certain time—say, daily or weekly.

Be wary of VPN providers that say they keep any logs that are required by law. This means whatever law enforcement asks them for, which could really be anything—especially for VPNs operating outside the U.S. You can also contact the provider directly and ask them about their data retention and logging policies.

Location

Don’t assume that because your VPN provider is in another country, that they are safer. If government surveillance is your main concern, don’t use providers in a Five Eyes country. The Five Eyes are Australia, Canada, New Zealand, United Kingdom and the United States. This refers to the level of cooperation surrounding their spy agencies like the NSA and GCHQ.

locations of a trustworthy vpn

Technology

When you’re doing your research, examine what type of encryption they use, security features they offer, and whether they have been audited by a third party. Read reviews of the VPN provider and make sure they are unbiased and independent, which can sometimes be difficult.

Conclusion

By doing enough research you should be able to find a trustworthy VPN. The best providers will welcome your questions and go out of their way to help and reassure you.

4 Comments Add a comment

  1. Scott B in DC

    A cheap solution is to create a virtual machine and run the TOR browsers from the VM. You don’t need a fancy VM system like Parallels. Get Virtual Box and run something like Tails (tails.boum.org), Whonix (whonix.org), or QubesOS (qubes-os.org).

    Tails is really designed to run as a standalong OS from a memory card/stick. But with a little fiddling, you can make Tails work under a VM. I installed Tails in an encrypted Sparse Bundle and boot the OS in a Parallels VM. Getting this to work in Parallels was not easy. It was easier under Virtual Box. Could not run both VMs on a Core 2 Dual iMac, which is why I went with Parallels.

    Both Whonix and QubesOS can be installed in a VM easier. I have not tried a Sparse Bundle install since I prefer Tails.

  2. Andrew:

    This, and your previous piece, provide a meaningful and timely treatment of the subject.

    One theme that is being repeated around the internet, and that you’ve touched on here, is the concept that, if one is concerned about privacy specifically from one of the five eyes governments, that they should select a VPN that is not in one of those five countries. It might be worth noting that, when it comes to state-sponsored or state-owned surveillance, investigation or hacking, few commercially available privacy solutions can withstand the level of force and range of attack vectors that these agencies can bring to bear. If a state intelligence agency takes a real interest in you personally, a VPN and its host country are the least of your worries, and of limited benefit.

    Rather, the real benefit to the ordinary, law-abiding person not of intelligence community interest, of these VPNs, in my opinion, is commercial surveillance and data harvesting for profit, and perhaps to a lesser extent, state-sponsored data harvesting, what is often referred to as meta-data surveillance. I have little doubt the most advanced and determined state actors have already infiltrated the non-five eyes VPNs, so would not regard that choice as ‘secure’.

    Great job. My only suggestion is to consider addressing TOR to round out your discussion of privacy safe-guarding measures.

Add a Comment

Log in to comment (TMO, Twitter, Facebook) or Register for a TMO Account