Choosing a VPN: the first step toward protecting privacy

Choosing a VPN
(Image credit: Shutterstock) (Image credit: Shutterstock)

During the pandemic, limited travel was just a way of life. It was no surprise that people started spending more time than ever before on the internet, and research shows we’re increasingly inclined to prioritise our privacy online. 

Even though the lockdowns have ended in the west, people seem to be waking up to the importance of safeguarding their networks and protecting their internet browsing from prying third-party eyes.

And with the widespread shift to working from home prompted by the pandemic, it’s something organisations have had to become more mindful of too. Since employees are now exchanging company data from a potentially unsafe home office, the secure transfer of that data has become a crucial consideration.

For those concerned, protecting your privacy and security online doesn’t have to be difficult and using any of the best business VPNs is a highly recommended tactic for mitigating the risks. They work by creating a secure encrypted “tunnel” between a computer and a VPN provider, and in the past, were mainly used by corporations to allow secure remote access to their internal company network, which stores all its proprietary data and programs.

It didn’t take long for people to realise that VPN’s had other uses too, from protecting your privacy to accessing geo-restricted services like Netflix USA. 

With so many now doing all their internet browsing from home, it’s certainly never been a better time to install the best VPN. The caveat is that not all VPNs are created equal and there are a number of things you have to consider before hitting “Install”. 

Unpacking VPNs

A VPN is a tool that allows you to access the internet securely wherever you are. In its most basic form, it protects you in two key ways:

Typically a VPN will protect traffic sent between the host computer and the provider, whether through your browser, apps or other services. 

When enabled, all traffic from the software and apps running on your device runs through your own private network, so that web browsing and data flows pass freely without interference over a secure connection.

As the data is encrypted, anyone monitoring your connection won’t know exactly what websites you access or specific apps you’re using e.g. P2P downloads via Bittorrent. This can actually speed up your connection, as some ISP’s actually deliberately ‘throttle’ certain types of traffic like streaming video. Using a VPN means they can’t tell one type of data from another.

VPN providers will normally also enable access to a variety of connection gateways or ‘servers’ spread out all over the world, which allow users to route their traffic through an overseas IP address. T

That way, the place you’re connecting to sees the VPN’s IP, not your actual IP address, as the source of your traffic, protecting the data further.

Why do you need one?

One of the key reasons businesses mandate employees use VPN networks to connect to internal networks is to mitigate the risk of sensitive company data being tracked or leaked. While the risk of bad actors showing up on your home network is lower, your internet service provider (ISP) can track and share online activities routed through your home internet connection.

You also won’t necessarily just need to work from home. If you travel with your work, you may need to use a Wifi connection at a hotel or cafe to access business data. This is where a VPN is essential, as other devices connected to the network can monitor your traffic. If it’s encrypted via a VPN tunnel though, there’s little that hackers can do with it. 

Naturally these days most reputable websites use SSL/TLS to secure traffic between your device and their pages. This can protect sensitive information like passwords or credit card numbers. You can check if a site does this by looking at your browser address bar : there’ll usually be a padlock icon next to the web address, which you can click to check the connection is secure.

This means some people believe a VPN isn’t really necessary, given all the important stuff is already encrypted. Still, even the most secure websites need to have a unique IP address, to which your device must connect. 

If this information is made available to cybercriminals e.g. that you logged into ABC online bank, then they know which website to target and where to connect to your device. If, on the other hand, a hacker is monitoring your VPN connection, they’d have no idea you were using online banking in the first place.

Remember also that not all website and apps do use reliable encryption: without a VPN, bad actors with access to your ISP records can see:

The situation is even worse if another device on your network actually starts monitoring your traffic, as they may be able to force your device to use less secure versions of websites. Using a VPN means all traffic is encrypted before leaving your device, so you can use it safely even on public WiFi.

What to look out for

Server Locations

Sometimes, web service providers will block visits made through VPNs and make content inaccessible when a VPN is turned on. For example, geoblocking is a common complaint of VPN users when accessing international content services like Netflix. 

Before signing up, make sure to check with your VPN provider if they can access your chosen service like Netflix. If they have enough servers, it’s likely that one of them will be able to foil the VPN-detection routines but you may have to keep trying. Some VPNs actually offer specialty servers for video streaming services. 

Some VPN providers are also less than transparent with their own data collection practices. While many claim to be a “no log” VPN where no personal information is stored about users, this may not be true in practise. 

Despite their claims VPN providers can still log your browsing data, and whilst many VPN providers are trustworthy and vow to keep customer info private, some fall short on their promises.

Some VPNs will log online activities with the intention of selling your data and information onto marketing firms, whilst others will even install the best malware removal software on devices under the guise of a VPN. This is particularly true of so-called “free” VPN services.

A 2016 study of 300 free VPN apps on Google Play store found that nearly 40 percent installed malware or malvertising on users’ machines, which is quite astounding. Google moved quickly to take these programs down from the store but this was too late for anyone who’d already installed them : it also shows that relying on Apple or Google to vet programs on their app store isn’t enough: you need to do your own research. 

Even the honest “free” VPN providers  will often fund their offering through serving up ads in the application or selling on anonymized data to marketing firms, or will severely throttle the bandwidth and limit the total amount of browsing data accessible - which doesn’t add up to a great customer experience.

You also need to remember that if your VPN provider is throttling your traffic or limiting your downloads in any way, they have to monitor the data moving over your connection to do so. They may not necessarily analyze this data or record it but your data could be at risk. This is why we recommend using a reliable paid provider.

Even so, many branded VPNs are in reality repackaged versions of other company VPN products, which may raise questions about their privacy and security practices. In 2020 seven free Hong Kong VPN providers (using the same common service) were accused of exposing 1.2TB of private user data despite proclaiming their ‘no-logging’ credentials. 

VPN provider claims should therefore be carefully vetted and compared with the competition before accepting them at face value. The best way to be sure is to choose a VPN provider who regularly submits themselves to audits by a trusted third party : this trusted party can inspect the provider’s servers to make sure that they really do keep no personal information on users. VPN services that do this include ExpressVPN, NordVPN and SurfShark. 

Best practices

When picking a VPN, even the best free VPNs, always consider the following points: 

What kind of data, if any, does the VPN provider collect about your browsing, and how long does it keep it for? You should be suspicious if they say they don’t store any information at all: if they don’t store your payment information how can you subscribe to the service? If they don’t have a ‘hashed’ version of your password on the server along with your username/e-mail address you also won’t be able to log in.

If you’re concerned about the provider having this information, consider setting up a disposable e-mail address with a service like TempMail to register your account. Make sure to use a unique password too, generated randomly using a service like Diceware. Some VPN providers also accept payment using anonymous cryptocurrencies like Bitcoin, so there’s no paper trail leading your account back to you.  

Where are the VPN servers, and are there any restrictions on usage? If so, are those restrictions in place to protect your data and is that something you’re prepared to sacrifice? Remember as we said, that any kind of limit on your VPN usage necessarily means that your provider has to monitor how you’re using it, which can place your data at risk.

Most VPN providers don’t host all their own servers but rent server space from hosting providers. Make sure to ask them exactly how this works, as this means your VPN service is trusting someone else with your personal data.

Key questions should be:

When shopping around for a VPN service, make sure to get them to clarify what they actually mean by “no logging” and “privacy policy”.  

Where your privacy is concerned, it’s worth taking the time to make the right choice, and established brands who have been in the market for a long time may provide a more reassuring option. Research their websites thoroughly : a reputable provider will lay out information in a clear and easy to read manner. For instance, you shouldn’t have to hunt everywhere to find out which VPN protocols they support.

Reputable VPN providers will offer you special ‘client’ software you can download onto your device to connect to their service. This should be available through official channels like the Google Play or Apple app store or directly from the provider’s website. Don’t be afraid to run an antivirus scan on the program before installing.

If your VPN provider doesn’t offer software for your chosen device but does support VPN, consider using the OpenVPN Connect client instead. Not only is it very simple to set up but as it’s free and open source software, you know the code is safe to use as it’s constantly examined by the community for any flaws. 

Being open source, OpenVPN is available for a number of devices, including some routers. If your router supports VPN connections, make sure to set this up as that way any devices connected to your router will automatically use your VPN without downloading any extra software. 

The bottom line

In a world where misinformation spreads like wildfire and data breaches have become commonplace, we understand how important it is to feel safe online. While a VPN won’t protect you from every malicious actor on the web, it’s a great place to start, and using these tips to pick a reliable provider should be your first step towards browsing safely and securely in the new WFH era. 

  • Chris More, Product Lead, New Products (Innovation) at Mozilla.
Chris More

Chris is Product Lead, New Products (Innovation) at Mozilla. He is also a product, business, and marketing leader with more than 20 years of people and thought leadership at global organizations.

With contributions from