In today’s security conscious age, a private connection to the internet is viewed as vitally important by many people.
There have traditionally been two ways to enjoy complete anonymity online – the Tor browser, or a virtual private network.
However, VPN security was called into question earlier this year by revelations that almost a quarter of VPN providers were quietly collecting log files.
Some of the biggest names in the industry were implicated, often because of tacit admissions buried away within their privacy policies.
So how can you tell if VPN security is up to scratch?
Ways to investigate VPN security
While this list isn’t definitive, it should minimise any possibility of your chosen VPN provider storing information that might be used to identify online activities in future:
- Firstly, read every word of a VPN provider’s privacy policy before signing up. Ensure they aren’t keeping any data at all – visited websites, IP addresses, etc. Even connection times and device types might be noted and stored
- Look for definitive logging policy statements. If a company promises it doesn’t keep any logs of any kind, you’re probably safe. A vague promise not to record the contents of communications could mean your activities end up stored on their servers
- Don’t be fooled by companies claiming they need a small amount of Personally Identifiable Information, such as names, for account creation purposes. There’s no legal requirement for PII to be stored
- Equally, shun any company claiming it only collects anonymous data about website visits. If you’re the only user visiting a particular website on a specific day, it wouldn’t take Sherlock to figure out which VPN user paid that website a visit
- Look for consumer reviews before signing up. Virtual private networks tend to attract tech-savvy consumers, who are well-placed to critique the quality of service they’re receiving. Are other people happy with VPN security and service?
- Consider the VPN’s home country. Many EU nations participate in an intelligence sharing program called 14 Eyes, with the US and Canada, Australia and New Zealand. You may be safer choosing a VPN based in a different country – or continent
- Don’t be reassured by a warrant canary. This regularly-updated webpage is used to note a lack of State interference – if it disappears, action has been taken. However, a truly log-free VPN wouldn’t require a warrant canary in the first place
- Try to avoid capped services. An unlimited VPN has no reason to record connection time or bandwidth usage, whereas a capped one does. This is benign rather than malicious, but it still necessitates user activity records being kept.
The final thing to be aware of is the fluid nature of VPN policies.
Companies are taken over or merge, acquire new owners or revise their T&Cs.
Even if you have a preferred VPN, periodically check its privacy and logging policies – studying the small print – to ensure your activities are still anonymous.