We talk a lot about VPNs (Virtual Private Networks) around here, and with good reason. There are numerous reasons why using a VPN—both legal and otherwise—is in your best interest. As more internet users have become technologically savvy and security-minded, VPNs have broken into the mainstream. Some would even have you believe that a VPN is less of a suggestion and more a requirement these days.
While there’s certainly a debate to be had over their necessity, the fact is that there are both more VPN users and more VPN services available than ever before. Unfortunately, this hasn’t made the technology any more secure than it was. In fact, it’s made VPNs less secure, because it’s a lot harder to find a trustworthy VPN among the sea of options. Here’s why.
Trustworthiness
You’ll see this reiterated in almost any VPN guide out there, but it’s true: Trust is the most important aspect of picking and using a VPN. Not only do you need to trust that the company behind your VPN’s security operations are up to snuff, but you also need to trust that its business practices are copacetic, too. You are, after all, going to channel all of your data through them.
The issue is that no one can agreed about what VPNs, or the companies that make them, should owe potential customers. There are no baseline security requirements, features, and business practices that a VPN or its parent company are required to meet. Despite many VPNs being transparent about their tech and business models, the promises made by these companies have to be taken on faith. Journalists have done an excellent job of finding which VPNs are the most secure for users and which seem honest about their practices, but there’s no presiding code or standard regulating this stuff.
Too many products
There’s no shortage of VPNs or similar internet security products out there—even the tiniest companies can build a modest VPN service quickly. You can find litanies of VPNs for almost every contemporary platform or internet-connected device imaginable, from free to paid solutions, to apps, to plenty of configure-it-yourself offerings, which has all made the process of picking a VPN infinitely more troublesome.
It can be overwhelming to navigate the marketplace and difficult to find good recommendations. You often find “Best VPN” lists populated with different picks—and plenty of referral links if you sign up for a featured service—and since no basic security criteria or feature set have been codified, different sources will often come to different conclusions on the same products. It’s a recipe for option paralysis. It also leads to shoddy products (and numerous scams) flooding the market.
No one gets along
In a recent article, Slate writer Will Oremus described the process of looking for a legit VPN as “a convoluted journey through accusations and counteraccusations, companies with shadowy leadership and those with conflicts of interest, and VPN ratings sites that might be even shadier than the companies they’re reviewing.”
The VPN vetting process is fraught with potential pitfalls and sketchy advertising, no doubt, but this open animosity between companies (even users, press, and other commentators) is a din that’s hard to cut through. That said, a lot of this mudslinging comes from a place of genuine concern, since it’s not uncommon for VPNs that seem great on the surface to later get outed as sketchy, devious, or being straight-up scams.
Without any codified standard for VPNs to follow, it’s up to the community to police and regulate the products available. Companies often seek to build trust with its customers and the community at large by having public-facing CEOs, developers, and/or leadership teams that interface directly with the press and customers, and sometimes this leads to callouts in interviews or clashes on social media. While it’s not a guaranteed way to sort out the good from the bad, if a company is being routinely called out or questioned, consider investigating their products with extra scrutiny.
Mainstream VPNs aren’t very good
Let’s not forget that VPNs are products being sold to customers for profit. While this arguably drives innovation and competition, it also means that privacy isn’t always a company’s first priority (if at all). This is how you wind up with free “VPNs” that aren’t actually doing anything other than tracking and selling your activity to advertisers.
But it’s not just about profit margins. It’s also about legality.
It’s no secret that VPNs are popular in part because of their promise to hide your location, identity, and browsing data. This makes downloading and distributing pirated content (and other illegal activities) much easier. Obviously, companies don’t want to be accused of encouraging criminal behavior, so they normally don’t advertise such use cases—but we all know the pirate scene makes up a large portion of any VPN’s user base.
While some VPNs distance themselves with lipservice, others do so in practice by not obfuscating (and in some cases, tracking and reporting) activity from pirate sites and torrent clients to your ISP or other authorities. Worse, still, is that many VPNs that claim to not track, report, or sell your data may be accidentally leaking it anyway. Whether purposeful or accidental, this defeats the purpose of a VPN, and raises the question of if these apparent “required” security services are even worth the money.
Annoyingly, it can be difficult for an average user to know whether a VPN is leaking their info, and this is sometimes even overlooked in professional reviews or best-of lists. Fortunately, there are ways you can check. We’ll discuss this and other VPN tips in the next section.
Tips for finding a trustworthy VPN
Picking a VPN isn’t going to be easy, but it doesn’t have to be overwhelming. And despite conflicting ideas and definitions of “trustworthiness,” there are a few tips that all VPN users should use to figure out whether a VPN is legitimate or not:
- At the bare minimum, don’t use a free VPN. Ever. The tech behind VPNs requires money to run, so if a company isn’t getting its revenue from users, it’s coming from another source. That almost always involves tracking and selling your information to other businesses and advertisers. In other words, it’s the exact opposite of what a VPN should do.
- Use professional sources for recommendations and vetting purposes. Our guide to picking a VPN is a good place to start. Other helpful resources include Wirecutter’s in-depth list of worthwhile commercial VPNs and the aforementioned Slate article.
- For those who already use a VPN, you can check if it’s leaking your info using this page, this page, or any of the other sites found here. If you find that your VPN is leaking your info, there are ways to patch over the security holes causing the leaks, or you can seek out a new VPN altogether.
- If you’re comfortable with your tech skills, you can also create your own private VPN.
- Lastly, remember that paying for a VPN service is only one part of a healthy OpSec diet, and an entirely optional one at that.