Choosing a VPN: the first step toward protecting privacy

Choosing a VPN
(Image credit: Shutterstock)

With limited travel a reality for the foreseeable future, it’s no surprise people are spending more time than ever before on the internet, and research shows we’re increasingly inclined to prioritise our privacy online. People seem to be waking up to the importance of safeguarding their networks and protecting their internet browsing from prying third-party eyes.

And with the widespread shift to working from home (opens in new tab) prompted by the pandemic, it’s something organisations have had to become more mindful of too. Since employees (opens in new tab) are now exchanging company data from a potentially unsecured home office, the secure transference of that data has become a crucial consideration.

For those concerned, protecting your privacy and security online doesn’t have to be difficult and using a business VPN (opens in new tab) is a highly recommended tactic for mitigating the risks. They work by creating a secure “tunnel” between a computer and a VPN provider (opens in new tab), and in the past, were mainly used by corporations to allow secure remote access to their internal company network, which stores all its proprietary data.

With so many now doing all their internet browsing from home, it’s certainly never been a better time to install a VPN. The caveat is that not all VPNs are created equal and there are considerations to make before hitting the ‘install’ button.

Unpacking VPNs

A VPN is a tool that allows you to access the internet securely wherever you are. In its most basic form, it protects you in two key ways: concealing a computer’s IP address, protecting its identity and location, and encrypting traffic between a computer and the selected VPN provider so that no one who can access your local network can decipher or tamper with it.

Typically a VPN will protect traffic sent between the host computer and the provider, whether through your browser, apps or other services. When enabled, all traffic from the software and apps running on your device runs through your own private network, so that web browsing and data flows pass freely without interference over a secure connection.

VPN providers will normally also enable access to a variety of connection gateways spread out all over the world, which allow users to route their traffic through an overseas IP address. That way, the place you’re connecting to sees the VPN’s IP, not your actual IP address, as the source of your traffic, protecting the data further.

Why do you need one?

One of the key reasons businesses mandate employees use VPN networks to connect to internal networks is to mitigate the risk of sensitive company data being tracked or leaked. While the risk of bad actors showing up on your home network is lower, your internet service provider (ISP) can track and share online activities routed through your home internet connection.

As all data accessed on the web at home would be routed through your ISP’s network, some of it may not be encrypted, which presents an additional security risk. While it’s common practice these days for most connections to websites to be secured by HTTPS, this can prove misleading at first glance as it only means the content, but not the source or destination IP address, is encrypted.

Connecting to a public Wi-Fi network when working remotely rather than a home network is also risky. Whilst convenient at times in areas where internet and mobile internet services are limited, it’s impossible to be sure that someone else isn’t connecting to the same network to snoop on what you’re doing. A malicious actor would be able to see which sites you are visiting even if your traffic is encrypted - particularly if you’re using apps that don’t have encryption (opens in new tab), which many don’t.

What to look out for

Sometimes, web service providers will block visits made through VPNs and make content inaccessible when a VPN is turned on. For example, geoblocking is a common complaint of VPN users when accessing international content services like Netflix. Some VPN providers are also less than transparent with their own data collection practices. An important point to note is that VPN providers can still log your browsing data, and whilst many VPN providers are trustworthy and vow to keep customer info private, some fall short on their promises.

Some VPNs will log online activities with the intention of selling your data and information onto marketing firms, whilst others will even install malware (opens in new tab) on devices under the guise of a VPN. A 2016 study of 300 free VPN apps on Google Play store found that nearly 40 percent installed malware or malvertising on users’ machines, which is quite astounding.

Many branded VPNs are in reality repackaged versions of other company VPN products, which may raise questions about their privacy and security (opens in new tab) practices. Last month seven free Hong Kong VPN providers (using the same common service) were accused of exposing 1.2TB of private user data despite proclaiming their ‘no-logging’ credentials. VPN provider claims should therefore be carefully vetted and compared with the competition before accepting them at face value.

It’s also important to carefully weigh up the merits of picking a free VPN versus a paid one. Free VPNs will often fund their offering through serving up ads in the application or selling on anonymized data to marketing firms, or will severely throttle the bandwidth and limit the total amount of browsing data accessible - which doesn’t add up to a great customer experience.

Best practice

When picking a VPN, always consider the following questions: what kind of data, if any, does the VPN provider collect about your browsing, and how long does it keep it for? Where are the VPN servers, and are there any restrictions on usage? If so, are those restrictions in place to protect your data and is that something you’re prepared to sacrifice?

When shopping around for a VPN service, you should be careful to understand these terms. Where your privacy is concerned, it’s worth taking the time to make the right choice, and established brands who have been in the market for a long time may provide a more reassuring option.

In a world where misinformation spreads like wildfire and data breaches have become commonplace, we understand how important it is to feel safe online. While a VPN won’t protect you from every malicious actor on the web, it’s a great place to start, and using these tips to pick a reliable provider should be your first step towards browsing safely and securely in the new WFH era.

  • Chris More, Product Lead, New Products (Innovation) at Mozilla (opens in new tab).
Chris More

Chris is Product Lead, New Products (Innovation) at Mozilla. He is also a product, business, and marketing leader with more than 20 years of people and thought leadership at global organizations.