"Users often tend to underestimate the amount of data that VPN providers are capable of capturing"

Last Monday was the Data Privacy Day, an event that aims to raise awareness and promote privacy and data, personal or not. The irony is that in its wake, hundred of millions of email accounts and passwords have been released in the wild for free, putting the cost of each of the individual accounts at well, next to nothing.

We interviewed Elizabeth Kintzele, from privacy firm VyprVPN, about the use of VPN, one of the most popular privacy tools online, the myths surrounding their usage, how they will evolve and the threats to their survival.

1. VPN has become more popular as a privacy tool during the past five years. Do you think that there is enough education out there as to what it can do and what it can't?

At VyprVPN, we believe people are more aware of VPNs than before, but that doesn't necessarily translate into being fully informed about how the technology may actually benefit them nor what its limitations may be. 

For example, users often tend to underestimate the amount of data that VPN providers are capable of capturing from them. While using a VPN, users must trust VPN providers with a substantial amount of their private network data, since VPNs act as a funnel through which all of their private data must travel in order to browse securely.

As a result, providers have the ability to see a great deal of information about their users if they choose to do so, including every website they visit, who they interact with, where they are located and numerous other aspects of their “internet life.”  

We strongly feel that one of the most effective ways to educate consumers about VPNs starts with providers being transparent about the way they manage a user’s privacy. And our belief in transparency played a pivotal role in compelling us to partner with the Center for Democracy and Technology (CDT) to launch a campaign to educate users about the best practices of trustworthy providers and to help them assess the reliability of a given VPN provider’s privacy and security practices. Our goal is to support users with the information they need to make better decisions when selecting a VPN service. 

2) What, according to you, are the most popular myths associated with VPN when it comes to privacy?

We try to dispel as many myths as possible surrounding VPN usage. And there are plenty to go after. 

The idea that privacy means that you can browse the web with total anonymity is a pretty prevalent myth, some misleading marketing by a few VPN services has helped fuel that confusion. 

While your online activity can remain private, thanks to encryption and the fact that there are VPN services – like VyprVPN - that do not log a user’s online activity; but hiding the reality that you have been online is something that can't be completely achieved.  Your connection is private and secure in the hands of a trustworthy VPN, but never completely anonymous.  

The second big myth has to do with the level of data privacy offered by VPN providers who don’t fully control their servers and infrastructure. In reality, most VPN providers use third-party services and don’t operate their own infrastructure, which makes them much more vulnerable to data collection and breaches – since they leave the data of their users exposed to parties outside of their own system. 

As far as we know, VyprVPN is the only VPN provider to fully own, manage and operate its servers and infrastructure without a single third party involved whatsoever.  So, while we cannot promise complete anonymity, we can guarantee that our No Log and data privacy claims are real and that we maintain full control of our own infrastructure. 

3) How do you see VPN evolving in order to become more privacy-aware?

Our decision to become a publicly audited No Log VPN service came from our belief that transparency with consumers is the best path for establishing trustworthiness and reliability. The move to No Log was motivated by protecting our customers privacy while utilizing VyprVPN.   

We don’t want to be unique as a publicly audited No Log VPN service, and we hope that it is an industry norm going forward, it would be a wonderful trend to see. The trustworthiness of the VPN industry as a whole benefits by making sure it is a standard practice to verify all of our privacy claims. 

Unfortunately, many providers in the VPN industry have lost touch with the mission that VPNs were built to achieve: maintaining a sense of security and privacy for a user’s personal internet browsing data. This is alarming news because VPN providers have access to a wealth of data that could be monetized and sold to marketers. Some VPN companies make a pretty penny selling off this data while making marketing claims of complete anonymity.   

Although the practice of monitoring and selling a user’s browsing data is legal, the act of doing so in the VPN sector is particularly manipulative because there is an inherent user assumption that data is protected and will not be used for other purposes.  

We believe that the industry requires a paradigm shift away from this dishonest practice of logging and selling user data with less than full disclosure. Users demand truly secure browsing - or at least transparency. It’s our mission to elevate the conversation about accountability within the VPN industry, and our goal is to ultimately eradicate predatory VPN practices; and restore a user’s right to privacy while internet browsing. 

4) What is, in your opinion, the single biggest threat to data privacy in this day and age?

It seems like the wild west out there when it comes to figuring out the rules and regulations surrounding data privacy. And we want to take the lead with consumer protection, if for no other reason than because no one else seems willing to step up at the corporate level nor in the political arena to really go to bat for protecting consumers.   

Data mining is big money, and people are often caught unaware about what their information is being used for when they give it out, and lawmakers have remained ill-prepared about how to go about trying to protect people with some regulatory oversight.  

The careless treatment of user data by a number of large corporations has facilitated some pretty horrendous data breaches in recent years. If companies are going to continue to mine user data so that they can monetize it for themselves down the road then they owe it to consumers to be armed with maximum encryption and stringent protocols that make sure customer information is not ever compromised, because potential identity theft is on their hands if they don’t, and they ought to be held accountable by consumers and lawmakers for that.  

It doesn’t help matters that countries such as Australia recently passed legislation permitting law enforcement to insist that companies provide back channel access to encrypted websites so that they can investigate suspects upon request.  

We need regulatory guidance that advocates for consumers, protecting them from corporations and government surveillance in equal measure.  

Desire Athow
Managing Editor, TechRadar Pro

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website builders and web hosting when DHTML and frames were in vogue and started narrating about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium.