Virtual Private Networks (VPNs) are tools that are becoming more popular each day to help protect user’s internet privacy. But do VPNs actually work the way they are advertised? We discuss the answer here.
How VPNs Work
VPNs can help protect you from hackers seeking to steal sensitive data from your device. They do this by creating a private network using a public internet connection. All internet traffic is routed through a special remote server by the VPN.
Data that flows through a VPN is encrypted and impossible to read due to the way it looks, which is like gobbly-goo to anyone trying to read it.
VPNs And Internet Nodes
VPN data travels through public web infrastructure, some of which are government-controlled and stores traffic data and metadata. However, if a VPN is used, nodes on the web cannot tell that individuals are sending data to specific websites. They can only deduce that the VPN itself is sending the data or websites are sending it to the VPN.
File Sharing
A VPN can protect the privacy of users who torrent and share files online. This can protect them from having their activity secretly monitored by their ISP.
How A VPN Prevents Data Snooping
A VPN lets users send encrypted messages to the VPN provider. Your ISP can see that a message was sent but cannot read it because it is encrypted. In this way, a VPN protects your data from being read by the ISP.
Can A VPN Be Hacked?
A VPN can be hacked through using a stolen encryption key or by breaking the encryption mechanism itself.
Cracking the encryption mechanism is hard because it requires finding a vulnerability. The VPN’s encryption protocol is usually very strong so it could be a monumental task to get past it. For this reason, most VPN security breaches are due to stolen encryption keys.
VPN Encryption Standards Have Evolved
The AES-256 encryption standard is the one most used by today’s VPN services and is extremely difficult to crack. Hackers would have to spend a sufficiently large amount of resources to do this.
VPN’s Still Have Vulnerabilities
Sophisticated hackers can still get through a VPN and most services just do not have the capability to stop them. Like other software, VPNs have inherent weaknesses that can be breached by a hacker with a sufficiently strong skillset.
Cross-site Scripting
Global VPNs rely on multiple servers located around the world which provides them with the ability to target their services to specific geographic locations. However, this also creates the possibility that communications will be intercepted. The way to protect against this is for the service to regularly monitor their servers and have set up a strong boundary that protects user data. Unfortunately, users themselves have no control over these activities.
SQL Code Hacks
SQL code hacks can allow a skilled programmer to access the data a user shares with a website, even if they use a VPN. This is a difficult task to accomplish without a special piece of code. The VPN service can be completely unable to stop it because the breach happens from a remote location.
The NSA Can Tap VPN Traffic
VPNs are perfect tools for criminals to hide their traffic data and the NSA knows this. The NSA can use something called a “correlation attack” to match inbound VPN requests with outbound requests. They can match the user with the websites being contacted by the VPN.
The NSA uses statistics, traffic patterns, and probabilities to match the data going through the VPN between websites and users.
Machine learning technologies have made correlation attacks more effective against VPNs, the Tor browser, and mixnets. Tor, which is known for being connected with anonymous browsing, can be vulnerable to large scale state-of-the-art correlation attacks.
However, there are new tools that can deter correlation attack software, such as Generative Adversarial Networks (GANs) which are based on machine learning technologies. Most users, however, will not need advanced machine learning defenses to hide from the NSA because
they will not be doing anything illegal online.
Check Your Threat Models
Threat modeling covers issues around potential threats to software security. No threat protection system can protect users from everything, so mitigating the most likely and dangerous threats is the best path to take. There are tradeoffs that security experts need to make when designing
cybersecurity systems, so VPNs are not going to be completely maxed out in terms of security capabilities.
A VPN can help you protect your data when you only want to keep your browsing data secret from your ISP or local snoopers. However, if you are involved in actual criminal enterprises, the NSA has more than enough resources to track you down and monitor your online behavior. Having a VPN may only speed this process up as the NSA will know what to look for and VPN services are prime targets for their efforts.
Is Using A VPN Still A Good Idea?
Knowing that hackers can still break into websites and steal your data might make you wonder if using a VPN is still a good idea. The answer is that they are still very useful for protecting user data privacy and also allow them to access geo-restricted sites in other countries.
Include this with a list of additional features that VPNs can provide and it makes them worth the price, which can be as low as a few dollars per month.
Which VPN to Use?
“Anonymous” VPNs
There is a trend in the VPN industry that will scare many potential users, as it should. Some VPN companies offer “anonymous” or “no logging” services but do not provide any evidence that they will not sell or mishandle your data.
Companies that run large IT infrastructure have logs everywhere, so there is no way to know if the VPN company is not taking one as well. And companies that sell privacy protection can still collect and sell your data.
Your Internet Service Provider (ISP) can also easily log information about websites you visit and sell it to advertisers if they want to.
The fine print of the VPN’s will reveal that they may log a large portion of this data. So, do not fall for advertising that says you are guaranteed to be entirely anonymous using a VPN, because it is likely false.
However, VPNs that do log data are not necessarily bad, as these could be basic details they only use to keep track of the number and general activity of their users.
Paid VPNs
It is recommended to use a paid VPN that offers not to sell your data. These include NortonVPN, NordVPN, HideMyAss, or Witopia. Users should make sure to read the fine print about their data policies.
The Value Of Using A VPN
The most important value a VPN can provide is ease-of-use, performance, transparency, and trust. Poorly designed and run VPNs can mislead customers with advertisements claiming they provide “anonymous” or “no logging” service. This may not be true, and if the beneficial qualities of the VPN are not present, their data privacy will be put at risk.
Hard Internet Truths
Complete anonymity is not likely possible on the internet, and being mostly anonymous does not mean your privacy is secure.
If your VPN uses cloud-based or hosted VPN servers, your anonymity could be compromised. If the VPN provider does not operate the network, this can also limit anonymity.
To Recap…
VPNs are becoming more popular as internet users grow increasingly conscious of their data privacy. However, each VPN is different so it is up to the prospective user to research them thoroughly before relying on one to protect their online privacy.
If you are wondering if social media is secure, consider reading our post Is Twitter Secure?
