When the U.S. Congress voted recently to overturn a Federal Communications Commission (FCC) rule requiring internet service providers (ISPs) to get a customer's permission before selling personally identifiable information, that kicked off a land rush to find virtual private network (VPN) providers to protect consumers' online privacy. There are literally hundreds of VPNs to choose from, however, and if you're not sure what these do and what they don't do, you could easily end up with a VPN that doesn't add much to your privacy except another subscription fee.
The idea of a VPN is quite simple: it provides a secure (encrypted) tunnel between your device and a website, bypassing the traffic logs kept by your ISP. For example, if your ISP is in New York City, a VPN service allows you to connect with any of several servers anywhere in the world, making it look to the website that the connection is being made from one of those servers and not the ISP you use in New York.
Your ISP can't keep a useful log of your VPN activity because it doesn't know who requested the data or from where the requested data is coming. But your VPN knows, and that's the first thing you want to learn about any VPN provider: does the VPN keep traffic logs and, if so, what does it do with them?
Some VPNs do keep traffic logs in order to provide themselves with legal protection in the event of a government request. Others keep some minimal data in order to help maintain their servers. Still others, sadly, collect the data and sell it to third parties. Because that's what you are probably trying to avoid, read the fine print and be sure to choose a service that states categorically that it does not keep logs, making sure to specify exactly the logs they don't keep. Be especially sure that the ISP does not keep activity or connection logs.
A good general overview of online privacy and VPNs is posted at Krebs on Security. More comprehensive tips on selecting a VPN, with more details and a comparison chart for nearly 200 VPN providers is available at That One Privacy Site. Here's a much shorter version of some of the site's guidelines:
- Beware of VPN review websites, which are nearly always paid reviews. Also look more carefully at affiliate VPN programs.
- Be aware of where the VPN service's servers are located and where in the world you will be connecting to the VPN.
- Check on payment methods, such as Bitcoin, cash or anonymous gift cards, that allow you to maintain your privacy.
- Choose a VPN that maintains its own first-party domain name server (DNS) that doesn't leak, and check it to make sure.
- Choose a VPN that provides an IPv6 DNS server that is only reachable through a VPN tunnel, and then test it to make sure that's true.
- Choose a VPN that has strong data and handshake encryption.
Deciding if you want a VPN and the features of the VPN that are most important to you will take some time, and it will come with a price of around $10 a month. It's up to you to make sure you're getting the privacy protection you're paying for.