A Virtual Private Network, or VPN, encrypts all the traffic sent over your Internet connection and sends it to a remote VPN server. Everything goes through the VPN server.
Your local network operator or Internet service provider can’t see you’re connecting to Google or Facebook. They just see an encrypted connection going to an IP address to the server you are connected to. Google and Facebook just see you as someone located in the UK.
People use VPN servers for a variety of reasons. They keep your browsing activity private from your Internet service provider, for example. If your local government censors the Internet, a VPN would let you bypass the censorship and browse as if you were in whatever country the VPN server is located in. VPNs would also let you use public Wi-Fi hotspots without the threat of snooping.
Many people use VPNs to hide BitTorrent traffic for legal reasons, making their torrenting activity appear to occur in another country. A VPN could also let you access geographically restricted services. For example, if you were in the USA and connected to a VPN server in the UK, you could access the BBC. If you were in the UK and connected to a VPN server in the USA, you could access the USA’s Netflix library.
While using a VPN, you’re placing an immense amount of trust in the VPN operator. Sure, a VPN prevents your Internet service provider or Wi-Fi hotspot operator from snooping on your browsing. But it doesn’t stop the operator of the VPN server from snooping.
When your traffic leaves the VPN, the operator of the VPN server can see the websites you’re accessing. If you’re accessing unencrypted HTTP websites, the VPN operator can see the full content of the pages. The operator could keep logs on this data, or sell it for advertising purposes.
Let’s put it this way: When you use a VPN, you’re preventing the hotspot at the hotel or airport and your Internet service provider from spying on your traffic. But you’re letting the VPN provider spy on your traffic instead. Why would you trust a free VPN provider you’ve never heard of?
A recent investigation by Metric Labs spotted by The Register drew attention to this problem, discovering the majority of free VPN apps have links to China and 86% of them had unsatisfactory privacy policies. Some explicitly stated they transfer user data to China. Most of them had customer support emails pointing to generic personal email accounts on services like Gmail or Hotmail. These don’t sound like services worthy of your trust.
If you’re using a VPN for privacy or escaping Internet censorship, you probably don’t want to use a VPN based in China.
China aside, you wouldn’t want to use a shady VPN hosted in a country with a less repressive government either. The VPN company may just be capturing and selling your data. Or they may keep lots of logs—and, if you’re using a VPN for something like BitTorrent, you probably don’t want to choose a VPN that logs all your traffic.
What You Should Use Instead
Stay away from free VPNs. It costs a company money to host a VPN server and pay for traffic, so why would that company give you a free service without getting something out of it?
As a free VPN for occasional use, we recommend Tunnelbear. This service only gives you 500 MB of data every month, which isn’t much. But it’s well-regarded, and the company’s business model is selling you unlimited VPN data. It’s like a free sample every month, but it can do if you only occasionally need VPN service in a pinch.
If you’re an advanced user, you should seriously consider setting up your own VPN. Pay for hosting on a server or cloud service somewhere, install a VPN server, and connect to it. You’re now your own VPN operator—although the hosting service could potentially spy on you. There’s no escaping it.
You’re always placing trust in someone, so choose your VPN service (or hosting company) carefully.