VPNs or Virtual Private Networks offer us one of the strongest forms of online security possible. The encrypted tunnel that your data is wrapped in will hide the sites you visit from your ISP. The server you connect to at the other end doesn’t know your real location or identity.
It’s a pretty good way to protect yourself, but quis custodiet ipsos custodes? Who watches the watchers? How can you protect yourself from VPN data breaches themselves?
VPN Data Breaches: How Trustworthy Are VPN Companies?
We put a lot of trust in VPN companies. After all, you use a VPN specifically because you might use the internet to exercise your freedom of speech, do something that you just want to be private, or that other people might not like.
Either way, the VPN provider itself has some insight into what you do. While they cannot peek into your encrypted web traffic, they know your real location, when you log in, how long you log in for and which sites you visit.
VPN providers are just like any other company that offers goods and services over the internet. They aren’t perfect, and their security is sometimes breached. One of the most shocking examples of this was when NordVPN admitted to hacks that stole information from their data centers. The NordVPN breach was almost certainly not the first, and it won’t be the last.
So under the assumption that our VPN providers will eventually be breached, how should you change the way you use them?
Don’t Use a VPN That Keeps Records
The first and most important rule you should follow when deciding in which VPN you want to use is limiting yourself to “no-logs” VPNs. These are VPNs who, as part of their policy, don’t save any information about your activities at all. The purpose of this is to make it impossible to hand over information to authorities. After all, if the VPN never records your data, how will it hand it over?
This sort of policy also protects you in the event of a data breach since it means that there’s nothing for hackers to steal from the servers in the first place – other than, perhaps, your email address and password.
The obvious issue with this is that just because a VPN company says it doesn’t keep any logs, it doesn’t mean that’s true. None of us can ever know for sure whether a VPN company is truly “no-logs,” but these VPNs are the ones we feel most comfortable with.
Don’t Use Free VPNs
There’s no such thing as a free lunch! If a VPN does not charge you any money, it needs to make revenue elsewhere. Selling your information to advertisers and other third parties is one way. While there may be safe free VPNs out there, we have yet to find one that we trust. Read our article on free VPNs before you even consider using one.
The main issue here is that free VPN providers have many reasons to store your information. Over and above that, they hardly ever own their server and network infrastructure, making them more vulnerable to breaches. In the end, you get what you pay for.
Don’t Give a VPN Provider Real Information
Another option you have is to set up an account with a VPN without giving them any real information about you.
Use a made-up name. Use an isolated email account that’s not linked to anything else you are using. So if that specific VPN service does get compromised, they never had any of your real information anyway.
Segment Your VPN Usage
When VPNs do keep information on their users, and it falls into the wrong hands, it can often be tied to a specific person by cross-referencing it with other information. You can muddy those waters a little by using more than one VPN and using them for different purposes.
For example, if you’re going to visit the Dark Web, use one VPN. Possibly one with additional security measures such as zero-knowledge encryption. By splitting your internet usage between multiple VPNs, you might be able to disrupt the possibility that the information kept by either service can compromise you because it’s not the whole picture.
Use Good Password Discipline
Of course, some of the protection against VPN data breaches resumes pretty much to the same things you should do to protect against data breaches in general. Chief of which is being responsible with passwords.
Make sure the password you’re using is unique to your VPN. If possible, use a dedicated email address for your VPN and make sure you employ a strong password that’s been generated by a reputable password generator. This will make the password much harder to crack using brute force methods following a VPN data breach.
Consider Virtual Machines and Tor
A VPN provider can get more information from you than you necessarily want to give them. When you visit the VPN provider’s website, it can scrape information about your computer and many other details that can then be linked to your account behavior. Once again, this depends on the VPN company’s policies and whether they stick to them, but it’s a risk. On top of that, they still see everything that your ISP used to see, in case you’ve forgotten.
To get around that, you might consider going a little deeper with the subterfuge. Use the Tor Browser through your VPN tunnel for another layer of protection. The VPN can see that you are accessing Tor, but they can’t see which sites you’re visiting, and the websites you visit through Tor don’t know that you’re using a VPN either. Usually, when just using a VPN, the IP address of the VPN exit server is visible. That at least identifies you as a customer of that VPN.
Doing your browsing from a virtual machine also helps mitigate the chances that your specific computer’s unique information gets captured. So, it’s another layer of protection to consider.
There Is No Perfect Defence Against VPN Data Breaches
Whether it’s a VPN, encryption, or passwords, there is no such thing as perfect protection. You always need to accept the possibility, however remote, that your security will be breached somehow.
The only way to completely avoid VPN data breaches is not to use VPNs and then not use the internet. If that’s not acceptable, then we all have to know and take the risks. The best you can do is minimize the chances it will happen to you or how much damage occurs if you do fall foul of nefarious hackers.