We often use VPNs to obscure our identity online. This opens the door to region-locked content, and more importantly, it hides our activity from companies who collect and sell private data. There’s just one awkward fact to consider; your internet service provider (ISP) also collects private data, and it knows that you’re using a VPN.
Don’t be scared—VPNs are perfectly legal, and your ISP won’t punish you for using one. But your ISP isn’t your friend. And yes, it sees some interesting stuff when you use a VPN.
If you live in the United States, your ISP is legally allowed to collect and sell your browsing data. It can build a “profile” of your individual activities (even in a large household) by tracking your IP address, web activity, and other markers.
This is a violation of your right to privacy. But it’s perfectly legal, as are many other forms of web-based data collection.
Regions outside the US tend to place greater restrictions on ISPs. If you live in Canada, the EU, the UK, or Australia, your ISP cannot collect or sell your data. Still, ISPs in these regions can observe your web activity, and they’re obligated to report anything that violates regional law.
So, regardless of where you live, your ISP can access your web activity. Existing laws and regulations aren’t strict enough to ensure complete privacy, hence the need for a VPN. (This is especially true when using public hotspots, which place an extra pair of eyes on your web data.)
A VPN or Virtual Private Network tunnels your web activity through a remote server. This fulfills two tasks—first, it allows you to hide your IP address and location from websites. If you connect to a VPN server in the UK, for example, then websites will think that you’re located in that region.
Spoofing your location could give you an extra layer of privacy, as it reduces the amount of real data that websites and advertisements can collect. It may also grant you access to geo-locked content, like videos on BBC or South Korean Netflix exclusives.
But a VPN doesn’t just obscure your identity. It also provides a “secure tunnel” for your web activity.
Data sent between your computer and a VPN server is encrypted, effectively blocking all activity (including downloads and uploads) from your ISP. These encryption systems are often “military-grade,” meaning that they are impossible to decrypt using current technology.
When you connect to a VPN server, your ISP is the one who establishes and maintains that connection. Needless to say, your ISP knows when you use a VPN, and it may take note of that information for advertising purposes.
Your ISP can also see how much data you download or upload when using a VPN. But here’s the good news; all of that data is encrypted. If your ISP tries to find out what you’re doing behind a VPN, it’ll see nothing but a bunch of nonsense data.
Decrypting that nonsense would take an eternity. Powerful governments might have advanced decryption tools, but your ISP does not.
To be clear, VPNs are legal in nearly all countries. They are a legitimate security tool, and they’re utilized every day by corporate and government employees. Your ISP can’t do anything about your VPN usage, and it probably doesn’t care that you’re using a VPN.
Bear in mind that VPNs aren’t idiot-proof. If you don’t know how to use your VPN, you could easily expose your web activity to your ISP. I suggest using secure protocols like OpenVPN and WireGuard, enabling your VPN’s kill-switch (which will turn off certain apps if the VPN crashes), and reading the instructions on your VPN provider’s website.
The benefits of using a VPN are obvious. You get to hide browsing activity from your ISP, obscure the usable data collected by websites, and unlock region-restricted content on streaming services.
Unfortunately, using a VPN doesn’t guarantee privacy. Websites can still identify you and collect your data using trackers and cookies, and if you use a VPN incorrectly, you could accidentally expose your activity to your ISP.
You can also get screwed by your VPN provider. This is why it’s so important to research security tools before using them—a VPN provider can see everything you do while using its service, and it may collect this data to work with advertisers or comply with subpoenas. (And if such a VPN provider is the target of a data breach, its customers could have their identities stolen.)
So, I suggest finding a VPN provider that meets the following standards:
- A No-Logs Policy: A VPN that collects data isn’t safe or private.
- Independent Audits: Outside companies must audit a VPN provider to ensure that it isn’t lying to customers.
- Modern Protocols: Find a VPN that supports “military-grade” encryption with tunneling protocols like OpenVPN and WireGuard.
- A Clean Track Record: If a VPN was the victim of a data breach or was caught lying to customers, then it isn’t serious about security.
If you want additional peace of mind, some services go a step further. Mullvad VPN, for example, operates without user accounts and only accepts one-time payments. This significantly reduces the amount of customer data held by Mullvad—in the event of a data breach or subpoena, there’s hardly any information to collect.
Whatever VPN you use, please make sure that it meets the criteria listed above. Otherwise, it has less respect for your privacy than your ISP.