If you’re an avid user of YouTube, your favourite content creator has probably inserted a sponsor section for some VPN client at some point.
“This video is sponsored by NordVPN. Staying safe online is an ever growing difficulty and you could be exploited by hackers. NordVPN allows you to change your IP address, making you harder to track, securing your privacy. Check out the link in the description to get 20% off for the first two months and thank you to NordVPN for sponsoring this video.”
So, is there truth behind these claims? Let’s get into it.
What is a VPN?
A VPN, or Virtual Private Network, is a means to connect to another network utilising cryptographic technologies, allowing you to access resources or applications in that remote network. Initially, the idea behind VPNs was to enable remote workers to access company resources and perform their work.
They were of a replacement over expensive leased lines and dial-up connections. Each remote worker that needed to access resources would require an additional line into their home that is paid for by the company that provides direct access to the company’s network. Imagine this in a company or organisation that has a high-turnover of staff or is scaling up rapidly, it's simply not workable.
This is where VPNs come in.
VPNs are a cost-effective way to access the company infrastructure without the requirement of individual lines for each user. Instead, typically, a company laptop is issued to the employee with a VPN client and is set up to access the network at the company end once authenticated. Once a VPN client authenticates, it creates a tunnel over the public internet from the laptop to a company network concentrator, allowing access to resources.
What makes a VPN tunnel secure is a bit more complicated, utilising different tunnelling protocols (IPSec, WireGuard, etc), Encryption Algorithms (like AES) to encrypt the data being sent, Key exchanges and Authentication, Integrity Checks and more. This is out of scope for this article, but if anyone is interested in the nitty gritty of this, please let me know and I’ll be more than happy to write an article diving deeper into this.
That all sounds great, right? But what about your general member of the public who wants to purchase a VPN product for their personal use? Doesn’t all of this benefit them?
Do VPN Providers like NordVPN, SurfShark Secure My Traffic?
Yes and No.
If you had asked me about 10 years ago, I’d have come back with a resounding YES. There was a public fear that if you were to go to McDonalds or Starbucks and utilise their Wi-Fi to access the internet, access your bank, that you could be “hacked”. With this in mind, it was pretty common place to utilise VPNs ensuring your traffic was encrypted and safe from prying eyes.
So why the change now? 99.9% of websites and services you access now utilise HTTPS (little lock typically in your browser bar) and SSL/ TLS connections for data encryption. Unless you’re accessing Joe Bloggs' random website that hasn’t been updated in 5 years that looks like a Teletext page, you’ll be just fine.
Each of your connections to your bank, 99.9% of websites and services are secure, even on public networks. Therefore, your location and activity are irrelevant; nobody can inspect your data or steal information when you access your bank and other services.
The only valid concern I can see in the instance, specifically when accessing web services over public Wi-Fi is more than likely, your DNS (Domain Name Service) queries are not secured unless you’re using an external DNS provider such as NextDNS or others, and configuring your connection to utilise these DNS providers or their profiles.
But doesn’t it hide what I access from the company, public Wi-Fi or my ISP?
Yes, but it's not as simple as that. When using these VPN providers to access services and websites, all you’re simply doing is changing the exit point of your traffic. If you were to access your favourite questionable content from public Wi-Fi or home and you tried anonymise yourself from that Wi-Fi or your ISP, you’re simply securing the traffic from you to the VPN provider.
The VPN provider will have a full view of the services you’re accessing. So don’t assume that because you’ve not got this highly advertised VPN service that you truly are now secure and data is private. All you’re doing is pushing the content you access to someone else’s network. Whether they log that information, utilise it to collect data on your and more is a greater question and varies among VPN providers.
Are these Paid VPN Services Truly Secure and Private?
In some ways, they can be, in some, no. A lot of these VPN providers tout zero-logging, which means these companies do not keep any logs or data you’ve sent through their servers. In reality? That depends.
PureVPN and IP Vanish, for example, advertised the fact that they were “zero-logging” service. However, they were discovered secretly storing the data their users transmitted.
NordVPN, as another example, hasn’t been found to store logs or data, but has suffered major server breaches previously.
Free VPNs?
This, I’ll keep short. Do not use VPN apps or providers that are free. There is a reason these services are free. You are the product.
Your data and everything you send over these connections are more than likely being captured for these providers' own use. Whether they sell it to advertisers, use it to manipulate your traffic and try to get sensitive information, these providers are never truly free.
Valid Uses for VPNs
I get it. I wrote up a complete load of doom and gloom across this entire article, but there are some positives and “legitimate” use cases for using a VPN.
Netflix and other streaming platforms Geolock content, meaning you can only access certain shows or movies in that specific region. This can be a hard lock of content, or simply a time-based lock where, for example, an episode of your favourite series may be available a week earlier in the USA than the UK. Being able to switch region will allow you to unlock this content, but these streaming providers are catching on this isn’t guaranteed to work.
Reduced media/ content pricing is also another reason some may decide to use a VPN. Spotify being an example of this. In certain regions, Spotify is over 75% cheaper depending on the region you’re in. Switching to one of these “cheaper” regions will allow you to subscribe to said services or offerings at a reduced rate. Many service providers and card payment services have detected this, so it's not guaranteed.
In the US right now, adult content is being blocked in certain states. Even ProtonVPN saw a massive uptake in its services following this ban, as to bypass this restriction is as simple as opening up a connection to an alternative state or country and the service is unlocked. Not just this, but with the incoming ban on TikTok in the US, we’re seeing more and more users seek the need for these services.