VPN creates a secure and private tunnel between the user’s device and the distant server which is connected to Internet, thus securing your outgoing and incoming data from interception and snooping. The tool was majorly used by employees to access remotely their company network through a secure channel. Now, this tool can be used by anyone for securing their private network or a coffee shop connection etc.
Privacy Risks
This complete dependency on another company which is not your ISP could have its privacy risks. A VPN operator can access all the traffic just like your ISP provider when not using the VPN. They could see which sites are accessed and read or modified. Any traffic which is unencrypted can be read by them, or in extreme cases they can even redirect the traffic to malware or phishing sites etc.
Ian Goldberg, a professor and expert cryptographer from the University of Waterloo explains that any VPN system which has not even promised to retain or record data could still be compromised in three ways. They could be prone to lying, get attacked by any third-party or get compelled legally to collect information.
Privacy Policy
TunnelBear, a VPN service company recently changed its privacy policy. Ryan Dochuk, the co-founder at Tunnelbear explained that they had decided to minimize the size of data collected and make transparent the privacy policy to fully aware their users about which information could be collected and its reason.
Almost all online services collect some form of data from their users. VPN service however is committed to protect a user’s privacy, therefore they are restricted in the information they collect. As a rule VPN services do not log their user’s activities or browsing habits. However there could be many VPN companies that just give access to restricted foreign sports or video streaming websites, and it’s possible that they collect data and track activity.
Keeping Logs for Technical Purposes
Keeping logs can be important for many reasons to a company. It helps in improving the existing infrastructure of the network. Logs could also help in detection and prevention for fraud. The user’s email id will be stored by most services for subscription purpose and for sending information pertaining to promotions and payment etc.
Keeping little information is helpful not only to the users but also legally secure for the company. If a law enforcement agency asks any VPN service provider for information and data, or a hacker tries to gain access, they would not find anything as there will be no data present.
Unauthorized Data Sharing
Tunnelbear stores data for operation purposes, like if a user was active this month etc. In internet terms, this data is quite harmless and not a breach of a user’s privacy.
Beyond this, logging could get murky. Some companies store IP addresses, whereas some services share user’s email Ids with marketing agencies or worse provide user statistics.
Future of VPN Services
Cyberghost VPN claims that they don’t keep any logs or data. In fact they had to conduct anonymous surveys for promotional and marketing reasons as they have no idea about the demographics of their users.
TunnelBear plans to take it further and provide access to their users to all the stored data they have on them. This would be a radical step towards transparency.