Sneaky ways your VPN is watching you By Will Wisser Posted on June 1, 2019 2 min read 0 30,223 Normally, you count on a virtual private network (VPN) to protect your identity and activity while you’re on the internet. But, what if your VPN is the one tracking your every move? That’s just what Hotspot Shield is charged with by The Center for Democracy & Technology, a consumer watchdog group based in Washington DC. Although they claim to take a “zero knowledge approach“, the Hotspot Shield is accused of redirecting users’ activity to advertisers they’re affiliated with. The idea that the services you rely on for secure browsing and streaming may be selling you out to third-parties, government agencies, and even potential hackers probably shocks no one but the truth still sticks in the craw. How do you know if your VPN is leaking information, or worse yet, selling it, and what can you do to put a stop to this practice? Signs Your VPN Provider is Selling You Out First of all, know where potential leaks are originating. The most common is your IP address when it’s unmasked. However, you can also be exposed when: You perform a DNS lookup You’re using a TOR-over-VPN or VPN-over-TOR configuration when you first log on or come out from the exit node You check your email on an a clearnet platform from TOR There are a few simple ways to check for leaks, and a handful of tools that allow you to dig a little deeper into your VPN. Start by Googling the name of your service provider with the appendage “logging”. This seems deceptively simple. But, if anyone is talking about it or complaining online, this search lets you know. Next, check into their technology. Does their encryption standard measure up to their promises of privacy and security? They should have AES 256-bit encryption and authentication using SSL, and WebRTC detection. That’s the minimum. But, even with strong encryption and all the other bells and whistles, they can still be retaining your information. Finding the Leaks That’s where leak detection tools come in handy. There are several that are available for free online. Here’s an overview. The first is a tool called IPLeak. You can check for VPN leaks by first visiting this website without VPN coverage and watch as it tells everything about your IP address and current location. Now, leave their website, sign in to your VPN, and re-visit IPLeak. If you see any of the same information, your VPN is a sieve. The next testing tool catches leaks that IPLeak missed. It’s called DNS Leak Test, and you can perform a check in the same manner as IPLeak. If either of these testing platforms turns up a problem, your VPN service provider has some ‘splaining to do. How to Choose a Trustworthy VPN Service Most of us are concerned enough about online security to learn about those areas of the internet that are dangerous. How do we know which service providers are dishonest before we sign up for their service? First of all, avoid free VPNs. Businesses gotta make money somehow, and free services are the first ones to try to make a little passive income at your expense. They do this by throttling your connection to slow you down enough to beg for their premium service, limit bandwidth, and other tricks get you to decide to pay for their “premium” service. And even a healthy number of those that claim they don’t keep logs or retain data on their customers have been caught double-dealing. Be aware that some paid services also do this. Where does that leave consumers? Before you head straight to a VPN website, you should check out websites like the community-supported research group HostingCanada.org, which tests and ranks different VPN service providers on a variety of features, including logging policies. This is probably the most effective way to narrow a field of hundreds of choices down to a handful of legitimate contenders. Ultimately, a lot can be said for good old reputation and longevity. Unreliable companies don’t usually remain in business for very long. Other Considerations When it comes down to choosing, there is more to ponder than price, though the most trustworthy companies plainly state their prices and details of their plans on their website. You should also easily be able to locate a physical address and phone number. Also look for: A strict no log policy, including all activity, identifying information, and log in or out times Military-grade encryption like the AES 256-bit standard Strong SSL authentication and DNS leak protection A large number of servers and locations Physical location outside the oversight of 5, 9, and 14 Eyes Alliance countries In some cases, using a VPN can actually do more harm than good. Most people are law abiding citizens who just want to protect their privacy and prevent malicious actors from hacking their computers. Maybe they want to stream movies when they’re in another location. But, the mere fact that you’re using a VPN can bring you under government scrutiny. Final Thoughts With more than one-quarter of all those who venture online now using a VPN, it’s become a technological force to reckon with. Rising use means more profit potential and more companies entering the field with perhaps less than honorable intentions. Some are straight shooters who intend to do business the right way and others are looking for a quick score and don’t care whose browsing habits and personal information they divulge on the way to a buck. Your best bet is do your due diligence in research. Once you’ve made a choice, check up on their performance regularly with leakage tests and monitor the logging policy fine print for changes.