VPN. It stands for Virtual Private Network, and it's a service that encrypts your internet traffic and protects your privacy online. With a VPN, you can securely access apps, websites, and entertainment platforms from anywhere in the world.
As your traffic is encrypted, it can't be snooped upon by your ISP or a government. It hides your IP address, and allows you to appear to be located in other countries, letting you bypass restrictions that limit access to sites only by users in certain countries. It also lets those in countries where blocks are in place to access content that they wouldn't otherwise have access to.
A VPN encrypts your traffic on public Wi-Fi networks, making the use of public Wi-Fi safe from hackers who might otherwise be trying to harvest information that would otherwise be publicly transmitted over a public Wi-Fi connection.
The question is whether you can trust today's VPNs to do what they are saying they do, what type of features are on offer by different VPN companies, the number of concurrent users and devices that can be connected to a single account and more.
Now, the VPN that I personally use and pay for is the log-free NordVPN (affiliate link), and NordVPN has been at the forefront of popularising VPNs for many years. Impressively, the company also recently engaged the services of Troy Hunt, who runs the well known "Have I Been Pwned" website, which lets you type in your email address to see if it has been compromised in a data breach online.
Chances are very high that your email address and a password that you have used in the past has been exposed, and if you type in your email address and it comes up as having been found online, then I hope you have been using different passwords on each site so that one breach doesn't expose you across the entire Internet.
Typing in my own email address at Hunt's Pwned site shows that it has been found in the data dumps of 12 sites, which are pretty much all the well known ones, including the Adobe, MySpace, Canva, Gawker, MyFitnessPal, ShareThis, StratFor and other breaches.
Hunt recently partnered with NordVPN as a Strategic Advisor to help NordVPN further improve its cybersecurity practices, and in a world where the "bad guys" are extremely incentivised to hack their way to illegal profits online at the expense of all of us, the "good guys" working together as closely as possible to fight back and help us all continuously upgrade our security and protect ourselves is a great thing.
Now, while not every Internet user is yet using a VPN, one of NordVPNs recent surveys showed that "no less than a third of the population in the US, Canada, UK, Germany, France, and Belgium are already familiar with the notion of a VPN service", and when NordVPN and Norton are widely advertising their VPN and security services on Australian TV, with Norton a regular advertiser on commercial radio, the argument for increasing commoditisation of VPN usage can clearly be made.
Hunt himself wrote an excellent blog post explaining the value of a VPN, where he said: "I expect demand for VPNs will grow as people become more conscious of increasing cybercrime issues. That combined with greater awareness of the privacy issues of browsing the web without a VPN will increase adoption rates".
Hunt also pointed to a range of VPN apps that leaked the personal information of 20 million users, representing 1.2 terabytes of data, many of which claimed to be "no log" VPNs that clearly weren't, and many of which had very high ratings on the Google Play and Apple App Stores.
But one of them is literally called “Secure VPN”, how is this possible?!— Troy Hunt (@troyhunt) July 20, 2020
“Are You Using These VPN Apps? Personal Info Of 20 Million Users Leaked: That’s 1.2TB Data” https://t.co/BPDww70Pgo
Thus it's clear that the VPN you choose matters deeply if you truly want security and the ability to trust your VPN provider, and that the times when a VPN was exclusively meant for businesses and tech geeks are long gone.
What are the three main reasons stimulating this growth? They are cybercrime, advertising, and government surveillance, which we'll now explore in greater detail.
NordVPN tells us that the number of malware and ransomware attacks spiked by 25% between Q4 2019 and Q1 2020. Cybercriminals have been successfully targeting financial services too. For instance, just recently NTT Docomo Inc. reported that the total amount of money confirmed to have been stolen in recent hacks of its Japanese e-money service has increased to 25.42 million yen in 120 cases.
Hunt tested the trustworthiness of his banking service and found that “the initial request from the browser is still sent insecurely over HTTP so everyone along the way not only sees where the traffic is going, but can also read and modify the contents of it so again, from a privacy perspective, not good.“
The go-to-market rush results in unstitched security holes on platforms that internet users are entrusting their private data to. “Security shortages of online services, in combination with users’ poor cyber hygiene habits, create the perfect conditions for cybercrime to blossom,” says Tom Okman, founder of NordSec, the company behind NordVPN.
NordVPN surveys show that 80% of VPN subscribers use the app primarily for privacy and security reasons. This comes as no surprise: people are getting more and more concerned with the startling number of governments deploying advanced tools to identify and monitor users.
Of the 65 countries assessed by FreedomHouse, 33 have been on an overall internet freedom decline since June 2018. And this applies not only to China and other repressive regimes: internet freedom has been declining in the US for three consecutive years, as law enforcement and immigration agencies have expanded their surveillance and the internet has been flooded with disinformation.
Hunt reminded us: “It’s hard for a VPN to protect you from disinformation, but it goes a long way to mitigating the risks of being surveilled.”
The policies and transparency of VPN service providers are becoming more and more important. “If a VPN provider is true to its policies and meets certain standards, there is a big chance it will take care of privacy and security better than an ISP, which collects detailed information on users’ online presence and must submit it to the government if the latter requests so,” said Okman.
Ninety percent of users find targeted ads annoying. Targeting requires a thorough analysis of the user’s behaviour and interests. And sometimes it can go overboard. For example, Target, a wholesaler, managed to find out a teen girl was pregnant before her father did just by identifying a shift in her purchase behaviour and sent her a pregnancy clothing coupon. Unconscious overexposure and extensive tracking online can be protected with premium VPN solutions equipped with ad-blocking features.
“The privacy implications don't stop with the site you're visiting, they cascade all the way down the stack of requests that follow that initial one", said Hunt. "The point is that the privacy rights assured by a VPN are about a lot more than just protecting your source IP from being exposed to the website you're visiting; it goes well beyond that,” Hunt continued.
The new hot place in town
The VPN industry is becoming more precise in its value proposition and tries to expand the benefits of a VPN beyond the already established privacy and security. Tech brands are working towards becoming all-around cybersecurity solutions for their customers. Even Apple has made privacy-as-a-service their strategic goal. Covid-19 has also brought new players to the market — Google has recently launched a VPN challenger, BeyondCorp.
In Tom Okman’s opinion, new players contribute to the growth of the VPN industry and make everyone else want to improve. The bigger the number of competitors, the more cybersecurity awareness they spread among internet users. Big names like Google entering the VPN arena attests to the market’s solidity and importance.
“I believe that VPN will become a default service integrated into devices, requiring no additional effort from users. However, there are many decisions to be made before that happens. Businesses will have to find the balance between maintaining user privacy and not losing the ability to speak to their customers through advertising. A mainstream use of VPN services will make it harder to monopolise personal data and will leave at least certain aspects of privacy to the people. The solutions to these challenges will determine the pace, but not the course of the development of the VPN industry,” said Okman.
When choosing a VPN vendor, one must always think whom they are entrusting their privacy to.
Troy Hunt has a simple piece of advice: “VPN doesn't remove DNS or the ability to inspect SNI traffic, it simply removes that ability from your ISP and grants it to NordVPN instead. But then again, I've always said I'd much rather trust a reputable VPN to keep my traffic secure, private and not logged, especially one that's been independently audited to that effect.”