By Tabby Farrar
Tabby Farrar is a researcher and copywriter whose professional work covers topics like corporate cyber security and consumer technology. You can find her on LinkedIn.
With the attacks on net neutrality in the US and Theresa May’s ‘snooper’s charter’ in the UK, it is no surprise that the general public’s awareness of online security and the protection of personal data has significantly grown over the last few years. With it, interest in VPN services has also increased.
From online banking passwords to protecting personal information, there is a lot that the average person needs to keep secure online. The inclusion of a VPN service alongside antivirus and a firewall in the typical home security setup is becoming increasingly common.
How does a VPN work?
A Virtual Private Network will help to protect your data and privacy through a process known as ‘tunnelling’. Like a car going through tunnel, you will be seen entering and exiting, but nothing you do while inside can be seen externally.
As well as masking your IP address with their own, VPN services also provide end-to-end encryption. This will turn your data into a string of unintelligible letters and numbers that can only be decoded when it arrives at its destination. Should an unwanted third party access your information at any point on its journey, all they will collect are indecipherable encryption keys – not your sensitive information.
However, the increasing popularity of VPN services has not been ignored – hackers are taking notice and new scams are always popping up, including fake VPN services. While they may appear to be protecting you, they could actually be collecting all of the information you are sending. So how do you spot a fake?
Many services make bold claims, but these should never be taken at face value. For example, if the ‘About’ page is littered with superlatives like ‘most secure’, it should be treated with suspicion. Similarly, reviews and recommendations on their own site should be treated as untrustworthy.
Instead, look for customer reviews, tech site test reports, or any other third-party opinions to help you make a decision. Reading personal reviews will not only give you a feel for the company’s legitimacy, but will also allow you to read about the company from a user’s perspective.
No company is perfect, and so be wary of any that appear to have flawless, glowing recommendations as they could well have paid for positive reviews.
A huge marketing element for a tech company is the use of social media. If the VPN service you are investigating does not have a significant Twitter and Facebook following, or it seems to be automatically updated without human input, these are big red flags.
In most legitimate companies, social media is regularly used as a way to contact customers directly. A lack of consumer interaction is another key sign that their service may not be totally legitimate.
Check with customer support
Legitimate VPN services are likely to have a wide-ranging customer base that includes people who are new to using their services. For this reason, many provide themselves on the range of customer support options they have and the speed with which they deal with enquiries.
A quick and easy way to test a service’s legitimacy is to contact their customer services. A swift reply and a human conversation – be it through email, telephone, direct messaging or forums – is an excellent sign of the company’s care for their customers and legitimacy.
Despite the heated online debates, data logging is not only a common practice with VPN services, but in many regions of the world is a legal requirement. The question that needs to be asked is what data is being collected.
Many services keep Connection Logs. This simply records when users log into the service, how long they are connected and the amount of data they transfer. This data is used to troubleshoot issues with the service and keep track of accounts with monthly data allowances and has a legitimate purpose.
On the other hand, any provider that collects Usage logs should be avoided immediately. This is an admission that any data you send using the service, including your browsing history, could be collected and sold to third parties.
To make sure your provider is legitimate, be sure to read the small print closely.
Consider the cost
While many legitimate free VPN services do exist, you should not expect anything for nothing. High quality service, support and security cost money and you should expect to pay a small subscription fee.
Many free services make their money in other ways, including collecting user data and selling to advertisers and other third parties. This undermines the whole point of having increased protection for your data.
Whether they are safe or not, avoiding services that are sold as being free or offering lifetime subscriptions is a good way to keep your data secure.
It might feel like there are a lot of pitfalls when choosing a VPN service, but the simplest tip is to use your gut instinct. If a service is making you feel that what they offer is too good to be true, or you feel something is out of place, this is a great indicator that the service is either not legitimate, or is not going to be the right provider for you.