Interest in VPNs has been growing steadily, several providers reported, since President Trump took the oath of office in January. That interest has been driven largely by news of attacks by foreign hackers, government surveillance and, most recently, a bill Trump signed into law this month that would scrap rules meant to force Internet providers to get permission from customers before collecting and selling their data.
While a well-vetted VPN can protect its customers’ data from Internet providers’ prying eyes, privacy advocates said, signing up with an untrustworthy VPN provider can further imperil your information.
What VPNs do is put a middleman between your device and the websites you visit so that your personal device’s identity, which can be tracked using a series of numbers known as an IP address, is not directly tied to your Internet activity.
Routing Web traffic through a secure private network makes it seem as if the VPN is doing the browsing, not you. It can help conceal your identity, location and other personal markers from websites, Internet providers, government, workplace monitoring systems and hackers.
Internet providers like Comcast and AT&T, which have long opposed government regulation, argue that they are unfairly targeted while tech giants like Google and Facebook make billions every year from selling user data.
The now-dismantled Federal Communications Commission regulations were drafted to prevent Internet providers from selling information on their customers’ finances and health, app usage history and browsing history. Internet providers can collect and sell this data to advertising and marketing firms unless explicitly told to stop by consumers.
Several small Internet providers like Santa Rosa’s Sonic have begun looking to emphasize consumer privacy as a way of distinguishing themselves from larger competitors. Some, like Sonic, are incorporating VPN services in their customer offerings.
Using the VPN, Sonic customers can connect to its network when they’re away from home — such as at work, a cafe, hotel or airport that may rely on a less privacy conscious provider.
Evan Greer, the campaign director at privacy and technology activist group Fight for the Future, said using a VPN becomes especially important in public spaces such as these because hackers can break into your device using the shared, often unsecured, network.
“Whether it’s the government or your Internet (provider) or that creepy person who followed you into the coffee shop, they can all access your information if you’re not taking other precautions to protect yourself,” Greer said. “Look for a VPN that maintains no logs and (is) outspoken on issues of privacy. ... Those that have been a part of privacy fights in a public way.”
Though routing personal data through a VPN’s server may hide it from the outside world, it also gives the VPN provider near unfettered access to personal and identifying information.
Some VPN providers track and record user information, enabling them to sell that information to the government, bad actors or other companies, like the very Internet providers many consumers are seeking to evade. Others keep no records.
While paying a monthly subscription fee may be a turn-off for some users, privacy experts said, free or ad-supported VPNs can be dubious.
“If you look at VPNs out there, most of them don’t disclose who’s behind the company, don’t disclose the management team, don’t disclose the investors, don’t disclose what they’re using people’s information for if they track it,” said David Gorodyansky, CEO of Menlo Park-based VPN provider AnchorFree. “People have a really hard time trusting an app that says they’re going to protect you if they won’t even disclose the details of the company itself.”
AnchorFree, which has amassed more than 500 million customers since it started 2005, prefers to call itself a “privacy company” because, Gorodyansky said, that’s what it sells: consumer privacy.
“We make sure our users are anonymous online, not just to bad guys, but also to governments, companies and even to us,” Gorodyansky said. “As a large Internet service provider, we get (court orders) for people’s information all the time. But we don’t keep those logs. So our answer is always the same: We’d love to help you, but we can’t.”
Gorodyansky said the company typically sees spikes in downloads following big events like the Arab Spring of uprisings in the Middle East and, most recently, the U.S. presidential election.
In a recent survey of users, Gorodyansky said, the company found that 84 percent are “more concerned with privacy today than they were a year ago.”
He attributes this attitude to several factors: high-profile hacks, like the Russian-led attack on Yahoo; increased awareness and concern of government surveillance; and the Trump administration, which 64 percent of users cited as a point of concern.
“Look, we’re spending all this time on the Internet, and it’s only going to become more and more,” he said. “People are concerned that their personal data could be bought on an open exchange. That could compromise personal data, corporate data, health data, you name it. That’s really bad. But the positive thing is consumers are finally waking up to say, ‘Look, the government isn’t going to protect us. Fine. We’re going to protect ourselves.’ ”
Marissa Lang is a San Francisco Chronicle staff writer. Email: mlang@sfchronicle.com Twitter: @Marissa_Jae
What is a VPN?
Signing up for a VPN on your smartphone, tablet and computer can help secure your personal information from being tracked by Internet providers, the government and criminals. But choosing a VPN may not be as simple as it sounds.
What does a VPN do?
Normally, when you’re perusing the Web, an Internet service provider helps to route traffic from your devices to each website you visit. In doing so, service providers like Verizon and Comcast can see what device you’re using, based on a unique string of numbers assigned to your phone and computer known as your IP address. They can also see what websites you visit, where you’re located and how much time you’re spending online.
Using a VPN helps to conceal certain information from the Internet provider and any hackers or spies that might intercept your data.
When you connect to a VPN server, all Web traffic from your device gets routed through the VPN provider’s own Internet connection. That means that while you’re using the VPN, all your Internet service provider can see is the VPN server’s IP address. It cannot track which device you’re using, where you are or what websites you’re visiting.
VPNs are especially recommended while using public Wi-Fi networks at airports, coffee shops and hotels, where you do not know who the Internet service provider is or what they’re doing with your data.
Are VPNs safe?
Though there are many pluses to using VPNs to secure your information, not all VPN providers protect your data with the same amount of diligence. In recent weeks, several fake VPN companies have cropped up, in an effort to take advantage of spiking interest in data privacy by conning people into signing up for their service, which would then take user data and sell it.
Be wary of free or ad-supported VPN providers and those that are new to the market. Look for VPN services that have encrypt data end-to-end and do not record or keep any customer information. Most reputable VPN services will cost a small fee per month. Look for those that have been in business for more years and have a history of privacy advocacy.
VPNs are not a cure-all
Though VPNs are a good step toward keeping your information safe from prying eyes, they will not address all security concerns. If you have weak passwords, for instance, a VPN can not keep hackers from gaining access to your devices or various accounts.
Strong passwords generally consist of a unique alphaneumeric code of 8 or more characters that is not repeated across devices or accounts.
Several privacy groups provide consumers with online tools that can help amp up your privacy, including Fight for the Future’s privacy tutorial, Get Safe, found at www.letsgetsafe.org.
©2017 the San Francisco Chronicle Distributed by Tribune Content Agency, LLC.
