We often use VPNs to hide our identity online. This opens the door to region-locked content, and more importantly, it hides our activities from companies that collect and sell private data. There is only one inconvenient fact to consider; your internet service provider (ISP) too collects private dataand he knows you are using a VPN.
Fear not: VPNs are perfectly legal and your ISP will not penalize you for using them. But your ISP is not your friend. And yes, it sees some interesting things when you use a VPN.
Your ISP watches everything you do online
If you live in the United States, your ISP is legally allowed to: collect and sell your browsing data† It can build a “profile” of your individual activity (even in a large household) by tracking your IP address, web activity, and other flags.
This is a violation of your right to privacy. But it’s perfectly legal, like many other forms of web-based data collection.
Regions outside the US tend to place greater restrictions on ISPs. If you live in Canada, the EU, the UK or Australia, your ISP cannot collect or sell your information. Still, ISPs in these regions can: to observe your web activity, and they are required to report anything that violates regional law.
So no matter where you live, your ISP can: access your web activity. Existing laws and regulations are not strict enough to guarantee complete privacy, hence the need for a VPN. (This is especially the case when using public hotspotsthat put an extra pair of eyes on your web data.)
How does a VPN protect you from your ISP?
A VPN or Virtual private network tunnels your web activity through a remote server. This performs two tasks: First, you can hide your IP address and location from websites. For example, if you connect to a VPN server in the UK, websites will think you’re in that region.
Faking your location can give you an extra layer of privacy because it reduces the amount of Real information that websites and advertisements may collect. It can also give you access to geo-locked content, such as videos on BBC or South Korean exclusive Netflix.
But a VPN doesn’t just hide your identity. It also provides a “secure tunnel” for your web activity.
Data sent between your computer and a VPN server is encrypted, effectively blocking all activity (including downloads and uploads) from your ISP. These encryption systems are often “military rank”, meaning they are impossible to decrypt with current technology.
Does your ISP know you are using a VPN?
When you connect to a VPN server, your ISP is the one who establishes and maintains that connection. Needless to say, your ISP knows when you’re using a VPN and can record information for advertising purposes.
Your ISP can also see how much data you download or upload when using a VPN. But here’s the good news; all that data is encrypted. If your ISP tries to figure out what you’re doing behind a VPN, it’ll see nothing but a bunch of crap data.
Deciphering that nonsense would take forever. Powerful Governments power have advanced decryption tools, but your ISP does not.
To be clear, VPNs are legal in almost all countries. They are a legitimate security tool and are used every day by corporate and government employees. Your ISP can’t do anything about your VPN usage and it probably doesn’t matter that you use a VPN.
Keep in mind that VPNs are not idiot proof. If you don’t know how to use your VPN, you can easily expose your web activity to your ISP. I recommend using secure protocols like OpenVPN and WireGuard, enabling your VPN’s kill switch (which disables certain apps if the VPN crashes), and reading the instructions on your VPN provider’s website.
Remember VPNs don’t guarantee privacy
The benefits of using a VPN are obvious. You can hide your ISP’s browsing activity, hide the useful data collected by websites, and unlock region-restricted content on streaming services.
Unfortunately, using a VPN does not guarantee privacy. Websites can still identify you and collect your data using trackers and cookies, and if you use a VPN incorrectly, you could inadvertently expose your activity to your ISP.
You can also get screwed by your VPN provider. That’s why it’s so important to research security tools before using them: a VPN provider can see everything you do while using their service and can collect this data to work with advertisers or comply with subpoenas. (And if such a VPN provider is the target of a data breachcan be stolen from its customers’ identities.)
So I recommend looking for a VPN provider that meets the following standards:
- A no-logs policy: A VPN that collects data is not secure or private.
- Independent audits: Third party companies should check a VPN provider to make sure it is not lying to customers.
- Modern protocols: Look for a VPN that supports “military-grade” encryption using tunneling protocols such as OpenVPN and WireGuard.
- A clean track record: If a VPN has been the victim of a data breach or caught lying to customers, then security isn’t serious.
If you want extra peace of mind, some services go a step further. For example, Mullvad VPN works without user accounts and only accepts one-off payments† This significantly reduces the amount of customer data in Mullvad’s possession – in the event of a data breach or subpoena, there is hardly any information to collect.
Whatever VPN you use, make sure it meets the criteria above. Otherwise, it has less respect for your privacy than your ISP.