“Sponsored by [x] VPN!” It’s the phrase that seems to kick off every other YouTube video these days. But is your favorite influencer really keeping you safe, or just cashing in? While VPNs can enhance your privacy, they are not a magic bullet for security. It’s time to stop treating them as the ultimate solution for online safety.
What VPNs Actually Do – Privacy
Let’s first look at what a VPN is, how it works, and what they’re used for. A VPN, or Virtual Private Network, is a network that sits in between your computer and the web content you’re attempting to access. Normally, when your computer requests a website, it reaches out to the remote web server, identifies itself, and retrieves the requested content. With a VPN, your machine tells the VPN server what it wants, the VPN server reaches out to the website and identifies itself, then the remote server responds to the VPN, which forwards the data to your machine. Your actual IP address is never seen by the remote server, and prying eyes are unable to sniff the connection.
In the first scenario, a malicious individual on your local network, or a nosy ISP monitoring connections can see exactly what you are doing (with some limitations). In the second scenario, all the eavesdropper will see is a connection to the VPN server, they won’t see what actual data is being requested or received.
This is a very simple overview of how VPN servers work, but it’s enough to give the idea of how VPNs ensure your digital privacy by shielding the contents of your Internet activity from prying eyes.
So a VPN is important for privacy, but what about other security concerns? VPNs are not designed to identify malware, block suspicious connections, or protect against data breaches.
The False Security Narrative
It seems like every time I fall down a YouTube rabbit hole, I inevitably see a video sponsored by a popular VPN company, with the influencer claiming you can “protect your data from hackers” or “stay secure online.” I would love to dig into the actual numbers, but it’s certainly obvious that there’s an influx of these sponsorships across the platform, and they’re pushing VPNs as a one-stop solution for online security.
These claims, like VPNs protecting your data from hackers, are massive oversimplifications. As we addressed above, VPNs are great for privacy, but they’re not designed for the level of security required to actually protect data. They do not protect your devices from being compromised, nor do they secure your accounts or passwords.
What VPNs Can’t Do
So let’s look at what’s actually required for good online safety, and see why VPNs don’t check the boxes.
- No Protection from Malware: VPNs do not scan downloads or web pages for malicious content such as ransomware. They also do not monitor files on your computer or detect hidden processes. This type of protection would be provided by a comprehensive anti-malware solution.
- No Guard Against Phishing: A VPN won’t stop you from entering your credentials into a fake website. A VPN only encrypts and secures the connection through its server. It does not analyze the contents of the destination website to determine if it’s a phishing site. While there are tools available to help prevent phishing (such as email scanners to identify spoofed emails), the best protection against phishing is user education. Learning how to identify common scams and phishing attacks is the best defense against these.
- No Shield From Account Takeovers: If your password is weak or reused, a VPN won’t protect you from credential stuffing attacks. Additionally, a VPN doesn’t protect you if your data is exposed in a third-party data breach.
.Microsoft published a page on the safety and security of VPNs, which states: “A VPN may boast strong protocols and military-grade encryption, but that doesn’t mean it’s infallible. It can’t prevent cookie tracking, viruses, or malware, and it can’t protect against phishing scams. Data leaks could occur. But most pivotally, a VPN is only as secure as the company that runs it.”
Why the Misrepresentation is Harmful – VPNs Provide Privacy, Not Security
But what does it matter? Isn’t something better than nothing? And yes, like I said earlier, VPNs are great for personal privacy, so they do serve a purpose. But the misrepresentation of VPNs does a large disservice to everyone.
The key point is this misrepresentation leads to a false sense of security. Someone watches a video sponsored by some VPN company claiming to “protect all of your data.” That user purchases and installs the VPN, and might go about their days thinking they’re completely immune from cyber threats.
This false sense of security then leads to a neglect of basic security practices. If the user believes they are truly protected by the VPN, they put less focus on other elements of security such as strong passwords, using multi-factor authentication, keeping software updated, and performing anti-malware scans.
Finally, let’s look at the influencer responsibility. Do I believe the influencers pushing VPNs are malicious? Not at all. But I think this does highlight a need for influencers to properly vet sponsorship deals coming in. Influencers need to be aware of what a VPN can and can’t do. An influencer sponsored by a VPN company and talking about how it protects online privacy is fine. But when the influencer is making the VPN out to be an all-in-one security protection tool it becomes a problem. So for the influencers out there with VPN sponsorships, let’s take a look at why VPNs can be great.
When and Why You Should Use a VPN
VPNs serve many practical purposes within data privacy. Tunneling connections through a VPN can avoid issues such as ISP throttling and monitoring. They can also be used to ensure privacy when using public Wi-Fi hotspots, ensuring that malicious actors on the same network are not able to sniff out exactly what you’re doing online. Finally, VPNs can be used to access region-locked content. By connecting to a VPN in, for example, Sweden, a user might be able to access websites that are not available from other countries.
VPNs are great for personal privacy, and a good step to add for security in general. But we need to remember that this is just one piece of the puzzle when looking at security, and should not be what a user relies on solely for online protection.
Real Security Solutions to Consider
Other than VPNs, what else should we be doing to protect ourselves online?
Password Hygiene
To start, password hygiene is important. Make sure that you’re using strong, unique passwords, and not reusing the same password on multiple sites. Also, enable multi-factor authentication wherever possible. I know it’s annoying to have to type the code in or tap the push notification, but MFA adds a strong layer of security protecting you even if your password is compromised. I highly recommend using a password manager to create and store strong, unique passwords. Memorizing one password for the main vault, and letting your password manager do the rest goes a long way towards data security, and ensures that if one site is breached, the attackers won’t be able to reuse the credentials anywhere else.
Keep Software Updated
Second, stay current on software and operating system updates. Updates that are pushed usually fix security issues that have been identified in the software or operating system, and the longer you take to install the update, the more time attackers have to try and exploit the vulnerability. Remember, if a patch has been released for a security issue, chances are attackers are spreading around exploit code for the vulnerability that was just patched.
Anti-Malware
Third, have some type of anti-malware installed on your system that continuously monitors files. This should perform periodic full scans of your system, but also be able to quickly scan any files as they are downloaded. Even the standard Microsoft Defender that comes with Windows is capable of detecting malware in downloads, and will also monitor .zip files during extraction for any suspicious files. But there are plenty of decent anti-malware solutions on the market as well.
Secure Browsing Habits
Finally, focus on secure browsing habits. Avoid clicking suspicious links online or that are sent via email, text, or messenger. Verify the website URL matches what you’re expecting. If a site looks suspicious, is flooded with popup ads, or doesn’t match what you’re expecting, leave the site. While we’re here, also remember that anything saying “enable notifications to prove you’re not a robot” is a scam, and is used to push spam popups spoofing operating system messages.
Conclusion
While VPNs have their place in enhancing privacy, they are not a comprehensive security solution. Don’t be swayed by influencer sponsorships. Educate yourself on what true digital security requires. Do your own research before falling for the hype. Invest in robust security measures, and use VPNs wisely as a privacy tool, not as a security catch-all.