Y0ur P@ssw0rd S*cks is a bi-weekly column that answers the most pressing internet security questions web_crawlr readers have to make sure they can navigate the ‘net safely. If you want to get this column a day before we publish it, subscribe to web_crawlr, where you’ll get the daily scoop of internet culture delivered straight to your inbox.
Today, web_crawlr reader James F. asks “How in the world could you pick a VPN service that you could trust?”
VPNs are big business. And you are correct to be skeptical of VPN reviews online. VPN companies are always making big promises when it comes to your privacy and security, but do their services actually live up to expectations?
First, let’s quickly explain what a VPN is. In the simplest terms, a VPN or Virtual Private Network encrypts your internet traffic and routes it through a server operated by your VPN provider.
Those VPN servers can be stored just about anywhere in the world. The advantage of a VPN, theoretically, is that it hides some of your data not only from your internet service provider (ISP) but from the websites you visit. Your ISP won’t see what sites you are visiting and the website you are visiting will see the IP address of the VPN server, not of your actual device.
VPNs are often used, for example, to give users access to restricted content. Let’s say you are in the U.S. but want to watch a TV show on a site like Netflix that’s only available to users in the U.K.? Simply connect to a VPN server in the U.K. and the website won’t know the difference.
Now, when it comes to security questions, there’s never a one size fits all answer. If you’re trying to have companies collect less information about you online or access restricted content, then a VPN is cool. But if you’re challenging a government in some way, by let’s say planning a major protest, you shouldn’t rely on a VPN alone to protect you.
As I stated earlier, a VPN can hide your traffic from your ISP. But what if your VPN is collecting and selling your traffic? Countless VPN providers have been caught selling their users’ traffic to third-parties, especially free VPNs, which you should almost always steer clear of.
So who can you actually trust? It is rare for any security expert to suggest a VPN given how complex the topic is. But I want to send you in the right direction. There are a handful of VPN experts who tirelessly research this topic. One of the researchers I respect most, Yael Grauer, recently named their favorite VPN and it just so happened to be the VPN that I believe is most trustworthy as well.
That VPN is Mullvad. The Swedish company takes privacy seriously. Ever feel weird paying for a VPN with your credit card? Well, Mullvad will let you send them cash in an envelope anonymously to pay. But of course, you can still pay with other methods.
Mullvad also recently went under a third-party audit and was found to have exceptional security practices. Mullvad has great transparency as well. In April, the company was subjected to its first search warrant in its 14-year existence. Authorities in Sweden wanted data on a Mullvad user. Yet Mullvad was able to have the warrant thrown out after proving that it didn’t store such data on its customers.
But Mullvad isn’t the only good VPN. There are a handful of others that are decent too. But most importantly, you need to remember that a VPN can only do so much. You can be tracked online in many ways even if you are using a VPN. But that is a topic for another day.
But don’t let internet security overwhelm you. Every little bit helps. Just make sure you take the time to understand what a VPN can and can’t protect you from.
The internet is chaotic—but we’ll break it down for you in one daily email. Sign up for the Daily Dot’s web_crawlr newsletter here to get the best (and worst) of the internet straight into your inbox.