- Aug 17, 2017
- 1,609
VPN services have increasingly become an essential tool for securing your online privacy during everyday browsing. Short for virtual private network, it's a versatile software that spoofs your IP address and encrypts the data leaving a device. However, the level of protection offered differs significantly from provider to provider. That's why researchers at PrivacyTutor examined 144 services to understand how serious these companies actually are about the privacy of their users. The findings paint a pretty grim picture across the industry considering that, among other things, over two-thirds of the providers analyzed currently violate GDPR provisions.
"If VPN providers use cookie-based tracking and web analysis services such as Google Analytics, this is only permitted with prior express and voluntary user consent according to Section 25 (1) TTDSG," attorney Phil Salewski of IT-Recht Kanzlei Munich told the researchers. "In case the consent is not obtained before or not given voluntarily, there is a violation of applicable data protection law." Even worse, in our view, individuals ready to make a purchase to improve their privacy online were actually achieving the opposite and were tricked into thinking they would be safe from snooping.
To be precise, out of the 80% of the VPN services claiming to not store any usage logs, only 17% of them have had an external audit on their privacy policy. Our top three favorite services right now—ExpressVPN, NordVPN, and Surfshark—regularly test their no-log claims, with Express undergoing 11 independent audits in 2022 alone. On top of this, some providers tout a no-logs policy, but a closer inspection of their privacy policies shows tracking from third-party partners. The official party line seems to be "we're not logging your data" but someone else is.
VPN privacy: more than 70% of providers are breaching GDPR
Many VPNs don't take their users' privacy very seriously
www.techradar.com