VPN is just a glorified proxy. The VPN provider can see all your traffic, and do with it what they want – including logging.
- In most circumstances, VPNs do very little to enhance your data security or privacy unless paired with other changes.
- Acting as they do, and promoting commercial VPN providers as a solution to potential issues does more harm than good.
But my provider doesn’t log!
There is no way for you to verify that, and of course, this is what a malicious VPN provider would claim as well. In short: the only safe assumption is that every VPN provider logs.
And remember that it is in a VPN provider’s best interest to log their users – it lets them deflect blame to the customer if they ever were to get into legal trouble. The $10/month that you’re paying for your VPN service doesn’t even pay for the lawyer’s coffee, so expect them to hand you over.
But I pay anonymously, using Bitcoin/ PaysafeCard/ Cash!
It doesn’t matter. You’re still connecting to their service from your own IP, and they can log that.
But I want more security!
VPNs don’t provide security. They are just a glorified proxy.
But I want more privacy!
VPNs don’t provide privacy, with a few exceptions (detailed below). They are just a proxy. If somebody wants to tap your connection, they can still do so – they just have to do so at a different point (ie. when your traffic leaves the VPN server).
But I want more encryption!
Use SSL/TLS and HTTPS (for centralized services), or end-to-end encryption (for social or P2P applications). VPNs can’t magically encrypt your traffic – it’s simply not technically possible. If the endpoint expects plaintext, there is nothing you can do about that.
When using a VPN, the only encrypted part of the connection is from you to the VPN provider. From the VPN provider onwards, it is the same as it would have been without a VPN. And remember, the VPN provider can see and mess with all your traffic.
So when should I use a VPN?
There are roughly two use cases where you might want to use a VPN:
- You are on a known-hostile network (eg. a public airport WiFi access point, or an ISP that is known to use MITM), and you want to work around that.
- You want to hide your IP from a very specific set of non-government-sanctioned adversaries – for example, circumventing a ban in a chatroom or preventing anti-piracy scare letters.
In the second case, you’d probably just want a regular proxy specifically for that traffic – sending all of your traffic over a VPN provider (like is the default with almost every VPN client) will still result in the provider being able to snoop on and mess with your traffic.
However, in practice, just don’t use a VPN provider at all, even for these cases.
So, then… what?
If you absolutely need a VPN, and you understand what its limitations are, purchase a VPS and set up your own (either using something like Streisand or manually – I recommend using Wireguard).