VPN for Home Users: Do You Really Get Complete Security and Privacy?
VPN service providers often promise their users complete anonymity and security. But how do VPNs perform for private users? Does the tracking still work? And what happens to your data?
Have you noticed more and more ads from VPN providers over the past few years? They propagate that all you have to do is use their service and you’re online anonymously at the touch of a button. Unfortunately, that’s not true.
VPN (Virtual Private Network(s) do have their advantages. They offer you more security as they encrypt your internet traffic. It also hides your IP address, which is useful for bypassing geo-restrictions and helps disguise your identity.
However, VPN services have their technological limitations and are only half the battle when it comes to your personal data on the web. Alexander Baetz of Privacy Tutor, for example, calls VPN “one of several tools to protect your privacy.”
So this article is not about praising VPN services. Instead, I’ll turn the tables and show you how websites track you (despite VPN), how to defend yourself against it and what the disadvantages of VPN services are.
How do websites track you?
Since its inception, the Internet has become increasingly complex. You are probably aware that you are being tracked online. However, you quickly lose track of all the different trend words.
However, if you deal with the topic, the various tracking technologies are not that complex. I divide them into three groups, which I will introduce to you in the following chapters:
- IP addresses
Tracking by your IP address
IP addresses are like Internet phone numbers. Every participant in a network must have one, otherwise, communication is not technically possible. In practice, this means that every Internet connection is assigned an IP address by its Internet provider.
Does that mean your IP address is only traceable for a few days? Unfortunately not! Due to the law on data retention, Internet providers must document which customer has which IP address and when.
This method is used, for example, when users of illegal file sharing sites are warned.
How can you protect yourself against being tracked by your IP address?
For example by using a VPN. This will route all of your internet traffic through a VPN server. Websites only see the IP address of the VPN server and not your real IP address.
An alternative to this is to use the Tor browser. This routes your internet traffic through the Tor network, which also obfuscates your IP address.
The difference with a VPN is that the Tor network is not owned by any organization. Instead, anyone can contribute by running what is called a Tor node.
How does the Tor network compare to a personal VPN?
Tor’s biggest downside is its performance. For example, it can be difficult to watch decent quality videos through Tor. With a good VPN provider, you will not notice any noticeable differences in download, upload and your ping.
The biggest benefit of Tor is that you don’t have to trust any central entity. I will explain more about this later in the text. Some IT pros even recommend using both technologies at the same time.
Using a VPN in conjunction with Tor makes perfect sense. Especially if you want to be unhackable.
Unfortunately, a VPN does not protect you against all tracking on the web. In the following, I will explain how tracking by cookies and browser fingerprinting works and what you can do about it.
tracking by cookies
Cookies are small files that a website caches on your computer. First of all, cookies aren’t a bad thing. Thanks to them, for example, you don’t have to log in again to a website after you’ve closed your browser.
According to a ruling by the European Court of Justice, website owners must obtain active consent for all cookies that are not technically necessary.
Currently, most website analysis tools work with cookies. First and foremost, of course, is Google Analytics, which currently has a market share of around 84 percent . So the next time you agree to “statistics cookies”, you know what you’re getting into.
In addition, there are so-called third-party marketing cookies, which are even worse from a privacy perspective. Why? For that, we need to look at an important basic of cookies.
How do cookies work?
From a technical point of view, a website can only access the cookies that it has set itself. For example, if you have stored cookies from Google.com in your browser, windowscult.com cannot access them. The browser forbids this because they are two different domains.
What many do not know, however, is that most websites establish connections to many other domains in the background.
Many of these links are from advertising providers. This means that these third parties can also store cookies in your browser. If you then call up another website that cooperates with the same advertising network, you can be identified again by these cookies.
Incidentally, the best example of this is the Facebook pixel, which is integrated into around 10 percent of all websites.
As a rule, you shouldn’t have any disadvantages as a result. If you do, you can gradually reactivate individual settings.
Also, it is an open-source technology. This means that every developer can control that the tool does not steal data from you in the background.
Tracking by browser fingerprinting
With browser fingerprinting, several hundred pieces of information about your device are combined into an individual fingerprint. This includes, for example, your operating system, your browser version, your installed fonts or your screen resolution.
This information is often combined with so-called canvas fingerprinting. A small graphic is generated on the website. Depending on your browser settings, graphics card, fonts, and other factors, your computer renders them slightly differently.
When I first found out about it, I couldn’t believe that websites could create a unique fingerprint about me from such scraps of information. If you are also critical, then perhaps your own fingerprint will convince you.
On sites like amiunique.org , you can check what data each website can find out about you. According to the Electronic Frontier Foundation, a fingerprint should be unique about 84 percent of the time.
How can you defend yourself against browser fingerprinting? In theory, this is the most persistent tracking technology. Finally, unlike cookies or your IP address, you cannot delete your fingerprint or simply mask it with another fingerprint.
In practice, however, there are a number of ways to counteract this. For example, the strictest privacy settings in your browser also help here.
For example, Firefox automatically blocks connections to external fingerprinting providers. Also, there are browser extensions that automatically change your user agent, which can change your browser fingerprint.
VPN for home users: 3 major disadvantages of VPN services
So now you know that a VPN is not a panacea if you want to avoid tracking. Although it disguises your IP address, it does not prevent tracking by cookies or browser fingerprinting.
That being said, there are some downsides to using VPN that other sources often ignore.
Trust in the VPN provider
An advantage of VPN for private users is that your Internet provider or the owners of public WLANs can no longer trace your Internet traffic. However, you are only shifting the trust to your VPN provider.
This means the companies behind VPN can see which websites you visit. This is why I usually advise against free VPN providers as it is very tempting for VPN providers to monetize their users’ data.
Many VPN providers therefore advertise that they do not save any logs. However, this can hardly be verified, which is why we are dependent on trusting the promise.
This was the case with the US provider pure VPN, for example. They promised not to store any user data. Despite this, the company was able to release information about its users when requested by the Justice Department.
For these reasons, I recommend only relying on VPN providers that have a good reputation and are not based in any of the so-called 14 Eyes countries. My favorites are NordVPN and ExpressVPN.
Bans by VPN providers
VPN providers are good for bypassing geo-blocks. However, there are more and more sites that recognize that you are using a VPN and therefore lock you out.
Above all, these are streaming services such as Netflix or Amazon Prime. That’s why you don’t have the same range of series, for example, if you want to watch Netflix abroad.
Even non-streaming sites can object to VPN. This is due to the fact that people mess around more often via VPN than via a normal internet connection.
It is therefore possible that with a VPN you will encounter reCaptcha boxes more often or may even be blocked completely. However, this is very rare for me, which is why this point is not a big disadvantage for me.
Suspicion and illegality
Are VPNs legal for private users in your country? In my experience, all credible sources agree on this: Yes, they are.
“If VPN software is used and no illegal activities are pursued on the Internet, there is no need to fear any legal consequences.”
That makes sense too. After all, by using a virtual private network, you are simply encrypting your internet traffic and routing it through a server.
Unfortunately, this is not the case in all countries. According to a Cloudwards.net report, 17 countries ban the use of VPN services. These include China, North Korea and Iraq.
Conclusion on VPN for private users: My recommendations for more anonymity and privacy
I personally use a VPN to have more privacy while surfing. However, I also recommend that you also use a privacy-friendly browser (e.g. Firefox or Brave), set the strictest privacy settings and also install a plugin like uBlock Origin. Furthermore, it helps enormously if you don’t visit websites that trample on your privacy in the first place.
- Laptop Buying Guide: How to Choose the Right Laptop
- Password manager for Windows, Android and Apple: On the safe side
- How to protect yourself from cyber Attacks? (Quick tips)
- What is Cybersecurity and why is it important?
- What is a protocol? Some important protocol and their work explained