After the WannaCry and Petya ransomware attacks, many tech blogs & media sites espoused using a VPN to protect your Internet connection.
While it’s a good idea in general, we want to advise caution. "Just get a VPN" is bad advice because not all VPNs are the same. If you choose the wrong one, it could mean the difference between real privacy protection and frequent privacy violations.
What a VPN Does
VPN stands for Virtual Private Network. A VPN encrypts your connection with a secure tunnel before accessing the Internet. Think of it like a suit of armor protecting everything you send out to the Web – IP address, credit card details, personal information, etc.
When you use a VPN, your ISP (Comcast, AT&T, and so on) can’t see where you’re going. Neither can cybercriminals. All anyone sees is that you’ve connected to a VPN server. The VPN encrypts all other information.
Obviously, this is a great way to protect your business’ privacy. Every user shielded from the big bad Web and its lurking cybercriminals!
But that all depends on the VPN you choose.
The Best Kind of VPN
If you want real privacy from your VPN, you must select one that both:
- Respects your privacy (in other words, even they don’t look at your connection), and
- Doesn’t share your data with anyone, including governments.
Hundreds of VPN options exist, good and bad. We use the Pulse Secure appliance, as it’s a hardware-based VPN and we can run it in our datacenter. Therefore, we know it’s 100% private.
Your IT department or consultant can tell you the best VPN for your business. You can also head to That One Privacy Site, which maintains a list of “good” VPN services and “bad” ones. (A similar VPN list, organized by country.)
What’s a “bad” one? This is where it gets tricky. It has to do with #2 above, sharing your data with others.
We found out in 2013 that some VPNs share data with “The Five Eyes.” That’s not some weird Illuminati reference. The Five Eyes is the name for an intelligence-sharing operation between the U.S., the UK, Canada, Australia, and New Zealand. Each country shares data with the others about their citizenry.
While some of this intelligence-sharing helps to stop terrorism and protect people, we already know (thanks to Edward Snowden) that it goes much further.
If a VPN runs from within one of the “Five Eyes” countries, or if you use VPN hardware made in one of them, then these governments can still track and share your data. Avoid those, and you’ll stay private.
In the next Tech Tip we’ll address Step 4: Secure DNS. This involves changing the numbers your Internet connection uses to travel around the Web. We might talk about secure cloud storage too. You’ll just have to find out!
Got a tech question you need answered? Please email us at firstname.lastname@example.org and we may make it our next Tech Tip.