How secure are VPNs really?

Security of VPN Tools under Criticism

Warnings help the VPN Industry

Through numerous warnings in Germany and later worldwide, even ordinary computer users have shown increasing interest in VPN. Keyword music and movie downloads with torrent software. From 2007 to 2016, the waves of warnings have helped the VPN industry to grow considerably. Below you can see the trend very well:

Surveillance and Privacy Issues

Triggered by the hacker Edward Snowden, the subject of data surveillance by governments made headlines. The topics of privacy and anonymity to the Shortly after, the issue of data protection and privacy has been flaring up. As a result many new VPN providers appeared on the market.

VPN Tool Security

An initial investigation shows that in some cases a lot of articles are circulating on the web about VPNs from people who are not VPN experts. This is certainly not true for all articles, but it is noticeable that there are articles that were only written to follow the trend.

It is correct that there is a lot of criticism about VPNs. Therefore, articles that agree with the general opinion without further investigation should be treated with caution in order to confirm the already prevailing prejudices of users. This is a popular method, especially with the tabloid press, to take advantage of the moment and attract the attention of the readership.

In some areas, we have noticed that competitors are spreading rumours among themselves. These articles should be treated with caution.

In this article, I would therefore like to focus more on the technical and actual issue of VPN security.

One should be skeptical about articles that merely express a firm opinion, such as “VPNs are insecure” (keywords are “VPN myth”, “VPN lie” or “VPNs are absolutely secure”). As with many topics, the answer is not so absolute.

The following VPNs, for example, have recently been exposed for storing all log data of their users and not offering any anonymity – i.e. not complying with their zero log policy:

  • UFO VPN (
  • IPVanish
  • Super VPN
  • Free VPN
  • Secure VPN
  • Flash VPN
  • Rabbit VPN

A list of reputable VPN providers and ratings is available on this USA provider list, for instance.

The Weaknesses of Anonymous Surfing with VPN

The weak point is human action and failure. Organizations and authorities cannot track data because of VPN usage. But if a house is searched, the data is still on their own PC. However, the provision of a legal house search turns out to be difficult if the user camouflages himself with VPN software.

Please note: With a VPN connection, not only is the IP disguised, but the entire data traffic is encrypted and therefore not readable by outsiders. However, if an authority has access to the unencrypted home computer, even a VPN will not help.

How well VPN works even in this case can be read in numerous judgements and elaborations of the public prosecutors. In all cases the public prosecutor’s office did not succeed in using the data traffic when using VPN as evidence. Interestingly, users have participated in other crimes, so that the prosecution could find evidence by other means, but not through VPNs.

For example, there have been cases in which the state investigators were able to access unencrypted data media, but this was not due to VPN. The observation of data traffic is not the only way for investigators and authorities. In short: If the user uses VPNs, authorities must try to provide evidence elsewhere.

In one case the media reported the arrest of a drug dealer. However, the public prosecutor’s office did not use the VPN connection to provide the evidence, but a person who knew the perpetrator personally. Although the perpetrator used VPN software in this case, it was only after the house search that the authorities found the VPN software on the perpetrator’s PC and also informed the press.

In this case, the media reported that the drug dealer camouflaged himself with VPN and was arrested nevertheless. The fact that VPN did not play a role in the investigation was left out. This gave the false impression that the VPN connection had led to the arrest.

Such press releases and news can often be quoted and misinterpreted by other journalists without computer affinity.

What does VPN not protect against?

The fundamental question is therefore, does VPN protect against criminal acts? As already explained, the authorities do not succeed in reading VPN data traffic and using it as evidence, regardless of the amount of the criminal act. Especially in the area of petty crime, users rely on the security VPN offers, but neglect other facts and means that investigators have at their disposal to catch the perpetrators.

Also read this article about red flags to watch out for when choosing a vpn.

What does VPN protect against?

If it’s just about protecting traffic and masking your IP, reputable VPN vendors have been able to provide sufficient protection and maintain their business model. As a result, authorities and even organizations are unable to trace which data flow is taking place.

Other Known Internet Legends

There are many rumors on the Internet. One of them is the so-called VPN myth. Often such rumours result from legends that have been spread in Germany since then and still prevail today:

When certain terms are used on the phone, a recording is made by the authorities

This is not legally possible in Germany and to date neither the public prosecutor’s office nor other organisations such as the Office for the Protection of the Constitution are aware of it. In Germany, a court order is necessary to wiretap a person. Moreover, at the time when this rumor was circulating in the 1980s, speech recognition technology and computer infrastructure were not available to recognize so-called trigger terms in the telephone network. The rumor has been around for over 40 years. It is one of the only socially accepted cases of paranoia.

Interception by Foreign Organizations

It is well known that foreign organizations are involved in espionage. The subject of espionage is as old as the history of the military and the economy. Foreign organizations try to get relevant information by using illegal methods in the country of operation. It should be noted that such efforts require enormous planning and effort, and are therefore directed at specific individuals.

However, the fact that all German citizens without exception would be bugged by foreign organizations (for example, the rumor that the CIA is listening in on everything in Germany) is not possible, if only because of the effort involved. Such a far-reaching bugging measure would, for example, be noticed by simple telecommunications technicians over time. Such a conspiracy would require the participation of too many people and would not pass a secrecy test.

However, the fact that foreign authorities are deliberately intercepting individual persons has certainly become known in the media through Edward Snowden.

When does VPN protect?

Ultimately VPN fulfils two important tasks. It protects the data traffic and disguises the origin of the user. Especially private organizations have no chance to track who or what is transmitting something.

The methods propagated in Hollywood movies to trace anonymous IPs by means of trangulation methods and to decrypt VPN encryptions such as AES in real time have not yet been confirmed in the real world. This does not exclude the possibility that such methods actually exist on the part of governmental organizations – although there is no evidence or known cases of them to date.

If theoretically such methods existed, as depicted in films, the people concerned would have to be kept in isolation to such an extent that none of this would be made public. This would then only be conceivable in cases of international nuclear safety and world-changing security problems and dark states – and even this is only pure speculation – but is currently not known.

Investigating authorities have not yet been able to trace a VPN connection. Of course, all acts that go beyond data traffic are not protected by VPN. For example, anyone who deals in drugs illegally and sends e-mails via VPNs will certainly not be caught using his data connection. The weak point will be the recipient of the email who does not have a VPN and may be targeted by authorities elsewhere, and the investigating authority will ultimately use the email as evidence at this point.

Many users now use VPNs to protect their privacy, and criminal activity is no longer the target of VPNs as it used to be. However, VPNs are still very popular for so-called peccadilloes, such as piracy and license abuse (e.g. using BitTorent or Netflix from Germany). Of course, it is debatable to what extent pirated copies are a trivial offence at all. But “Are pirate copiers criminals?” is another issue…