I don’t engage in any criminal activities, online or otherwise, that would prompt the authorities to subpoena my internet activity. I don’t have anything to hide from my internet service provider either.
I still use a VPN daily.
A VPN can encrypt your online traffic and mask your IP address while making your connection appear to originate from a different location. Can a VPN, therefore, be used for illegal activity? Sure, it can -- but so can your iPhone, or any number of other innocuous objects. You could throw a book at someone to hurt them, but that doesn’t mean everyone with a book is an impending attacker. Most people just want to do a little reading.
A VPN is a crucial privacy tool to have at your disposal. VPNs are used by journalists, physicians, attorneys, activists, whistleblowers and everyday citizens for purposes ranging from preventing throttling to unblocking geo-restricted content.
Even if you feel you have nothing to hide, you shouldn't be reckless with your privacy -- on or offline. I’m not doing anything nefarious from inside my home, but I still have blinds on my windows and locks on my doors.
Just the same, there are many legitimate reasons why you don’t want an outside entity monitoring your internet activity. Your VPN acts as digital blinds, keeping your online activity hidden from your internet service provider, network administrators, government entities and other online snoops skilled in surveillance and tracking.
Don't miss any of our unbiased tech content and lab-based reviews. Add CNET as a preferred Google source.
Internet providers collect and share information about our online habits
My internet provider, AT&T, has a privacy policy that outlines an alarming amount of information the company collects when I’m connected to my home network. This includes location data, in addition to “time spent on websites or apps, website and IP addresses and advertising IDs, links and ads seen, videos watched, search terms entered and items placed in online AT&T shopping carts.” The company can then share this data with “AT&T affiliates and non-AT&T companies for advertising and marketing,” and for other purposes.
It’s the same story for most ISPs across the country. Spectrum’s privacy policy states that it collects users’ network traffic data along with “general and/or precise geolocation information.” Like AT&T, Spectrum shares this data with advertisers and, when requested, with government authorities.
The practice of collecting and sharing vast amounts of user data became so prevalent that the FTC published a 74-page report in 2021 detailing the extent of the issue. The report mentions that certain providers serve third parties’ targeted ads and “place consumers into segments that often reveal sensitive information about consumers, allowing advertisers to target consumers by their race, ethnicity, sexual orientation, economic status, political affiliations, or religious beliefs.”
A lot of this is information gleaned directly from logging internet users’ online activity, and not much has changed in the four-plus years since the publication of the FTC report. Internet providers are still harvesting tons of data related to what we do online and sharing it with advertisers and data brokers.
Yes, those companies do give us certain options to dictate how our data is used, and a patchwork of state privacy laws has been steadily growing across the country.
But internet users may not be aware of their options. ISPs still have a lot of leeway when it comes to what they do with consumer data, even with state laws in place. And without any comprehensive federal privacy legislation currently on the books, the outlook for significant change in the near future isn’t particularly bright.
This becomes a major issue because the data that internet providers collect from you and share with others is the same data that cybercriminals can steal from them, putting you at greater risk of things like phishing and identity theft. If your internet provider doesn’t have that data in the first place, there won’t be anything for cybercriminals to steal.
What does your internet provider see when you go online?
Because most of the internet is now secured via HTTPS, the company handling your internet won’t be able to see everything you do online. As long as you’re on an encrypted site (one whose url begins with https://), your internet provider won’t be able to see the search terms you enter, the specific pages you’re visiting or any personal information you enter into fields on the website -- like your username, password, email address, physical address or credit card number.
However, your ISP (and network administrator if you’re on public Wi-Fi) will see the domain names of the websites you visit, when and how often you visit them, the amount of data you're transferring and your IP address. While that’s not a full picture of exactly what you’re doing online, it’s more than enough to build a detailed profile on you and your online habits. And even if that data is aggregated when shared with advertisers and data brokers, it can still easily be re-identified.
And depending on where you are, ISPs may be able to throttle your internet speeds based on what you’re doing. If you’re streaming or gaming and using up a lot of bandwidth, your ISP might deliberately slow you down to balance out the strain on the network.
I use a VPN to bypass all of that
Even though I’m not doing anything illegal online, my ISP’s monitoring and data collection/sharing practices are far more extensive than what I’m comfortable with. I use a VPN not because I have something to hide, but because I don’t want any entity monitoring what I do online and then sharing that information with others.
When I use a VPN, my internet provider only sees my IP address, my VPN’s IP address, connection timestamps, the amount of data I’m transferring and the VPN protocol I’m using. It doesn’t see which websites or web pages I’m visiting, which apps I’m using, my DNS queries, which files I’m downloading/uploading, what I’m searching for, or how much time I spend visiting specific sites.
This effectively blocks my ISP from collecting information on my online habits and building a profile on me to be used for ad targeting by advertisers or potentially even more nefarious purposes by other third parties.
However, it's important to keep in mind that using a VPN cannot make you totally anonymous online. Although a VPN can hide your online activity from your ISP and other entities looking to snoop on your network traffic, it can't stop other Big Tech entities like Google and Meta from tracking your activity across their services -- and, therefore, collecting your data and sharing it with others -- when you're logged in and using them.
Other legitimate uses for VPNs
While content-based throttling is no longer really an issue in the United States, a VPN can help you bypass throttling in certain regions where ISPs intentionally slow your speeds depending on what you’re doing online. With a VPN, your ISP can’t see what you’re doing, so it can’t throttle your speeds as a result.
I also typically don’t need to worry about internet censorship or my network blocking VPNs where I live. But using a VPN can help you bypass both if you’re in a region where the internet is heavily censored or on a network at school or work that restricts certain content or blocks VPN use. Just connect to a server in a country without those restrictions.
If you’re on a network that restricts VPN usage, the best way to conceal your VPN use and access restricted content is to obfuscate your VPN traffic. Some VPNs offer specialized obfuscated servers, while others like NordVPN, Proton VPN and Windscribe offer obfuscation-focused VPN protocols that attempt to disguise your VPN traffic and hide the fact that you’re using a VPN altogether.
Using a VPN to access geographically restricted streaming content is admittedly far lower stakes, but just as valid for me and many fellow VPN users. My family and I often connect to a VPN server in Hungary to access the Hungarian Netflix library from the US. Similarly, when I’m traveling out of the country, I’ll use a VPN to connect to a server in the US to access my home Netflix library and content from other streaming services like Hulu and Amazon Prime Video.
Why it’s important to use a trustworthy VPN
Keep in mind that while a VPN can help you hide what you do online from your ISP, you’re essentially passing the visibility into your internet activity onto your VPN provider rather than your ISP. The difference is that while your ISP is likely logging and sharing your data with various third parties, a trustworthy VPN with a strict no-logs policy shouldn’t be.
Look for a VPN that clearly states that it doesn’t collect or store logs related to your online activity when connected to its servers. Ideally, because no-logs claims are impossible to verify with complete certainty, a VPN’s no-logs policy should be regularly audited by a third party. Though even external audits don’t paint a full picture and can only verify a VPN provider’s logging and privacy practices during the course of the audit itself, commissioning audits on a regular basis are important trust signals that can help add credence to the company’s claims.
Be wary of free VPNs, many of which may be logging and selling just as much if not more of your browsing data than your ISP, making them even more dangerous to use than no VPN at all. Certain free VPNs have been outed for spying on users and taking screenshots of their online activity, and some may even be fronts for malware distribution. The only free VPN CNET recommends at this time is Proton VPN’s free tier, which delivers the same encryption and basic privacy protections as its premium tier and doesn’t put any restrictions on bandwidth or usage.
Final thoughts
Edward Snowden, famous whistleblower and former National Security Agency intelligence contractor, said that “arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say.”
Other parties don’t have a right to your activity, but it can sometimes feel like they do with how eager they are to hoard your data. We readily hand over information to websites, apps, and other online services for the convenience, utility or entertainment they offer, with little regard for what those entities do with our personal information.
Privacy is a fundamental human right, and it’s slowly slipping away from us. We don’t have to accept these intrusions into our personal lives by large entities looking to make a fortune at our expense. Don’t have anything to hide? Great. Get yourself a VPN anyway and keep your online activity to yourself -- because you should be the only one dictating the terms by which you protect your own privacy.
And remember that using a VPN is just one part of the equation. At the very least, you should also use a password manager and an antivirus program. All of these tools are just as easy to use as any other app you may download to your computer or mobile device.
English (US) ·