Understanding VPNs: what they are, and what they can (and can't) offer


Online privacy has become an important topic of conversation now that we are more interconnected through the technology than ever. When individual internet users and businesses navigate online, there are numerous threats that could lead to personal, financial and medical sensitive information being, tracked, stored, mishandled, and compromised. The desire to keep this information secure, has led to a significant increase in the use of VPNs across the world, both by businesses and individual users alike.


What is a VPN and how does it work?

VPN is an acronym that stands for Virtual Private Network, and it’s main scope is to keep users’ personal data safe when navigating the web. When accessing the internet, this software-based tool creates a link between a user’s device and a remote computer, owned by the VPN provider, located in another part of the world. The link is a private tunnel through which data travels fully encrypted, making it impossible for anyone else apart from the user and the VPN provider to know the content of the data being exchanged. A VPN also hides the Internet Protocol (IP) address of a user’s device when navigating the internet. It is able to do so by acting as a proxy on the user’s behalf, and by replacing the user’s IP address to make it look like they have connected from the location of the VPN server, rather than their real location. As an example, when a user wants to access a website, this request is encrypted and sent to the VPN server that will then reissue the request to the website. The website will now see the request as coming from the IP address of the VPN server, and not from the IP address of the user.

Benefits of using a VPN

One of the main benefits of having a VPN is that this tool can protect users’ privacy by ensuring that all traffic is encrypted, therefore making ISPs, third-parties and bad actors unable to understand it without the decryption key. This is particularly advantageous as ISPs and web browsers can log and track anything users do, including their search history, and link this to users’ IP addresses. This information can then be sold or handed over to third-parties, and can be used for targeted advertisement. VPNs are particularly useful if users typically connect to public Wi-Fi or use a shared computer, so no one will see what information and personal data is being sent to the network.

As VPNs can mask users’ real location and make it seem like they are connecting from a different part of the world, they are increasingly being used in countries where internet usage is controlled or restricted, like China, Thailand and Indonesia. While VPNs were initially mainly used by corporations to allow secure connections and remote access to internal services, they are now being increasingly used by the general public to bypass geo-restricted content. As a matter of fact, streaming platforms like YouTube, Netflix, and many others, can offer different content depending on what country a user is connecting from, and can also restrict content in certain areas. Using a VPN can allow users to making it look like they are connecting from a different part of the world, allowing them to access geo-restricted content.

Understanding the limitations of VPNs

VPNs can be useful tools in keeping users’ data secure and private. It is necessary, however to understand their limitations.

As previously mentioned, VPNs can protect users by encrypting their data and masking their IP address while navigating the internet. VPNs however are not substitutes for comprehensive anti-virus software, and therefore do not offer the same type nor level of protection. This means that VPN users can still be vulnerable to phishing attempts if they click on malicious links, and to being infected by viruses, malware, spyware and trojans, if they do not possess an appropriate anti-virus.

Another important aspect to consider when talking about VPNs is the difference between users’ privacy and anonymity. While VPNs can make users’ data and location private and secure, and can therefore offer high levels of digital privacy, they cannot make users completely anonymous or invisible, even if they might claim to. As a matter of fact, ISPs will still see that users are connected to a VPN server and at what time they connected, how much data is being exchanged, and will be able to see the data stream, although this will be encrypted. Skilled hackers and Intelligence Service could still be able to track users even if they are using a strongly encrypted and stable VPN connection. In particular, VPN users could still be vulnerable to correlation attacks, in which malicious actors, or intelligence services, try to find patterns by analysing the metadata of incoming and outgoing traffic, in order to determine the real IP address of a user.

By encrypting data traffic, VPNs can prevent ISPs and third-parties from seeing and tracking users’ browsing history, online activity, and location. VPN providers however, can still see and track this information. It is therefore essential to do some research on different VPN providers, and to pay particular attention to their privacy policies, in order to decide whether a specific VPN provider can be trusted in keeping data and online activities private and secure, or whether it could actively compromise users’ privacy. Aspects to consider are whether the VPN provider will keep logs of users’ activity, or whether it has a zero-log policy, and what type of encryption protocol it uses, as weak encryption could allow hackers to easily determine users' online activity and personal data. One type of VPN that users should be highly sceptical of are free VPNs. If users are not paying the provider for the VPN service, there is a high change that the provider is getting paid to harvest and sell users’ data. Lastly, VPN providers are not immune to data breaches and cyberattacks, which could lead to users’ data being compromised by malicious actors. Choosing a VPN service that puts great care in its cybersecurity and that is committed to promptly disclosing any potential cyberattacks, goes a long way in keeping users’ data secure.

The information contained in this article is provided by White Blue Ocean, part of CRIF Group, a global company specializing in credit & business information systems, analytics, outsourcing and processing services, as well as advanced digital solutions for business development and open banking.

Reference List:











The information contained in this article is provided for informational purposes only and does not constitute professional advice and is not guaranteed to be accurate, complete, reliable, current or error-free.

Related news

ShinyHunters, one of the most recognised threat actors among the hacking community

Over the past year, ShinyHunters has become one of the most recognised threat actors among the hacking community, by carrying out sophisticated cyberattacks on over 40 online services across the world, and by selling the stolen information for profit.

Read more
Creeper: the first computer virus

The idea of a computer virus was first theorised by the mathematician John von Neumann in 1949, when he envisioned the possibility that a “mechanical organism”, such as a program, could reproduce itself and infect multiple hosts. The title of the first computer virus in history is attributed to a program called Creeper, created by Bob Thomas from BBN Technologies in 1971.

Read more
Data privacy and security in the healthcare sector | White Blue Ocean Blog
Data privacy and security in the healthcare sector: medical firm Dedalus fined €1.5 million for data breach

At the end of April 2022, the CNIL, the data protection authority for France, announced it had imposed a fine of €1.5 million on the medical software provider Dedalus Biology, following a significant leak of patients’ data.

Read more
Celebrating Data Protection Day's 16th Anniversary

Everything we do online through our smartphones, tablets and personal computers produces data that can be collected by websites and businesses

Read more
How to tidy up a data-irresponsible past

The world has never been more interconnected than at the present time, through devices like smartphones, laptops, and The risks of IoT devices, that create, collect, transmit, process, analyse, copy and store unprecedented amounts of data. This has led to concerns on how much control users have over their own data, and what level of privacy they can maintain when navigating online. Read more...

Read more


Let's talk

Please fill in the form below (fields with * are mandatory) and we will respond to your request as soon as possible!