This article was originally posted at Comparitech.
A VPN is now a necessity for anyone who values their privacy online. They prevent hackers, governments, corporations, and internet service providers from monitoring and tracing internet activity back to the user. All internet traffic is encrypted and tunneled through a remote server so that no one can track its destination or its contents.
But using a VPN requires a certain degree of trust in companies that operate these services. They could–and some have–monitor and analyze the traffic that passes through their servers. These companies can in turn be hacked, abused, or coerced into giving up private information about users.
Most VPN providers, even those that boast about their logless policy, do in fact store metadata logs on their servers. These can include a range of information about the nature of a customer’s VPN connections, but not the actual contents. Timestamps, bandwidth consumed, amount of data used, and even the original IP address of the user can all be logged by the VPN provider. In the hands of the FBI or a snooping hacker, this information could be valuable.
VPN providers’ encryption standards are also not always advertised in a straightforward manner. Most will inform you that they use either 256-bit or 128-bit AES for channel encryption, but can leave out information about how that channel was set up including RSA key exchange and authentication details read more
Be sure to visit John Jacob’s “Down and Dirty Guide to Electronics Security” – Internet and Computer security, anonymity tools and programs.