by Brian X Chenow, The New York Times Company
I’ve paid for Virtual Private Networks, a service that claims to protect your privacy when you’re connected to a public Wi-Fi network at a local coffee shop, airport, or hotel.
For more than a decade, security experts have recommended using a VPN to protect your Internet traffic from bad actors who are trying to spy on you. But just as tech gadgets get out of date over time, so does some tech advice.
The reality is that web security has improved so much over the years that VPN services, which charge a monthly subscription fee that costs as much as Netflix, offer additional protection for most people concerned about privacy, some security researchers say. he said.
Many of the most popular VPN services are now less reliable than they used to be because they have been bought by large companies with shady track records. This is a deal-breaker when it comes to using a VPN service, which throttles our internet traffic. If you can’t trust a product that claims to protect your privacy, what good is there?
“Trusting these people is really important,” said Matthew Green, a computer scientist who studies encryption, of VPN providers. “There’s no good way to know what they’re doing with your data, over which they have a lot of control.”
I learned this the hard way. For several years, I subscribed to a popular VPN service called Private Internet Access. In 2019, I saw news that the service had been acquired by Cape Technologies, a London-based security firm. Kaap was previously named Crossrider, a company called by researchers at Google and the University of California to develop the malware. I canceled my subscription immediately.
Over the past five years, Cape has also purchased several other popular VPN services, including CyberGhost VPN, ZenMate and, last month, ExpressVPN in a $936 million deal. This year, Cape also bought a bunch of VPN review sites that give top ratings to the VPN services it owns.
A Cape spokesperson said Crossrider, which has long been shut down, was a development platform that was misused by those who distributed malware. She said Cape’s VPN review sites have maintained their independent editorial standards.
“It kind of sets a precedent from a consumer perspective,” said Sven Taylor, founder of tech blog Restore Privacy. “As the average user goes online to look for information about a product, are they aware that what they are reading may have been written by the company that owns the final product?”
One caveat: VPNs are still great for some applications, such as those in authoritarian countries where citizens use technology to look like they are accessing the Internet in other places. This helps give them access to web content that they might not normally be able to view. But as a mainstream privacy tool, it is no longer an ideal solution.
This sent me down a rabbit hole looking for alternatives to paying for a VPN. I used some web tools to build my own private network for free, which was not easy. But I also learned that many casual users may no longer even need a VPN.
Here is what you need to know.
What Has Changed About VPNs
Not so long ago, many websites lacked security mechanisms to prevent bad actors from knowing what people were doing while browsing their sites, opening doors for their data to be hijacked. . This helped VPN services to become an essential security product. VPN providers offer to help hide people’s browsing information by creating an encrypted tunnel on their servers through which all your web traffic passes.
But the Internet has changed a lot in the last five years. Many privacy advocates and tech companies have prompted website builders to rewrite their sites to support HTTPS, a security protocol that encrypts traffic and solves most of the above problems.
You have probably seen the padlock symbol on your web browser. A locked padlock indicates that a site is using HTTPS; An unlocked means it is not and is therefore more vulnerable to attack. These days, it’s rare to stumble upon a site with an unlocked padlock; According to W3Tech, a site that compiles data on web technologies, 95% of the top 1,000 websites are now encrypted with HTTPS.
This means that a VPN is no longer an essential tool when most people browse the Web on public Wi-Fi networks, said Dan Guido, CEO of Trail of Bits, a cybersecurity firm.
“It is very difficult to detect cases where people have been harmed by signing in on airport, coffee shop or hotel Wi-Fi,” he said. That said, these days, people who benefit from VPNs are working in high-risk areas and who could be targets, such as journalists who correspond with sensitive sources and business executives keeping trade secrets when traveling abroad.
so what to do? Fortunately, most of us can protect ourselves online with basic protection, which, unlike VPN services, are free, Guido said.
Importantly, people should keep the software on their devices and web browsers up to date because new software updates include security protections against the latest vulnerabilities, he said.
Another important step is to set up online accounts with two-step verification, which requires two forms of verification of your identity before you can log in. This protection can help prevent attackers from gaining access to your data if they obtain your passwords.
For those who still prefer not to browse the web on a public Wi-Fi network, most smartphones include an easy solution. Personal Hot Spots, a feature to wirelessly share a smartphone’s cellular data connection with other devices such as your computer, can be activated in the phone’s settings. Many phone plans do not charge extra for using this feature, although hotspotting is calculated into the monthly data allocation in your cellular plan.
How to make your own VPN
Some people (including myself) still benefit from using a VPN, and not all providers are bad.
Wirecutter, the New York Times publication that tests products, recommends some products that are still trustworthy. But if your next VPN is bought by a bigger company, you may need to rethink its reliability. I’m tired of whiplash, so I created my own private network service.
I turned to AlgoVPN, a free tool developed by Guido that automatically creates a VPN service in the cloud, which allows me to track my browsing activity by allowing me to create a virtual tunnel for my Internet traffic to an external server. gives a slope.
Following the instructions listed on the AlgoVPN project website, I set up a cloud service where my VPN service would be located on Amazon’s Web Services, a reputable and widely trusted cloud provider. The rest of the steps involve installing some scripts on my computer and typing commands to generate my VPN.
After about an hour, I installed a VPN which worked flawlessly. The best part? Not only is it free to use, but I no longer have to worry about trust as I am the driver of the technology.
This article originally appeared in The New York Times.