Choosing a VPN to stop being tracked by the government seems like a good option, as many people believe a VPN will protect whatever they do online from being monitored. I decided to investigate to make sure this was the case or not.
Can a VPN be tracked by the government? A VPN can be tracked by the government if it keeps logs, leaks information, uses poor encryption, or includes spyware. VPN’s that don’t keep logs, don’t leak information, use strong encryption, and don’t include any spyware are more difficult to track, protecting their user’s internet activities.
VPNs keeping logs without the knowledge of their users is one of the easiest ways the government can track someone, as they have a complete history of activity. Some VPNs can install spyware, to keep track of the activities of the people using their VPN. Who’s to say, a VPN download hasn’t been manipulated by the government or it’s agencies to include spyware.
Some VPNs leak information, lulling the user into thinking they are completely anonymous, when in fact they are leaving their internet fingerprints all over the place. Poor encryption of the connections made from VPNs can lead to these connections being easily cracked and snooped on by the government and its agencies.
Where a VPN organization is based can also make a difference, with VPNs outside the 14 eyes jurisdictions not required to share information with governments. Whilst those within these jurisdictions can end up sharing information about their users with the government.
So, not all VPNs are equal and able to provide the protection against being tracked by the government (check my latest list of reputable VPNs here).
In the following parts of this article, I will look at how a quality VPN can make it difficult to be tracked by the government.
1. VPN uses non-crackable encryption
Government departments like NSA have tools to break into some grades of encryption, allowing them to see what traffic is flowing between a VPN customer and the VPN service provider. This gives these government departments the ability to see which websites the VPN users have been visiting.
Some VPNs use lower grade encryption and put their customers at risk from being spied on because this encryption can easily be hacked using special tools.
It’s essential therefore any VPN selected has high grade encryption that hasn’t been cracked, as this will protect the VPN user from revealing what they are doing on the internet and make it a lot more difficult for anyone including the government to be able to see what they are doing.
2. VPN has a Kill switch
If you forget to start your VPN after logging into your computer, tablet or smart phone then you’re wide open to being tracked as your public IP address is visible to the internet and the websites your visiting a visible to your ISP.
What about if you’ve switched on the VPN and left it running overnight while you download some files but during the night the connection fails? This will stop sending traffic securely over the VPN connection, with all the web traffic will going to and from its destination using the standard route, that is how you would normally connect without using a VPN.
By dropping to using the standard route, the I.P. address assigned by the ISP becomes visible and the protections offered by using a VPN are temporarily suspended, till the VPN connection can be resurrected. All activities such as websites being visited, can now easily be tracked by the ISP and logged by the ISP.
So, a VPN is only as good as when it’s on and this is where the Kill switch comes in handy.
To keep the protections the VPN offers in place, some of the VPNs include Kill Switch functionality. The VPNs Kill Switch cuts internet connectivity when the VPN connections fail, stopping any communication with the outside world in its tracks.
A warning will normally come up, advising that the Kill Switch has switched off internet connectivity and to remedy the issue with the VPN failing. The VPN will now periodically every few minutes try to re-establish the connection to its VPN service.
3. VPN is not a plugin or extension
There are VPN browser plugins and extensions designed to allow all web traffic leaving the web browser to go through the VPN connection, however many of these VPN plugins and extensions don’t provide a real VPN service. Instead they can skimp out on the encryption, so the data passing through the connection can be seen by the ISP or anyone else snooping and
Unfortunately it’s not just the web browser that needs protecting with a VPN, other applications running on the computer, tablet to even a smartphone can give the IP address away, as they will not be able to use the VPN plugin or extension.
Some of the companies providing these VPN extensions and plugins themselves may have been compromised by government agencies, due to their own security bad practices. This opens the possibility of any logs being generated on web browsing history being easily available from these companies to the government agencies.
Many companies may also actively sell your browsing data to other companies or even onto the government itself as a way of generating more income.
4. VPN isn’t just an anonymous proxy
On the opposite side of VPNs, anonymous proxy services aren’t so great for high-stakes tasks like online banking. Proxy services only hide your IP address and work as a man-in-the-middle ferrying your web browser traffic to its destination, that is, the website you are visiting.
Unlike a VPN, proxy services don’t generally encrypt any information sent from your web browser, so all the information to the proxy service isn’t over an encrypted tunnel.
The proxy service doesn’t strip away any identifying information from your transmissions beyond the straightforward change of the IP address, and there are not any additional privacy or security considerations inbuilt like a VPN generally has.
Anyone with access to the same internet access channel (malicious people on the same Wi-Fi such as at Public Wi-Fi Hotspot, your ISP) can potentially see your web traffic.
Even Governments have the opportunity to see what information you are sending to the proxy services, as none of this information travels inside an encrypted tunnel.
Proxy application by application protection
Proxy servers don’t offer computer-wide protection as they are configured for each individual application, so a web browser will need to be configured to be able to use the proxy server and if file sharing is being done using torrents, the BitTorrent client will also need to be configured to use the proxy service.
5. VPN doesn’t keep logs
The history of website visited can be logged and the ISP (Internet Service Providers) generally do, log their customers viewing habits by keeping logs on their DNS services, more on DNS in step 7.
But if a VPN is used, any potential logs will now appear on the DNS servers used by the VPN or any other form of logging initiated by the VPN.
Choosing a VPN who doesn’t keep logs will make it difficult for any government agency to track what websites have been visited and many VPNs sell themselves on being able to offer this ‘no logging’ service, as an ultimate way to protect privacy.
It’s difficult to prove whether this is the case with VPNs as some VPNs have had a ‘no logging’ policy but when the government agencies have asked them for logs, they have given them. Clearly proving they had been keeping logs and being dishonest in their advertising and sales materials about their ‘no logging’ policy.
6. VPN has WebRTC leak protection
Many popular web browsers use WebRTC for communications especially for voice calling, video calling and some forms of instant file transfers. If the VPN being used doesn’t have WebRTC leak protection, that is, it ensures WebRTC communications only go through the VPN connection, the WebRTC communication will instead go directly to its destination bypassing the VPN.
This will mean any details of the WebRTC communication will be logged by the ISP being used or any other service on the internet where the connection to the final destination needs to go through.
Allowing anyone who has control over any of these internet services such as the government, to be able to track what the users are doing.
Most reputable VPNs have built in capabilities to ensure any WebRTC communication travels through the VPN secure channels. It’s also possible to disable WebRTC on web browsers like Mozilla Firefox and Google Chrome.
7. VPN has DNS leak protection
To avoid tracking any communication to the internet must go through the VPN and its secure services only, if other services are used then the protections of using the VPN will be compromised.
One of these important services is DNS (Domain Naming Service), which translates the website addresses into IP addresses, to use to navigate across the internet to the correct website.
Remembering a website name is a lot easier than remembering the IP address associated with it and DNS provides the mechanism to translate website names into their corresponding IP addresses using its database of mappings.
VPNs with poor DNS leak protection will cause any requests for the IP address for a website name to use the DNS service provided by the ISP and not the VPN. This will mean the ISP will know which websites are being visited along with the dates and times.
This information could easily be obtained by the government using legal or not so legal ways, as the government could ask the ISP for information on a customer’s usage, generally over a specific period. The ISP keeps detailed logs of all the connections made by their customers (they keep these for several months; some keep them for several years).
The ISP will pass on the details of the connections made by their customer to the government during the period requested.
Even though IP addresses are leased out, that is the same IP address given to its customer by the ISP a few months ago might not be the same as the IP address they have currently given to the customer.
The IP address is not static, that is assigned to the customer indefinitely, it’s on a lease for a specific period. This doesn’t mean the ISP or anyone else trying to find out what the customer has been connecting to, won’t be able to match the IP address to the customer.
A good reputable VPN can provide protection against government tracking if it has good encryption standards and doesn’t leak any information about the user. Many poor-quality VPNs have too many flaws that won’t protect against privacy.
Is it illegal to trace an IP address? No, to trace the person associated with an IP address will usually involve contacting the owner of the IP address, generally an ISP and asking them for details of who was assigned the IP address in question at a specific date and time. The ISP will want some form of legal authority, like a court order to be able to give them the assurance the request is legal and they won’t get into trouble for divulging their customer’s details.
Can the government bypass VPN? A good reputable VPN will be difficult to intercept as the VPN could have very strong encryption security, not keep any logs for their customers and could be located in a jurisdiction where the government is unable to get extend its power.