Five Common Problems with Consumer VPNs

The recent Facebook debacle and other data privacy scandals have fueled a rising interest in virtual private network (VPN) software among consumers.

Many people have adopted them for protecting their data at public Wi-Fi hotspots, or to digitally encrypt their information against possible surveillance by governments or service providers when traveling.

A wide range of consumer VPNs are now available for PCs, smartphones and other mobile devices. Most require a nominal subscription. Some are even free. But there are plenty of hidden risks that users may not be aware of. 

Businesses realize they can ill-afford to let employees use their own consumer VPNs for work.

A commercial, enterprise-grade VPN service that everyone in the company must use is really the only way to guarantee protection for confidential business information as it moves across the Internet.

Growing Numbers of Users

Internet users around the world are increasingly turning to VPN services to protect their digital privacy and to help them by-pass locally imposed content filters.

According to GlobalWebIndex, just over a quarter (26%) of consumers use VPNs to encrypt their data connections while online.

Most, however, have very little idea how VPNs work and tend to take manufacturers’ claims at face value.

Unfortunately, the consumer VPN market’s relative low barrier to entry and abundance of choice means it is easily exploited by unscrupulous providers looking to make a quick buck.

Here are five common issues associated with consumer VPNs:

1. Data Leakage

A key motivation for acquiring a VPN is to encrypt Internet digital communications so as to render it unintelligible to outside observers.

Yet, coding/configuration errors in a small number of consumer systems actually allow data to pass outside the encrypted tunnel thus defeating the whole exercise.

A further half a dozen leak data in another way - by actively monitoring user traffic and potentially sharing it with third parties such as advertisers, government departments and data brokers.

This is because, notwithstanding their website and advertising promises, their legal policies hold no guarantees when it comes to protecting users.

2. Limited Scope

One of the main attractions of a VPN is to get around local Internet censorship laws. Geographical blocks may be applied for television streaming services or for GDPR compliance reasons.

By establishing an encrypted link to a provider’s many VPN servers around the world, users hope to access content via an IP address outside local restrictions.

A few consumer VPNs, however, mislead users with respect to their international credentials.

Some may claim to have hundreds of servers in many different countries when in fact they only have a relatively small number grouped together in just a couple of places.

They then adjust the routing data to make it look like they are providing a service in one country when in reality it is happening somewhere else entirely.

3. Fake Reviews

The consumer end of the VPN market is very crowded. Vendors are forced to compete hard for attention.

Positive reviews on third-party websites are much prized. The problem here is that some websites are more independent than others.

A lot of them will publish a five-star review in exchange for a small fee. They have more in common with advertisements than honest evaluations by independent journalists.

This makes it very difficult for the average consumer to get good quality, unbiased information to help them choose between the various solutions on offer.

4. Manual Log-in

In an ideal world, a VPN connection should be always-on, or at the very least activated with simple click or swipe.

They should also support all your devices – desktop, tablet, smartphone and TV – with the same account.

Yet, some VPN solutions expect users to enter their log-ins every time they go online. This is inconvenient at best. More likely it is annoying.

VPN use needs to be as seamless as possible. If not, users will be put off from using them.

5. Poor Privacy Protection

Privacy policies for VPNs at the consumer end of the market can fall way short of the standard multi-page documents we associate with major software brands.

A fair few actually have no privacy policy for people to view online – in flagrant disregard for the law.

Among those that do, a significant number choose to be circumspect about what they do with users’ data. Yet, others do not back up advertising promises with commitments written into their policies.

Business Must Play it Safe

Of course, plenty of basic VPNs do exactly what they are supposed to do.  Businesses, however, have more complex needs.

They have a duty of care over their customers’ privacy and must stay compliant with data protection laws. It’s simply too risky for companies to allow everyone to use their own personal choice of VPN for remote connections for sharing company confidential information.

More usually, all employees must use an enterprise-grade VPN system managed by IT support staff from a single, central point of control.

In summary, consumer VPNs may be fine for protecting the privacy needs of individual consumers.

However, the fact that not all are made equally robust makes them unsuitable for use in a business context.

Not only are there many different types but some play fast and loose with the core data privacy services they purport to supply.

The only way to guarantee protection for customers’ personally identifiable information (PII) and comply with privacy laws is via a centrally managed professional VPN service that automatically encrypts all company data connections everywhere.