The past decade brought sweeping changes to Internet security. The typical Internet user is better protected today than 10 years ago, but the hacker is better equipped too.

Let’s take a look at where things stand today, and reflect a bit on how we got here.

Are people spying on my Internet traffic?

Nowadays, probably not. VPN providers sometimes try to scare people into thinking that unless they use a VPN, their traffic is open for all to see. That’s not the case anymore. Secure websites are the norm in 2023, which means your traffic is encrypted by default on most sites. That’s good for everybody.

Do I still need a VPN?

The encryption provided by a VPN isn’t as useful as it once was, but the anonymity can still be very valuable.

If you don’t fully trust the other parties in your Internet activities, i.e. the servers and companies running the websites you visit, then you should use a VPN. A VPN is the most effective way to prevent the sites you visit from seeing who you are and profiling your Internet activity. For these sites, it’s also a good idea to use the Private Window feature in Safari, or Incognito Window in Chrome to limit cookie-based tracking.

On the other hand, if you have complete trust in the other side of your connection (your bank might be an example of a website you can fully trust,) then a VPN is not necessary. In fact, using the wrong VPN can be more hazardous than not using one at all when accessing sensitive information.

Need to know: You give your VPN provider a ton of data.

This is the part of the security equation that often gets overlooked. It’s important to understand that when you use a VPN, you’re giving the VPN provider access to a comprehensive record of your Internet activity. Only your ISP can log more data about you than your VPN provider.

If the VPN is free or “lifetime”, then you are probably the product.

Data is valuable. Tech companies have built empires solely on data they harvest from users. VPNs, especially the large ones, are sitting on a potential gold mine of user data. For this reason it’s important to make a judgement about how much trust to place in your VPN provider. This includes evaluating their stated policies as well as making a value judgement as to their trustworthiness. Where are they incorporated? How long have they been in business? How transparent are they? How do they pay for their server and infrastructure costs? Do they keep user access logs?

If you can’t trust your VPN, you’re better off not using it.

There have been incidents of well-known VPN services who turned out to be bad guys. The Internet can be a sketchy place, so it’s not too surprising that some of these providers are up to no good.

What about iCloud+ Private Relay?

Apple introduced their own “not a VPN” solution called Private Relay. iCloud+ subscribers can use Private Relay on their Mac and iOS devices (only in Safari), and thwart trackers and marketers by routing traffic through a series of two relay IP addresses. The cool thing about this technique is that it ensures neither of the two relay servers has enough information to tie your activity to your identity. Unlike a VPN, Private Relay does not proxy all your traffic, nor does it add encryption.

Private Relay is a good idea, and Apple is a rare example of a big tech company that respects their users. If you use Safari and are already an iCloud+ subscriber I think it makes sense to use Private Relay as an “always-on” thing, and use a VPN for added security and protection when desired.

Thanks for reading.

I’ll do infrequent write-ups like this on security topics in the future. I’ll try to keep them light on marketing and heavy on information. If you found this interesting, I hope you’ll stay subscribed and read some future posts.

-Ty

---