456 reads

Your VPN Might Be Tracking and Logging Your Browsing Habits

by Jan YoungrenMarch 27th, 2020

Too Long; Didn't Read

Top VPN websites are tracking visitors with sometimes dangerous or privacy-unfriendly third-parties, as well as creepy session-recording scripts. These scripts record video of your movements around their websites, which also includes what you click on, what you search for, and much more. VPNpro’s research team analyzed 120 top VPN websites, and found that the situation is pretty bad when it comes to VPNs’ true commitment to privacy. The riskiest trackers include Openx, BlueKai, and Taboola.

Company Mentioned

featured image - Your VPN Might Be Tracking and Logging Your Browsing Habits

Top VPN websites are tracking visitors with sometimes dangerous or privacy-unfriendly third-parties, as well as creepy session-recording scripts.

These session-recording scripts, by the way, allow websites to record video of your movements around their websites, which also includes what you click on, what you search for, and much more.

VPNpro’s research team analyzed 120 top VPN websites, and found that the situation is pretty bad when it comes to VPNs’ true commitment to privacy.

Main takeaways you need to know

Out of 120 VPN websites, 102 have at least 1 tracker, and 26 websites have at least 10 trackers

From the analyzed websites, there are 32 total session replay scripts

45 websites have Facebook trackers, and 39 websites have more than 1 Facebook tracker

17 websites have trackers from risky third parties

There are only 13 websites that have no trackers at all

Why session-replay scripts are so dangerous

Websites that use session-replay scripts are able to see what you’re doing on their websites. This is because they actually record video of your actions. This is useful for websites to help understand what the users are doing on their sites, so that they can improve their marketing.

For anyone outside of marketing and sales, that’s a bit creepy – especially when it’s a VPN website that is supposed to put your privacy at the core of its business. Our researchers found that 26 websites have session-replay scripts, and Avast SecureLine VPN even had 3 different scripts to record users better.

Even worse, Princeton researchers found that these session-replay scripts can “expose users to identity theft, online scams, and other unwanted behavior.”

The riskiest trackers

While trackers are generally not great for absolute privacy since they track and record your behavior, there are some that are very risky.

These bad ones include trackers that share personally identifiable or pseudonymous data with third parties. These avoid-at-all-costs trackers include Openx, BlueKai, and Taboola.

For example, OpenX’s privacy policy allows it to collect your age, gender, marital status, your phone information, IP address, and even your exact GPS location. It was even accused of bypassing regulations in order to share data with other companies.

BlueKai, on the other hand, has been mentioned multiple times for violating user privacy. A research paper [pdf] mentioned that BlueKai and other data brokers fail users in the security of their data storage, the fact that they sell data to other companies, and the fact that ad brokers can accidentally expose user data.