Hackernoon logoYour VPN Might Be Tracking and Logging Your Browsing Habits by@jan-youngren

Your VPN Might Be Tracking and Logging Your Browsing Habits

Author profile picture

@jan-youngrenJan Youngren

Cybersecurity Expert | Focused on research and investigations

Top VPN websites are tracking visitors with sometimes dangerous or privacy-unfriendly third-parties, as well as creepy session-recording scripts.

These session-recording scripts, by the way, allow websites to record video of your movements around their websites, which also includes what you click on, what you search for, and much more.
VPNpro’s research team analyzed 120 top VPN websites, and found that the situation is pretty bad when it comes to VPNs’ true commitment to privacy.

Main takeaways you need to know

  • Out of 120 VPN websites, 102 have at least 1 tracker, and 26 websites have at least 10 trackers
  • From the analyzed websites, there are 32 total session replay scripts
  • 45 websites have Facebook trackers, and 39 websites have more than 1 Facebook tracker
  • 17 websites have trackers from risky third parties
  • There are only 13 websites that have no trackers at all

Why session-replay scripts are so dangerous

Websites that use session-replay scripts are able to see what you’re doing on their websites. This is because they actually record video of your actions. This is useful for websites to help understand what the users are doing on their sites, so that they can improve their marketing.
For anyone outside of marketing and sales, that’s a bit creepy – especially when it’s a VPN website that is supposed to put your privacy at the core of its business. Our researchers found that 26 websites have session-replay scripts, and Avast SecureLine VPN even had 3 different scripts to record users better.
Even worse, Princeton researchers found that these session-replay scripts can “expose users to identity theft, online scams, and other unwanted behavior.”

The riskiest trackers

While trackers are generally not great for absolute privacy since they track and record your behavior, there are some that are very risky. 
These bad ones include trackers that share personally identifiable or pseudonymous data with third parties. These avoid-at-all-costs trackers include Openx, BlueKai, and Taboola.
For example, OpenX’s privacy policy allows it to collect your age, gender, marital status, your phone information, IP address, and even your exact GPS location. It was even accused of bypassing regulations in order to share data with other companies.
BlueKai, on the other hand, has been mentioned multiple times for violating user privacy. A research paper [pdf] mentioned that BlueKai and other data brokers fail users in the security of their data storage, the fact that they sell data to other companies, and the fact that ad brokers can accidentally expose user data.

What can you do?

  • use extensions and tools like Ghostery, which can help block many of these trackers and session-replay scripts
  • use privacy-by-default browsers like Brave

Tags

The Noonification banner

Subscribe to get your daily round-up of top tech stories!