VPNpro analysed the payment methods and sign up processes involved in using VPNs. Worryingly, 35% required an identifiable form of payment such as credit card or PayPal information.
22% of VPNs had no anonymous payment method and required information such as an email address – with some even preventing the use of ‘disposable’ email addresses. This information can be used to connect an individual directly with their VPN account.
Previous research by VPNpro uncovered that 97 leading VPN products are owned by just 23 parent companies. The majority of these companies are based in countries with a high degree of government surveillance or lax data privacy laws. For example, China, Pakistan, the UAE and the US. As a result, the anonymity of many VPN users could be easily compromised.
VPNs are used by millions of people worldwide, with many human rights activists, investigative journalists and whistle-blowers relying on their purported high level of privacy and anonymity.
Konrad Strauss, Security Researcher at VPNpro, said: “Our research has revealed some serious shortcomings in how many VPNs operate. Anonymity online is critical to many people’s lives and if there is a weak link anywhere in the chain there can be dire consequences.
“VPN providers are not created equal. If you are providing any form of personally identifiable information to a service your privacy could be compromised. The best defence is to carefully research each company to ascertain what information you need to provide and which country the VPN provider is from. Bear in mind, in places such as China, a tech company is required to hand over information it holds to the Government.”