Virtual Private Network (VPN): Privacy and Information Security Concerns


    By Olumide Babalola

    1. Introduction

    Since the Federal government’s ban or suspension of Twitter in Nigeria in June 2021, more citizens have become aware of the Virtual Private Network (VPN) as an alternative route to circumvent the political censorship of the most-utilized social media network and keep tweeting regardless. With the uneven scramble for VPN came the expected misinformation on how the technology could invariably subject users to identity theft or financial scam once they logged into the platform and this expectedly scared most people off anything VPN up till this moment.

    This article seeks to briefly: (i) simplify the concept of VPN by reproducing some of its definitions from different perspectives; (ii) highlight its purpose and benefits and; (iii) clarify the likely privacy issues associated with the use of the technology.

    1. What is a VPN?

    A VPN is simply a private network that is routed on a public network (e.g the Internet) in an anonymous form and thereby protecting the privacy of the users from snooping or other privacy-impacting evils. It is a set of tools which allows networks at different locations to be securely connected using a public network as the transport layer. (Jim Harmening, Computer and Information Security Handbook (2009). VPN is a technology that establishes private network connection though a public network like the internet.  (Derrick Rountree, in Security for Microsoft Windows System Administrators, 2011). It is built on top of existing physical network providing a secure communication mechanism for data and other information transmitted between two users. (Vlado Damjanovski, in CCTV (3rd edition) 2014). Conclusively, VPN is simply a private network exchanging information over a shared infrastructure while preserving the privacy of such information. Ultimately, VPN is a connection method used to add privacy to private and public networks like Wi Fi, Hotspots or the Internet. (See Matheo Varvello et al ‘VPN: A privacy- preserving decentralized virtual private network’ (2019).

    1. Why was the VPN created?

    In recent times, the human folk’s explicable dependence on the Internet for almost every comprehensible activity has increased the privacy and security concerns and complicated by the number of devices connected to the Internet per time. The nature of the Internet as a public space which is constantly invaded by cyberattacks and remotely controlled by some unidentified but more-equipped surfers emphasised the need for the vulnerable ‘netizens’ to access the Internet in a private sphere without the fear of snooping or eavesdropping by unknown elements, hence the invention of VPN in 1996. (See David Crawshaw, ‘Everything VPN is new again’ (2020). Zhipeng however says VPN was created as a solution to the scourge of cyber-attacks and hijacked control of the Internet by allowing better security and always providing anonymity to the users. (See Zhang Zhipeng, ‘VPN: A boon or trap? (2018).

    1. How does the VPN work?

    VPN works with the creation of private virtual ‘tunnels’ or ‘paths’ or ‘channels’ that allow users to communicate or exchange data from end-to-end within the tunnels as enabled by the Internet (in most cases). The personal data traveling through the VPN tunnel are encrypted (i.e by converting readable texts into incomprehensible gibberish) as a security measure to ensure the information gets to the desired recipient untampered since they eventually  pass through an unsecured platform – the Internet. ( See M. Gupta, ‘Building a Virtual Private Network’ (2003).

    When users connect to VPN, their personal data travel-sequence is as follows:

    i. VPN platform on users’ device encrypts personal data.

    ii. Sends it to the VPN server through a secure connection.

    iii Data goes through the Internet Service Provider (ISP) but they cannot snoop because of encryption.

    iv. When the data gets to the recipient, the encrypted data is then decrypted for the user to understand the information.

    v. The flow is repeated where a reply is sent. (See David Janssen, ‘VPN explained: How does it work? Why would you use it? (2021).

    1. What are the benefits of VPN?

    Most Nigerians would not have known about the existence of the VPN technology until the unprecedented Twitter shutdown in June 2021. Apart from allowing users to bypass certain online censorship restrictions, the following are some other benefits of VPN:

    a. Anonymity online: Users’ IP addresses and location are hidden by VPN.

    b. Data security: By encryption, it becomes almost impossible for users’ data traffic to be hijacked by hackers or tracked by government surveillance.

    c. Secure browsing of public networks: Generally, free Wi Fi networks are unsafe but when users access such platforms via VPN, they become anonymous and unidentifiable users.

    d. Bypass geographical restrictions: Sometimes frequent air travelers, are frustrated when they are in transit and cannot use certain websites or apps (like WhatsApp calls (UAE) and Facebook in China for example) VPN enables them to bypass such censorship even when within such regions and they stand no risk of identification.

    e. Improves Internet connectivity: Depending on the quality of VPN and the geographical location of the ISP’s base station, it has been repeatedly argued that VPN may improve Internet connectivity under certain circumstances.

    6. What are the privacy and data security concerns of VPN?

    Although data shared via VPNs are encrypted to ensure informational privacy, the VPN platforms however raise their own peculiar privacy concerns.

    a. Moving from Internet privacy to the realm of Intranet privacy-trust worries. Using VPN involves a choice between a known devil (i.e the VPN service providers) and unknown angels (the identity thieves, hackers, government surveillance and digital busy bodies). Since users run from the larger Internet risks, they would have to trust VPN service providers (Intranet) not to misuse personal data collected for untoward purposes which may negatively impart users’ privacy. A number of VPNs, in fact, use tracking systems of users’ data.

    b. Privacy violation by third-party service providers. Since VPN service providers are commercial entities that engage other third-party service providers (like cloud service, etc.), users’ data are also susceptible to the risk of misappropriation by these third parties whose businesses and data management practices may neither be regulated nor within the control of users, hence raising its own species of privacy and data security concerns.

    c. Cybersecurity lapses. The growing popularity and utility of VPNs have also increased their cybersecurity porosity owing to the less attention service providers devote to securing users’ data. In emphasising the information security risks that comes with inadequate cybersecurity by some VPN service providers, Boxley puts it succulently that: ‘Not only is their basic architecture for transmitting data over third-party servers risky, but there are too many ways in which they flout best practices for secure, private data transfers.’ (See Don Boxley, Jr. ‘Overcoming the dangers of virtual Private Networks’ (2019).

    7. Conclusion

    VPNs like every other digital product cannot wish away its data security vulnerabilities and privacy anxieties. Without necessarily speaking for or against the use of VPNs, the privacy paradox situations continue to stare users in the face when making choices on the use of VPNs, however, it is advisable for every user to apprise him/herself with the possible invasion associated with every product before use.

    Share on


    Please enter your comment!
    Please enter your name here