VPN is a great service to secure personal data and passwords from hackers or third parties. A trusted VPN service makes the browsing private and your login credentials secure.
But, you should not completely turn a blind eye on the private information you pass via a VPN. You should be aware that it might get stolen if a wrong service provider is used. But can a VPN steal your passwords? Can it see all the private data that goes via a VPN?
Can VPN see your personal data?
In theory, all your personal data might be seen by the VPN provider. But not all private information can be viewed. The data that a VPN can see depends on the security protocol used to connect to a website. It is unlikely that a reliable and trusted VPN would spy on your private data.
How can VPN steal your private data?
Your private information can indeed be seen by a VPN provider. But it is not an easy task to do even when it has control over internet traffic. There are a few ways a VPN can steal this private data.
- Intercepting HTTP connection to a website
- Forging or faking certificates
Intercepting HTTP connection
Back in the days, an insecure HTTP protocol was used to connect to the websites. This protocol would exchange plain-text messages between the browser and the server. HTTP is still the base of many connections that happen over the internet.
All HTTP messages are human-readable so that data can be easily stolen. To tackle this issue, a new protocol version was developed called HTTPS (S stands for Secure). All traffic using HTTPS is encrypted that no one who intercepts it can see the actual data. In all modern browsers, such secure connection is marked by a lock symbol once you visit a website:
Nowadays there are still websites that use the insecure version instead of HTTPS. All the passwords and personal information sent over HTTP can be intercepted and seen by a VPN. But, if a connection is HTTPS, even a VPN can not decrypt it. For that, an advanced hacking method called certificate forging can be used.
Forging or faking certificates
An HTTPS connection to the websites is encrypted using certificates. A VPN encryption is an extra encryption on top of already secured HTTPS traffic.
Here’s a principal scheme of how does it work:
This double encryption is what keeps your data private from ISPs and hackers. Even though the HTTPS connection is very secure, a VPN provider can crack it. This can be done by installing their self-signed certificates on your device.
Installing fake certificates on your device would often need administrative privileges. One way a VPN provider could do it is by offering to install you a compromised and malicious VPN app.
Fake certificates would enable a VPN to intercept and decrypt HTTPS traffic. They would be able to inspect, see your data, and forward it to a website without you knowing it.
Such a method is used by untrustworthy shady VPNs that are either free or made in China. A VPN that would use a certificate forging method would most likely get caught real quick. Any reputable and well-known VPN would never do that, so your passwords are safe.
Can VPN see your banking login credentials?
PayPal or banks must comply with high-security regulations. They always use secure connections whenever trying to login to your account. It is very hard to compromise the bank’s security for a VPN provider. So a VPN can not see any of your banking login credentials.
Can VPN steal your passwords that you type?
The only way a VPN could steal your password is when a website uses an unsecured HTTP connection. This way your password can be seen in plain text once you click a button and try to log in. Typing a password into a field would not expose it to a VPN, so it can not be stolen this way.
Free VPNs steal and sell your data
Many free VPN and Proxy providers do gather and steal your data. They do that because running a VPN service for free is not a sustainable business model. They collect personal information that is later sold to third parties and advertisers. Free VPNs are not that trustworthy and are not recommended to use for privacy.
Another VPNs that you should avoid is the ones that are made in China. It is well known that China has content censorship and tracks all internet activities. Trustworthy and non-China based VPNs are banned there and only government-approved VPNs are allowed. This is because Chinese VPNs track and collect data from their users. Later it is either sold to advertisers or reported to the government.
Which VPNs are trustworthy
You should always pick a VPN that does not track or keep any logs. It is also best to pick the one that has an audited and proven No-Logs policy. A trustworthy VPN would always protect your credentials and passwords.
Here’s what makes a VPN trustworthy:
- Well known and long time in business
- Has a strict and proven no-log policy
- Based out of surveillance alliances (non-US based)
Here are the most trusted VPNs:
With a trustworthy VPN, your private information and passwords are safe. There are a few reputable VPN providers that have a strict no-log policy and have a great reputation. These VPNs are the best to use when you want to keep your browsing activities private. They do not steal passwords and focus on keeps your browsing activity private.
Here are some other No-Log VPNs: