Is Your VPN Tracking (and Leaking) User Activity?

The VPN industry touts all sorts of privacy protocols and encryption methods that purport to protect users. While this is, undoubtedly, important information, and is a decent way to compare and contrast different VPN services, it isn’t the full story when it comes to your privacy. An often-overlooked issue is the use of trackers by VPN solutions; users should be wary of trusting any VPN service that uses them.

Essentially, a tracker is, as the name suggests, something that will track user activity across the internet. Many websites and apps use trackers in some form or another, and they follow users almost everywhere they go on the internet. The information harvested by trackers is usually used for things like targeted advertisements. If you’ve ever clicked on an advertisement for a product or a service and then started seeing that same advert everywhere you go, then you’ve been tracked.

Trackers exist so that companies can make money at the expense of your privacy.

However, there is an important distinction to be made between first-party and third-party trackers. First-party trackers are things like cookies that are used to remember information like language or layout preferences, or perhaps even saving your shopping cart on an e-commerce site. Such trackers are deemed necessary for many websites in order to give users a more seamless experience—and for these kinds of trackers, it is often easy to opt out and refuse cookies from being stored.

Third-party trackers, on the other hand, are trackers built to facilitate the harvest of information from websites and apps that can later be used to make money from you and/or your activity. The information gathered by third-party trackers varies, but it is often personally identifiable information (PII). For example, data like your IP address, what browser you use, what you click on, how long you are on a specific web page, etc. All of this information is used to create a profile about you and, in turn, is used to make money from you via targeted advertisements. It isn’t just websites that make use of third-party trackers—many mobile apps do this, as well. And this is where users need to use caution before choosing a VPN that implements such trackers.

VPNs and Trackers

VPN apps that use trackers are, essentially, compromising your privacy to turn a quick profit. Such trackers are not needed for these VPN apps to work and are often actively leaking your information to the likes of Google, Facebook and other big data companies. The extent of the information being collected will vary from app to app. The use of trackers means that information about you is being shared, but this is rarely communicated to users. Many third-party trackers are so sophisticated and have such a wide net of data to pull from that PII isn’t even necessarily needed to create a targeted profile for a user. These trackers can use the huge amount of information they have (along with your unique ID) to connect the dots and trace everything back to you. So, even if something as easily traceable as an IP address isn’t being shared with these trackers, they still have the ability to piece everything together and track your behavior online. It is astonishing just how many services out there are using trackers in their VPN apps, doling out your information without your express permission.

Steps in the Right Direction

For the average user, the only way to be certain of tracker use is to read through lengthy, cumbersome privacy policies. Many services take advantage of the fact that users won’t take the time to read these. There are applications available that can identify and alert you to other apps that are using trackers, such as the Exodus tool for Android-specific information, for example, but its scope is limited. Apple is taking a step in the right direction with its brand-new guidelines for App Store apps which mandate that every single app discloses any information that they seek to collect, any permissions needed and what trackers are being used (if any). This includes things like analytics and data shared with third parties.

This move could highlight the concept of trackers to a wider audience that may not quite understand the extent to which these information-gathering forces are working in the background. And it makes it easier for people to see exactly how the apps they use are tracking them. Finally, it might convince app developers to avoid the use of a large number of trackers – if only to make the app look less ‘nosy.’

An Important Distinction

It is important to note the distinction here between trackers on a website and trackers in apps. By implementing trackers in an app, a developer essentially renders any of the app’s privacy features moot because those trackers can match your IP address before and after you connect to a VPN server. This isn’t possible with website trackers, as the app and website are completely separate from one another.

While VPN providers should know better than to include these kinds of trackers, especially in apps, sadly, many providers have become part of the invasion-of-privacy problem they claim to be fighting against, with their users being none the wiser. Make sure you determine whether or not your VPN app of choice is one that uses a tracker—or risk the privacy and security of your users and their data.

Avatar photo

Sebastian Schaub

Sebastian is the founder of hide.me VPN and he has been working in the internet security industry for over a decade. He started hide.me VPN, 8 years ago to make internet security and privacy accessible to everybody.

sebastian-schaub has 4 posts and counting.See all posts by sebastian-schaub