How Trustworthy Are Chinese-Owned VPNs?
The need for Virtual Private Networks (VPNs) is increasing, mainly due to more people now working from home. Everyone wants to securely browse the internet without the fear of malicious entities infiltrating their networks. Due to this demand for VPNs, different VPN services are sprouting up and offering their services, especially to areas with heavy internet censorship.
Chinese-owned VPNs are a cause for concern, primarily because of China’s active war against VPN services. What is even more worrying are Chinese-owned VPN services that are secretive about their ownership. In this piece, we take a look at the trustworthiness of Chinese-owned VPN services.
Are Chinese-Owned VPNs Trustworthy?
China continues to crack down on VPN services that allow its citizens to bypass the heavy internet censorship the government implements. Despite this, there are a significant number of VPNs that Chinese citizens secretly own. Is it because there is a need in China’s large population for VPN services? We cannot say with certainty that this is the case; neither can we say that the Chinese government is in tandem with some (or all) of these VPN services to expand its surveillance network. We can say one thing with certainty: secret ownerships are bad for the VPN industry.
A VPN service’s primary purpose is to move users from an untrusted network to one they can trust. It is that simple. The keyword here is trust. VPN users need to have confidence that VPN service providers are going by a standard, and that standard is to secure internet traffic and personal data. So when they use a VPN service that puts little or no information about its ownership, there is a trust issue because if something goes wrong, who do they hold accountable?
Are Chinese-owned VPNs trustworthy? We do not a straightforward answer to that question, but here are some things we consider that will help decide if you should use a Chinese-owned VPN service.
1. Transparency
Transparency is vital in the VPN industry. VPN service providers need to be transparent to users about several things like their ownership, structure, security, privacy policy, etc. For Chinese-owned VPNs that are not secretive about their ownership, there is transparency that results in some trust. On the other hand, when you can’t find any concrete information about a VPN service with links to China, you cannot trust such a VPN service.
There are two initiatives that encourage transparency in the VPN industry: the Internet Infrastructure Coalition (i2Coalition) and the VPN Trust Initiative (VTI). The latter is “a consortium of leading VPN providers focused on improving digital safety for consumers by building understanding, strengthening trust, and mitigating risk for VPN users.” These two organizations are actively promoting transparency among VPN services. As a first step to see if you can trust a Chinese-owned VPN service, check if it is a member of the VTI.
Popular members of the VTI include ExpressVPN, NordVPN, VyprVPN, NetProtect, and Surfshark. These are industry leaders that have shown full transparency to their users. So when it becomes unclear if you can trust a VPN service, whether Chinese-owned or not, we advise you not to use their services.
2. Data Collection
Free VPNs are increasing because a significant number of people cannot afford to pay for a premium VPN. While there are reputable VPNs that offer free services, most of them are dangerous to your privacy. We discovered that there are several Chinese-owned VPNs that offer free services. The problem with free VPNs is that most of them find other ways to make money because maintaining a VPN is costly. Think of the costs of infrastructure, servers, maintenance, staff, app development, etc.
They need money to run their services, and since they don’t make any money just by offering their services free, they sell users’ data to advertising companies. Users may not understand the value of their internet traffic data, but anyone in the VPN industry understands it. Chinese-owned VPNs can use your internet activities to build a profile on you and sell such data to advertisers or anyone that offers money for it.
Advertisers use such data to profile you and send target ads based on your profile. Malicious entities can also buy such data to send phishing emails or other methods they use to steal personal information. This is why it is critical for you to read the privacy policy of any VPN service you intend to use. Do not use any VPN if the privacy policy looks generic or implies that the VPN collects unnecessary data.
3. Vulnerabilities
A VPN should reduce the risk of malicious entities having access to your data while you’re surfing on the internet. Like we mentioned earlier, Chinese-owned VPNs have a significant number of free VPNs. Another serious issue with free VPNs is that they can be vulnerable. You are an easy catch for malicious entities if you use a Chinese-owned VPN that uses outdated protocols and weak security for your connection.
To validate our point, UFO VPN (based in Hong Kong) unknowingly made public a database of user logs and API access records, including plain-text passwords, IP addresses, and other information that can identify VPN users. Because of issues like this, we advise VPN users to stay away from free VPNs, especially Chinese-owned ones, as they are more likely to compromise your privacy and security.
These VPNs are also vulnerable to government interference. China is not a privacy-friendly country, and VPNs operating there must release user data if a government agency requests it or risk heavy fines and possible eviction. Except you are happy with the possibility of the Chinese government having unrestricted access to your connection data, it is better to avoid using any VPNs with links to mainland China or Hong Kong.
What To Consider Before Using a Chinese-owned VPN
You have to consider some of the following points if you are taking the risk to use a Chinese-owned VPN service.
1. Security
The security of your connection will determine if hackers will have a field day infiltrating your network or not. Most premium VPNs use military-grade encryption (AES-256) to protect users’ data in transit. Since several Chinese-owned VPNs are free, they are more likely to use a weaker encryption protocol that is not unbreakable like the AES-256 encryption protocol.
On the other hand, if a VPN secretive about its links to China states that it uses 256-bit encryption, what guarantee do you have that it’s the truth? Also, using vulnerable protocols can be a red flag. OpenVPN is one of the most secure and popular VPN protocols. You should avoid at all costs any VPN service that doesn’t have an option to use this protocol.
2. Privacy
Due to the many privacy issues surround China, you have to be on the lookout for Chinese-owned VPNs that will not protect your privacy. Do some thorough research on the origin of the company, and if you’re not satisfied with the results, don’t use it. Remember that a VPN that is shady about its origin is likely to compromise your privacy.
Another way to identify a possible privacy-unfriendly VPN is to go through its privacy policy. Check the permissions it needs to functions and the type of data it collects, then compare it with a reputable VPN service provider’s privacy policy. If it seems like the VPN is collecting too much information, they will likely sell your data to anyone willing to pay for it.
Conclusion
Using a Chinese-owned VPN service can be risky because of China’s actions against VPN services. For the Chinese government to approve a VPN service, it has to abide by its laws, including releasing users’ data at the beck and call of any government agency. That alone is enough reason to stay away from Chinese-owned VPNs if you value your privacy.