WiFi routers keep tabs on the traffic passing through them. And whoever holds the key to their admin panels can view their logs, which include search and browsing histories.
But what if you’re using a VPN? Will WiFi admins still be able to monitor your activity? Keep reading to discover the truth behind VPN use and internet privacy.
Can a WiFi owner see what sites you visit with a VPN?
The short answer is no.
The owner of the WiFi you’re using shouldn’t be able to keep track of what you’re doing on your device with your VPN on.
When you connect to a VPN, it creates an encrypted tunnel between your device and its remote server. Since the traffic is scrambled, the data the router logs is unintelligible.
Unless deciphered properly, nobody would be able to figure out what you’re doing online with 100% certainty.
That said, VPNs aren’t created equal. Some are inherently less private than others due to security weaknesses and design limitations.
The ones that should concern you are those that:
- Are highly prone to IP and DNS leakage — Not all VPN vendors have developed sophisticated apps to keep your real IP address and DNS queries hidden throughout the whole session.
- Use weak encryption — If your VPN doesn’t utilize military-grade encryption, you’ll be susceptible to hacking and be likely to fall victim to identity theft and fraud.
- Expose VPN metadata — Without obfuscating your traffic, snoopers would still know that you’re using a VPN and try to exploit its weaknesses.
- Have servers in sub-optimal locations — VPN providers have to contend with jurisdictions with mandatory data retention laws, democracies that spy on their citizens, and repressive governments that enforce online censorship. Such factors affect their ability to safeguard user privacy.
- Let third parties access their hardware — Generally, VPN companies rent data centers to house their hardware in order to build a large global network. Unless their servers are colocated (fully owned and self-maintained), granting third parties access to them can be a cause for concern.
- Log sensitive data — Disreputable VPN vendors (particularly those who don’t offer premium subscriptions) are no different from Big Tech, which lives off advertising money. They collect your data and sell it to the highest bidders, compromising your privacy in the process.
- Save data to traditional hard disks — Some VPN server infrastructures aren’t set up to delete data when the servers are powered off, endangering your identity and privacy in the event of a seizure.
So, if your VPN is plagued by one or more of these weaknesses it’ll leave traces of your real activity, location, and identity. And, in turn, the WiFI owner will have more of your data to snoop on.
Factors that affect VPN privacy
To gauge how private different VPNs are and compare service providers accordingly, pay close attention to the following:
- Encryption strength — Privacy and security go hand in hand, so anything less than military-grade encryption is unacceptable. So, it’s a must to use a VPN that supports AES-128 or -256.
- VPN protocol — A tunneling protocol helps determine how strong a VPN’s encryption method is. Moreover, it can indicate whether a service is capable of stealth, which is useful when evading government censorship.
The most secure generic protocols are OpenVPN and IKEv2 while arguably the best proprietary one is Proton VPN’s Stealth.
- Private DNS — Such servers enable VPNs to handle DNS queries more securely.
- Server location — VPN servers aren’t always where their IPs suggest they are. Some providers use virtual server locations to inflate the size of their networks while avoiding governments with strong-arm policies.
This strategy is neat, as it allows VPN vendors to offer IPs from unusual jurisdictions like China, Russia, and Afghanistan. The problem is that not all companies are forthcoming about the whereabouts of the hardware powering their virtual server locations.
- Logging policy — Many reputable VPN service providers claim to have a strict no-logs policy. But never take their word for it. Read the fine print and find out precisely what your prospective vendor logs.
- Data storage — The most reliable VPN servers run on RAM. When stored on volatile memory, the information is completely erased after every reboot. No wonder industry leaders such as ExpressVPN and CyberGhost have adopted RAM-only hardware.
- Track record — Not all VPN vendors have had the opportunity to prove their claim in court. So, those that have protected the privacy of their users in real life (like Private Internet Access) have unquestionable integrity.
- Independent audit — Confident vendors invite impartial cybersecurity auditors to show the world that their servers are as private as advertised. NordVPN and Surfshark VPN are two of the few that have walked the talk.
- Advanced features — The VPNs that go the extra mile provide exceptional privacy features like double VPN, Onion over VPN, obfuscation, IP rotation, and GPS data override.
How to protect your privacy on public WiFi
Public WiFi networks can be super convenient but are also incredibly risky. If you have to connect to one, do the following to cover your back at all times:
Route your traffic to a VPN
Public WiFi is unsecured and has no access restrictions, which is why cybercriminals love it.
To neutralize potential threats, especially when you need to enter sensitive information, use a VPN to hide and secure your traffic.
Do VPN leak tests
Make sure the VPN you’re using isn’t leaky before doing your business on the internet. Here’s how you can run IP and DNS leak tests using Sonics VPN’s Android app as an example:
- Go to ipleak.net while your VPN is off to check your real IP and DNS addresses.
- Connect to your preferred VPN server.
- Refresh the IPLeak page to see if your real IP and DNS information is no longer visible.
If your real IP and DNS addresses are hidden, then your VPN doesn’t leak your data and is good to use. But if they’re not, your VPN may be unsafe.
To be fair, IP and DNS leaks may occur due to vulnerabilities in buggy extensions, plug-ins, web browsers, and operating systems.
So when you spot information leakage, try updating your app or restarting your device first. Afterward, do IP and DNS leak tests again to see if you can get better results.
Turn on the kill switch
To avoid accidentally broadcasting your real IP and DNS data when your VPN connection drops, activate the kill switch feature.
Here’s how to do it on ExpressVPN for Windows:
1. Launch the app.
2. Click the hamburger icon for settings.
3. Go to Options.
4. In the General tab, check the Stop all internet traffic if the VPN disconnects unexpectedly box under Network Lock.
5. Click OK to save the new setting.
Answering a simple no to the question: Can the WiFi owner see what sites I visit with a VPN, oversimplifies a complex issue.
Things don’t always fall into place just by turning on a VPN. One’s ability to protect your privacy relies on a combination of factors such as encryption strength, private DNS use, and RAM-only server design.
But if go with a robust and trustworthy VPN service and follow our recommendations when connecting to public WiFi, you can use the internet with peace of mind in even the worst circumstances.