⏳Short in Time? Here’s the short guide for your question
Can VPNs be hacked or tracked?
Yes. VPNs can be hacked, and even tracked – but doing so would cost an enormous amount of work. Only someone with an immense amount of grudge against you would dedicate their time and energy to pursuing your online activity and profiles – but it could take around 200 times longer than the universe has existed. It’s time to use the terminology we learned above to figure out who can track or hack you, despite you being connected to the VPN.
1. Your ISP
While your ISP cannot read or decrypt your encrypted data, your data is still passing through the ISP from the VPN client to the VPN server. They will obviously not be able to decode your encrypted data, which is generally the AES-256 encryption standard used – in theory, it would take more than a million years to decode it. However, They will know that you are using a VPN, and they may be able to identify the kind of network traffic it was based on the timing and density of the data packets. – Web pages, streaming, P2P, etc. But can the web pages or streaming websites lead back to you? Not really. This is because the VPN client and server have masked your IP address, so the website receives a request from the IP address of the server, and not you. Should you be worried about your ISP tracking you? Not really. Hence, there’s no need to worry about being hacked or tracked by your ISP, even though they may be aware that you are using a VPN – they will have no idea where you’ve been visiting. They might be able to identify that you were probably streaming something (based on the timeframe and density of data packets), but they will not know what and where.
2. Malware
Since even your internet provider cannot track your online activity after an extent, you’ll feel happy to know that even the government may not be able to track you. However, you can still be tracked by a malware, and you might wonder how? While it’s true that a malware may come from the internet, you can’t forget that it can be stored on your device and not your internet. Even if your internet is turned off, a malware can track your desktop activity, your files, and anything that is on your device. When you turn your internet on, it can still see your activity as it is on your device – which is not encrypted. Only your network traffic is encrypted. For example, a malware can simply track your browser activity – it does not matter whether it is encrypted or not – it will be able to see every website that you receive access to. Always do a routine checkup for malware and make sure that you do not download one accidentally. Most VPNs offer a certain amount of protection against malware like ExpressVPN, but it is always recommended to have a standalone malware blocker like Malwarebytes on your device.
3. Cookies
Cookies are generally stored on a website, which can contain details of your activity. Sure, they may not be able to know whose activity they have – unless you provide it to them. Social media websites also use cookies for providing you with advertisements, but is that it? Not really. Using social media means your personal account is stored in their database along with your cookies. These cookies can be shared with advertising agencies to provide you with ads that are dedicated to you. Here’s an excerpt from Instagram’s Cookie Policy. Using A VPN will encrypt your online activity, but Instagram will still know that Account XXX did XXX on Instagram. It’s always better to ensure that you do not give too much personal information on your social media handles. Thankfully, most social media applications or even browsers offer the option to “Block all cookies”. Your location and network are still encrypted, so they cannot know that Account XXX belongs to your IP address, so that’s a good thing.
4. The Government
As I mentioned earlier, the government may not be able to track you. And while that’s true, let’s not underestimate the government. They would have to use an immense amount of resources to track or hack you, and you would have to be a very important person that committed a terrible crime – safe to say, they probably aren’t interested in you individually. So in what scenario can the government stumble upon your data without individually looking for it? A server seizure. A server seizure is a seizure of electronic data carriers, like VPN servers, that are seized during an official investigation by law enforcers. While the government will not individually come after you, they can still seize VPN servers if they have the ground to do so. For example, ExpressVPN servers were under investigation by Turkish Authorities for the assassination of a Russian Ambassador. They alleged that the assassin used ExpressVPN to delete evidence by logging into his Gmail and Facebook accounts. Turkish authorities came up empty-handed, as ExpressVPN and most premium VPNs come with a no-logging policy – they refuse to store any information on their users. This was surprising, as ExpressVPN is based in the British Virgin Islands – the jurisdiction of which has strong privacy legislation and no data retention requirements. I guess this shows that even VPNs and their users are not above the law. There have been other VPNs in the past that had their data seized by the authorities and even shut down. So Should you be worried about the government seizing the servers and getting their hands on your digital activities? That depends highly on the VPN you use. ExpressVPN offers no data retention and no data logging – they do not store any of your logs, and all of your online activity is highly encrypted. They also only keep your session data (time of VPN session and data used) on their RAM servers – which is wiped once the session ends. Even if the government were to seize ExpressVPN servers, they’d find nothing – their privacy and security have been independently audited by many professionals.
5. Digital Fingerprinting
You may have understood the ISP, cookies, malwares, and the government having a slight chance of accessing your data, but what exactly is a digital fingerprint? Digital fingerprinting was initially developed for security purposes, now it’s being used for privacy-invasion purposes. It is a tracking technique capable of identifying individual users based on their browser and device settings. Settings like your screen resolution, operating system, location, and language. The scary part is that this technique has a success rate of identifying users 99% of the time. Unfortunately, A VPN can’t do much about this, as it’s your device and browser data that gets you tracked and not your internet. However, it can stop your IP address from being added to your digital fingerprint. Some browser extensions can also help minimize the data collection on your device.
6. DNS Leaks
[include image of the source sent earlier] A DNS leak can reveal all of the websites that you have been visiting to your ISP or any prying eyes. We saw at the start of this article the example about accessing google with the VPN, here’s what a DNS leak would mean in that context. This is not ideal, as your ISP already knows that you use a VPN, and a DNS leak only makes it worse by revealing the places you visit. Thankfully, this is quite preventable – based on your choice of VPNs. Most VPNs have a system that ensures that no DNS is being leaked, and if it is – it will block your device’s access to the internet, keeping you safe. ExpressVPN is quite good at preventing leaks in general. It offers its own encrypted DNS on every VPN server, ensuring that your online activity falls in the hands of nobody, not even them. If DNS leaks seem harmless or rare to you, feel free to do a DNS leak test without using a VPN. These were my results. Six servers could access and track my online activity – which did not feel safe at all. Ensure that you are using a premium VPN that offers private DNS functionality to keep you safe.
Tips To Stay Safe
As we’ve already gathered from this article, VPN can help keep you safe by protecting your internet connection – but there are threats that are not limited to that. You can still get hacked or tracked by a malware on your device, you can still get tracked by social media apps. Here are a few tips that’ll help you stay safer.
Passwords
Choose a strong password that is a combination of uppercase and lowercase letters. Be sure to include numbers and symbols for additional safety. This will protect all of your accounts online, and you’ll be very secure against all attacks if you use different passwords for different websites.
Downloading
Before downloading any files, make sure that the file is malware free. This can be done through a virus test or a malware blocker like malwarebytes. Do not open any downloaded files that you doubt may be a virus or a malware, as things could only get riskier. Ensure you have a good anti-virus on your device for such situations.
Social Media
As we know now, social media websites also use cookies. They may not be able to link your account and your IP address, but they can still have some data on you. Be mindful of what you share on social media, keep your confidential information confidential.
Emails
One of the most common ways people get infected by a malware or virus is by answering to emails. Hackers use phishing pages. For example, somebody can send you a link to a website that looks exactly like Facebook – you can log in and access Facebook, but the email and password you use will be sent to the person who runs the phishing website. There are many emails that appear to be official but aren’t. Always make sure that you are visiting the right link. If the link says “facebook23.com” or anything else instead of “facebook.com”, you are probably on a phishing website and need to stay careful.
Use A Secure VPN
Using the right VPN can keep you safe online. ExpressVPN is a great VPN that provides security against malwares and online attacks while also keeping your online activity protected. You can read our full review on ExpressVPN to learn about how it will keep you safe online.
Conclusion
Yes, you can still be tracked or hacked despite using a VPN under these circumstances. However, they are all preventable except for one. Not only that ExpressVPN supports unlimited P2P torrenting, and comes with a 30-day money-back guarantee, so you can try it out risk-free. Put simply, using a VPN does keep you safe to a large extent. The only situations where you may end up being hacked or tracked are hard to comprehend. Most of the circumstances where you might be unsafe when using a VPN are very much preventable, except for digital fingerprinting.