- CISA warned that personal VPNs can increase a user’s “attack surface”
- The advice is part of a broader alert about sophisticated spyware.
- Unreliable VPNs, especially free apps, can collect data or inject malware
The main US cybersecurity agency has issued a stern warning in its latest letter: “Do not use a personal VPN.”
The advice comes from the Cybersecurity and Infrastructure Security Agency (CISA), which warned iPhone and Android users that many commercial VPN services can do more harm than good. According to CISA, “Personal VPNs simply transfer residual risks from the Internet Service Provider (ISP) to the VPN provider, often increasing the attack surface.”
The warning suggests that while a VPN can protect your activity from your ISP, you are putting your trust in the VPN provider, many of which “have questionable security and privacy policies.” This is an important statement from a federal agency, suggesting a fundamental risk in the number of commercial VPNs operating.
The alert is part of a broader effort to combat the rise of advanced commercial spyware. Security agencies are increasingly concerned about malicious actors using sophisticated tools to infiltrate smartphones, and a rogue VPN app is an ideal Trojan horse.
As a recent Google security alert also highlighted, threat actors are experts at distributing malicious apps disguised as legitimate VPN services to compromise user security and steal everything from browsing history to financial credentials.
These warnings are particularly pertinent given the increase in the use of VPNs to bypass geo-restrictions or in response to new legislative measures, such as age verification laws. However, as CISA’s advice implies, the rush for a quick privacy fix can lead users to download dubious apps that are at best ineffective and at worst spyware.
How to choose a secure and private VPN
CISA’s general warning suggests that all VPNs are untrustworthy, but the heart of the problem lies questionable suppliers.
The best VPN services are transparent, audited, and committed to user privacy. To stay safe, you should look for a provider with a strict, independently verified no-logs policy, ensuring they don’t collect or store any data about your online activities.
Additionally, strong encryption protocols such as OpenVPN and WireGuard form the backbone of secure VPN connections, ensuring your online traffic remains private and protected from interception. These encryption standards use advanced cryptographic techniques to protect your data from hackers, ISPs, and government surveillance, making it extremely difficult for third parties to decrypt your communications.
When selecting a VPN, it is also recommended to look for additional security-oriented features that strengthen your online protection.
One such option is a kill switch, which automatically blocks your Internet access if the VPN connection drops unexpectedly. This prevents your IP address and sensitive data from being exposed in plain text, a common risk if protection is not implemented.
Other valuable features may include DNS leak protection, multi-hop connections that route traffic through multiple servers, and Perfect Forward Secrecy (PFS), which changes encryption keys frequently to minimize data exposure.
For those looking for the most private VPNs, the key is to choose a trusted provider that prioritizes user security above all else. TechRadar’s top-rated VPN, NordVPN, for example, offers a suite of advanced features and is currently offering an exclusive discount for TechRadar readers, making it a great option for those looking to bolster their online security without falling victim to the dangers CISA has warned about.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
