The risks of using a VPN: Everything you should know

profile picture Elly Heath 6 min read

In 2025, cyber threats are more sophisticated than ever. Many businesses turn to Virtual Private Networks (VPNs) for online security and privacy. But are they always safe? Not all VPNs are created equally, and for businesses looking for a VPN provider, it can be easy to fall prey to fraudsters looking to exploit personal information for cash.

In this blog we weigh up the red flags, risks and benefits of VPNs, helping you to decide if they’re right for your business.

 

What is a VPN?

Virtual Private Networks (VPNs) have become an essential tool for businesses and individuals seeking privacy and security. By encrypting a user’s data and hiding their IP addresses, VPNs can help protect sensitive data, browsing history and prevent location tracking.

 

The red flags and risks of VPNs

Here are some of the most common red flags to look out for:

Pricing that seems too good to be true

If a VPN offers a lifetime subscription for a one-time fee, this might be a con. To maintain a fast and secure VPN, continuous product development, network updates and customer support is required – all requiring recurring payments.

Your own device could be made part of a VPN or residential proxy network, allowing traffic from another user’s device to run through your own, linking your IP address to someone else’s activity.

No-logs policies

Many VPNs advertise a “no-logs policy”, claiming they don’t store sensitive user data. But unless they’ve undergone independent security audits, there’s no guarantee these claims are true. As they are the most common type of policies, it can be hard to detect a fake provider.

When evaluating a VPN’s logging practices be sure to:

  • Check the privacy policy for clear, concise explanations about why, what and how long data is logged. While minimal data may need to be collected for service improvements, make sure to avoid VPNs that log browsing history, location or downloads.
  • Look for third-party audits that have been conducted, signalling data is being handled securely.

Fake VPNs

Fake providers promise the world and deliver nothing. Or worse, deliver malicious software that quickly captures sensitive data from your device and locks you out. This could include bank details, passwords, and any other personal details stored, making identity fraud pretty easy for scammers. 

VPNs don’t truly hide your location

A key risk to be aware of is that while a VPN may change your location, businesses have a number of ways to infer your true location: 

IP address monitoring

When a user connects to a VPN, their actual IP address is replaced with the VPN server’s IP address. An IP address that comes from a commercial device, such as a cloud provider or a large data centre, could indicate that someone is trying to make their activity hard to decipher. 

Geolocation matching

The location of the VPN server can be matched with the user’s behaviour to check for abnormalities. For example, by examining: 

  • Device language settings and keyboard layout, 
  • Network response times; an elevated time could indicate the user is further away from their reported location, 
  • Expected numbers of a device type for certain demographics; an increased number of high end devices in a lower economic country, could signal that the user is in a different location. 

Browser fingerprinting

While a VPN can hide an IP address, browser and device finger printing can be used in isolation, or in combination with information from data brokers to infer a user’s real location. Fingerprinting technologies use multiple signals generated by a device to create consistently reproducible unique identifiers for a device. This means a fingerprint generated for a device can be used to link a device’s behaviour over multiple websites and networks. 

 

The benefits of using a VPN

While there are some red flags to watch out for, the benefits of a VPN should not be ignored. A VPN can offer businesses and remote workers enhanced security, privacy and a certain anonymity, which could be worth the investment:  

Increased data security

Sensitive company information such as work emails, financial information and location tracking are easily found online, particularly if a user is connecting to a public network. A VPN hides browsing activity so it is difficult for anyone to trace without the encryption key. 

For remote workers, a VPN allows them to access company files via a private connection from anywhere in the world as long as they can get online, offering greater flexibility whilst keeping company data protected.    

Bypass geographical restrictions

Some platforms limit their content due to regional licensing restrictions; a VPN can make the user appear to be accessing content from a different region or country. For businesses operating globally, this can provide access to region-specific content that would otherwise be inaccessible.

Bypass censorship

Some countries may restrict access to certain platforms entirely due to government censorship; a VPN gives users the freedom to access blocked websites by disguising their location. 

Combat third-party tracking and surveillance  

The browsing history captured from a unique IP address holds the risk of being sold to third-party advertisers, regulators or ending up in the hands of fraudsters. As a VPN hides your IP address, your personal data is kept safe. 

 

Conclusion

While there are some pitfalls to be aware of, investing in a VPN from a reputable provider offers significant security and privacy benefits to businesses. In an era where online fraudulent activities are at an all-time high, taking control and protecting your digital footprint has never been more important.

Keep reading

Woman presenting a 2d image trying to perform a presentation attack

Why early detection is critical in stopping deepfake attacks

Digital identity and age verification are becoming integral parts of customer onboarding and access management, allowing customers to get up and running on your platform fast. However as customer verification tools become more advanced, so too are fraudsters seeking to spoof systems by impersonating someone, appearing older than they really are or passing as a real person when they’re not. Deepfake attacks, which can mimic a person’s face, voice or mannerisms, pose a serious threat to any business using biometric customer verification. In this blog, we explore why detecting deepfakes early is essential for maintaining trust, security and regulatory

6 min read
An image of a woman trying to buy a bottle of alcohol at a supermarket self-checkout terminal.

"We need an army of Elliots" - why it’s bonkers we’re not using facial age estimation to sell alcohol

Let’s just get this out there: humans are not great at guessing ages. Don’t just take our word for it. Studies have proven this to be the case. Most of us reckon we can largely say if someone is under 25 using the Challenge 25 technique but when put to the test, the truth comes out: retailers do let some under 18s buy alcohol. Not always and not everyone, but some people are incorrectly estimated to be older than they really are. Let’s be honest, this is not ideal. Now, to be fair, not all humans are created equal.

3 min read
Woman using facial age estimation technology at a self-checkout

Why facial age estimation, the most accurate age checking tool, shouldn’t be left on the sidelines

Many of us have been there: standing at a self-checkout, scanning our shopping, only to hit a roadblock when the till flags an age-restricted item like a bottle of wine or a pack of beer. With age verification accounting for between 40 – 50% of interventions at self-checkouts, it significantly disrupts and slows down the checkout experience. We wait for a retail worker to approve the sale. The retail worker does a visual estimation of our age – they look at our face and guess whether we’re old enough to buy the item. Most retailers follow the Challenge 25

6 min read