The authorities warn: Stop using VPN

VPNs have become commonplace for many people who want to hide their location, encrypt their traffic or bypass geographical restrictions on streaming and apps.

On the surface, it seems like a simple security measure that can solve several problems at once.

However, at the end of November, the US cybersecurity authority CISA issued a clear recommendation to both Android and iPhone users not to use personalized VPN services on mobile phones as, according to CISA, it is not a shortcut to security.

According to CISA, VPN services often shift risk rather than remove it. Where previously your ISP could see what you’re doing, the VPN provider can now gain insight into your traffic.

Cybernews describes it as a situation where the user simply replaces one vulnerable dependency with another.

Many free or very cheap VPN solutions also have weak encryption and unclear terms.

This means there is no guarantee that the traffic is truly anonymous or protected, and Forbes points out that in the worst case, the VPN provider becomes the new weak link in the chain.

Expert: Could become a tool for surveillance

VPN apps are marketed as an extra layer of protection, but security experts warn that it can quickly go the other way on mobile.

If the app itself is insecure, the user runs the risk of putting all their traffic in the hands of an actor that doesn’t live up to the basic principles of data security.

– Ironically, an insecure VPN app is more likely to become a surveillance tool than a real shield,” says security expert Daniel Card to TechRadar.

Several analyses point to problems with a lack of transparency.

Many services don’t clearly describe how long data is stored, what log files are created, or whether the information can be shared with a third party.

According to Dagens PS, this is a recurring theme in the review, which is based on recommendations from CISA and international technology media.

Cybersecuritydive also emphasizes that there is no single method that can guarantee digital security.

Instead, it’s a matter of combining several measures, each of which closes some gaps, but never all at once.

How to increase mobile security without a VPN

CISA recommends classic security measures instead of putting all your trust in a VPN app.

Users should keep both operating systems and apps up to date, choose strong passwords or PIN codes and be critical about which apps are installed from the start.

If you handle sensitive information via messaging or email apps, the advice is to invest in strong end-to-end encryption in the services themselves.

This provides better control over who can read the content than an extra layer via VPN usually does.

So there is no magic shortcut. Many experts believe that VPN should be seen as a specialized networking tool rather than a universal security solution for everyday mobile use.

– “VPN is first and foremost a networking tool that often does not live up to basic security principles and in many cases only provides a false sense of security,” writes Ben Coril from security company Zscaler.

The conclusion is that good mobile security is about updates, strong code, healthy habits and thoughtful apps.

It’s not about chasing anonymity through a service that may end up seeing even more of your traffic than the provider you were trying to hide from.