Five Eyes Explained (FVEY) – Big Brother is Watching You

Five Eyes Explained (FVEY) – Big Brother is Watching You

Privacy Canada is community-supported. We may earn a commission when make a purchase through one of our links. Learn more.

While the Five Eyes may sound like a criminal organization straight out of a James Bond film, this is no fiction. The secretive sharing of data and technology between the United States, Canada, Australia, New Zealand, and the United Kingdom has created what is undoubtedly the most sophisticated online public surveillance operation in history. In other words, if you’ve been on the internet, there’s a good chance the Five Eyes know about it.   

Most regular internet users know that VPN stands for the virtual private networks that permit anonymous browsing. That, however, tends to be about as far as the knowledge goes. The Five Eyes are VERY interested in VPNs because the anonymity the technology provides makes it harder for them to do their “job” of spying.

VPNs vs the Five Eyes

Concerns about privacy laws, confidentiality, and even the legality of accessing some content gave rise to VPNs originally. This is because installing a VPN permits you to get past the geographical blocks and use websites that are supposed to be blocked in your country.

For instance, Netflix blocks most of its U.S. content to other foreign countries. Similarly, people in the United States may not be able to access TV shows and movies shown in South America. VPNs create a loophole around this sort of restriction and allow users to reach blocked websites.

It should be obvious why the Five Eyes surveillance alliance is not a big fan of VPNs. They want to know that online activity is being monitored. VPNs make it more difficult to do that.

the five eyes

If it seems that this organization is nothing more than a band of spies in search of questionable activity without much probable cause to rely on, you would be right. Since all five of are English-speaking countries, sharing the information they find is ever-so-easy.

History

The concept behind the Five Eyes has been around for awhile. In fact, the surveillance agreement and data sharing that form the basis of this modern arrangement were established many years ago as the UK-USA agreement that was created in 1943 during the throes of World War II.

NSA Nato alliance

After the Cold War ended, other countries were offered membership in the alliance, mainly as a result of efforts to deal with the growing threat of international terrorism.

As the list of participants in the Five Eyes has grown, the extent of online global monitoring has increased as well. For a taste of the extremes to which these countries go to monitor users, check out this recounting of the expose’ of Edward Snowden in 2013.

As the work of the five countries has become more sophisticated, funding has continued to rise and the demand has been ever greater to include more security and intelligence agencies. Some of the most powerful acronyms in the world are involved, such as the FBI, CIA, NSA, MI6, ASIS, NZSIS, AGO, GCSB, and many more.

While the activities of the organization are offered up as necessary for law enforcement, it’s not hard to imagine more sinister purposes for the Five Eyes, especially as they go about the business of circumventing privacy protection laws. In case readers have forgotten, it’s against the law for the United States government to spy on its own citizens.

Thanks to the Five Eyes, it’s an easy matter to ask one of the other four countries to do it for them.

The Five Eyes is Just the Beginning

Although the agreement between the five countries may be enough to put fear into those who want to protect their privacy, this is not where the monitoring ends. In fact, there are two more alliances that increase the number of eyes as the number of countries involves is greater. But first, is Japan set to become the sixth member of the Five Eyes?

The Five Eyes Plus One: Japan in the House

The Five Eyes are presently considering the official admission of a sixth member to the world’s most exclusive spy club — Japan. It’s not such a radical step when you consider that the alliance has been able to count on Japanese cooperation dating all the way back to the Cold War. Thanks to its geographical proximity, Japan has contributed much to intelligence-gathering in mainland China, the South China Sea, and North Korea. Formal membership in the Five Eyes would simply put names on the dotted line to back up what is already a boots-on-the-ground reality.

How does the Five Eyes go about the process of adding members? It’s been awhile since they’ve done it but one head of state member simply has to make the nomination. Acceptance or rejection relies on a simple vote. With all Five Eyes countries having been on the receiving end of Japanese intelligence cooperation in recent years, most experts figure the decision is a fait accompli. Let us be the first to say “Welcome!” to the Sixth Eye.

Nine Eyes

With Denmark, France, Netherlands, and Norway, the original union between the aforementioned five countries expands to the so-called “Nine Eyes” surveillance alliance. Unlike the uninspired creativity of its name, this organization possesses mind-boggling abilities that have only increased with the addition of the new countries.

Fourteen Eyes

Ultimately, adding Germany, Belgium, Italy, Sweden, and Spain helped create the final form (for now) of this alliance. With a total of 14 countries, the name of this iteration of the alliance is called “Fourteen Eyes.”

14-Eyes

Why Should Users Care?

Although the unsupervised monitoring that occurs by these five countries is difficult to fully comprehend, why should an average user worry? When you consider that a great number of all VPNs in the world are located in one of the aforementioned five countries, and subject to those jurisdictional laws, it would be no surprise to see the practice of using a VPN come under attack.

The bottom line is that if you’re using a VPN in order to remain anonymous, that could become problematical in a Five-Eye country. At that point, privacy will be out the window and the main reason for having a VPN rendered pointless.

Protection from the Alliance

In reality, the easiest way to prevent governments from around the world from spying on your data is to use a VPN located in a different country. For instance, China is not on the list of any alliances where data monitoring is considered normal.

online censorship by country

Thus, having a China-based VPN will make it impossible for these groups to reach one’s browsing history. That is, of course, if China does not join the group or happen to be working with them secretly.

The other alternative, which is even easier and cheaper, is to simply rely on website encryption. This can be achieved by allowing the website to engage in secure browsing. In order to confirm that it is indeed secure, one should just look for a green “https://” located on the right side of the actual URL of the website. If it is there, the content and any interaction between the user and the website are encrypted.

It is crucial to understand that there is absolutely no way to completely prevent people from accessing one’s data or browsing history. This is because it is quite literally impossible to create a system that works correctly 100 percent of the time without fail. Sorry, that’s just the reality of life.

In fact, a hacker with enough time, money, and knowledge could theoretically break into even the Pentagon’s vaunted data center. The problem, however, is that most hackers do not possess the proper combination of these three inputs. When a user encrypts his or her data, it dis-incentivizes hackers or governments that monitor online activity from trying to get in because the length of time required creates a rapidly approaching point of diminished returns.

Lastly, users could also micro-manage all of their online activity and files by looking for apps and providers that guarantee privacy. These include organizations like SpiderOak, Truecrypt, DuckDuckGo, OTR chat, and any one of a list of open-source tools which put privacy first.

20 Facts About Canadian Data Privacy You Should Know

20 Facts About Canadian Data Privacy You Should Know

Privacy Canada is community-supported. We may earn a commission when make a purchase through one of our links. Learn more.

Data privacy is something that no one can afford to ignore.

From the electronic data that people store at home or in a cloud to the information that is found in business networks, making sure that only those who need to see the data matters.

Data protection system character conceptWhile much of the responsibility for protecting your data must be managed by you, Canada has laws that also provide many forms of protection and redress.

Have you ever wondered how data privacy is managed in Canada? What laws or provisions are made to protect data from being stolen, altered, or otherwise used in a way that the individual or business owner never intended?

Here are some basic facts about data privacy in Canada that will help you understand what’s being done to provide protection and in some cases deal with those who would seek to steal, corrupt, or use data for their own purposes.

1. There are Two Federal Privacy Acts in Canada

While there are a number of laws designed to protect privacy in general, there are two in particular that you should know.

The Personal Information Protection and Electronic Documents Act (PIPEDA) and the Privacy Act are both administered by the Office of the Privacy Commissioner of Canada.

pipeda and implications

Between the two acts, they cover a wide range of privacy concerns related to the management of data, including data collected or stored by telecommunications, health care, banking, and internet service providers of all types.

2. PIPEDA Protects Data on National and International Levels

PIPEDA includes provisions for protecting data related to many types of business transactions (Read more about it here). That includes transactions conducted on an international as well as a domestic level. This means that companies not based in the country but have significant presence are required to comply with the provisions found in this law.

3. The Privacy Act and Federal Use of Personal Information

The Privacy Act identifies how a government entity can utilize the personal information of a Canadian resident. There are also provisions related to what steps the entity must take in order to protect the data once it’s obtained. This includes taking reasonable precautions about data breaches that could impact any resident residing in any province.

privacy complaint diagram

Consider the type of data that is found about you in federal databases. Financial data, work history, addresses, and even data about your health is kept on file. (Read more)

The Privacy Act ensures the proper measures are taken to prevent anyone who would seek to use that data for their own purposes from being able to obtain it.

4. PIPEDA Was Amended in 2015

Since originally becoming law on 1 January, 2004, PIPEDA has undergone some changes. What’s known as the Digital Privacy Act of 2015 amended PIPEDA to cover the growth of Internet commerce, communication options, and other tasks that would of necessity involve collecting and sharing data. Those provisions went into full effect in 2018.

The amendments did not weaken any of the protections already provided by PIPEDA. Instead, they broadened the range of protections afforded under this Act. Both individuals as well as business entities ultimately benefit from these additional provisions.

5. Canada Participates in the Five Eyes Agreement

five eyes nationThe Five Eyes Agreement is a reciprocal alliance between five nations to share information in the event some sort of major security issue arises. This includes information collected from individuals as well as businesses and other types of entities.

The five nations who participate in this alliance are Australia, Canada, the USA, the United Kingdom, and New Zealand.

Keep in mind that the Five Eyes Agreement does not prohibit the establishment of similar alliances by Canada or the other four nations with other countries around the world. What it does establish is a working agreement that data can be shared for security purposes among any and all of these five nations.

6. Canada and Mandatory Breach Notifications

One of the amendments spelled out in the newer Digital Privacy Act has to do with notifying residents when their personal data is compromised. That includes data theft as well as altering the data for purposes of incrimination or other illegal actions. In years past, there were provisions that protected consumers up to a point, but not as thoroughly as the new law that went into effect in 2018.

Prompt notification by businesses, financial institutions, and even non-profit organizations that personal data has been breached allows the consumer to take action sooner rather than later. The timely notifications make it possible to close accounts, prevent new ones from being opened by unauthorized parties, and in general minimize the damage done by the breach.

7. Provinces Also Have Data Privacy Laws

All Canadian provinces have enacted laws related to data privacy. These laws operate in conjunction with federal legislation and are periodically updated. With the amendments to PIPEDA that went into effect in 2018, the combination of provincial and federal protections for citizens and business entities is greater than at any time in the past. (Read more about it)

8. International Companies May be Subject to PIPEDA

compliance with pipeda

Companies that are headquartered in other countries but operate facilities or transact what is considered significant business volume in Canada may be required to comply with all or at least portions of current data privacy laws. The specific provisions or the degree of compliance may vary based on the nature of the business and/or services provided to Canadian residents.

Consumers who are concerned about how Canadian laws apply to any international company they supply with personal data can read the texts of those laws online. Doing so provides a better idea of what can and can’t be done in the event of some sort of breach of privacy.

9. PIPEDA Applies to Private as Well as Public Companies

Canada’s primary laws related to data protection and privacy apply to all sorts of business entities as well as most non-profit agencies. That means everything from a private enterprise to a publicly traded corporation would be subject to those laws.

10. The Privacy Act Does Not Apply to Data Collected by Individuals for Personal Use

Data that individuals collect for use in the home or in the conduct of their private affairs is not typically covered under the provisions of federal or provincial law. There are some exceptions, especially if the data is ultimately used for actions that are considered criminal.

Legal experts can help individuals understand how current laws relate to their personal data that they maintain in home networks, cloud storage, and other venues.

11. Employers Can Review Activity on Company-Owned Devices

While employees are under no obligation to allow employers access to data on their personal devices, the same is not true when it comes to devices issued to employees for the purpose of conducting business and evaluating employee productivity.

productivity loss chart

As the legal owners of those devices, employers are free to inspect them at any time. That includes downloading histories and reviewing other types of online activity.

12. That Includes Email and Text Messages

Employers are free to monitor and read any email communications that are sent or received using a company-issued email address. The same is true for any text messages that are sent and received on a company-owned smartphone.

Current laws consider those communications to be the property of the employer and not the property of the employee.

13. As Well as Browser Activity

browser activity vector imageEmployers also have the right to review all Internet browsing activity that is conducted using company-owned devices. Along with activity logs found on the individual devices, all logged activity that’s recorded on company servers may be reviewed at any time.

When activity is found that is not connected with an employee carrying out his or her assigned duties, the employer has the right to suspend or take other punitive action against the employee, up to and including terminating his or her employment.

14. That Includes Activity Conducted on the Company’s VPN

The right of the employer to monitor activity conducted using company devices is not limited to the office. If an employee works remotely and connects to the company’s primary server using the employer’s Virtual Private Network, all communications, browsing activity, and other types of actions are subject to review by the employer.

The better VPNs offering services in Canada make it easier for employers to monitor all activity while still protecting the data from unauthorized access. Unauthorized use of company data or any any customer data that is considered proprietary can be used as a basis for ending the employment arrangement.

15. Penalties for Data Theft or Manipulation Vary

The penalties associated with accessing unauthorized data, copying or otherwise stealing the data, or manipulating it in any way can incur a wide range of penalties.

That’s partially because of the severe consequences that result from being the victim of a data theft or a breach.

consequences of data breach

Potential penalties include a termination of Internet services, fines, arrest, or other legal ramifications. Employees who misuse proprietary data may be demoted or lose their jobs.

16. VPN Usage is Lower in Canada

While interest in Virtual Private Networks as a way to strengthen protections from data theft and abuse has grown, the actual use of VPN as part of a company’s online strategy remains comparatively low in Canada. Businesses in other nations are also not expanding their use of VPNs in great numbers. That includes business owners in Australia, Japan, and Poland.

There is some perception that VPNs are illegal in Canada. That’s not the case. In fact, Canada is one of the nations where any VPN service that is properly licensed to operate in the country and complies with current laws about data protection and privacy is welcome.

17. Personal and Business Use of VPN is Growing

While it’s true that the use of personal and business VPNs is not at the same pace as in other nations, there is small but consistent growth in the number of consumers and businesses choosing to make use of VPN services. This is expected to continue in the next couple of years as threats to online data privacy increase and may see a year over year growth depending on how successfully can VPN services market themselves as a means of protecting data and the identities of users.

18. Theft of Data Can Result in Civil as Well as Criminal Charges

canada cybersecurity

While some instances of data breaches, theft, or misuse may be managed as an in-company issue, there are times when criminal charges are filed. This is especially likely when proprietary data like customer lists, research and development documents, and similar information is copied, altered, or stolen. Along with the criminal charges, the victims of the criminal activity may choose to pursue civil charges against the responsible parties.

19. More Regulations are on the Horizon

While Canada’s efforts to provide greater protections for personal and corporate data are commendable, politicians continue to propose new legislation on a provincial as well as a federal level. This is partly due to the continued evolution of online communications and the increasing use of multiple approaches to storing sensitive data.

20. Even as Older Laws are Refined to Account for Emerging Technology

New laws are not the only way that officials are seeking to increase the level of protection from data abuse and theft. Current laws are considered to be excellent as far as they go, but may or may not have provisions that keep up with developing technology. For this reason, there’s a good chance that new amendments to existing laws are going to be proposed and eventually adopted.

Residents can remain abreast of any pending legislation by visiting provincial as well as government sites. This provides the opportunity to read the text of those proposed laws and get an idea of what they would accomplish if signed into law.

Understanding the Protections That are In Place Today

Would you like to know more about data privacy laws and regulations that apply throughout the country or perhaps in a particular province? There are a number of governmental agencies that have the information you seek as well as authoritative sites that help you compare laws that apply in multiple nations.

data protection laws by country

Take some time getting to know more about what those laws mean for you, how to go about protecting your own data, and why implementing reasonable safeguards now will make a difference tomorrow.

Don’t assume that no one is interested in your online data or that your small business will not attract attention from a hacker. Take the time to learn more about the protections offered to Canada residents as well as the software options for the best in Internet security.

Test the strength of your VPN in terms of performance and protecting your data. Knowing your rights and taking the proper steps to protect your data will go a long way toward preventing you from becoming another statistic.

VPN Logging Policies: Who Captures What Data?

VPN Logging Policies: Who Captures What Data?

Privacy Canada is community-supported. We may earn a commission when make a purchase through one of our links. Learn more.

One of the main reasons why you need to invest in a great Virtual Private Network service is to avoid documenting activity in a way that others can see or manipulate it. Most VPN services emphasize their dedication to transparency and protecting your data during transmission and not retaining records after the fact.

That sounds great and all, but did you know that logging policies can widely vary?

Always Marketing a Zero-Log Policy

It’s not unusual for VPN services to point out better privacy due to lack of logging. The thing is, that statement is usually true to some extent, although, the qualification may be found in the small print. For example, it’s likely true that the service in question does not log data unless it’s required by the governmental laws that apply in the country where the service is based.

You must remember that just like any business, VPN service providers always put their best foot forward.

You must remain vigilant.


Which Logs Are Kept?

There are three primary types of logs that a VPN service is likely to maintain, at least, only for a short period of time. In fact, the providers often state specifically which one, or how many of the three types they will retain.

vpn providers collect data

Most VPN’s erase logs within 30 days. However, this isn’t always the case and it may change depending on the company. So you must find out which logs are kept, and then find out how long they keep the data.

Listed below are the types of logs that are typically kept by a VPN service provider:

  • Activity Logs: this is a record of all traffic that comes through the VPN network. Depending on how the logs are structured, it may or may not be easy to track back specific shared files or other data to a specific user.
  • Connection Logs: Services that place limits on how long a connection can remain active do keep these logs, as well as how many connections are active for a specific client. This makes it easier to manage the connections and terminate one or more if necessary
  • Error Logs: These track back to connection or performance issues with the network proper. Information about customers affected by the error may include logging the IP address and/or the username of the client.

Learning Who Logs What

False zero-logging policy vector imageIn order to know what sort of logging policies apply, it’s absolutely critical that you read the terms and conditions associated with your account thoroughly. You will always have the chance to review all of those provisions before you sign up for the services.

Unfortunately, many people make assumptions about logging and other policies, and do little more than skim the terms and conditions before creating an account. That can lead to some unfortunate situations later on.

Keep in mind that VPN service policies may be slightly structured differently to remain compliant to local laws. In that case, you may find that focusing your search for the top provider of VPN services is influenced by where the company is based from.


Anonymizer

You may have heard of the Five Eyes. This refers to five nations that have entered into an agreement related to online security. Those five countries are Australia, Canada, New Zealand, the United Kingdom, and the United States.

Anonymizer is hosted in the USA, meaning that the provisions agreed upon by the Five Eyes impacts their logging policies. All types of logs that are considered legal to capture under the terms of that agreement are maintained for a specified period of time.

The idea behind the logging is to allow the data to be shared with national authorities in the event some sort of national security breach is suspected. How long the data remains logged will depend on the current laws that apply.

Anonymizer is up front about this only to a certain extent. If you read their terms and conditions, you will find clauses that affirm the logging and more information about why it takes place. Their sales and marketing collaterals are less clear about what is and is not logged, so be sure to still do your due diligence.

Astrill

Astrill is unique among the services found on this list, in that it’s located in the Republic of Seychelles, just off the Africa coast. When it comes to sharing information about connection, error, or client activity with other parties, Seychelles has no agreements or alliances that guarantee the exchange of any data.

Even so, be aware that Astrill does state that they keep connection logs on their servers. The company is not clear on how long those logs are maintained before being erased. Part of that connection data that is kept for a time includes the IP address and information about the device used for each connection. This does allow Astrill to determine how many concurrent connections are associated with a customer account using various devices.

Buffered

Buffered is based in Gibraltar and chooses to maintain their servers in that country. While Gibraltar is considered a British Overseas Territory, it’s generally considered to not be bound by the regulations found in the Five Eyes agreement. That means the odds of having information shared with security agencies in other nations is slim at best.

In their privacy policy as well as their advertising, Buffered affirms that they do not monitor download or browsing activity. In fact, they do not claim to maintain any type of activity logs.

The service does maintain some connection logs, retaining information like the on and off times for each connection, the duration of the connection, and the amount of data that is transmitted and received. Incoming IP addresses are also included in the connection log. The data is maintained for no more than 30 calendar days.

CyberGhost

CyberGhost hosts servers in Romania. Since the nation does not have any detailed reciprocity agreements about Internet data with other nations, there is very little chance that your activity will be shared with agencies or other parties outside the country.

Like many other services based in nations with no agreements to share data with others, CyberGhost does not maintain activity logs. Error logs are maintained as a way to track and identify trends related to network issues. In like manner, connection logs are maintained as a way to evaluate peak periods of server activity and prevent overloads. Both types of logs are kept anonymous and are not used for any purpose other than protecting the integrity and function of the network.

ExpressVPN

ExpressVPN maintains servers in the British Virgin Isles. Like Buffered, the information sharing that takes place among the countries involved with the Five Eyes agreement does not extend to this location. That means your online activity is highly unlikely to be shared with any foreign entity.

The connection logs maintained by ExpressVPN are considered bare-bones when compared to a number of other VPN services. That data includes which of their servers were used and the date that each session started and ended. Unlike some other services, the client’s IP address is not captured for the connection log.

Unlike some of the other services on this list. ExpressVPN does not track your activity. They don’t even monitor your account’s bandwidth usage. They prefer to operate by monitoring overall usage on the network and use that data to determine when there’s the need for more servers or some sort of network upgrade.

HideMyAss

HideMyAss is based in the United Kingdom. As one of the nations who participate in the Five Eyes agreement, you can expect some of your data to be logged. In the event some sort of investigation into a possible national security breach occurs in any of those five nations, your data could be shared as part.

You do get some idea of what type of data is logged. For example, the privacy section of the terms and conditions state that HideMyAss will not log data about the websites you visit while connected to the VPN.

This means there’s a limit on what appears in the activity logs. The connection logs are more detailed and include information like your originating IP address, how long each session lasted along with the start and end times, and how much bandwidth was used during each session.

Hotspot Shield

If you prefer to utilize a VPN service that has no agreements to share online activity with other nations, Hotspot Shield is a good choice. Based in Switzerland, there are no legal provisions for sharing any type of Internet activity. That means anything you do while connected to the VPN is highly unlikely to be shared with any other source.

For internal purposes, Hotspot Shield does generate connection logs for each session. One thing that’s a little different is that the log is erased at the end of each session. The company also does track browsing activity although it’s not clear to what degree that activity is tied back to individual users or even to users authorized by a specific customer. The activity log does not include IP addresses, but customers should know that their browsing and other activity is still tracked.

IPVanish

IPVanish maintains servers in the United States. The company does observe the terms and conditions found in the Five Eyes agreement. As a result, there is the possibility of your activity being shared with law enforcement and security agencies based in other nations.

That being said, IPVanish operates with a zero-logs policy. That means they do not actively maintain activity, connection, or error logs. Data can be captured while a session is in progress, but it appears to be deleted from the network once the session ends.

IPVanish is a firm believer in the right to online privacy. That has led the company to aggressively support the Electronic Frontier Foundation and its efforts to ensure privacy for all Internet users.

Goose VPN

With servers in the Netherlands, Goose VPN operates in a nation that has established security alliances with several other nations. The result is that your activity could be shared in the event of some sort of international investigation.

The activity logs maintained by the service omit any type of personal information. However, the connection logs do capture data like the type of operating system used by the individual device and the physical location of the user. Even though IP addresses are not included in the connection log, the other data could be helpful in terms of identifying specific users.

NordVPN

The servers for NordVPN are based in Panama, a country that has no specific agreements to share customer activity with agencies based in other nations. The result is that your activity is highly unlikely to be shared with anyone.

According to the NordVPN’s privacy policy, there are no activity, connection, or error logs maintained for any amount of time. Basic information associated with your account, such as your name, email address, and your IP address are maintained, but are not shared with any entity outside the company.

Private Internet Access

Another VPN service that’s based in the United States, access to your activity is subject to the terms and conditions found in the Five Eyes agreement. There is some chance that your information could be shared with security agencies in any of the participating nations.

The Private Internet Access’ privacy terms are not as precise as some of the other services on this list. There’s a statement that the company does not capture any type of VPN traffic logs at all. On the surface, this suggests that the service does have an actual zero-log policy, and that no activity, connection, or error logs are available for sharing.

StrongVPN

StrongVPN also hosts servers in the United States, ensuring that the company seeks to comply with the provisions found in the Five Eyes agreement. In the event of an international incident that appears to compromise security, your data could be requested and shared.

The company does not maintain activity, connection, or error logs on any of their servers. Data is used in real-time fashion to investigate any reports of connection issues, but is not kept for purposes of reporting to outside entities. If requested by security agencies, basic data about your account might be shared.

TorGuard

The presence of TorGuard’s servers in the USA could mean that customer activity could be shared with agencies in any of the nations who participate in the Five Eyes agreement. At present, the company does maintain a no-logs policy, so any data shared would not include history about your account’s connection times, bandwidth usage, file sharing, or anything other than basic account information.

VyprVPN

As the second service on this list based in Switzerland, VyprVPN is under no obligation to share your connection, activity, or error log data with any other entity. In fact, the company does not record any user activity, up to and including downloads.

VyprVPN does maintain connection logs. The logs include details like session start and end times, the amount of data transmitted during each session, and the originating IP address for that data.

ZoogVPN

While based in a self-governing British Crown dependency, ZoogVPN is not subject to the terms found in the Five Eyes agreement. As a result, the odds of your activity while logged into the VPN being shared with any agency is low.

At present, ZoogVPN states that the company operates with a zero-log policy. While activity logs are not maintained, there does appear to be some data related to bandwidth usage maintained on their servers.

Final Thoughts

Which service provides you with the level of privacy that you need? Only you can be the judge. Whether this is your first time investing in a VPN or you are a seasoned pro, research your options carefully.

Use the information found here as a starting point. Investigate any service that you are interested in to see if they are really the best VPN. With time and effort, you will find the VPN provider that meets all of your conditions for quality, performance, network stability, and privacy.

Looking for the Top VPNs for Mac This Year? Check Out These Options!

Looking for the Top VPNs for Mac This Year? Check Out These Options!

Privacy Canada is community-supported. We may earn a commission when make a purchase through one of our links. Learn more.

Virtual private networks are nothing new, but they do continue to improve. As a way of creating a more secure connection between users in different locations while still making use of a public network, a VPN makes it possible to share encrypted data with confidence. Think of it as a private network that’s overlaid and makes use of a public network like the Internet.

virtual private network diagram

Like all forms of technology, the VPN options of the past are not as robust as the ones available today. Are you ready to make a change in 2019? Maybe you are setting up a VPN for the first time. Whatever the case, it pays to know which Virtual Private Networks will work best for Mac.

Here are ten options that deserve to be on your list.

1. Hidden24

Hidden24 has a reputation of being one of the best approaches to security available. While it’s only been around since 2005, this solution has proven popular in many areas around the world. That’s because of the emphasis placed on keeping data of all types secure.

Privacy and anonymity are the watchwords for this solution. The network works by passing and encrypting all the data that you send before it ever gets to the Internet. Your IP address is masked with one that’s issued by Hidden24. Since your traffic is mingled with the traffic generated by other users, it’s virtually impossible for anyone to track the data back to you. The same process protects those who send any type of data to you.

You name the data and it can be encrypted. From emails to attachments like images or files, you can rest assured they are secure. Others in the network will have no trouble opening and viewing them, provided you’ve assigned those users the proper access credentials.

You can use Hidden24 behind a firewall without impacting the speed or function of your network. If you happen to be using a wireless LAN without the encryption activated, the way that Hidden24 is set up will even provide at least some security.

Recommendation

Hidden 24 has the benefit of being easy to set up and to use. That’s good news is this is your first time establishing a VPN and don’t consider yourself to be particularly technically-minded.

2. Private Internet Access

If you want security along with a competitive monthly price, it’s hard to beat Private Internet Access. The network currently functions in over 30 nations and is expected to expand to more locations in the coming year. The basic setup includes five licences that you can utilize in any way you like. Go for a combination of iPhones, Mac desktops, and even iPads. That’s great if you and others in the network are on the go and need security no matter what sort of public network you are using.

There’s no tracking of IP addresses, and timestamps are not present. There’s even a kill switch that allows you to manage transactions online without any type of activity tracking.

Recommendation

Unlike some of the other VPN options on this list, Private Internet Access is based in the United States. This is important because it means the structure and operation is impacted by the Five Eyes data swapping collective. You get to decide if this is something that you want to avoid. If so, there are plenty of other VPN options based in the United Kingdom and elsewhere.

(Read more about our in-depth review of Private Internet Access here)

3. ExpressVPN

If you check online reviews, quite a few users have great things to say about ExpressVPN. There’s no shortage of reviews with the highest ratings allowed. When you begin to research what they offer, you begin to see why.

ExpressVPN operates a huge network of servers to accommodate their customers. With a presence in well over 90 countries, it’s considered one of the most stable and strong networks in the world. Many users report that they experience almost no operational issues; if any do develop, they are resolved quickly.

Customer service is another aspect of Express VPN that rates highly with their users. The support is around the clock, and not just email or text. You can get to a live person for help. That’s not always the case with other networks.

You already know that not every VPN works seamlessly with various streaming services. ExpressVPN is not among them. Many users report that they can use all or most of the major streaming services without any lag or other issues.

Recommendation

Based in the British Virgin Islands, ExpressVPN is not the least expensive choice available. Given the support, the features, and the stability, you can bet the cost is worth it.

(Read more about our in-depth ExpressVPN review here)

4. TunnelBear VPN

TunnelBear VPN is a provider that offers free and fee-based services that are worth considering. Depending on how much bandwidth you need, the free version may be just fine. This is especially true if you are an independent contractor who wants something for home use or a small business owner. Those who need more than the currently-offered 500MB per month of bandwidth will find the fee-based services more to their liking.

With either approach, you do get speed, stable browser extensions, mobile apps that work great on Mac devices, and the ability to connect up to five devices at one time. Through it all, TunnelBear VPN ensures that your online privacy is thoroughly protected.

Recommendation

Keep in mind that the servers are only deployed in 22 countries. That’s not a game changer if your users tend to be within those areas.

(Read more about our in-depth TunnelBear VPN here)

5. NordVPN

NordVPN is also found on many expert’s list of the top 5 Virtual Private Networks in operation today. One reason has to do with the number of servers that are strategically scattered around the world. As of January 2019, they have over 5,000 servers operating in 62 different countries.

The network setup is easy on the user end, and does not affect the function or speed of your devices. What it does do is provide one of the fastest kill switches in the industry. If the network should be compromised by a temporary equipment failure or any other reason, the switch kicks into operation at once. That is one of the ways NordVPN protects your data.

While many networks allow you to connect up to five devices at one time, NordVPN allows up to six. Think of what that means for using VPN with P2P. That may not seem like much of a change, but you’d be surprised how often one more connection will make a difference.

Recommendation

The apps work well with any type of Mac device. Downloading and installing are simple and there’s hardly any learning curve once the network is up and running. Price-wise, this network is neither the most expensive of the cheapest, but it does offer just about all the support and extras you would want in a VPN.

(Read more about our in-depth NordVPN review here)

6. Goose VPN

Based in the Netherlands, Goose VPN has servers deployed in 27 countries. Compared to some of the other options on the list, they don’t have that many servers – the number is still under a hundred. Even so, they offer their clients speedy and stable connections, quick encryption, and the ability to access online content that is not available with many other networks.

This network option is considered one of the easiest to install and use. There’s no logging, which is a big plus in terms of privacy. Streaming content is possible on selected servers. In terms of support, you can get help via email, social media, live chat, and a FAQ on the company website that’s updated regularly.

If your network is more eclectic, that’s okay. Goose VPN is great for use on Mac devices, but will also work well with Linux, Windows, and even Android if necessary. There’s even a Chrome browser extension that works with ease. There are also native apps that you can load onto a phone or a tablet.

Recommendation

You can secure a plan that allows as little as 50GB a month, which may be plenty for a small operation. Other plans provide considerably more bandwidth if you need it.

7. Pure VPN

This Hong Kong-based VPN has been around for over a decade and come a long way. While there was initial criticism, the company has put a lot of effort into enhancing their network options and building what is a commendable customer support strategy.

Network growth is also impressive. Currently, Pure VPN has servers based in over 140 countries. Their setup requires no third parties, so there are no worries about logging anywhere along the way. The company does maintain a tally of connections and the amount of bandwidth that’s in use at any given time. However, there is nothing to trace those connections back to their origins.

One of the features that you may find helpful is split tunneling. This makes it possible to allocate more bandwidth to specific devices. Like many of their competitors, Pure VPN allows for up to five devices to be connected at any given time.

Recommendation

Are you not sure about making a long-term commitment? Pure VPN offers monthly as well as semi-annual and annual packages. Add in the fact that the customer support is among the best in the industry and you have a provider who is well worth investigating.

(Read more about our PureVPN review here)

8. IPVanish

Another VPN that’s based in the United States, some prospective users may find that to be prohibitive. Before writing off IPVanish, take a moment to look at what they’ve done during their two decades of operation.

The network utilizes a thousand servers found in 60 different countries. Kill switches that work quickly are part of the plan, along with the ability to connect up to five devices at one time. Is torrenting important to you? This network supports torrents with ease.

Recommendation

This is another option on the list that operates without the aid of third parties. You have apps for iOS as well as Mac, although the selection of browser extensions is somewhat limited compared to other providers. The cost per month is more toward the upper range of the market, but the stability of the network and the reputation for solid encrypting does make it worth considering. If you are not put off by the possible complications created by laws in the country of origin, talk with the IPVanish team and set up a free trial.

(Read more about our in-depth IPVanish review here)

9. CyberGhost

This Romanian-based VPN is the network that just keeps on growing. While most providers try to add servers and locations on a regular basis, few of them are as aggressive with their expansion efforts as CyberGhost. This well-established brand is currently found in 60 nations and has surpassed 2700 servers. The coming year is likely to see even more servers added.

Their encryption protocols are among the best in the world. If secure data is key to your business, this one is worth your time. Even so, the installation process and the use of the VPN is among the most intuitive on the market today. Even if you and your team have never used a VPN before, it won’t take long to feel right at home with CyberGhost.

Recommendation

Along with Mac, CyberGhost works with all major operating systems, including iOS and the different Linux products. There’s the ability to connect to up to five devices at a time, and you don’t have to worry about slow transmissions. You’ll like the cost, especially when you consider everything that the provider offers.

(Read more about our in-depth CyberGhost review here)

10.VyprVPN

VyprVPN is one of the providers that people will tell you offers the best in speeds along with a healthy amount of bandwidth. That makes it a good option for customers who require higher levels of privacy without having to sacrifice connection and transmission speeds. One thing you should know is that the provider does keep session logs for 30 days. The information collected and retained includes the source IP address, the IP address created by VyprVPN, and the connection stop and start times. Once the 30-day window is completed, the data is erased.

Like many other providers, you can connect up to five devices. If that’s more than you need, there are packages that limit connections to three devices. With over 700 servers spread across 70 countries, this one may or may not be right for you. Keep in mind that you do have a kill switch that works quickly and the range of mobile apps included is quite impressive.

(Read more about our in-depth VyprVPN review here)

The Bottom Line

Remember that choosing the right VPN is more involved than deciding what socks to wear today. Your choice will have a direct impact on the ability to share and receive data securely. Take your time and compare the merits found with each of these options. Determine how well the features provided fit with how you plan on utilizing the network. It won’t take long to narrow the list down to a couple of possibilities and ultimately settle on the network setup that’s right for you. Good luck!

GlassWire Review: Useful Privacy Addition But Not For Beginners

GlassWire Review: Useful Privacy Addition But Not For Beginners

Privacy Canada is community-supported. We may earn a commission when make a purchase through one of our links. Learn more.

GlassWire is a third-party firewall software that offers an added layer of protection to your network. It works in conjunction with the Windows Firewall that has been built into every version of Windows for years. However, many people find the notifications from the Windows firewall difficult to decipher.

glasswire logoGlassWire provides better manageability for Windows Firewall. Not only will you feel like your network and devices are protected, but also you’ll have more control over which apps and programs have access to your network and the Internet.

Many people are choosing to use a third-party firewall program like GlassWire in addition to a VPN. VPNs are mainly designed to protect your privacy and anonymity when you are online. A firewall takes this protection a step further by allowing you to determine, one by one, which programs should be allowed to access your network and devices. Typically, you’ll get alerts each time a new app or program tries to activate for the first time, giving you an opportunity to protect yourself from hackers and malware.

GlassWire does a respectable job of accomplishing this task. However, users who are not particularly tech savvy are almost bound to be confused by the software’s graphs and what they mean, which makes it difficult to use the program to its full functionality.

Most people will be better off using a VPN. If they want extra protection from things such as DNS leaks, they may want to consider adding The Onion Router to their arsenal of online privacy measures.

Is GlassWire User-Friendly?

Even someone who is tech-shy won’t have difficulty downloading and installing GlassWire. The software’s main window is straightforward and easy to decipher. You’ve got five icons across the top of the screen. These are Alerts, Graph, Firewall, Internet of Things and Usage. On the left side of the screen is a pull-down menu where you’ll find settings and the help page.

glasswire interface

As soon as you launch GlassWire, the graphing begins. The program is analyzing and recording your network traffic so you can see where your bandwidth is going.

The software defaults to showing you the last five minutes of activity since you are a new user. When you have had the software installed longer, you’ll have options to review your graph for time periods such as one day, one week, one month or even a full year.

The longer the term of the graph that you view, the more markers you will see for individual events. For instance, GlassWire places a marker on the graph when the software notices a program connecting for the first time. Each marker is clickable so that you can view additional details. Spikes in the graph also are clickable so that you can decipher which programs were eating up your bandwidth at the time. A record of any unusual activity can be captured by using the camera icon to snap an image.

All of this looks great, especially to people who eat, sleep and breathe tech and analytics. However, the less tech-passionate out there may feel their eyes glaze over as they look at the graphs. Without a high degree of sophistication, this information is not really helpful. Some of the best VPN providers are likely to provide better overall protection for most users.

The Icons in More Detail

glasswire usage viewIn the App view, you’re able to more closely examine the performance and behavior of a single app at a time. With the Traffic icon, you view activity by a protocol. You might do this if you wanted to monitor your history of HTTPS traffic, for instance.

The Usage icon is helpful because it shows you a breakdown of your incoming and outgoing bandwidth for a variety of time periods such as one day, one week or one month.

The data is broken down into three columns that display the type of traffic, apps used and the host. If you’re on a limited data plan with your provider, you can configure GlassWire to warn you when you’re getting close to that limit.

The graphs and data warning are available even with the free version of GlassWire. If you would like additional functionality, then you must pay for the service.

The Internet of Things Icon

internet devices vectorUsually referred to as the Things icon, this button will display a list of all of the Internet of Things devices that are connected to your network. When you’re setting up GlassWire for the first time, you may need to select “Scan” to find these devices. GlassWire also can be configured to automatically perform such a scan on a periodic basis.

Data displayed for each device includes the device’s name, its availability and the network on which it runs. GlassWire similarly will tell you when it first detected the device, and you can also view the device’s IP and MAC addresses.

Configuring the Firewall

When you click on the Firewall tab in GlassWire, you immediately see all of your apps and their traffic on the network. While it looks entirely different, much of GlassWire’s firewall functionality comes straight from Windows. Basically, GlassWire works in tandem with Window’s built-in firewall to give you better control and additional reports.

firewall vectorIf you see any undesirable program on the apps list, you simply click on the flame icon next to it. This adds the app to your block list.

One of the main reasons to add a third-party firewall to your system is being able to more easily manage which apps and programs are able to access the Internet and your network. This level of hands-on management is available through the Windows firewall, but you need a great deal of sophistication to make sense of it.

The value of GlassWire is that it makes this management much plainer.

Turn on “Ask to Connect” mode in GlassWire, and the software suddenly has program control. The next time GlassWire sees a program trying to access the Internet or your network, it will ask for your confirmation that this is permitted. Programs that have already been connected at least once, won’t be subject to this added step.

This is one of the essential functions of a third-party firewall. For instance, you might choose to prevent a program from accessing the Internet because you think it could be malware. If you want to find out for certain, you can use GlassWire to submit the program to VirusTotal. This service runs the program through various antivirus engines to determine its nature.

Within a few minutes, you’ll know whether or not that app is malicious.

Once again, this is some pretty in-depth, technical stuff. With the exception of clicking the flame icon, which is some obvious imagery, you’d have to be a pretty sophisticated user to really make the most of everything that GlassWire can do. People feeling a bit more tech-shy would be more than adequately served by choosing a VPN which sports AES encryption instead, which makes it possible to hide your IP address, spoof your location and much more.

How Much Does GlassWire Cost?

GlassWire is available in three tiers: Basic, Pro, and Elite. They have per-year costs of $39, $69 and $99, respectively. Customers who choose the Basic level can install the software on one computer, and they can keep up to six months of history. Additionally, they are allotted three remote connections.

glasswire pricing

At the Pro level, users may have the software on as many as three computers, keep one year of history and have access to 10 remote connections. People who choose the Elite level can install the software on as many as 10 computers and have unlimited storage for history. Similarly, the number of remote connections to which they are entitled is unlimited.

If you get a new PC, don’t worry about updating. GlassWire is a snap to install on a new device after you have deactivated the license on the previous one.

Cost-conscious people will like that GlassWire offers a free version. This edition has only a few features, but if you only need the software on one PC and you don’t mind being limited to only one remote connection, this may work for you.

Is GlassWire Recommended?

As far as third-party firewall software goes, GlassWire is a pretty good offering. However, its utility likely is limited for the average computer user. Someone who works in the IT industry, or who is thinking of getting heavily involved in the world of competitive gaming might very well benefit from using GlassWire. That is because the program helps to ensure that their network is functioning optimally at all times.

Most people would be far better off with a VPN that offers more thorough protections as well as making it possible to enjoy torrenting. The privacy provided by a VPN such as NordVPN or ExpressVPN is simply impossible to beat.