Why Secure Messengers and VPNs Aren’t Foolproof
You may feel invincible using secure messengers along with a VPN, but unfortunately there are still risks you need to be aware of. Considering the penalties you might face for being caught using this technology in many countries, it’s well worth your time to familiarize yourself with what your VPN can–and can’t–do. We help you get started below.
Most modern messenger services have some kind of built-in encryption. Many offer secret chat features and advanced privacy settings. Despite all this, a large number of people have run afoul of the law while using messengers; even when they were protecting themselves. One man even got sentenced to death while using WhatsApp, a messenger that uses end-to-end encryption.
Don’t rely solely on your anonymous messenger to protect you, anonymize your connection fully with these VPNs:
- NordVPN – Best for Anonymous Chats – NordVPN doubles down on your chat app’s end-to-end encryption with the unbreakable NordLynx protocol. Spoof your IP and dodge surveillance with the industry’s strongest VPN network.
- Surfshark – A lightweight VPN app with advanced functionality for overcoming government censorship.
- ExpressVPN – Widely considered to be the fastest VPN, but no slouch in terms of protection with their Lightway encryption.
- CyberGhost – Offers tons of servers worldwide, with top-shelf privacy provisions to hide your IP and anonymize your connection.
- PureVPN – Hong Kong-based provider that is no stranger to dealing with overbearing government restrictions.
In this article, we’ll explain why using a VPN and a secure messenger might still leave you vulnerable. We’ll also explain how corporations mislead users and customers while secretly harvesting data. Last but not least, we’ll give you quality VPNs – and explain how you can use them to stay safe while using social networks and instant messengers.
Which VPN features can help make your online messages private?
VPNs aren’t foolproof, and we’ll explain why in a minute. But first, let’s talk about which messenger features can give you some added privacy when you’re using social networks and online messengers.
- Encryption – by default, all the data you send online is unencrypted, meaning anyone who gets a hold of it can see and read it. Encryption adds a layer of security to your data, requiring a key before data is accessed or read. We recommend looking for OpenVPN‘s protocols – UDP and TCP – as well as 256-bit AES keys.
- Logging policy – some VPNs store your user logs and can potentially hand data over to corporations, governments and criminals. Look for no-logging or zero-logging providers who never store records of what you do online.
- Server network – a large server network means you can get an IP in any country you choose. This can help you access the internet from liberal jurisdictions like Iceland’s and Romania‘s. Since these countries have tight data security laws, this will protect you from unwanted government snooping and interference.
- Speed and bandwidth restrictions – if you run out of speed or bandwidth, any protection your VPN service affords you is gone. This means you should look for fast providers who either have large amounts of bandwidth included or have no restrictions on either traffic or speed.
Most secure VPNs for truly anonymous messaging
Encrypted private messengers and VPNs go hand-in-hand, but you want to make sure that you elect good quality services on both accounts, or risk making yourself less safe. The following providers have time-tested VPN features to ensure your conversations remain private, anywhere in the world:
1. NordVPN
NordVPN is a service best known for its security, which makes it perfect for use with messengers. The first layer of protection comes from powerful 256-bit AES encryption. Protocols include OpenVPN’s UDP and TCP, which blend speed and security, as well as censorship-beating PPTP. But the reason NordVPN really stands out in terms of security is its selection of specialty servers. For example, you can use Double VPN nodes to route your data through two remote servers and two sets of encryption for extra protection. You can also use Obfuscated Servers to hide the fact you’re using a VPN, giving you extra protection when you’re using a messenger. In addition to all these measures, there’s a strict no logging policy, making NordVPN one of the safest services out, period.
In addition to being strong on security, NordVPN is easy to use no matter your skill level. The service comes with a large series of apps compatible with macOS, Windows, Linux, iOS, Android and even video game consoles and routers. The user interface is attractive, especially given how many features NordVPN has. There’s even a graphical map interface that makes choosing from among the 5,500+ servers in 58 countries easy and straightforward. Last but not least, there are handy cyber security toggles that let you block ads and malware.
Read our full NordVPN review.
- Very affordable plans
- Extensive server park of over 5,400 different servers
- DNS leak protection, kill switch
- Strict zero logs policy on both traffic and metadata
- Live Chat Support.
- Some servers can have average d/l speeds
- They can take 30 days to process refunds.
2. Surfshark
Whether your favorite anonymous messenger is blocked by the government, or you’re simply worried about your ISP snooping in on your chats, Surfshark is here to help. They offer secure connections to over 3200 servers in 65 countries around the world, allowing you to spoof the IP of a nearby country, thus hiding your identity behind an unbreakable wall of 256-AES-GCM encryption.
Moreover, for getting through persistent government censorship, Surfshark auto-enables NoBorders mode as needed to get through firewalls, DNS poisoning, packet sniffing, and more. Also available within their network are multi-hop connections, which double the default level of encryption to astonishingly strong levels.
Never fear for Surfshark keeping records of your activity, as their RAM-only servers prevent them from doing so while their no-logging policy binds them legally not to do so.
- Break through harsh censorship to securely access social media and foreign news sites
- Server selection is dead simple and quick
- Accepts cryptocurrency payments for enhanced anonymity
- Logging policy independently audited and verified
- Get help any time of day via email, phone, or live chat.
- Growing network doesn’t have same coverage as more mature VPNs
- Apps may be too simplistic for power users.
Read our full Surfshark review.
3. ExpressVPN
ExpressVPN’s calling card is its speed. With over 3,000+ servers in 94 countries worldwide, it has one of the broadest server networks in the industry. This means that speeds are high, latencies – low, and the number of IPs you can access – virtually unlimited. Moreover, the software is lightweight and easy to install. The ExpressVPN automatically recognizes the device you use and suggest the apps you need, and installation takes minutes. Speed and bandwidth are both unlimited, meaning you can use the VPN to your heart’s content without ever having to worry about running out. All of these advantages are useful for when you’re using a messenger, because they allow you to voice call, video call and send content seamlessly.
In addition to these features, ExpressVPN is extremely secure. It offers all of the commonly used encryption protocols, including OpenVPN’s UDP and TCP and censorship-busting SSTP. There’s a built-in DNS leak test that helps you make sure your ISP (and government) can’t see what you’re doing while you’re using the VPN. The no-logging policy is one of the toughest in the business, with absolutely no logs of traffic, DNS requests, IP addresses or browsing histories. Last but not least, the service protects you even when your VPN connection drops through a kill switch: a feature that drops your outgoing and incoming messages if you disconnect.
Read our full ExpressVPN review.
- SPECIAL OFFER: 3 months free (49% off - link below)
- 94 countries, 3,000+ servers
- Very simple and easy to use
- No logs for personal data
- Customer Service (24/7 Chat).
- Expensive month-to-month plan.
4. CyberGhost
CyberGhost is a VPN service that’s unique in its combination of powerful features and ease of use. Many VPN providers ask you to input settings manually; CyberGhost simply gives you 6 intuitive configuration profiles. Some – like “anonymous browsing” – are an excellent fit for anyone who wants to stay safe while using a messenger with a VPN. Others are useful when you’re doing other things. There are also extra toggles like “block malware” and “data compression” for protecting yourself and improving device performance when you’re using a messenger behind a VPN. The best part is that CyberGhost’s apps are available on all common devices, with apps for desktops, smartphones, tablets, routers, game consoles and more.
In addition to being strong on ease of use, CyberGhost is also powerful. It features one of the largest server networks in the VPN industry, with over 6,200 servers in 90 countries. This means your messenger connections will be fast enough to support high-definition video. Bandwidth and speed are both unlimited, meaning you never have to worry about experiencing any slowdown. Encryption protocols include OpenVPN’s UDP and TCP, as well as the faster but less secure L2TP. Last but not least, the zero-logging policy is one of the strongest in the industry. Not even your e-mail address is stored, making it virtually impossible to trace your identity and location.
Read our full CyberGhost review.
- Unblocks US Netflix, Amazon Prime, YouTube, Hulu
- Peer-to-peer (P2P) torrenting allowed
- 7 simultaneous connections
- No logs policy
- 45-days money back guarantee.
- WebRTC leak detected
- Doesn’t unblock all streaming services.
5. PureVPN
With 2,000+ servers in over 140 countries, PureVPN lets you use virtually any IP you want. This is helpful for using messenger apps safely, but that’s not all. You can get most localized messenger versions, local language and all, without having to move anywhere. All servers are available in all countries, so there’s never any need to pay extra. Each and every server is equipped with a 1Gbit connection, meaning you’ll never experience any slowdown. Moreover, there are no speed or bandwidth restrictions and up to 5 simultaneous connections, so you can use PureVPN as much as you want on all your devices at the same time.
In addition to a large server network, PureVPN has a strong suite of security features. 256-bit encryption means that cracking your messages would take a supercomputer millions of years. The proprietary Ozone technology protects your device, data, and identity proactively, even when you’re offline. There’s a built-in kill switch that prevents your messages from leaking over unencrypted connections when you stop using your VPN. There’s even DDoS protection that stops third parties from interfering with your messages by overloading you with data. All of this is underpinned by Web RTC leak prottection, which stops your real IP from getting discovered, and one of the most thorough logging policies in the entire business.
Read our full PureVPN review.
Problems with online messengers
Most messengers have some kind of encryption. WhatsApp encrypts messages by default. So does Telegram. Facebook has a secret chat function that gives users end-to-end cryptographic protection. However, it’s important to understand that “encrypted” doesn’t always necessarily mean “secure”. In fact, people have repeatedly gotten in legal trouble for what they say in the privacy of their online conversations. Further, users’ messages often get read by machines and people as part of data mining by companies like Google, Facebook, and others. In the sections below, we’ll show you why instant messengers aren’t always safe and what you can do to protect yourself.
Legal problems from instant messaging
You may think that using encrypted messages is enough to protect yourself, but this isn’t always the case. For example, in Kenya, a new National Cohesion and Integration Commission Act can punish you for content you send to other users – even if it’s in private and online. Sharing pornography can lead to fines of up to 30 years; sharing fake news can get you up to 2 years jail time. Other, more serious fines, can lead to worse.
Unfortunately, Kenya isn’t the only country with laws like these. In India, a student named Junaid Khan was arrested on 14 February earlier this year. Apparently, a message someone forwarded in a WhatsApp group where he was administrator was “objectionable”. He has now been held in custody for over 6 months without anyone knowing what the message contained. Further, Khan’s family insists that he was only administrator of said groups because prior administrators had abandoned it. In other words, the man spent half a year (and counting) behind bars for an unknown message that may not have been sent by him. In neighboring Pakistan, things can get even worse. A young Christian man (Nadeem James) was sentenced to death for making a WhatsApp joke about the prophet Muhammad. The person on the other end of the message reported Nadeem to the police, resulting in the latter’s sentencing and eventual death.
Now, you may think these are extraordinary cases that happened to a handful of people. That’s not the case. For example, in Turkey, scores of people downloaded an app called ByLock: a private messenger focusing on encryption and privacy. After the country’s botched coup against president Recep Tayyip Erdogan, a whopping 75,000+ of them were arrested on trumped-up charges with no evidence. Allegedly, users of the app were guilty of sedition and conspiracy – but with absolutely no evidence, their biggest crime was simply owning the ByLock app and using it.
All these stories point to two things. First of all, an app can be encrypted but if someone takes your message to the police, your privacy will have come to an end. Second, just because an app is encrypted doesn’t mean you still can’t be charged. In many international cases, the simple act of being in a specific group or owning a specific app is the main problem. Third, your conversations can be monitored even when you think they’re safe and encrypted. Our next main point will explain what we mean. For now, though, just understand that all of these points apply even if you’re using a VPN. Just because you have a foreign IP doesn’t mean you can’t get in trouble with the law. If you want to stay safe, you need to take a few extra precautionary steps that we’ll go over in a minute.
Corporate spying
Given how much corporations advertise and promote their privacy settings, you’d think they genuinely care about your privacy. This is patently untrue. At the end of the day, corporations are here to make money. They do this by selling your attention off to advertisers and mining your data for resale and internal use. Put simply, WhatsApp, Facebook and all other messengers are only free because your data, not your money, is their main source of revenue. The truth is that most companies behind messengers actively want to disrupt your privacy – and many of them do when they think nobody’s watching. Here are a few notable examples.
Facebook Messenger leaked as many as 87 million users’ records. The data went into the hands of Cambridge Analytica, a political consultancy. A lot of this data was leaked because a small number of people (270,000) downloaded an app that requested their friends’ data. This meant that a lot of people’s data got leaked simply because their friends had opted into a Facebook app. Unfortunately, it’s not only third parties that have been known to mine Facebook users for data. The company itself harvests cell phone data, including call records, from anyone who imports their contact list into the social network. Moreover, Facebook appears to scan both messenger conversations and audio calls to serve users better content and ads. All in all, the service has been implicated in multiple cases of data privacy breaches. So long as your data is with Facebook, you can never be sure you’re truly safe.
WhatsApp isn’t too different. First, the app is vulnerable to malware and viruses like the Banking Trojan. When these get into your system, you quickly lose any privacy you had, whether you’re using a VPN or not. Even worse, WhatsApp has admitted to sharing information about your identity and device with Facebook in order to help the latter company serve you ads and content. This means the messenger is vulnerable to most of the same problems as Facebook, which is another strike against its privacy.
What can you do?
There are 2 things you can do to give yourself extra protection and minimize the chances of getting in trouble with the law. For starters, if you’re going to use a VPN, do everything you can to create a whole new online identity. Consider using an app or device you don’t usually use, and try to log in from an IP that’s not your home WiFi or wired connection. Moreover, try to get a disposable number that you can use to confirm your app installation. This way, it’ll be extremely hard to prove that it really was you who installed and used any given app on your device. Combined with a VPN’s encryption and foreign IP, it’ll be extremely hard to breach your privacy this way.
Another thing you can do is use messengers that are focused on security and anonymity. For example, Russian-made Telegram has strong end-to-end encryption – but that’s not all. There’s a secret chat option that lets you set the timer on how long you want a message to be visible to the recipient. For example, you can set the timer to 5 seconds after which the message will disappear forever. Further, Telegram’s secret chat shows you when someone has screenshotted your message, making it hard for someone to take anything you wrote or sent to the police without you knowing. SnapChat has similar private message features with temporary messages and anti-screenshot features. All of this may not be foolproof, but it’s certainly helpful – and a cut above what you get with regular messengers.
Conclusion
Cybersecurity becomes a more complex topic by the day. Can you really trust your messenger apps not to betray your secrets or personal information, even if they claim to employ strong privacy provisions? Recent history suggests not. But thankfully, you don’t have to wait around for these companies to either gain moral integrity or else innovate to provide the security you need.
With a VPN, you can lock down each packet of data transmitted to and from your device with a nearly unbreakable wall of cryptography. When combined with safer practices to ensure your anonymity, you stand the best chance possible to keep your conversations away from prying eyes. No single solution will act as a silver bullet, however, which is why we wrote this guide to give you some context on the problem, plus to provide you with some solutions you can start using today.
Do you have any tips for our readers on how better to keep yourself safe while using messenger apps? Let us know in the comments below.
If you need a VPN for a short while when traveling for example, you can get our top ranked VPN free of charge. NordVPN includes a 30-day money-back guarantee. You will need to pay for the subscription, that’s a fact, but it allows full access for 30 days and then you cancel for a full refund. Their no-questions-asked cancellation policy lives up to its name.