Does a VPN Protect Me From Telemetry and Other Data Gathering?

No. That’s not what VPNs do.

It’s not surprising that privacy concerns are on the rise. Every time we turn on our computer, we’re sending data somewhere.

A VPN, or virtual private network, protects against some types of data leakage… but not the data leakage you’re worried about.

VPN versus telemetry

A VPN protects your internet traffic from being intercepted and hides your location by masking your IP address. It does not stop telemetry or data collection by operating systems, apps, or websites. To reduce telemetry, opt out during setup, choose privacy-respecting tools, and adjust browser settings for tracking protection.

Telemetry

From Wikipedia:

Telemetry is the in-situ collection of measurements or other data at remote points and their automatic transmission to receiving equipment (telecommunication) for monitoring.

Here are some examples of telemetry as it occurs in our computers.

• Windows sends anonymous usage information back to Microsoft so developers can better understand how the system is used.
• Windows sends error information back to Microsoft so developers can better understand and fix errors.
• Applications send information back to their creators for similar purposes.
• Web browsers send information back to the browser creators for similar purposes.
• Web browsers send information back to the servers hosting the webpages users are visiting.

Basically, any data that is silently collected and sent back to a central location for analysis is considered telemetry (a fancy word for data collection).

Not all telemetry is bad. Some companies really do use the information to improve their products. Sometime the telemetry is what makes services remember things like the fact that we’re logged in, or our progress in the most recent video we watched online.

Why care about telemetry?

Depending on your level of trust in the organizations involved, data collection on your computer may be of great concern or no concern at all.

For example, information claimed to be collected anonymously might not be. Sometimes this is intentional deception; sometimes it comes to light after the fact that correlation between anonymous data and personal data can be derived with enough analysis.

You may or may not believe that the software creator is using the information only to make their software better. Some people are concerned that information being relayed to Microsoft (or Google, Facebook, or others) is used to train AI models.1

In the worst case, data could be turned over to law enforcement or oppressive regimes with potentially severe consequences.

I don’t necessarily believe most of the concerns, but I understand that some do.

VPNs

A VPN encrypts communications between your computer and the VPN provider. No one along that path can see your data: not other Wi-Fi or network users, and not the people managing the network between your computer and the provider.

The connection between the VPN provider and the rest of the internet, however, is unaffected. A VPN only adds encryption as far as the provider’s servers, not beyond.

A VPN can also mask your location, making it look like you are something other than you truly are and connecting via an IP address that is not your actual IP address.

None of that has anything to do with telemetry.

VPNs and telemetry

One way to look at it is this: a VPN provides additional security to the telemetry data that continues to be collected regardless.

Without a VPN, we might envision the information flow like this:

As you use your computer, telemetry information is sent to whoever is collecting it.

Now let’s add a VPN to the mix.

Once again, as you use your computer, telemetry information is sent to whoever is collecting it.

The only thing that has changed is that the transmission of that data between your computer and the VPN service has an additional layer of protection from being snooped on2.

That’s it. A VPN doesn’t affect data collection at all.

Protecting yourself from telemetry in general

The best thing you can do to avoid data collection is to opt out. By that, I mean when you install Windows (or any other operating system) or set up a new app, pay attention to all the options offered along the way. If they mention sharing data, turn that off.

To see many of these options, you need to select a custom rather than default installation. I recommend you do this for several reasons, and the ability to opt out is one of them.

The next thing you can do is to choose tools that don’t collect data or that respect your decisions about data-sharing. This is harder than it seems, since you’re trusting that the tools are being honest about what they do and don’t collect.

Windows gets a lot of bad press for the amount of data it appears to collect that is not under your control. If that’s a concern (and to be clear, I don’t consider it one), the best way to deal with that is to not use Windows. Yes, there are tools, registry hacks, and other techniques that claim to cripple Windows’ ability to collect data, but I’m not a fan. I consider them risky, and they’re likely to be subverted by each subsequent version of Windows.

Protecting yourself from telemetry in web browsers

Web browsers are a special case. There are a few things you can do to limit the amount of data being collected by the websites you visit.

• Disable third-party cookies in your browser’s settings. (This is typically the default.)
• Install a privacy-focused extension like PrivacyBadger.
• Install an ad blocker.
• Reduce the number of extensions you install; each has the potential to collect information.
• Make certain your browser and other software are up to date.
• Make certain your security software is running, up to date, and being updated regularly.

Ultimately, some data sharing is inevitable. It enables much of the functionality we expect online. But that doesn’t mean we have to share more than we want to.

Podcast audio

Download (right-click, Save-As) (Duration: 8:00 — 7.4MB)

Subscribe: RSS