If you’re like most people, you are spending more hours of screen time across your various devices, most of which are web-enabled. Needless to say, all your traffic goes through your Internet Service Provider (ISP). Recent revelations about data breaches such as those perpetrated by the political consulting firm Cambridge Analytica might have you concerned about your online privacy and security.

To make matters worse, last year the FCC in the US overturned regulations aimed at preventing ISPs from legally selling user data to third parties to a few extra bucks. Things are not any better in the UK with the Investigatory Powers Acts. Many governments are taking measures to make it easier to snoop on people’s online activities. It’s a worrying trend.

It is for this reason that many people have turned to Virtual Private Networks (VPNs). A VPN routes your traffic through a server in which it is encrypted so no one can read it. As a result, ISPs, governments, and criminal hackers cannot see what you’re up to.

However, even though VPNs are effective at maintaining a high level of online privacy, they’re not 100% foolproof because they don’t offer complete anonymity. Here, we look into some of the areas in which VPNs are limited because we believe in empowering our readers with the full understanding of the strengths and weaknesses of the VPN technology we review.

Free VPN services

You’re a responsible spender who wants to take advantage of every opportunity they have to save money, especially if it means getting a free service here and there. When it comes to VPNs, though, it’s best to steer clear of free services. Online privacy and security are not things you want to skimp on.

With free VPNs, you are signing up for a service whose primary means of generating income is likely by selling your data to third parties. Saving money is important, but so is staying secure while online, so you’re better off using premium VPN services that at least incentivized to prioritize your privacy, seeing as that it is the product they offer.

Some of your data might be logged

One of the main selling points when it comes to VPN services is how much data your provider logs and how long they keep the information. A majority of providers keep the data for up to 14-30 days and also need varying amounts of information to operate the service. Needless to say, the less information a provider keeps and the shorter the duration they hold on to it, the better you’re protected against a potential breach of data.

Ideally, a VPN service should log very minimal data. Take this into consideration when choosing your provider. For instance, ExpressVPN stands out in the industry because it doesn’t log any data at all. (That is what the provider claims, at least.)

Geolocation technology

Thanks to geolocation technology, every website you visit knows where you are accessing it from. This can be useful if, for example, you’re searching for the nearest restaurant, or you’re hailing an Uber. The device you use shares this information, especially if it’s a smartphone that’s equipped with GPS technology and numerous apps are allowed to access data on your location.

For the maps app, most people don’t have a problem granting it permission to access data on location because it’s obviously needed. But various other apps usually request for permission to access this data, even when there’s no apparent use for it. Many of them use the data to generate a profile of your travels and the time spent in certain locations.

Not every VPN service has a robust enough security system to prevent apps from doing this. It is therefore important that you take some time to audit app permissions.

MAC addresses

A Media Access Control (MAC) address uniquely identifies all devices on a network. Many standards are available, each containing a series of digits. MAC-48 addresses, for instance, are 48-bit numbers with six groups of two hexadecimal digits.

The manufacturer of a device is indicated by the Organizationally Unique Identifier (OUI), which is itself made up of the first three octets of a MAC address. ISPs are able to determine tracks the usage of users’ devices because each MAC address is unique. VPN services don’t hide this numbers. So, in addition to VPNs, some people use MAC Address Randomization techniques to try and cover their tracks.

Traffic statistics

There is still a sizable amount of information about a user that an ISP can obtain even if all of the user’s traffic is encrypted by the VPN. The ISP can figure some information out by analyzing the features and the volume of data without having to break the encryption. This variety of analysis is referred to as “side channel” information.

DNS requests

Domain Name System (DNS) servers are tasked with converting the URL you type into the address bar into the numerical IP address that directs data packets to and from your computer. The default DNS server is typically your ISP, which therefore has a complete history of all the web addresses that users visit.

Fortunately, you can change this by using the popular Google Public DNS (8.8.8.8) which itself offers no anonymity. The problem here is that even when you use a VPN, your ISP can still be the one performing DNS resolution depending on how your VPN is configured.

There’s a way to make your VPN resolve DNS requests using a different DNS. However, a separate configuration is required. Alternately, you can operate the VPN in “tunnel mode”, meaning all data is only sent to the VPN server, which carries out the function of the DNS.

Since basic VPN encryption does not offer a solution for the problem of DNS resolution, free public DNS solutions that keep request logs have been created. FreeDNS is one such service. These can go a long way in helping you achieve anonymity as your browse the Internet.

History snooping

Companies had already found ways of spying on their users long before ISP started selling user information to third parties, a practice that seems not to have disappeared. Whether it is aimed at making money or it’s a collaboration to obtain information for government agencies (such as the NSA) we’ll let the conspiracy theorists figure that out. The fact remains, however, that it is happening. And not every VPN can protect you against it.