Keen coffee drinkers with terrible cybersecurity habits could be about to get an answer to privacy problems they didn’t know they had.
Targeting anyone who is inclined to connect to unsecured Wi-Fi networks in cafes and other public venues, naively entering credit-card details and other personal data, Google is now releasing a new Virtual Private Network (VPN) directly embedded in Google One services.
Available only to customers subscribed to the 2TB Google One plan, which comes at $9.99 a month, the VPN will provide an extra layer of security for Android phones by encrypting online traffic on all apps and browsers.
When switched on, the new feature will prevent hackers from eavesdropping on sensitive data when users are connected to public networks.
Google already offers a similar feature through Google Fi, the company’s mobile virtual network operator. However, the always-on VPN protection enabled by Fi is only available to Android smartphones that are subscribed to Fi services.
Unsecured hotspots are notoriously ripe in opportunities for hackers to steal any unencrypted data that transits through the network, ranging from passwords to financial information through IP addresses and visited websites. An outdated app or a weak website, or a service that has failed to protect user data entirely, can all be intercepted and even modified by malicious actors.
VPNs have proliferated over the past few years to remediate the issue by creating a private, secure network from a public connection. When users connect to a VPN, their online data travels through a strongly encrypted tunnel managed by the VPN provider, which means that the information is unreadable and anonymous.
Google noted that in some cases, the VPN provider can still see all the user’s unencrypted traffic, such as the domain of every website visited. Reports have effectively shown that this lack of security can be problematic, with some commercial VPN services having previously leaked user traffic, whether inadvertently or not.
“Because the VPN provider occupies this privileged position, the user must be able to trust that the VPN provider has strong privacy and security guarantees,” said Google in a white paper about the company’s new service.
“With growing demand for better privacy in a mixed landscape of solutions, we have used our expertise in privacy, cryptography, and infrastructure to build a Google-grade VPN that provides additional security and privacy to online connectivity without undue performance sacrifices.”
Google’s VPN will not log any online activity, assured the company in the white paper, and users’ data will not be identifiable. Some minimum logging will be required from the user, but network traffic or the IP associated with the VPN will never be logged. IP addresses, bandwidth utilized or connection timestamps, for example, will all remain untracked by Google’s tool.
In an effort to demonstrate transparency, Google has open-sourced the code that runs on users’ devices when using the VPN, and has also committed to providing public access to the authentication mechanism running on the server side in 2021. Results of a third-party audit that is currently underway can also be expected soon.
The VPN will roll out in the US in the coming weeks through the Google One app, on Android only as a starter, and can be switched on and off in the Google One app. While the VPN won’t limit users’ throughput speed, allowing speeds above 300Mbps, the feature might affect battery life.
Google confirmed that the extra encryption will consume between 5% and 10% more data, which will lead to some battery drain and higher data use.
The Search giant expects that the feature will be available to iOS, Windows and Mac in the coming months, while the service will also expand to more countries.