Privacy Gifts
Home  »  Learn  »  Online Privacy  » VPN Jurisdictions

Why VPN Jurisdictions Matter

Does Your VPN Feed Information to an

While the assumption is that using a VPN keeps your online activities safe from prying eyes, it's not a foolproof solution. VPN companies, like any other industry, are still governed by the laws of the country in which they are located.

Have you heard about Five Eyes, Nine Eyes or Fourteen Eyes?

We're not talking about some kind of hipster music group here, but rather a collection of countries that have agreements in place in regard to sharing information on citizens with other countries.

Sometimes that sharing extends to data collected through VPNs.

VPN Legal Terminology

VPN Controlling Factors

Before we delve into the intricacies behind the various "Eyes" alliances, let's review a few pertinent points about VPNs:

VPN Jurisdiction: Your ability to access a VPN in your country is determined by the laws and regulations enacted by your government. Each country can allow or ban the use of VPNs and your only real recourse would be to move to a more privacy-friendly country.

VPN Provider Location: This is the VPN provider's physical address. A VPN provider does not have to be located in the same country as their VPN servers. Thanks to this reality, you can bypass some of the VPN jurisdiction issues by using a server in a different country.

VPN Server Location: This is where the actual VPN servers are physically located. Most reputable VPNs have multiple servers spread across the globe in order to offer you a greater level of anonymity as well as enhanced speed and security options.

What Is Five Eyes, Nine Eyes, and Fourteen Eyes?

These terms refer to various alliances of countries that operate in unison globally to monitor and collect data within their own jurisdiction in order to share it amongst alliance members upon request.

What does this mean to you?

One thing it means is that your VPN data, which might be "private" in another country, could suddenly be shared with your government. For example, say you're a citizen of the United States using a VPN server in New Zealand for privacy reasons.

While the alliance agreement would prevent the U.S. from spying on New Zealand as an adversary, an American government agency could make an official request to New Zealand to see what you've been doing online. There's a good chance the request would be honored since both countries are members of the Five Eyes Alliance.

The reality is that if you live in any of the alliance countries and access the internet via a server in another alliance country, forget privacy. For you, it doesn't exist.

The Five Eyes Alliance

There are five countries that officially make up the Five Eyes alliance:

  1. Australia
  2. Canada
  3. New Zealand
  4. The United Kingdom (UK)
  5. The United States (US)

The unofficial countries that are part of the Five Eyes alliance include:

  1. Israel
  2. Japan
  3. Singapore
  4. South Korea

Nine Eyes Alliance: The Nine Eyes alliance includes member countries from the Five Eyes alliance, plus Denmark, France, The Netherlands, and Norway.

Fourteen Eyes Alliance: This alliance was created from the Nine Eyes Alliance and adds Germany, Belgium, Italy, Sweden, and Spain.

Does it matter which alliance a country is a part of? Not really.

All of them exchange information collected through a variety of means (such as demanding VPN logs from providers) with each other upon request. Your browsing sessions are likely fair game any time if you use a VPN within their jurisdiction (even if it is a "no log" VPN).

You thought a "no log" VPN was safe?

Most "no log" VPNs still keep track of the IP address that connected, when they connected, when they disconnected, and how much data was transferred during the session. This basic information is often all that is needed to provide substantiating evidence against you.

Traffic Cameras

Can't Spy on Your Own People but Alliance Members Can

While there are internal laws against the government's wholesale spying on U.S. citizens, an enterprising federal agency could easily take advantage of a data breach that occurs within its borders.

Case in point is the popular hosting provider GoDaddy, which suffered a massive data breach related to one of their Amazon S3 buckets a few years ago. Though the leak involved server configurations rather than user information, it's not much of a stretch to realize that it could also have been customer addresses or credit card numbers.

Furthermore, you can bet that the information was noted and recorded by a Five Eyes member somewhere and perhaps fed back to the U.S. government under the alliance agreement. The letter of the law wasn't violated, though the spirit certainly was.

The bottom line is that this kind of data breach by a private American company like GoDaddy may have yielded personal data on citizens to the government as surely as if the government had done the spying itself.

How to Protect Yourself Against These Prying Eyes

First, you should consider the jurisdiction and location of the VPN server you intend to use. Also, think about the protections offered by your VPN of choice. After that, there are a few other steps you can take:

  1. Verify the VPN Is Truly a "No Logs" VPN. This requires a little effort on your part, but is worth it. Search online for complaints about the VPN provider you are considering. Have customers gotten in trouble for illegal downloads or pirating? A VPN provider that has such complaints to any appreciable degree is probably not a true no-logs provider.
  2. Use A VPN that Isn't Under the Alliance's Jurisdiction. Find a VPN provider that isn't part of an alliance (Five Eyes, Nine Eyes, Fourteen Eyes). Keep in mind this isn't a foolproof solution. A government outside an alliance might decide to hand over requested information on a case-by-case basis if they think it will benefit their relationship with the requesting country.
  3. Use More Than One VPN Provider. This can slow your connection speed, but it adds an extra level of security. Set your router to work through one VPN provider and then have your connected devices using a separate VPN provider, essentially doubling up. Again, make sure both VPN services are outside any alliance jurisdiction or you're wasting your time.
  4. Use A Tor Browser. Finally, use a Tor browser to add even more complexity to your internet usage. A Tor browser uses a distributed network of relays maintained by volunteers around the world. The premise is that bouncing your browser traffic through all these far-flung locations makes it exponentially times harder to track.
Security Cameras

They Are Always Watching You

The "big picture" idea to keep in mind is that you cannot forget "they" are always watching you. Using a VPN outside of all the alliance jurisdictions is a good idea, but doesn't mean you are completely protected. It just means you have a better chance of not being seen by government agencies playing the scarily-real part of Big Brother in today's online world.

While it might create a sense of frustration that governments seem to have the upper hand in this game, a VPN still serves well in protecting your anonymity and browsing data from non-governmental prying eyes such as hackers and scammers, and this is worth a lot.

Related Articles