As VPNs strain to meet the needs of increased use, it’s make-or-break time for services across the globe.
By Rae Hodge
Global demand for commercial virtual private networks is surging following work-from-home trends in the battle against the coronavirus pandemic. VPN providers and internet service providers are flexing major muscle to handle the increased overall internet traffic of quarantined populations around the world. Before the pandemic sent people into a remote work and entertainment streaming frenzy, VPN use was already projected to grow exponentially. But with new growth comes new risks.
According to new investigations from independent research and review firm Top10VPN, demand for VPNs increased by 44% over the second half of March and remains 22% higher than prepandemic levels. While US demand has waned slightly since, it peaked at 65% above average on March 23, just one day after President Donald Trump signed a $2 trillion stimulus package. That’s 36% higher than normal.
“Online searches for VPN began to surge around the world in mid-March in the days following the World Health Organization’s declaration of a pandemic on March 11,” Top10VPN research expert Simon Migliano wrote in the report. “We’ve seen demand suddenly double in countries where lockdowns have been announced or expected.”
In the months prior to the outbreak, VPN use had already grown to include around 31% of internet users. Post-outbreak, however, Top10VPN found demand surged in 75 countries since COVID-19 social distancing measures were implemented, doubling prior levels in 21 countries.
The largest hikes in VPN demand came out of Egypt. Increased demand reached 224% and was sustained longest there. Countries which saw the largest volume of VPN demand, however, were led by France, whose increase peaked at 80%, followed by the US at 41% and the UK at 35%.
Migliano’s global findings offer a macro-scale view of trends currently being navigated by individual consumers, VPN providers and ISPs worldwide.
VPNs ride the usage wave
Despite the rapid expansion of user bases, most VPNs appear to be surfing the user wave rather than drowning.
Figures released by NordVPN revealed that global use of its business-focused VPN had increased by 165% since March 11, with US and the UK usage jumping by 66% and 48% respectively. While the numbers mainly reflect the use of NordVPN’s corporate-level product, the results still reflect a surge in total remote work hours put in by individual users.
As pointed out by Forbes’ Zak Doffman, NordVPN’s US users appear to be putting in an average of three full hours of extra work a day during lockdown. European users are close behind, putting in as much as two extra hours of work daily. NordVPN recently told industry research outfit VPN Pro that it is constantly adding new servers to keep up with the demand.
In a March release, ExpressVPN similarly reported general consumer use growing globally by 36% from February to March, hitting 45% in the US alone. ExpressVPN saw its greatest traffic increase, at 56%, in Belgium. UK traffic rose by 32%, while Australia’s jumped 36% and Mexico’s shot up 22%.
Relative newcomer Surfshark made competitive strides as well, offering free six-month subscriptions to businesses with up to 10 employees. In a single month, the company told VPN Pro, its traffic had doubled in Italy, Germany and Portugal. It tripled in Turkey.
Atlas VPN said use of its product has increased in almost every single country with significant COVID-19 cases. Usage took off in Italy, spiking 112% in a single week, while US use of Atlas VPN rose 53% between the weeks starting March 2 and March 9.
“We estimate that VPN usage in the US could increase over 150% by the end of the month. Overall, the usage of VPNs should continue to surge if the coronavirus pandemic worsens,” Atlas VPN’s COO Rachel Welch wrote in a blog post.
ISPs feel the squeeze
AT&T offers its own version of a VPN, called Anira. Use of the VPN surged roughly 700% over just a few weeks, according to the company.
“These were customers in health care, financial services and other vital segments around the world,” AT&T’s Andre Fuetsch wrote in an April blog post. “AT&T was able to accommodate that demand surge without missing a beat. Just a few years ago, that would have been impossible. In fact, we’ve been adding more capacity to be ready for future needs.”
In late March, Verizon reported a 9% week-over increase of VPN traffic on its network, with a 52% increase in VPN use over a typical day. By April 15, VPN detection on Verizon’s network had plateaued and crept down.
Notably, that downward trend could indicate either less VPN use or — as is increasingly common — consumer use of less detectable VPNs, equipped with obfuscation technology that camouflages the use of a VPN.
Streaming services spike demand
More people are using VPNs to stream content through services such as Disney Plus.
It’s not just the tidal waves of email and additional load of Zoom conferences that are causing enormous global spikes in VPN use, though. Top10VPN research points to some family-friendly culprits behind the traffic spikes.
“With Disney Plus still progressively rolling out globally over March, it’s clear that families stuck indoors with children have been looking for ways to get earlier access to hugely popular shows such as The Mandalorian. This steep surge finally began to flatten out from March 30 as the service became more widely available,” he wrote.
Migliano predicts some streaming service demand spikes will be sustained, however, as Netflix viewers in countries with more limited libraries use VPNs to unblock restricted content during quarantine.
“It’s notable that all interest in VPNs that work with particular services increased over the past seven days as the reality of long social restrictions really starts to sink in around the world,” he wrote.
As VPN use grows, so do risks
As it stands, GlobalWebTKIndex holds that more than 400 million businesses and consumers are currently using encrypted connections — including VPNs and other technology — around the world. And that number is set to grow.
Data from Statista and Orbis Research pegged the value of the global VPN market at $15.64 billion in 2016. By 2018, that value had risen to $20.6 billion. By 2022, it’s projected to reach $36 billion.
With increased VPN demand comes increased security risk. While the field has recently seen some innovative privacy developments, the nature of current VPN technology makes it a prime target for exploitation. All of a user’s data is essentially funneled to a single company, whose servers may be located anywhere, and accessed by anyone.
Malicious actors have long used VPNs as cheaply created vehicles for data harvesting and malware injection. Even seemingly innocuous VPNs can — via shoddy security — endanger users in countries where VPNs are outlawed. Insecure VPN apps are routinely spotted and removed from app marketplaces.
In early April, Google removed one of the most popular VPN apps in its Play Store due to a significant security vulnerability that opened users up to a common hack, known as a “man in the middle” attack, where users’ data is intercepted by an unauthorized third party.
SuperVPN had already achieved 100 million installs by March 19, according to VPN Pro, which discovered the vulnerability in February and alerted Google. Google removed the app on April 7. Users who still have the app installed, however, remain vulnerable to attack and are advised to uninstall it.
Likewise, enterprise-scale VPN use has developed its own set of separate but related concerns. The US Cybersecurity and Infrastructure Security Agency issued guidance in early March, noting the increased potential risk during a pandemic-spurred lockdown, and urged companies to take measures to scale up and reinforce their corporate VPNs to fend off expected attacks on vulnerabilities.
We advise that you evaluate new VPNs carefully before subscribing, and review CNET’s regularly updated directory of VPNs for secure recommendations.