Google One VPN: What you need to know about this privacy tool
Analysis: Google now includes a VPN with its cloud subscription storage service. Here are some of the privacy implications you should know.
Rae HodgeFormer senior editor
Rae Hodge was a senior editor at CNET. She led CNET's coverage of privacy and cybersecurity tools from July 2019 to January 2023. As a data-driven investigative journalist on the software and services team, she reviewed VPNs, password managers, antivirus software, anti-surveillance methods and ethics in tech. Prior to joining CNET in 2019, Rae spent nearly a decade covering politics and protests for the AP, NPR, the BBC and other local and international outlets.
Google's mobile virtual private network service -- Google One VPN -- is branching out. Once restricted to Android users in the US, the VPN is now a perk bundled with the search giant's cloud-based subscription storage service, Google One. Earlier this month, however, Google made a change to its developer documents, as reported by 9to5Google. Android users in Canada and Mexico gained access to the service, along with those in the UK, France, Germany, Spain and Italy.
In October 2020, when Google launched its own standalone VPN as part of its $100 annual bundle package for Google One, subscribers with a 2TB or greater account got access to the service perk for the first time. While the idea of an Android-tailored VPN conveniently rolled into a Google One mobile app might seem appealing as a quick-fix privacy option, there are more than a few privacy concerns to give you pause.
If you're checking into Google's service for the first time, here are a few key things to know about the mobile encryption offering.
Yes. According to the tech detailed in Google's white paper, Google One VPN acts as a traditional VPN does: It diverts all the internet traffic from your device through an encrypted tunnel, sends it through a Google VPN server and passes it along to the website you're browsing toward -- effectively hiding your browsing. It even goes a step further by separating its user authentication process from your browsing, too.
I haven't yet tested Google One VPN, so I can't tell you whether it can help you bypass Google's own geoblocking on country-specific apps in the Google Play Store, or if it can help you access your home country's Netflix catalog while you're traveling abroad.
Is Google One VPN truly private?
As we wrote in June, Google One users simply looking for an extra layer of protection while using free public Wi-Fi could find this VPN to be a convenient fit. But there's an elephant in the room here.
By using Google One VPN, you're actively feeding every piece of internet-bound data on your device to Google. Then you're trusting Google to not peek at that data, and to shield you from the same third-party tracking tech that it only stopped profiting from in March.
This is the same Google that required a lot -- Facebook's Cambridge Analytica scandal, a lengthy legislative haranguing over privacy concerns, three major antitrust lawsuits (including a landmark case by the US Department of Justice) and another complaint by a bipartisan coalition of states -- before it decided to phase out those third-party tracker cookies in its Chrome browser. Google is only just starting that process, which also doesn't apply to mobile Google devices.
We reached out to Google, and will update this story if we hear back.
VPNs function by routing all of your data through a single company's servers. So when we recommend VPN providers, we evaluate not only the relative strength of their encryption tech and application security, but we also examine the VPN providers' data privacy and retention policies, and any instances where the provider has been proven to have collected or shared user browsing data.
We frequently advise users against adopting free VPN services except when indulging in a 30-day trial of a recommended provider, primarily as a precaution against undesirable data collection by shady VPN providers and their data brokers. If any of our recommended VPN providers had even half the access to your private digital life that Google so often does, I'd advise against using that provider's VPN to protect your privacy, regardless of how strong its encryption is.
So if you're interested in keeping your browsing, internet traffic and usage data private from corporations and government entities, you should carefully consider Google's long, storied history of sharing and collecting user data before you use any of its products, VPN included. Ask yourself whether it might be better to trust your data to a company whose singular aim appears to be privacy, rather than algorithm farming.
Is Google One VPN worth it?
Thanks to far-reaching gag orders and secret subpoenas, the US government has overseen the collection of more data from internet users than we can feasibly or objectively measure at this time. As such, I recommend against choosing a VPN service with a US jurisdiction, which would include Google One VPN -- though it's worth noting that non-US VPN companies are still far too opaque to operate entirely independent of user trust.
But when even Uncle Sam has to sue a VPN company over data abuse? It may be worth selecting a different fox to guard your digital henhouse.
If you're a subscriber to the Google One 2TB plan and just looking for light protection as you browse public Wi-Fi, the Google One VPN may do the job. But if you're looking for more robust privacy, we'd recommend subscribing to one of our tested and recommended VPNs instead.