Hello y’all,
With my Pixel 7 comes Google’s VPN service, for free. I read the documentation (available here) and it seems legit to my privacy-noob eyes. It is open source, externally audited, and logs minimal data (i.e. how much the service is used).
I don’t have a strict threat model–I just want to safeguard my privacy. At the moment I use it mostly when I connect to public wifi networks.
So, what do you think? Can I hide inside the lion’s mouth?
It’s probably reasonably safe to use, if you make sure to use the https only option in your browser.
Google will be able to see the encapsulation data, and the unencrypted part of the http connection. Expect them to share it with government agencies, and possibly data brokers, but it’s not different from the majority of VPN providers.
Don’t know what your data plan is like, but always using mobil data is also a way to void using a VPN.
Thanks for the input! Glad to hear you think it’s fine (or, at least, not worse than other VPN providers).
FYI my data plan is unlimited, but I travel abroad quite often and then I have to rely on public wifi networks.
Edit: for what is worth, they swear to never use the VPN connection to track, log, or sell the online activity. So they should not share my info with anyone.
It’s probably true they can’t use the data in ad tech or sell it to other companies, it would probably break the laws in most countries. It’s probably not the same for government agencies, and because it’s a private company, they might be able to access the data without needing a warrant.
Well, they claim that their implementation of the service is private by design.
We wanted to eliminate that vulnerability [i.e. linking one’s identity to his network traffic by means of a session ID] by separating the authentication of the user from their use of the service. By employing a cryptographic blind signing step between user authentication and connecting to the VPN, we give users a stronger guarantee that their network activity can’t be tied back to their identity.
I’m not sure whether this means that even the people at Google cannot monitor my activity, but it seems so. At any rate, as I said I have basic privacy safeguard requirements–I know very well that if a big player goes after me I won’t be able to hide with this kind of toys. 
+1 on the Google VPN being an decent option if your threat model allows. I would trust the Google VPN from a security standpoint, and I trust it from a privacy standpoint better than most VPN providers. IVPN, Mullvad, and Proton VPN are still among the best to get, though.
If you’re looking for a free VPN to use just for those times you need to use a public wifi network, you can make a free Proton account that comes with their basic VPN option. Perfect for the use case you describe or run it all day.
Thanks for chipping in!
What is it that makes the providers you mention the best to get? Apologies in advance for the possibly idiotic question, I’m not particularly expert on these matters and from the documentation I don’t see much difference with Google’s VPN service. Despite Google’s general reputation as a data-hungry company, this looks to be a very privacy respecting service.
I’ve been using Google’s VPN in conjunction with NextDNS for filtering out trackers and ads on a system level, and it seems to me to work great (by chance, techlore just published a video on this kind of setups).
You should have a look at Techlores VPN Chart & watch through their Top 5 VPN’s video as it pretty much sums everything up about the aforementioned providers.
The main differences are (IMO) Google’s privacy reputation, the fact they are based in the USA, and they cooperate frequently with law enforcement. Whereas the aforementioned companies primary goal is privacy, their privacy repuatations are almost spotless, and they are based in countries with good privacy laws.
Hope this helps 
That’s helpful, thanks!
Agreed. Also, if you’re using an android phone with Google services anyway then personally I don’t think you’re really giving up that much more privacy by using Google’s VPN too. Doesn’t mean that I like Google, but for the average person, security-wise I think they’re trustworthy.