UPDATE: ExpressVPN have commented on the situation, read the comments below.

Online privacy is like a game of dominoes – as soon as one service falls, others are immediately compromised.

Yesterday we reiterated the Wall Street Journal report on Google’s issues with email privacy. Simply put, it has come to light that some third-party app developers for the Gmail platform can access private inboxes to mine data. The article says it is even considered common practice for human employees to read private communications to improve algorithms, fix bugs, etc. Scary stuff, to be sure!

Email exchanges between VPN providers and clients may include names, transactions details, etc…

Well, today we’d like to share our concerns about the ominous link between this story and the VPN market. After the original story broke, we decided to look at some DNS reports and see whether any of our favorite VPN’s were using Gmail as their email service. Obviously, a significant number of them do, or we wouldn’t be writing about it.

Google has tried to mitigate their data privacy issues, but they have not denied that some third-party developers have access to your emails. This is a hard blow for those VPN providers who use Gmail to communicate with you. How can they claim your privacy is safe if even Google says that’s not true?

By the way, all of the above also applies to (among others) Microsoft and Yahoo.

So here are some Top VPN service providers, whose data protection game needs some serious work:

So here’s the biggest surprise on this list of culprits – ExpressVPN. This is one of the biggest, safest, and all-around best VPN services on the market. We had it ranked #1! It boggles the mind that a company with this many resources and such an expensive product has failed to make sure they use a secure email service. TorGuard, with its thousands of servers around the globe, may even be bigger. We’re less disappointed with PrivateVPN – while its reputation has had no blemishes before now, they are understandably not as well-equipped to cover all their bases.

The VPN security of these popular services is also in question:

Of particular note is VPN Unlimited, whose email service is Yandex. That is, potentially, a whole new can of worms due to the relationship between big business in Russia and the government.

Why is this important?

One of the primary functions Virtual Private Networks have is protecting their users’ data privacy and personal identity. The top VPN services do this extremely well – they have powerful encryption, private DNS, they work hard to plug all kinds of data leaks, and they try to keep their interactions with users as anonymous as possible.

Journalists, political activists, simple torrent users – people from all walks of life trust VPNs with their secrets. Some of these secrets could even be life-threatening in the wrong hands. Even short of that, email exchanges between VPN providers and clients may include names, transaction details, and other things you’d rather keep out of sight! In that context, the idea of these communications being read by third parties is very troubling indeed.

Let’s be clear – we’re not here to sell torches or pitchforks. Sensitive though this issue may be, for all we know its impact can be trivial. It’s also not the VPN providers’ fault that Google has some nasty skeletons in their closet. Having said that, if you are using any of the affected VPNs – do yourself a favor and ask some hard questions!

These VPNs are safe to use

Despite all of the above, the other side of this dirty-looking coin is still shiny. So, let us balance the grim findings with a list of top VPN service providers that you can use without risking email leaks to third parties. We have checked dozens of VPNs and here’s what we have for you: