← All Articles

Can a VPN be tracked by an employer?

Using a VPN at work is often assumed to guarantee privacy, but the reality is far more nuanced. Employers can still detect VPN usage and, in many cases, monitor activity depending on the device, network, and VPN type involved. Corporate VPNs, personal VPNs, and work issued devices all introduce very different levels of visibility and risk. This article explains what employers can actually see, how VPN detection works in corporate environments, and what steps meaningfully improve privacy at work.

Aidan Barnabas
Aidan Barnabas
20 min read
Can a VPN be tracked by an employer?
Key takeaways
  • Employers can almost always detect VPN usage on corporate networks, even if they cannot see encrypted browsing content.
  • Corporate VPNs give employers extensive visibility, including activity logs, connection times, and location data.
  • Personal VPNs protect browsing history only when used on personal devices outside employer controlled networks.
  • Endpoint monitoring and device level tracking can bypass VPN protections entirely, regardless of encryption.

Can a VPN be tracked by an employer? The short answer is yes, but the amount of data they can gather depends on the VPN you choose and how you use it.

A Virtual Private Network (VPN) is a cybersecurity tool that creates a secure and encrypted connection between your device and the websites you visit online. It does this by routing your traffic through a centralized VPN server before it reaches the web. This means anyone viewing your connection will see the server’s IP address instead of your own. In theory, this prevents your browsing activity from being monitored by third parties.

Whether your employer can track you while you work typically depends on the type of VPN you use, as well as several other factors, such as whether you’re using an employer-provided device and if you’re connecting to the corporate network.

Your employer can almost always detect that you’re using a VPN if you’re connected to the employer’s network. However, if you’re using a reliable commercial VPN and your employer has no other means of tracking you (for instance, through a tracking software installed on an employer-provided computer), they generally can’t see the websites you’re visiting due to the encrypted connection.

The issue becomes more complex if you’re using a corporate VPN. These VPNs are often controlled and monitored by the organization, giving the employer the power to view your activity, location, and any sites you visit. While the EU General Data Protection Regulation (GDPR) requires organizations to be transparent about this tracking, employers in the US have much more leeway to monitor your activity on company-owned devices and networks.

As you can see, this is a topic that deserves deeper discussion, especially with the growing number of people working from home. We’ll cover everything you need to know about employer tracking in this guide. To begin, let’s examine what employers can see when you don’t use a VPN.

What data can employers see if employees don’t use a VPN?

We’ll start with the baseline. If you don’t use any VPN at all, what can your employee see?

  • Web traffic: Employers can see the domain names you’re accessing if you use a company-provided device or access the internet via the company network. If the website is unencrypted (when the website uses HTTP protocol instead of HTTPS), they can also view the pages you visit and the actions you take on the website.
  • IP address and location: Your employer can view your public IP address and therefore the approximate location of your connection if you connect to a company network remotely without a VPN. This allows employers to see whether individuals who are working remotely are accessing the network from their home.
  • Device usage habits: If you’re using a company-provided device with preinstalled software, it’s safe to assume your employers can track the applications you access and the duration you use them for by reviewing activity logs.
  • Application tracking: By analyzing traffic of those who access the corporate network, employers can also find out the apps you use based on traffic patterns.
  • File transfers: Once again, employers can inspect network traffic to track file transfers over unencrypted protocols (like FTP). Note that they cannot see the file contents of encrypted transfers over HTTPS.
  • Bandwidth usage: If you connect to the company network, companies can analyze total data consumption patterns to identify data-heavy activities, like downloading large files.
  • Unencrypted emails: If you send out unencrypted emails, your employer may be able to see their contents if these emails are sent through a mail server provided by the employer.

The only way to protect yourself from employer tracking if you don’t use a VPN is using your own personal device on your own personal network. You’ll also need to avoid using work-related apps and software, as these can also be used to track your activities.

Drawbacks of using company Wi-Fi without a VPN

Using company Wi-Fi without a VPN exposes you as the employee to several risks, including:

  • Little to no privacy: Employers can monitor your unencrypted traffic by checking which domain names are resolved and which IPs are accessed. This could allow them to see the websites you visit.
  • Location monitoring: Employers can also track devices that connect to the company network, which could reveal information about your location. If your employer sees that you’re connecting to the network through an unfamiliar IP that you don’t typically connect with, they can assume that you’re working in a different location.
  • Cyber risks: If you connect to the company Wi-Fi without using a VPN, bad actors on your network can intercept your data. This is bad news on a personal level, but could also land you in hot water if you allow company files to be compromised.
  • Usage patterns logged: Without a VPN, employers can monitor your usage over the long term and collect timestamps to determine employee productivity.

In short, using no VPN for your work-related tasks isn’t just a risk; it could be considered negligence. Most companies will require you to use a VPN in some form for this very reason. These VPNs are usually owned by the company and are known as corporate VPNs—but are these VPNs really protecting you from tracking?

Can your employer see what you do on a corporate VPN?

Corporate VPNs (also known as company VPNs or business VPNs) are VPN solutions provided by a company for all employees to use. These VPNs are often employed to safeguard sensitive business information and allow access to company systems. However, they also regularly track employee activity to monitor productivity and control what content is accessible to users.

We can broadly split corporate VPNs into two camps.

  • First, there are the commercially purchased corporate VPN solutions. These are third-party solutions like NordLayer, designed specifically to be scalable and easy to deploy for teams and companies.
  • Then, there are internal VPNs. These are custom VPNs created and deployed internally by the organization’s IT teams. They’re designed to give employees secure access to internal company systems and resources without needing to rely on external providers.

We’ll touch back on both of these VPNs later, but for now, let’s answer the question. If I use a company VPN, what can they see?

Unfortunately, the answer is usually ‘a lot’. Your employer can track several activities you perform on the company VPN, but what they can monitor depends entirely on whether you’re using a commercial VPN or an internal VPN.

What can your employer track with a commercially-bought corporate VPN?

For third-party corporate VPN services, employers can monitor your activities based on how the service is configured. NordLayer, for instance, includes a total Network Visibility solution, allowing system admins to keep tabs on who is accessing the network, what they’re accessing, and when. Typical logs include:

  • IP addresses and connection details, allowing employers to track device location.
  • Connection timestamps, including when the VPN was activated and deactivated.
  • How much data an employee is using.
  • What files the employee is accessing on the company network.
  • The domains an employee is accessing when using the VPN.

The VPN provider itself may also collect user logs for their own purposes, and could supply these to the employer for technical or legal inquiries. That said, the encryption of these third-party corporate VPNs should prevent your employer from seeing the content of the websites you visit, any secure inputs such as passwords, and your in-app activities. They also shouldn’t be able to see your traffic if you use the corporate VPN on a personal device and network. That said, in extreme cases, the employer could theoretically buy the logs from the centralized VPN provider, so it’s best to be cautious when it comes to your privacy.

What can your employer track with an internal corporate VPN?

With an internal VPN that is managed entirely by the employer’s IT team, the potential for monitoring is much greater. Creating a VPN in this way allows the employer to specify everything they want to log. And most of the time, they’ll use that to their advantage.

Employers with an internal VPN can typically track full browsing activity in real time. If you’re using an internal corporate VPN for personal tasks, it’s safe to assume they have full access to everything you’re viewing should they want to learn more.

Can your employer track your location on a corporate VPN?

Yes, your employer can track your location on a corporate VPN. Once again however, the extent to which they can do this depends on the type of VPN you’re using.

When you connect to a corporate VPN, your internet traffic passes through servers controlled by the employer. This provides them with data that they can use to infer where you’re working from, even if you work remotely. The VPN may encrypt your true IP address, but as the employer owns the VPN, they can still see your real IP address when the VPN connection is established between your device and the organization’s servers.

So, if you’ve ever asked: can my employer track my location through VPN, the answer is yes if you’re using a corporate VPN. In fact, it’s safe to assume that everything you do while using a corporate VPN can be tracked and monitored by your employer. With that in mind, many individuals are turning to personal VPNs at work in an effort to hide their activity. Let’s explore why.

What about if I work within a virtual desktop?

If you’re using a virtual desktop for work, your employer shouldn’t be able to track your activity outside of that environment. This will allow you to use a personal VPN for everything else when you’re not in that infrastructure. However, the same rules apply if you’re using a work device provided by your employer. In this case, they may be monitoring you in other ways.

Reasons why people want to use a personal VPN at work

Due to the privacy risks of using a corporate VPN, many employees are now choosing to use personal commercial VPNs at work. These are VPNs that you buy from a third-party company by yourself, meaning they won’t be tied to your employer in any way.

One of the primary reasons employees rely on these commercial VPNs when remote working is to prevent employers from knowing their whereabouts. Location tracking has become increasingly common in recent years, so much so that 43% of employees know they’re being monitored, according to Forbes. Personal VPNs mask your IP address, making it harder for employers to see where you are. Of course, corporate VPNs don’t offer this same luxury.

Secondly, and perhaps most obviously, employees don’t want their employers to snoop on their browsing habits. Companies often use monitoring tools that track employees’ online activities on corporate networks and devices. VPNs safeguard employers from viewing websites visited, if the employer doesn’t install endpoint monitoring on work devices.

Thirdly, work-from-home users may use a personal VPN to limit employer data collection. While this won’t be a foolproof solution if you’re using a VPN on a work computer, it does have the potential to prevent monitoring software from logging metadata like your browsing history and application usage.

Of course, some employers may also request that their employees use a personally-bought VPN to safeguard corporate data and prevent cyber threats. While many large enterprises require that employees use corporate VPNs, either commercially-bought or internal, some may ask that employees instead use their own personal VPNs to protect company data. However, this approach is extremely rare because most business leaders would rather take charge of their own security posture.

Can your employer see your browsing history with a personal VPN?

Let’s answer: Can my employee see my internet activity with a personally-bought VPN? The good news is that, if they have no other way of tracking you, your employer cannot see your browsing history when you use a personal VPN. Personal in this case means the VPN is owned by a third-party VPN provider and not in any way affiliated with the employer (unlike a corporate VPN). The only exception is if the VPN provider sells employee browsing data to the employer. While this is rare, it is not impossible.

When you connect to a VPN, your traffic routes through the VPN servers, masking your true IP as that of the VPN provider in the process. While your employer may be able to detect that you’re using a VPN if you use the company network, they won’t be able to see the websites you’re visiting or your browsing history as long as you’re using a personal VPN on your own personal device.

But as ever, it’s a little more nuanced than that. What happens if you’re using a personal VPN on a work device, or a company network?

Can your employer track you if you use a personal VPN on a work device?

If you use a personal VPN on a work device, your employer can still monitor all aspects of your activity on that device: if the employer has installed monitoring software on the device, it can capture activity like your browsing history, files downloaded and (in extreme cases) even your keystrokes—before the VPN has a chance to encrypt it. The device may also maintain activity logs for things like opening files or accessing apps.

Can your employer track you if you use a personal VPN on a corporate network?

If you connect to the corporate network using a personal VPN while on a personal device, your employer will be able to see the IP address of the VPN server you’re using to connect. While they usually won’t be able to view your browsing history and traffic, they will know you’re using a VPN. This leaves them with a few options. They could either block the VPN traffic or flag its use for further investigation.

The good news is that it can be difficult for the company to trace the VPN use back to you if you’re using the VPN on a personal device. While it may be possible to determine that you are the particular VPN user based on your local network IP, local network usage, traffic patterns, and access times, this isn’t necessarily easy. In most cases, the employer may simply attempt to detect the traffic and block it outright.

How can an employer detect VPN use?

Employers have various methods to detect that you’re using VPN at work. VPNs may encrypt your traffic and prevent employers from viewing the pages you’re accessing, but this doesn’t necessarily conceal the fact a VPN is in play.

The first problem is that centralized VPN providers have a limited number of IP addresses and protocols at their disposal. When you connect to one of these VPNs, it’s entirely possible that network administrators will be able to recognize your IP as that of a known VPN. This is especially common if you’re using a popular VPN with publicly available server IP ranges, like NordVPN or ExpressVPN.

Even if you’re connected to a VPN IP that isn’t immediately noticed, organizations still have other ways of detecting your usage. For instance, they can use advanced methods like Deep Packet Inspection (DPI), which allows employers to inspect the data packets being sent over their network. This is especially useful for detecting commercial VPN traffic, though it’s usually only employed by large enterprises for security purposes.

Can your employer block VPN usage?

Yes, your employer can block VPN usage through various network security measures. One of the simplest methods is IP blacklisting. If the employer can determine that an IP came from a known VPN provider, they can simply block your connection automatically if you try to access the employer’s Wi-Fi network using one of these IPs.

Employers can also block VPN usage through port and protocol blocking. This method targets the communication pathways and rules VPNs use to establish secure connections. For instance, OpenVPN uses UDP port 1194 and TCP port 443 by default. The employer can configure the network firewall to automatically block traffic coming from these ports, preventing VPN connections from being initiated.

Another option available to employers is blocking access to the VPN provider websites. This prevents the employee from accessing and downloading the VPN solution while on the company network in the first place. While it won’t block existing VPN connections, this adds an extra layer of complexity for those looking to establish a new VPN while at work.

We now know that your employer can both detect and block VPN usage, but does that make it legal? This question largely depends on the jurisdiction and the measures your employer is implementing.

Employers generally have the right to monitor their own network and devices for security and productivity reasons. This includes controlling and blocking VPNs, as the employer is allowed to enforce the security and proper use of their systems. In the majority of the US, companies can also monitor their employees without obtaining consent or informing their team that they’re being tracked.

In other parts of the world, there are some protections in place for employees. Legislations like the EU General Data Protection Regulation (GDPR) and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) require that employers be transparent and notify employees that they are being monitored. In countries like Germany, employers also need to obtain council approval before they can track their employees.

As a result of these laws, most employers should notify their employees about monitoring policies ahead of time. They should also be able to prove that this monitoring is lawful and relevant to business interests. That said, depending on your geographic location, it may be difficult to demand that your employer follow these guidelines.

As for ethics, it’s up for debate whether it’s fair for employers to monitor their employees. The employer does have a right to uphold their organisational security, but if the monitoring extends beyond reasonable limits and becomes invasive, this can be a detriment to individual privacy.

As per Forbes, 59% of employees feel stressed and anxious about potential workplace surveillance. Almost half of those surveyed (48%) also say they’d take a pay cut if it meant not being watched. Aside from the threat of having your every move tracked at work, some employers may exploit their power to control employees beyond normal work-related activities. For instance, imagine if an employer only allowed access to news websites that aligned with their personal agenda, or they blocked VPNs to restrict access to a union organization platform. You can see how things can quickly spiral out of control.

Employer monitoring is a regular and valid concern for employees. The only real route to privacy at work is using a personal device and using a reliable VPN solution that’s difficult to track. There are also several steps employees can take to make themselves harder to monitor.

How to stay private with a VPN at work?

Once your employer learns that you’re using a VPN, there are several steps they can take to block the connection. As such, the best way to stay private at work is to avoid your VPN being detected in the first place.

Here are the steps we recommend to achieve an undetected VPN and safeguard your anonymity in a corporate setting.

1. Choose the right VPN

The first step is to choose a reliable VPN that effectively masks your traffic. Look for a VPN provider that has built-in stealth features to obfuscate your traffic. This will make you considerably harder to track and block.

Alternatively, a decentralized VPN (dVPN) can add an additional layer of privacy by decentralizing your data routing. These dVPNs work on a network of small residential servers, known as nodes. When you connect to the service, you connect directly to one of these nodes. In the process, your IP will be replaced by a residential IP located somewhere in your selected country. In essence, this means your employer won’t be able to recognize your IP as that of the VPN provider, as it will look like regular peer-to-peer traffic, making it much harder to detect you’re using a VPN.

2. Install the VPN on a personal device

If you use a VPN on a work device, it’s safe to assume your employer has monitoring software that they can use to track at least some of your actions. To avoid this, limit your VPN use to personal devices.

3. Rotate servers regularly

The best way to prevent your traffic from detection is to change your location and server regularly. This makes it harder for network administrators to spot patterns, which makes you considerably more difficult to track.

4. Avoid the corporate network

Where possible, avoid connecting to the corporate network using your VPN, as this increases the likelihood of detection. If you’re working remotely at home, connect to your own Wi-Fi. If you’re in the office or a public place, you can instead connect to your own mobile hotspot to avoid detection.

Can employers track hotspot location? As long as you’re using a personal device, they generally can’t. Creating your own hotspot is a simple way to bypass network restrictions and help safeguard your VPN from detection.

5. Limit your VPN connections

Limit your VPN use to times when it’s necessary. Disconnect when you’re not actively using the service. Long frequent connections can raise suspicions over time. Combine this with regularly rotating your server to make yourself extremely difficult to trace.

Comparison of different types of VPNs to avoid employer tracking

While there is no VPN that can’t be detected, there are options that are more secure and private than others. Below, we’ve compared all of the different VPN types to help you decide on the best fit.

Tool/FeatureCentralized VPNCorporate VPNdVPN
PrivacyHigh (depending on VPN features)Low (monitored by employers)Very high (decentralized and private by design)
DetectabilityMedium (can be detected if the employer recognises the VPN IP)Very high (completely visible to the employer)Low (IPs are mostly residential. Highly resistant to detection)
Ease of UseVery easyVery easy (integrated with work tools)Very easy (as long as you use a reputable dVPN provider)
SecurityHighHighVery high
CostMedium (free VPNs are usually untrustworthy)Usually freeMedium
Best ForPersonal privacy with limited setupSecure access to corporate resourcesUsers needing maximum anonymity and privacy

Other privacy solutions like Tor may also be a viable method to remain anonymous and private at work. Tor routes your traffic through multiple nodes, making it difficult for network administrators to trace your online activities or location. Of course, this still only applies if you’re using your own equipment.

However, it’s still relatively easy to detect that you’re using Tor, even if the content of the communication is encrypted. And if you are caught, there are potentially severe repercussions. Many corporations associate Tor with illegal activities, so it likely isn’t worth the risk.

As long as you regularly switch the servers and limit your time on the service to essential activities, a centralized VPN or decentralized VPN on a personal device will make it much harder for employers to detect your use of VPN.

Frequently Asked Questions

Is a decentralized VPN safe?

A reliable decentralized private network is generally considered to be safer than a centralized VPN. The distributed architecture is designed to minimize single points of attack that malicious actors could use to intercept your data. It is also intended to make it technically very difficult for decentralized VPNs to collect logs. This design aims to reduce the need to rely solely on the VPN provider’s assurance that your data isn’t being collected or sold.

Are decentralized VPNs better than centralized VPNs?

A dVPN (or DPN depending on who you ask) is designed to offer enhanced privacy and security, aiming to be more resilient to censorship and cyber threats. They strive to provide superior anonymity and make it more difficult for entities to track or block your traffic. However, dVPNs currently lack the extensive outreach and advertising budgets that centralized solutions possess. This means that, despite the dVPN’s potential benefits, the technology isn’t as widely known as centralized VPNs. As the shift towards a decentralized web continues, this is expected to change as more people recognize the advantages of switching to dVPN solutions.

Is there a free decentralized VPN?

Yes, there are several free decentralized VPNs available. However, a free dVPN doesn’t always equate to the best option. All dVPNs require funds to make the network faster and more reliable for users. This means free dVPNs without a subscription package might need to find alternative ways to cover costs, which could include ads or, in some cases, selling user data. In some instances, they might share your IP with other users or transfer data through your device without your consent. By paying a small subscription fee, you can access a dVPN that aims to offer security by default, as well as superior performance and a more reliable service. Additionally, you’ll be supporting the future development of the decentralized web.