Your data could be leaked in five years - here’s why
Why the rise of quantum computers could end encryption as we know it
The invention of quantum computers poses a global threat to internet security. This is because they have the processing power necessary to break the majority of the encryption algorithms that currently protect most of the world’s data. They achieve this by using quantum physics to perform a lot more efficiently than traditional supercomputers.
Before you panic, it’s worth noting that, as it stands, quantum computers are only being used for research purposes, so you’re unlikely to find one outside of a research center, such as a university, research lab, or supercomputer center. But experts are predicting that at some point in the next five years, this will change and quantum computers will start being used to break the encryption that has, up until now, kept most of the sensitive data on the internet from being hacked. This event is referred to as Q-day.
When this happens, everything from photos, private emails, and medical records to government files, business documents, and banking details will be vulnerable. So it’s likely to have huge and far-reaching consequences, causing political, financial, and social chaos around the world. It will also make it much easier to scam unsuspecting victims, as hackers will be able to use private details to make phishing scams a lot more believable.
Thankfully, there is a way you can protect your data from Q-day. Cyber security experts have already developed a range of post-quantum algorithms that will offer sufficient data protection against quantum computers. This level of security is available now to anyone. All you need to do is sign up for a VPN with post-quantum encryption.
We’ll use this article to explain the risks in much more detail and recommend VPNs you can get right now that already come future-proofed with robust post-quantum protection. So read on to learn all you need to know.
Why is my data not safe?
At the moment, your data should be fairly secure, particularly if you use a reputable VPN to encrypt your traffic. However, it might not stay that way for long, as quantum computers pose a significant cyber security threat to most online data. This is because these machines use quantum physics to make their computations infinitely more efficient than those of a traditional supercomputer.
Referred to as Q-day, experts are predicting that this day will happen at some point in the next five years. So while your data is probably safe for the time being, it probably won’t be secure once Q-day happens.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!
If you rely on traditional forms of encryption, Q-day will jeopardize all your online information. This includes everything from your documents, photos, and emails to your banking details, work documents, and your internet search history.
However, it’s important to know that your data doesn’t have to be compromised. There are already post-quantum algorithms to protect against attacks from quantum computers. You can get this level of security today by signing up to a VPN that offers post-quantum encryption. We’ve recommended our favorite picks further down the page.
What is being done to prevent Q-day?
While Q-day can’t be prevented as such, given that quantum computers will become more powerful and more widely used, the impact of it can be dramatically reduced. To achieve this, experts have been working on post-quantum encryption. As the name suggests, this is a form of cryptography that’s powerful enough to protect against hacks from quantum computers.
Q-day is predicted to happen at some point in the next five years. So, while the threat isn’t necessarily imminent, it’s a very sensible idea to prepare for Q-day by securing your data with quantum-resistant encryption. This type of security is already available from a select number of VPN providers, so you can safeguard your data from today.
There are several different types of post-quantum algorithms that can protect your data from quantum computers and prevent your data from Q-day.
How can I protect my data from Q-day?
The best thing you can do to protect your data from quantum computer attacks that will happen on Q-day and beyond is to use a VPN that comes with post-quantum encryption. These algorithms have been specifically designed to be unbreakable, even by quantum computers, meaning that they can give the required level of protection to guard against Q-day.
But it’s important to note that not all VPNs (even the best VPNs) offer post-quantum protection. In fact, the majority of providers haven’t yet built this into their protocols. So even if you use a VPN, it’s quite possible your data will be vulnerable to attack by quantum computers.
Q-day is predicted to happen at some point in the next five years. So while the threat might not be immediate, it’s important to protect your data against Q-day, as we don’t yet know when it’s going to happen. So the most prudent thing you can do is sign up for a VPN that offers post-quantum encryption. This is especially important if you’re looking to save money by signing up for a long-term subscription. That way, no matter when Q-day happens, your data will be protected.
Which VPNs use post-quantum encryption?
As we mentioned, there are a select number of VPNs with post-quantum encryption that will future-proof your cyber security. Here, we’ve compiled a list of reputable ones that will keep your data safe from Q-day. We’ll also explain what type of encryption each VPN uses to help you make an informed choice.
ExpressVPN
If you’ve read any of our other VPN guides, you’ll be used to seeing ExpressVPN’s name being mentioned as one of the very best VPNs. This is largely because of its ability to deliver market-leading security, along with fast speeds, and a great user experience. But, unlike a lot of its direct competitors, ExpressVPN stands out by offering quantum-resistant encryption, thereby giving users much more sophisticated protection than you’d find on most other providers.
As with most VPNs, ExpressVPN uses AES 256-bit encryption, which is sufficient to protect against attacks from classical computers. But it also goes a step further with its very own open-source Lightway protocol, which has built-in post-quantum algorithms. These are too powerful to be broken by quantum computers.
If this isn’t enough to put your mind at ease, the Lightway protocol has undergone independent auditing twice in the last couple of years by Cure53. It passed both with flying colors, therefore proving that it’s every bit as secure as ExpressVPN has claimed.
You might be concerned that such sophisticated encryption might slow down any traffic using the Lightway protocol. But actually, it performed really well in our speed tests, coming in at 410 Mbps. This speed will be more than fast enough for anything you’d want to do online, including streaming, online gaming, and video editing.
But the Lightway protocol isn’t the only reason why ExpressVPN comes so highly recommended. It also delivers everything else you could want from a VPN, including the ability to unblock region-restricted content with ease, as well as helpful customer support, and a fleet of strong servers.
QSTVPN
QSTVPN has integrated post-quantum encryption into its VPN connections to protect user data from quantum computers, as well as classical computers. So it’s a great choice if you’re looking to keep your data safe now and into the future.
Despite its additional security, QSTVPN delivers fast and reliable speeds that will lead to a smooth online experience.
QAL VPN
If you’re concerned about cyber security in a post-Q-day world, QAL VPN could be the perfect solution to protect your business from hackers. It offers a number of post-quantum algorithms to provide plenty of protection against quantum machines. The provider utilizes three lattice-based algorithms, as well as its SPHINCS+ cryptography, which uses hash-based functions. So it’s definitely one of the most future-proofed business options around.
However, because it’s a VPN designed for large businesses, it’s probably not the ideal solution if you want one for individual use. But if you’re looking for something to protect your organization from the ramifications of Q-day, it could be the ideal choice for you.
Mullvad
If you’re primarily a desktop user, Mullvad will provide you with sophisticated post-quantum encryption for your Windows, MAC, or Linux machine. It does this by incorporating quantum-resistant tunnels in all its WireGuard protocols for its desktop app with Kyber and Classic McEliece post-quantum algorithms.
If you’re concerned about leaving your other devices vulnerable, don’t worry because Mullvad is already working on rolling out this level of security for its iOS and Android apps. Customers signing up for a Mullvad subscription should have post-quantum protection across all their devices long before Q-day happens.
Mullvad’s encryption shares a secret in a way that’s too sophisticated for a quantum computer to be able to decipher. Once this has been shared, that tunnel will be disconnected and a new one will be opened with the new shared secret.
You won’t go far wrong with Mullvad as your VPN provider because, in addition to its post-quantum algorithms, it also delivers fast speeds and total customer anonymity.
Windscribe
Windscribe is a strong VPN with plenty of security features, fast speeds, and content-unblocking capabilities. On top of this, it also uses the WireGuard protocol to generate unique pre-shared keys for each user that are quantum-resistant.
Even if a quantum computer were able to decrypt these keys, which is extremely unlikely, it would be unable to interpret the traffic. Therefore, it will keep your data hidden from any hacks past Q-day.
Q-Day FAQs
What is Q-day?
Quantum computers pose a potentially catastrophic threat to online security. Once these machines are powerful enough and begin being used outside of research labs, they will have the power and the capability to break the encryption that protects most of the data on the internet. This event is known as Q-day and experts are predicting that this could happen at any time in the next five years.
Luckily, there are already some post-quantum algorithms that are strong enough to protect your data against this threat. All you need to do is sign up for a VPN that offers this level of security, such as ExpressVPN, Windscribe, or Mullvad.
What is post-quantum encryption?
Post-quantum encryption is a form of cyber security that’s powerful enough to protect your data from attacks by quantum computers. There are a few different types of post-quantum cryptography that are currently available, such as lattice-based, hash-based, and code-based algorithms. If you want this level of protection, use a VPN that has built it into its protocols, such as Mullvad, ExpressVPN, or Windscribe.
Do quantum computers pose a threat to VPNs and encryption?
Although quantum computers don’t currently pose a security threat, as they’re only being used in research labs right now, there will come a day when they’re strong enough to break most of the world’s encryption.
Referred to as Q-day, this event will wreak havoc across the world and could effectively render VPNs obsolete, as they’ll no longer be able to protect user data. That is unless VPNs incorporate post-quantum encryption into their protocols. Some VPNs have already done this, such as ExpressVPN, Mullvad, and Windscribe. If other providers follow suit, quantum computers won’t be able to decrypt the protection offered, meaning that they can no longer pose a threat to VPNs.
Olivia joined Tom's Guide in October 2023 as part of the core Future Tech Software team, and is the Commissioning Editor for Tech Software. With a background in cybersecurity, Olivia stays up-to-date with all things cyber and creates content across TechRadar Pro, TechRadar and Tom’s Guide. She is particularly interested in threat intelligence, detection and response, data security, fraud prevention and the ever-evolving threat landscape.
- Catherine HileyFreelance Writer
-
Vogete This article is just a giant ad for VPNs and an incredibly misinformed and bad take. When Q-day comes, VPN won't protect you from anything. Your data will not magically not leak just because you use a VPN. Databases, ssh keys will not be protected on the provider's infrastructure just because you used a VPN. Your password manager isn't safe because you use a VPN. Don't spread misinformation about "VPN will protect your data" because it doesn't. I can guarantee https will be upgraded to a quantum safe algorithm before Q-day comes, so nobody will notice web browsing changes. The real issue will be upgrading legacy infrastructure and encryption on everything else.Reply
VPNs offer some benefits, but they are not magical solution to privacy and data safety.
I thought tomsguide had some integrity, but it looks like VPN ads are more profitable than decent articles. -
COLGeek There are efforts to account for this. For example:Reply
https://www.nist.gov/news-events/news/2022/07/nist-announces-first-four-quantum-resistant-cryptographic-algorithms
As noted by @Vogete , current tools/algorithms are not sufficient, including ALL VPNs in current use. -
SJRouge91 I second with @Vogete; you can have a million Vpns but if you're not doing your due diligence while browsing sites, and click on sus links, then it won't matter; one of the main reasons if not THE reason data breaches happen so much, is pretty much due to politics, a lack of regulation of said breaches, and little to no accountability from the companies that allow it to happen. Instead of spending a little money to upgrade and improve infrastructure, they'd rather cut corners, allow breaches to happen, then blame it on China, Russia, or whichever boogieman they use instead of owning up to their own greed and negligence; I know Russia and China are culprits at times, but not ALL the time. Many US companies sell our data and little is done by Congress to stop it.Reply
Despite all this doom and gloom of breaches, you can still be safe online; just do your research on websites/services, do a system image backup every 3 months (regular file backup just isn't going to cut it), and remember the old saying " if it sounds too good to be true, then it probably is." -
SJRouge91 Repeating about how VPNs are the only thing that will save you from Q-day yeah. :LOL: Joking aside, I never saw any paragraphs repeating though.Reply