Study Again Finds That Most VPNs Are Shady As Hell

from the panacea-this-is-not dept

When a well-lobbied Congress eliminated consumer privacy protections for broadband back in 2017, many folks understandably rushed to VPNs for some additional privacy and protection. And indeed, many ISPs justified their lobbying assault on the rules by stating that users didn’t need privacy protections, since they could simply use a VPN to fully protect their online activity. But we’ve noted repeatedly that VPNs are not some kind of panacea, and in many instances you’re simply shifting the potential for abuse from your ISP to a VPN provider that may not actually offer the privacy it claims.

Top10VPN, for example, recently took a closer look at 150 VPN apps being offered in the Android marketplace and found that 90% of them violated consumer privacy in some fashion, either by the inclusion of DNS leaks, a failure to adequately secure and store user data, or by embedding malware:

“Simon Migliano, the head of this research, reports that at over 38 VPN apps tested positive for DNS leaks, exposing private data to hundreds of insecure links. Also, over 27 VPN apps were flagged as potential sources of malware when tested by VirusTotal.

Apart from this, the research also found intrusive permissions in over 99 apps. These permissions included user location, device information, use of the microphone, camera access and more.”

And of course it’s not just shady fly-by-night free VPN operations contributing to this problem. You’ll recall that Facebook’s “VPN” service Onavo was booted from the Apple store for being little more than glorified spyware. Verizon was so eager to capitalize on the rising interest in VPNs it couldn’t be bothered to write a privacy policy (an extra-notable problem given Verizon’s history with this sort of stuff). And we’ve noted more than a few times how many VPN promises that they don’t collect and store your personal information are often false, something you’ll probably only find out when it’s too late.

Again, you’ll see a lot of folks argue that we don’t need meaningful privacy rules of the road because users can simply use a VPN to dodge the prying eyes of what has become all-pervasive marketing-driven surveillance online. When ISPs were busy lobbying to have the FCC’s privacy rules killed, for example, their funded proxy organizations were quick to insist that killing consumer broadband privacy protections isn’t that big of a deal — because consumers could just protect themselves by using encryption and a VPN.

But as outlets like Wired have pointed out, a VPN won’t help you if your wireless carrier is installing snoopvertising locally on your phone (remember CarrierIQ?). Nor is it a bulletproof solution for ISPs like Verizon that have creatively started modifying user packets to covertly track subscribers around the internet. Nor does it prevent you from an ISP charging you more to opt out of data collection (something AT&T and Comcast have both flirted with). A VPN also won’t protect you from companies that have flirted with providing worse customer service based on your credit score.

So yeah, while a good VPN is a helpful privacy tool, a VPN in general still isn’t some magic silver bullet for our growing privacy shitstorm. And in more than a few instances, a poor choice can leave you less secure than if you used no VPN at all.

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Study Again Finds That Most VPNs Are Shady As Hell”

Subscribe: RSS Leave a comment
Anonymous Coward says:

What about those VPNs Techdirt's advertising?

Techdirt advertises VPNs all the time. Today it’s “Disconnect” which I don’t see in the list as good or bad. And yeah, the fine print says these ads don’t reflect endorsements, but that’s just a cop-out. A site that’s going to be talking about how most VPNs are bad shouldn’t be uncritically taking whatever VPN ads their partners want to push.

Anonymous Coward says:

Re: What about those VPNs Techdirt's advertising?

From the bottom of every promotion on Techdirt:-

Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

Anonymous Coward says:

Re: What about those VPNs Techdirt's advertising?

If we take a look at ThatOnePrivacySite’s vpn comparison chart (that’s the actual site’s name, I’m not linking to it because I get tired of being spam filtered) Disconnect is by no means the best, but it’s not the worst either. It seems to be marketing itself more as a malware/ad blocker for mobile users than a privacy protection service. It’s definitely not the worst that’s been featured here in the daily deals.

You should always research what VPNs you’re interested in using before signing up.

Anonymous Anonymous Coward (profile) says:

Re: Re:

Are you suggesting that Most VPN’s are paid VPN’s, or is the title actually accurate? Could it be that ‘free’ VPN’s need an income source, which would lead, some at least, to believe that the accusations are accurate. Which leaves us with most VPN’s are not only free, but acting badly?

On the other side of the coin,not all paid VPN’s are scions of virtuosity, here are some that are.

That One Guy (profile) says:

'Hey, they can do the hard work, we just want money.'

And indeed, many ISPs justified their lobbying assault on the rules by stating that users didn’t need privacy protections, since they could simply use a VPN to fully protect their online activity.

I can’t help but feel that this argument is rather like a restaurant arguing against food safety laws, on the grounds that their customers can simply hire someone to test the food before they eat it and get the same result.

PaulT (profile) says:

Re: Re:

Yeah, it’s a horrible headline. Not only is the distinction between commercial and “free” VPN services very important, but there are many, many VPNs in service that are neither.

I understand the point – that people being urged to use VPN services to protect themselves will inevitably be more likely to use the free ones that damage their piracy anyway. But, this kind of conflation is damaging to the overall argument.

John85851 (profile) says:

A point about statistics

I know this is a little nit-picky, but it bugs me when articles say “over X number” but the number is exact. For example:
_ over 38 VPN apps… Also, over 27 VPN apps _

What exactly is “over 38” and “over 27”? Would that be 38.1 or 27.5? How do you get 1/10 or 1/2 of a VPN service? Wouldn’t “over 38” be “39” or “40”? Why not say “39” or “40” instead?

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...