Study Again Finds That Most VPNs Are Shady As Hell
from the panacea-this-is-not dept
When a well-lobbied Congress eliminated consumer privacy protections for broadband back in 2017, many folks understandably rushed to VPNs for some additional privacy and protection. And indeed, many ISPs justified their lobbying assault on the rules by stating that users didn’t need privacy protections, since they could simply use a VPN to fully protect their online activity. But we’ve noted repeatedly that VPNs are not some kind of panacea, and in many instances you’re simply shifting the potential for abuse from your ISP to a VPN provider that may not actually offer the privacy it claims.
Top10VPN, for example, recently took a closer look at 150 VPN apps being offered in the Android marketplace and found that 90% of them violated consumer privacy in some fashion, either by the inclusion of DNS leaks, a failure to adequately secure and store user data, or by embedding malware:
“Simon Migliano, the head of this research, reports that at over 38 VPN apps tested positive for DNS leaks, exposing private data to hundreds of insecure links. Also, over 27 VPN apps were flagged as potential sources of malware when tested by VirusTotal.
Apart from this, the research also found intrusive permissions in over 99 apps. These permissions included user location, device information, use of the microphone, camera access and more.”
And of course it’s not just shady fly-by-night free VPN operations contributing to this problem. You’ll recall that Facebook’s “VPN” service Onavo was booted from the Apple store for being little more than glorified spyware. Verizon was so eager to capitalize on the rising interest in VPNs it couldn’t be bothered to write a privacy policy (an extra-notable problem given Verizon’s history with this sort of stuff). And we’ve noted more than a few times how many VPN promises that they don’t collect and store your personal information are often false, something you’ll probably only find out when it’s too late.
Again, you’ll see a lot of folks argue that we don’t need meaningful privacy rules of the road because users can simply use a VPN to dodge the prying eyes of what has become all-pervasive marketing-driven surveillance online. When ISPs were busy lobbying to have the FCC’s privacy rules killed, for example, their funded proxy organizations were quick to insist that killing consumer broadband privacy protections isn’t that big of a deal — because consumers could just protect themselves by using encryption and a VPN.
But as outlets like Wired have pointed out, a VPN won’t help you if your wireless carrier is installing snoopvertising locally on your phone (remember CarrierIQ?). Nor is it a bulletproof solution for ISPs like Verizon that have creatively started modifying user packets to covertly track subscribers around the internet. Nor does it prevent you from an ISP charging you more to opt out of data collection (something AT&T and Comcast have both flirted with). A VPN also won’t protect you from companies that have flirted with providing worse customer service based on your credit score.
So yeah, while a good VPN is a helpful privacy tool, a VPN in general still isn’t some magic silver bullet for our growing privacy shitstorm. And in more than a few instances, a poor choice can leave you less secure than if you used no VPN at all.
Filed Under: encryption, privacy, trust, vpns
Comments on “Study Again Finds That Most VPNs Are Shady As Hell”
What about those VPNs Techdirt's advertising?
Techdirt advertises VPNs all the time. Today it’s “Disconnect” which I don’t see in the list as good or bad. And yeah, the fine print says these ads don’t reflect endorsements, but that’s just a cop-out. A site that’s going to be talking about how most VPNs are bad shouldn’t be uncritically taking whatever VPN ads their partners want to push.
Re: What about those VPNs Techdirt's advertising?
From the bottom of every promotion on Techdirt:-
Re: Re: What about those VPNs Techdirt's advertising?
From the comment you just replied to:
Re: What about those VPNs Techdirt's advertising?
If we take a look at ThatOnePrivacySite’s vpn comparison chart (that’s the actual site’s name, I’m not linking to it because I get tired of being spam filtered) Disconnect is by no means the best, but it’s not the worst either. It seems to be marketing itself more as a malware/ad blocker for mobile users than a privacy protection service. It’s definitely not the worst that’s been featured here in the daily deals.
You should always research what VPNs you’re interested in using before signing up.
Re: Re: What about those VPNs Techdirt's advertising?
You are not being spam filtered -its a speech policing script written by that asshole above your comment, T.H.A.D.
He is Masnicks self -appointed bad words patrol, and deplatforming specialist, aka “ADL sponsored trusted flagger ”
Re: Re: Re: What about those VPNs Techdirt's advertising?
OOh… direct personal attacks. I presume you have evidence that you can share the rest of us, rather than it just being another paranoid delusion?
Of course you don’t.
Re: What about those VPNs Techdirt's advertising?
Just like making regular contributions to the KKK would not reflect an endorsement. Oh no, not in any way.
The best vpn is the one you make yourself because you know what you are doing, and there are free shell accounts all over the place if you look for them. Lots of things are like this. Knowledge is power.
Re: Self Service
Excuse my ignorance, but won’t a VPN you make yourself simply point everything back to you?
Re: Re: Self Service
If I had to guess, I think it would mean getting a VPN package (sever/client) then renting some server space to install this on.
Re: Re: Re: Self Service
bah…..server/client
Re: Re:
And any logs of inbound and outbound traffic, outside your control, render such an approach useless.
Re: Re: Re:
…or logs of IP address assignments, such logs being very likely to exist.
Re: Re:
No. Different VPN setups have different use cases. Rolling your own is less effective at protecting your privacy than a big VPN with multiple thousands of users.
Re: Re:
So that’s a solution for what, .01% of internet users who have both the skills and time to do it? Thanks for that.
TOR
It should be noted that the title doesn’t mention that the VPNs listed were all **FREE VPNs**. Not VPNs you paid a service for.
As such the title amounts to click bait, referring that it **MOST** VPNs instead of saying **FREE VPNs**.
Re: Re:
Are you suggesting that Most VPN’s are paid VPN’s, or is the title actually accurate? Could it be that ‘free’ VPN’s need an income source, which would lead, some at least, to believe that the accusations are accurate. Which leaves us with most VPN’s are not only free, but acting badly?
On the other side of the coin,not all paid VPN’s are scions of virtuosity, here are some that are.
Re: Re:
Looks like somebody stopped reading before the paragraph that starts with “And of course it’s not just shady fly-by-night free VPN operations contributing to this problem.”
Re: Re: Re:
It didn’t give enough detail. It only mentioned Facebook and Verizon, and I don’t know what to say if someone goes to those companies for privacy protection.
with wannabe hackers and cybercriminals hiding behind VPNs, it’s a no-brainer that someone who wants to flush these people out would set up their own VPN.
Nothing is anonymous on the way out of the user’s computer. Set up the right VPN that is trusted by the cybercriminals and parallel construction becomes child’s play.
Chaining VPNs and anoymous payment
In the Desktop sphere of things there is such a thing as chaining several VPN services to enhance anonymity.
Anonymous payment is also quite important.
It’s disconcerting, but not surprising. I’ve been with ExpressVPN since 2013 and have no desire to switch. I feel like a bunch of the new VPN services are just offshoots of shadow companies.
'Hey, they can do the hard work, we just want money.'
And indeed, many ISPs justified their lobbying assault on the rules by stating that users didn’t need privacy protections, since they could simply use a VPN to fully protect their online activity.
I can’t help but feel that this argument is rather like a restaurant arguing against food safety laws, on the grounds that their customers can simply hire someone to test the food before they eat it and get the same result.
Dear Karl,
Is there a particular reason you intentionally left off the word “free” in front of “VPN” in the headline and article?
This makes a difference as most paid VPN services aren’t shady at all, but the article implies it.
The two VPN services I use aren’t listed.
Re: Re:
Yeah, it’s a horrible headline. Not only is the distinction between commercial and “free” VPN services very important, but there are many, many VPNs in service that are neither.
I understand the point – that people being urged to use VPN services to protect themselves will inevitably be more likely to use the free ones that damage their piracy anyway. But, this kind of conflation is damaging to the overall argument.
Re: Re:
Looks like somebody else stopped reading before the paragraph that starts with "And of course it’s not just shady fly-by-night free VPN operations contributing to this problem."
I am staying with nordvpn, cause they have so many servers nobody will manage to block them all, devices could be unlimited so I could share it with my family, but at least it is very cheap.
Re: Re:
I used to use a Nord VPN like you, but then I took an arrow in the knee.
A point about statistics
I know this is a little nit-picky, but it bugs me when articles say “over X number” but the number is exact. For example:
_ over 38 VPN apps… Also, over 27 VPN apps _
What exactly is “over 38” and “over 27”? Would that be 38.1 or 27.5? How do you get 1/10 or 1/2 of a VPN service? Wouldn’t “over 38” be “39” or “40”? Why not say “39” or “40” instead?
I think that you should check this blog for the best VPN solution. I’ve gathered a different option to compare.