Study Again Finds That Most VPNs Are Shady As Hell

from the panacea-this-is-not dept

When a well-lobbied Congress eliminated consumer privacy protections for broadband back in 2017, many folks understandably rushed to VPNs for some additional privacy and protection. And indeed, many ISPs justified their lobbying assault on the rules by stating that users didn't need privacy protections, since they could simply use a VPN to fully protect their online activity. But we've noted repeatedly that VPNs are not some kind of panacea, and in many instances you're simply shifting the potential for abuse from your ISP to a VPN provider that may not actually offer the privacy it claims.

Top10VPN, for example, recently took a closer look at 150 VPN apps being offered in the Android marketplace and found that 90% of them violated consumer privacy in some fashion, either by the inclusion of DNS leaks, a failure to adequately secure and store user data, or by embedding malware:

"Simon Migliano, the head of this research, reports that at over 38 VPN apps tested positive for DNS leaks, exposing private data to hundreds of insecure links. Also, over 27 VPN apps were flagged as potential sources of malware when tested by VirusTotal.

Apart from this, the research also found intrusive permissions in over 99 apps. These permissions included user location, device information, use of the microphone, camera access and more."

And of course it's not just shady fly-by-night free VPN operations contributing to this problem. You'll recall that Facebook's "VPN" service Onavo was booted from the Apple store for being little more than glorified spyware. Verizon was so eager to capitalize on the rising interest in VPNs it couldn't be bothered to write a privacy policy (an extra-notable problem given Verizon's history with this sort of stuff). And we've noted more than a few times how many VPN promises that they don't collect and store your personal information are often false, something you'll probably only find out when it's too late.

Again, you'll see a lot of folks argue that we don't need meaningful privacy rules of the road because users can simply use a VPN to dodge the prying eyes of what has become all-pervasive marketing-driven surveillance online. When ISPs were busy lobbying to have the FCC's privacy rules killed, for example, their funded proxy organizations were quick to insist that killing consumer broadband privacy protections isn't that big of a deal -- because consumers could just protect themselves by using encryption and a VPN.

But as outlets like Wired have pointed out, a VPN won't help you if your wireless carrier is installing snoopvertising locally on your phone (remember CarrierIQ?). Nor is it a bulletproof solution for ISPs like Verizon that have creatively started modifying user packets to covertly track subscribers around the internet. Nor does it prevent you from an ISP charging you more to opt out of data collection (something AT&T and Comcast have both flirted with). A VPN also won't protect you from companies that have flirted with providing worse customer service based on your credit score.

So yeah, while a good VPN is a helpful privacy tool, a VPN in general still isn't some magic silver bullet for our growing privacy shitstorm. And in more than a few instances, a poor choice can leave you less secure than if you used no VPN at all.

Filed Under: encryption, privacy, trust, vpns


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 28 Jan 2019 @ 12:26pm

    What about those VPNs Techdirt's advertising?

    Techdirt advertises VPNs all the time. Today it's "Disconnect" which I don't see in the list as good or bad. And yeah, the fine print says these ads don't reflect endorsements, but that's just a cop-out. A site that's going to be talking about how most VPNs are bad shouldn't be uncritically taking whatever VPN ads their partners want to push.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 28 Jan 2019 @ 12:44pm

      Re: What about those VPNs Techdirt's advertising?

      From the bottom of every promotion on Techdirt:-

      Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

      reply to this | link to this | view in chronology ]

      • icon
        Thad (profile), 28 Jan 2019 @ 2:38pm

        Re: Re: What about those VPNs Techdirt's advertising?

        From the comment you just replied to:

        And yeah, the fine print says these ads don't reflect endorsements, but that's just a cop-out. A site that's going to be talking about how most VPNs are bad shouldn't be uncritically taking whatever VPN ads their partners want to push.

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 28 Jan 2019 @ 2:23pm

      Re: What about those VPNs Techdirt's advertising?

      If we take a look at ThatOnePrivacySite's vpn comparison chart (that's the actual site's name, I'm not linking to it because I get tired of being spam filtered) Disconnect is by no means the best, but it's not the worst either. It seems to be marketing itself more as a malware/ad blocker for mobile users than a privacy protection service. It's definitely not the worst that's been featured here in the daily deals.

      You should always research what VPNs you're interested in using before signing up.

      reply to this | link to this | view in chronology ]

      • identicon
        hasbara cockroach 138547, 30 Jan 2019 @ 9:02pm

        Re: Re: What about those VPNs Techdirt's advertising?

        You are not being spam filtered -its a speech policing script written by that asshole above your comment, T.H.A.D.

        He is Masnicks self -appointed bad words patrol, and deplatforming specialist, aka “ADL sponsored trusted flagger ”

        reply to this | link to this | view in chronology ]

        • icon
          PaulT (profile), 31 Jan 2019 @ 1:34am

          Re: Re: Re: What about those VPNs Techdirt's advertising?

          OOh... direct personal attacks. I presume you have evidence that you can share the rest of us, rather than it just being another paranoid delusion?

          Of course you don't.

          reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 28 Jan 2019 @ 8:01pm

      Re: What about those VPNs Techdirt's advertising?

      Just like making regular contributions to the KKK would not reflect an endorsement. Oh no, not in any way.

      reply to this | link to this | view in chronology ]

  • icon
    Zof (profile), 28 Jan 2019 @ 12:57pm

    The best vpn is the one you make yourself because you know what you are doing, and there are free shell accounts all over the place if you look for them. Lots of things are like this. Knowledge is power.

    reply to this | link to this | view in chronology ]

  • identicon
    bob, 28 Jan 2019 @ 1:38pm

    TOR

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Jan 2019 @ 2:06pm

    It should be noted that the title doesn't mention that the VPNs listed were all **FREE VPNs**. Not VPNs you paid a service for.

    As such the title amounts to click bait, referring that it **MOST** VPNs instead of saying **FREE VPNs**.

    reply to this | link to this | view in chronology ]

    • icon
      Anonymous Anonymous Coward (profile), 28 Jan 2019 @ 2:19pm

      Re:

      Are you suggesting that Most VPN's are paid VPN's, or is the title actually accurate? Could it be that 'free' VPN's need an income source, which would lead, some at least, to believe that the accusations are accurate. Which leaves us with most VPN's are not only free, but acting badly?

      On the other side of the coin,not all paid VPN's are scions of virtuosity, here are some that are.

      reply to this | link to this | view in chronology ]

    • icon
      Thad (profile), 28 Jan 2019 @ 2:40pm

      Re:

      Looks like somebody stopped reading before the paragraph that starts with "And of course it's not just shady fly-by-night free VPN operations contributing to this problem."

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 29 Jan 2019 @ 7:16am

        Re: Re:

        It didn't give enough detail. It only mentioned Facebook and Verizon, and I don't know what to say if someone goes to those companies for privacy protection.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Jan 2019 @ 7:21pm

    with wannabe hackers and cybercriminals hiding behind VPNs, it's a no-brainer that someone who wants to flush these people out would set up their own VPN.

    Nothing is anonymous on the way out of the user's computer. Set up the right VPN that is trusted by the cybercriminals and parallel construction becomes child's play.

    reply to this | link to this | view in chronology ]

  • icon
    afn29129 David (profile), 28 Jan 2019 @ 7:47pm

    Chaining VPNs and anoymous payment

    In the Desktop sphere of things there is such a thing as chaining several VPN services to enhance anonymity.

    Anonymous payment is also quite important.

    reply to this | link to this | view in chronology ]

  • identicon
    Thomas Jane, 28 Jan 2019 @ 9:16pm

    It's disconcerting, but not surprising. I've been with ExpressVPN since 2013 and have no desire to switch. I feel like a bunch of the new VPN services are just offshoots of shadow companies.

    reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 28 Jan 2019 @ 11:32pm

    'Hey, they can do the hard work, we just want money.'

    And indeed, many ISPs justified their lobbying assault on the rules by stating that users didn't need privacy protections, since they could simply use a VPN to fully protect their online activity.

    I can't help but feel that this argument is rather like a restaurant arguing against food safety laws, on the grounds that their customers can simply hire someone to test the food before they eat it and get the same result.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 29 Jan 2019 @ 3:23am

    Dear Karl,

    Is there a particular reason you intentionally left off the word "free" in front of "VPN" in the headline and article?

    This makes a difference as most paid VPN services aren't shady at all, but the article implies it.

    The two VPN services I use aren't listed.

    reply to this | link to this | view in chronology ]

    • icon
      PaulT (profile), 29 Jan 2019 @ 8:26am

      Re:

      Yeah, it's a horrible headline. Not only is the distinction between commercial and "free" VPN services very important, but there are many, many VPNs in service that are neither.

      I understand the point - that people being urged to use VPN services to protect themselves will inevitably be more likely to use the free ones that damage their piracy anyway. But, this kind of conflation is damaging to the overall argument.

      reply to this | link to this | view in chronology ]

    • icon
      Thad (profile), 29 Jan 2019 @ 8:41am

      Re:

      Looks like somebody else stopped reading before the paragraph that starts with "And of course it's not just shady fly-by-night free VPN operations contributing to this problem."

      reply to this | link to this | view in chronology ]

  • identicon
    Karlos Marker, 29 Jan 2019 @ 4:28am

    I am staying with nordvpn, cause they have so many servers nobody will manage to block them all, devices could be unlimited so I could share it with my family, but at least it is very cheap.

    reply to this | link to this | view in chronology ]

  • icon
    John85851 (profile), 29 Jan 2019 @ 10:57am

    A point about statistics

    I know this is a little nit-picky, but it bugs me when articles say "over X number" but the number is exact. For example:
    _ over 38 VPN apps... Also, over 27 VPN apps _

    What exactly is "over 38" and "over 27"? Would that be 38.1 or 27.5? How do you get 1/10 or 1/2 of a VPN service? Wouldn't "over 38" be "39" or "40"? Why not say "39" or "40" instead?

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.