VPNs Are No Privacy Panacea, And Finding An Ethical Operator Is A Comical Shitshow

from the ain't-no-magic-bullet dept

Given the seemingly endless privacy scandals that now engulf the tech and telecom sectors on a near-daily basis, many consumers have flocked to virtual private networks (VPN) to protect and encrypt their data. One study found that VPN use quadrupled between 2016 and 2018 as consumers rushed to protect data in the wake of scandals, breaches, and hacks that historically, neither industry nor government seem particularly interested in seriously addressing.

Usually, consumers are flocking to VPNs under the mistaken belief that such tools are a near-mystical panacea, acting as a sort of bullet-proof shield that protects them from any potential privacy violations on the internet. Not only is that not true (ISPs, for example, have a universe of ways to track you anyway), many VPN providers are even less ethical than privacy-scandal-plagued companies or ISPs they're trying to flee from:

Facebook, for example, spent the last year marketing a "privacy protecting VPN" that was little more than spyware in its own right. Verizon was so eager to cash in on the trend it launched a VPN but forgot to even include a privacy policy. Most existing VPNs promise not to store your data, then go right ahead and do so anyway. And studies perpetually find that a huge array of such offerings are little more than scams, hoovering up your money and private data while promising you the moon, sea, and sky.

Case in point: Will Oremus wrote a really wonderful piece for Slate about trying to find a respected VPN and discovered that the market is, for lack of a more technical term, a complete and total shitshow:

"The search for a VPN I could rely on led me on a convoluted journey through accusations and counteraccusations, companies with shadowy leadership and those with conflicts of interest, and VPN ratings sites that might be even shadier than the companies they’re reviewing. Many VPNs appear to be outright scams. Others make internet browsing sluggish. Free versions bombard you with ads. It’s a world so thicketed that the leading firms and experts can’t agree on the basic criteria for what counts as “reputable,” let alone which companies best meet that description."

The article does provide some very useful tips for finding a decent VPN, and is well worth a read. That said, it also makes it abundantly clear that VPN review sites are often inconsistent, downright terrible, or financially conflicted. And even many well-reviewed VPN operators can raise flags if they try to hide the identity of who actually owns them:

"ExpressVPN, for its part, nearly won the coveted recommendation of Wirecutter in its extensive, highly detailed VPN review. There are hints throughout Wirecutter’s report that ExpressVPN would have taken the top spot if not for one pesky concern: its refusal to publicly disclose who owns it. Wirecutter editor Mark Smirniotis notes near the end of his review that ExpressVPN offered to arrange a confidential call with its owners, but he decided that wouldn’t be enough to change his recommendation and declined."

The terribleness of the VPN sector is decidedly ironic, given that giant broadband providers, who routinely hoover up your data in an ocean of creative and non-transparent ways, have long tried to claim that the United States doesn't need meaningful privacy guidelines because users can always use a VPN. That was one of the cornerstones of the telecom lobby logic as the successfully convinced Congress to eliminate modest FCC privacy rules in 2017 that could have prevented many of the location data scandals currently plaguing the sector.

But if it's not clear yet, a VPN is not a magic bullet to the problems that are plaguing the modern internet. Users are running from one platform to the next, dribbling their private data in a long trail behind them thanks to shoddy and nonexistent standards. Meanwhile a lack of competition leaves them stuck on the network of giant ISPs that not only refuse to respect their privacy, but routinely lobby against any and every legislative solution, no matter how well crafted. Several ISPs have then tried to charge users a surcharge to opt out of data collection and monetization, effectively making privacy a luxury option.

Something has to break in this broken and idiotic equation, and "just go use a VPN" is not an adequate answer to the problem.

Filed Under: privacy, security, trasnparency, vpns


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Scary Devil Monastery (profile), 6 Mar 2019 @ 3:26am

    Re:

    "I'd like clarification of something: Don't VPNs have to buy their net access from an ISP somewhere?"

    Of course. more usually the VPN services do like ISP's do and purchase bandwidth straight off the network trunk.

    The key portion of the VPN service is in how it handles the message though - essentially it fills the role of putting the mail in envelopes and sending them off, being the digital versions of an analogue secondary mail handling service.

    VPN's can certainly be blocked by an ISP - but by all of them? The key difference here is that VPN's operate by using thousands of exit nodes, either of which might be carrying any one of their customers. And these exit nodes may not only be dynamic (thus hard to track and match) but use stealth traffic configuration, basically wrapping it all in a TLS shell which makes deep-packet inspection see the traffic as ordinary https web surfing/streaming.

    Add a choice of CDN's to the mix on the web server side and what ought to be an ordinary 1:1 link from start-->end turns into a big ball of yarn you need extensive resources in three countries to unravel.

    If you use a VPN you normally do so assuming that it will secure you from any entity which has representation and influence in the nation of origin and/or the nation of exit. The extra options add layers to this, enabling security even when both ends can be considered compromised (China, for example).


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.