VPNs Are No Privacy Panacea, And Finding An Ethical Operator Is A Comical Shitshow

from the ain't-no-magic-bullet dept

Given the seemingly endless privacy scandals that now engulf the tech and telecom sectors on a near-daily basis, many consumers have flocked to virtual private networks (VPN) to protect and encrypt their data. One study found that VPN use quadrupled between 2016 and 2018 as consumers rushed to protect data in the wake of scandals, breaches, and hacks that historically, neither industry nor government seem particularly interested in seriously addressing.

Usually, consumers are flocking to VPNs under the mistaken belief that such tools are a near-mystical panacea, acting as a sort of bullet-proof shield that protects them from any potential privacy violations on the internet. Not only is that not true (ISPs, for example, have a universe of ways to track you anyway), many VPN providers are even less ethical than privacy-scandal-plagued companies or ISPs they're trying to flee from:

I don't use a VPN because I'd rather Comcast aggregate my data than some dude wearing a dolphin onesie in his basement in Zurich. — SwiftOnSecurity (@SwiftOnSecurity) April 18, 2017

Facebook, for example, spent the last year marketing a "privacy protecting VPN" that was little more than spyware in its own right. Verizon was so eager to cash in on the trend it launched a VPN but forgot to even include a privacy policy. Most existing VPNs promise not to store your data, then go right ahead and do so anyway. And studies perpetually find that a huge array of such offerings are little more than scams, hoovering up your money and private data while promising you the moon, sea, and sky.

Case in point: Will Oremus wrote a really wonderful piece for Slate about trying to find a respected VPN and discovered that the market is, for lack of a more technical term, a complete and total shitshow:

"The search for a VPN I could rely on led me on a convoluted journey through accusations and counteraccusations, companies with shadowy leadership and those with conflicts of interest, and VPN ratings sites that might be even shadier than the companies they’re reviewing. Many VPNs appear to be outright scams. Others make internet browsing sluggish. Free versions bombard you with ads. It’s a world so thicketed that the leading firms and experts can’t agree on the basic criteria for what counts as “reputable,” let alone which companies best meet that description."

The article does provide some very useful tips for finding a decent VPN, and is well worth a read. That said, it also makes it abundantly clear that VPN review sites are often inconsistent, downright terrible, or financially conflicted. And even many well-reviewed VPN operators can raise flags if they try to hide the identity of who actually owns them:

"ExpressVPN, for its part, nearly won the coveted recommendation of Wirecutter in its extensive, highly detailed VPN review. There are hints throughout Wirecutter’s report that ExpressVPN would have taken the top spot if not for one pesky concern: its refusal to publicly disclose who owns it. Wirecutter editor Mark Smirniotis notes near the end of his review that ExpressVPN offered to arrange a confidential call with its owners, but he decided that wouldn’t be enough to change his recommendation and declined."

The terribleness of the VPN sector is decidedly ironic, given that giant broadband providers, who routinely hoover up your data in an ocean of creative and non-transparent ways, have long tried to claim that the United States doesn't need meaningful privacy guidelines because users can always use a VPN. That was one of the cornerstones of the telecom lobby logic as the successfully convinced Congress to eliminate modest FCC privacy rules in 2017 that could have prevented many of the location data scandals currently plaguing the sector.

But if it's not clear yet, a VPN is not a magic bullet to the problems that are plaguing the modern internet. Users are running from one platform to the next, dribbling their private data in a long trail behind them thanks to shoddy and nonexistent standards. Meanwhile a lack of competition leaves them stuck on the network of giant ISPs that not only refuse to respect their privacy, but routinely lobby against any and every legislative solution, no matter how well crafted. Several ISPs have then tried to charge users a surcharge to opt out of data collection and monetization, effectively making privacy a luxury option.

Something has to break in this broken and idiotic equation, and "just go use a VPN" is not an adequate answer to the problem.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: privacy, security, trasnparency, vpns