Study Again Finds That Most VPNs Are Shady As Hell
from the panacea-this-is-not dept
When a well-lobbied Congress eliminated consumer privacy protections for broadband back in 2017, many folks understandably rushed to VPNs for some additional privacy and protection. And indeed, many ISPs justified their lobbying assault on the rules by stating that users didn't need privacy protections, since they could simply use a VPN to fully protect their online activity. But we've noted repeatedly that VPNs are not some kind of panacea, and in many instances you're simply shifting the potential for abuse from your ISP to a VPN provider that may not actually offer the privacy it claims.
Top10VPN, for example, recently took a closer look at 150 VPN apps being offered in the Android marketplace and found that 90% of them violated consumer privacy in some fashion, either by the inclusion of DNS leaks, a failure to adequately secure and store user data, or by embedding malware:
"Simon Migliano, the head of this research, reports that at over 38 VPN apps tested positive for DNS leaks, exposing private data to hundreds of insecure links. Also, over 27 VPN apps were flagged as potential sources of malware when tested by VirusTotal.
Apart from this, the research also found intrusive permissions in over 99 apps. These permissions included user location, device information, use of the microphone, camera access and more."
And of course it's not just shady fly-by-night free VPN operations contributing to this problem. You'll recall that Facebook's "VPN" service Onavo was booted from the Apple store for being little more than glorified spyware. Verizon was so eager to capitalize on the rising interest in VPNs it couldn't be bothered to write a privacy policy (an extra-notable problem given Verizon's history with this sort of stuff). And we've noted more than a few times how many VPN promises that they don't collect and store your personal information are often false, something you'll probably only find out when it's too late.
Again, you'll see a lot of folks argue that we don't need meaningful privacy rules of the road because users can simply use a VPN to dodge the prying eyes of what has become all-pervasive marketing-driven surveillance online. When ISPs were busy lobbying to have the FCC's privacy rules killed, for example, their funded proxy organizations were quick to insist that killing consumer broadband privacy protections isn't that big of a deal -- because consumers could just protect themselves by using encryption and a VPN.
But as outlets like Wired have pointed out, a VPN won't help you if your wireless carrier is installing snoopvertising locally on your phone (remember CarrierIQ?). Nor is it a bulletproof solution for ISPs like Verizon that have creatively started modifying user packets to covertly track subscribers around the internet. Nor does it prevent you from an ISP charging you more to opt out of data collection (something AT&T and Comcast have both flirted with). A VPN also won't protect you from companies that have flirted with providing worse customer service based on your credit score.
So yeah, while a good VPN is a helpful privacy tool, a VPN in general still isn't some magic silver bullet for our growing privacy shitstorm. And in more than a few instances, a poor choice can leave you less secure than if you used no VPN at all.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: encryption, privacy, trust, vpns
Reader Comments
Subscribe: RSS
View by: Time | Thread
What about those VPNs Techdirt's advertising?
[ link to this | view in chronology ]
Re: What about those VPNs Techdirt's advertising?
From the bottom of every promotion on Techdirt:-
[ link to this | view in chronology ]
Re: Re: What about those VPNs Techdirt's advertising?
From the comment you just replied to:
[ link to this | view in chronology ]
Re: What about those VPNs Techdirt's advertising?
You should always research what VPNs you're interested in using before signing up.
[ link to this | view in chronology ]
Re: Re: What about those VPNs Techdirt's advertising?
You are not being spam filtered -its a speech policing script written by that asshole above your comment, T.H.A.D.
He is Masnicks self -appointed bad words patrol, and deplatforming specialist, aka “ADL sponsored trusted flagger ”
[ link to this | view in chronology ]
Re: Re: Re: What about those VPNs Techdirt's advertising?
Of course you don't.
[ link to this | view in chronology ]
Re: What about those VPNs Techdirt's advertising?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re: Self Service
[ link to this | view in chronology ]
Re: Re: Self Service
[ link to this | view in chronology ]
Re: Re: Re: Self Service
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
So that's a solution for what, .01% of internet users who have both the skills and time to do it? Thanks for that.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
As such the title amounts to click bait, referring that it **MOST** VPNs instead of saying **FREE VPNs**.
[ link to this | view in chronology ]
Re:
Are you suggesting that Most VPN's are paid VPN's, or is the title actually accurate? Could it be that 'free' VPN's need an income source, which would lead, some at least, to believe that the accusations are accurate. Which leaves us with most VPN's are not only free, but acting badly?
On the other side of the coin,not all paid VPN's are scions of virtuosity, here are some that are.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Nothing is anonymous on the way out of the user's computer. Set up the right VPN that is trusted by the cybercriminals and parallel construction becomes child's play.
[ link to this | view in chronology ]
Chaining VPNs and anoymous payment
Anonymous payment is also quite important.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
'Hey, they can do the hard work, we just want money.'
And indeed, many ISPs justified their lobbying assault on the rules by stating that users didn't need privacy protections, since they could simply use a VPN to fully protect their online activity.
I can't help but feel that this argument is rather like a restaurant arguing against food safety laws, on the grounds that their customers can simply hire someone to test the food before they eat it and get the same result.
[ link to this | view in chronology ]
Is there a particular reason you intentionally left off the word "free" in front of "VPN" in the headline and article?
This makes a difference as most paid VPN services aren't shady at all, but the article implies it.
The two VPN services I use aren't listed.
[ link to this | view in chronology ]
Re:
I understand the point - that people being urged to use VPN services to protect themselves will inevitably be more likely to use the free ones that damage their piracy anyway. But, this kind of conflation is damaging to the overall argument.
[ link to this | view in chronology ]
Re:
Looks like somebody else stopped reading before the paragraph that starts with "And of course it's not just shady fly-by-night free VPN operations contributing to this problem."
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
A point about statistics
_ over 38 VPN apps... Also, over 27 VPN apps _
What exactly is "over 38" and "over 27"? Would that be 38.1 or 27.5? How do you get 1/10 or 1/2 of a VPN service? Wouldn't "over 38" be "39" or "40"? Why not say "39" or "40" instead?
[ link to this | view in chronology ]
I think that you should check this blog for the best VPN solution. I've gathered a different option to compare.
[ link to this | view in chronology ]