The VPN Is On Everybody's Shitlist After Years Of Scammy Providers And Empty Promises
from the it's-not-magic dept
The high number of scammy providers and overall rise in encryption appears to have turned the public sentiment against virtual private network (VPN) VPNs, and whether most consumers actually even need one. As privacy scandals and hacks grew over the last decade, VPNs quickly emerged as a sort of mystical panacea, that could protect you from all harm on the internet. Of course, this resulted in a flood of VPN competitors who were outright scams, made misleading statements about what data is collected, or failed to protect consumer data.
The end result is a new trend in the press where about once a month we get a new story informing you that you probably don't actually need a VPN. NBC News was the latest last week, pointing out that VPNs aren't the panacea many people seem to assume:
"Most commercial VPNs are snake oil from a security standpoint,” said Nicholas Weaver, a cybersecurity lecturer at the University of California, Berkeley. “They don’t improve your security at all."
Scammy VPN providers are a major reason for the shift. A Consumer Reports study last month took a look at 16 top VPN providers, and found that the majority of them misrepresented their products or their data retention practices, and many of the companies actually put consumer privacy at greater risk. Only a quarter of the VPNs looked at clearly indicated how long they retain user browsing and other data. The gold rush and regulatory apathy created an environment where the industry's floorboards rotted out below it, creating products that actually put consumer privacy and security at greater risk.
Granted simple technical innovation is another reason why the VPN is no longer deemed essential. Most browsers implemented HTTPS, making the dreaded (and frankly often unlikely) scenario whereby a nearby coffee shop hacker hijacks the entirety of your finances no longer as much of a threat. There's also (much to the chagrin of total surveillance fans in intelligence and law enforcement) greater encryption overall, and a parade of browser extensions and plugins that can help provide additional security. Now, you're far more likely to be subject to a basic human engineering phishing attack, which a VPN won't help with:
"Users now need to worry far less about being hacked by a fellow coffee shop patron than by a hacker simply sending an email from anywhere around the world to trick them into giving up their passwords and other sensitive information, she said.
Hackers “would likely do a phishing attack on you before they would walk into a cafe with free Wi-Fi,” Hancock said. “Sending people nefarious emails, it’s much easier to do that kind of campaign. Those have been tried and true, unfortunately,” she said."
That's not to say VPNs don't still have their function. The technology is still an essential security layer for governments, corporations, or others dealing with extremely sensitive information. But for many ordinary consumers, they're more trouble than they're worth, in no small part thanks to an industry that completely lost its soul at the data collection and monetization trough.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: encryption, overhype, scams, security, vpn
Reader Comments
Subscribe: RSS
View by: Time | Thread
VPN
Virtuous Panacea? Nope!
[ link to this | view in chronology ]
Let me guess, this narrative is being pushed by ISP's, data brokers and others that would like easy access to tracking all of your internet searches/history.
[ link to this | view in chronology ]
Re:
They are facts offered by the security community. Did you prefer the narrative pushed by lying VPN providers?
Yes, there are some good ones. Better, make your own, like we used to do before there were commercial services. And yes, they are sometimes useful for getting around georestrictions, but that ability is quickly blowing away with the wind.
[ link to this | view in chronology ]
Re: Re:
"They are facts offered by the security community"
I'm not entirely sure about that. First, there doesn't seem to be any differentiation between free services and paid services. Some services offer a hell of a lot more than simple VPN encryption that change the nature of the conversation, so there needs to be a clear differentiation for any conversation to be valid, even before you start addressing the major differences between the paid service. Second, the assumption seems to be that you're using VPNs to hide activity from 3rd party lurkers. While it's true that this isn't as important as it was before HTTPS became standard, the problem still exists, and some people are trying to block activity from their own ISPs as well as bystanders, something that's not addressed in these articles as far as I can see at a quick glance.
Third, while input from researchers is important, you should always be suspicious of those whose conclusions are in line with the lies of the MPAA, who have been attempting to spread FUD about VPN usage for a long time. Since they're aware that not only can they be used to hide infringing activity, they can also be used by paying customers to get more value for money. You can't force people to buy 5 subscriptions to access the content that's available on 2 in a different country, after all, if they can just pretend to be in that country to get the better deal.
Personally, I'll stop using VPNs when the companies I use for commercial and banking stop using them to protect their own data. If the time for that is not "never", I'll be intrigued as to the advances in security that make those possible, but it sure as hell is not today.
"Better, make your own, like we used to do before there were commercial services"
Surely, you're aware that these services are targeted toward people who don't possess the means or knowledge to do such a thing. That's like saying that if people have a concern about Wordpress they should be coding their own site like they used to before. Sure, that's an option and maybe even the ideal one, but you're not actually dealing with a realistic solution for the majority. If you think I'm wrong here, I invite you to spend some time doing 1st line support for the general public, you'll be amazed at the limitations in getting simple tasks done.
[ link to this | view in chronology ]
Re: Re: Re:
"Personally, I'll stop using VPNs when the companies I use for commercial and banking stop using them to protect their own data."
This right there. When companies handling large sums of money start forgoing an intranet...that's when I'll stop using one as well.
[ link to this | view in chronology ]
Re: Re: Re: Re:
Banks use VPN's to allow staff to remotely access their systems and do their jobs, but rely on SSL to protect customers doing online banking. Also note that they provide and control the VPN services to their staff, and do not rely on or use a VPN to hide the source, but not the destination of a connection. A VPN is useful as a secured entry point into a secured system, but is not really designed to hide online activity, which is what TOR was designed for.
What makes a VPN provider any more trustworthy than an ISP?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
"What makes a VPN provider any more trustworthy than an ISP?"
That depends entirely on your ISP.
If I lived in the US I would trust my ISP to pull any shady kind of shit they could possibly monetize on my traffic - whether that was; shaping it to penalize my access to netflix rather than their own streaming service or in order to sell me a "fast lane"; Selling my account details, phone number and browsing habits to a thousand ad providers; or handing my ip addy out to any of a thousand requesters courtesy of some malfing algorithm telling some copyright troll me and the laser printer next door or the apartment laundry-bookin service were downloading their goat porn.
From a US pov I'd want a VPN the same way I'd want to wear pants.
From a swedish perspective where most of that shit is optional and the ISP's actually have good reps, a VPN would more or less be optional save for one thing; It's always better to not having generated a list of logs than to have one given that our intel agencies all put blind faith in mass surveillance and computer algorithms producing suspect registries.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
"That depends entirely on your ISP."
More to the point - your ISP market. If you only have a single local monopoly you wouldn't trust further than you can throw their datacentre, but dozens of VPN providers you can drop in an instant if they violate your trust, then what?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
Are you suggesting AT&T would lie to its consumers? Its bread and butter?
...Sorry, can't even type that with a straight face...😂
[ link to this | view in chronology ]
Re: Re: Re:
It's pretty straightforward: Use a VPN if you want, no one is stopping you, or suggesting you do.
Best make sure your VPN is legit, which i am sure you do. The point here is that the masses pay for stuff without really understanding why they are doing it in the first place, and use shady services that are harvesting their metadata and not doing what they claim.
The secrity community is bigger than whichever guy you decided is aligned with the MPAA or whatever. VPNs are entirely based on trust, just like everything else is. Why people choose to trust something calling itself a VPN, when they don't trust any other part of the system, is a mystery.
Surely, you're aware that these services are targeted toward people who don't possess the means or knowledge to do such a thing.
And the complete inability to choose a trustworthy VPN also.
...you'll be amazed at the limitations in getting simple tasks done.
lol no, no i would not. Been there, done that. And yet, you think they could choose a trustworthy VPN by any method other than random chance.
No one is trying to pry a VPN out of your cold, dead hands, man. But people should be more informed, even if that, too, is an uphill battle.
[ link to this | view in chronology ]
Re: Re: Re: Re:
"The secrity community is bigger than whichever guy you decided is aligned with the MPAA or whatever."
It is, but when their conclusions fit with the narrative that's been spouted for clear profit and control motives, I get suspicious.
"And the complete inability to choose a trustworthy VPN also"
This is of course, also an issue. But, it's easier to get someone to use a trustworthy provider than it is to get them to set up their own, troubleshoot any problems that might arise, etc.
"And yet, you think they could choose a trustworthy VPN by any method other than random chance."
No, but I think that they're way more likely to be sent down the correct route than they would be to be able to set something up on their own. There's no perfect solution, my point is simply that you're living in a fantasy world if you think that telling people to set up their own VPN is remotely realistic.
"No one is trying to pry a VPN out of your cold, dead hands, man"
Tell that to the politicians attempting to outlaw such services.
[ link to this | view in chronology ]
Re: Re: Re: Re:
"No one is trying to pry a VPN out of your cold, dead hands, man. But people should be more informed, even if that, too, is an uphill battle."
...because "Trust, but verify" is just too damn hard for John Q Doe to grok.
A lot of grift in the US corporate sectors wouldn't even have had air to breathe if it werent for the US cult of ignorance and belief in magical thinking making that nation the promised land of con men and fraudsters. P.T. Barnum could have risen into prominence nowhere else.
[ link to this | view in chronology ]
Re: Re: Re:
Disclaimer: Different AC.
Yes, because that is what a VPN is for. Virtual Private Networks are not a privacy panacea. They are extensions of one network's internal functionality over the internet using a routing tunnel that may provide encryption. (Example: IPSec can be configured to run in authentication mode without encapsulation.) VPNs by design cannot hide data from the internal network they provide a connection to. Nor can the data that a VPN proxies be hidden from it's intended recipient.
3rd party lurkers are the only people locked out of a VPN conversation assuming it's encrypted properly, and even then they can still see the packet headers on the packets going to / coming from the VPN gateway. Not even HTTPS can protect against that. The most you can do is use multiple proxies or "hops" along the path to the target server. The target will still see the last one, and can start their backtrace from there, or they can just block the last one at their firewall. (Which is what many streaming services attempt to do to enforce geoblocking.) It's still not a perfect solution.
Your ISP will see traffic regardless, and we all know that just the packet metadata is enough to unmask most people. Assuming the traffic is unique enough, the metadata can even betray the person's intent. (Example: Most people connect on 443/tcp for a few seconds and transfer about 2MBs of data, but this traffic at 10am last night connected on 22/tcp for hours and transferred 70GB. "Who broke in to our server and stole our secret sauce!?" Said no competent IT worker in that scenario ever.)
Yes they are. It's also why those services are cumbersome. They are easy to block from a firewall due to having known endpoints. I'm surprised that this is still an issue for streaming services. The easiest solution for them would be to have subscribers whitelist their own IPs and reject connections from others. (Hell, I'm sure they'd do it in a heartbeat if everyone had finished the IPv6 rollouts.) But even without IPv6, a simple app on a phone that IDs the subscriber's current IP address and that fails to run on a rooted device would be enough.
Ignoring that what you just said is the Open Source motto.....
As I have worked IT for a school district, I can vouch for the limitations. But often those limitations are placed by the programmers not the users.
As an example, There's absolutely nothing that prevents an wifi hardware from running WPA Enterprise (using EAP-TLS) instead of WPA Personal. From the user's perspective it's even easier to set up and maintain. As they don't need to remember a password, and kicking people off of their wifi doesn't require a covert operation to touch all of the remaining authorized devices.
The reason WPA Enterprise is not widespread isn't because of user ignorance, but rather the difficulty in setting up a new Registration Authority (to issue the TLS certs), the lack of agreed upon industry wide standards for getting those certs to the user's devices (See also XKCD), and a need to monetize said features by the industry. (Most special purpose devices don't support WPA Enterprise, and some require device specific configuration utilities which add nothing but complexity and cost. Chromebooks are an example here.) All of which could be fixed with a simple wizard / management page on a router and a willingness to allow the users control over their own equipment.
VPNs are no different. Hell they can even re-use that simple wizard on the router to set up certificates or just use the certs it makes. Make a few tweaks for auto port forwarding in the firewall and the same wizard could setup both a VPN and WPA Enterprise all in one go. But once again, this requires someone to make said user friendly wizard, and a willingness of the industry to support it. Neither of which is on the end users or their ignorance.
[ link to this | view in chronology ]
Re: Re: Re:
In my experience, having someone upzip an archive to the directory of their choice and then create a shortcut to to the EXE file, or plug in a new internal drive, is tantamount to asking them to perform brain surgery.
For years, various people I know have regarded me as a computer expert because I can do simple tasks and solve simple problems, and that always seemed strange to me because I'm far from an expert. A lot of things leave me scratching my head and there are whole topics that I know absolutely nothing about. However, I've come to the realization that if my computer knowledge is a 5-6 on a 10-point scale, the average person is at about 2-3.
[ link to this | view in chronology ]
Re: Re: Re: Re:
"However, I've come to the realization that if my computer knowledge is a 5-6 on a 10-point scale, the average person is at about 2-3."
I find the realization that today there are still people calling tech support looking for the "any" button. And I'm not surprised at all that every support I've had to contact for the last ten years or so is inflexible to the point of absurdity. Examples abound of what happens when a Luser or PHB gets to tell the techies what they want done to the poor defenseless system in their care.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[Edit typo]
"I find the realization that today there are still people calling tech support looking for the "any" button disturbing" that should have been...
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
Oh, did I forget to mention that after re-installing Windows 7, he neglected to install Service Pack or any other updates, so I had to help her do that? Then the next day she said that something wasn't working, so she used System Restore to undo the updates. Now her scanner isn't working, so she tried to install drivers for it and they complained that they require SP1. So I tried to help her install it again, but now it complains that something is preventing it from installing.
Gee, maybe it's the fact that she uses System Restore at the drop of a hat and trusts it to restore her system to a 100% identical state as it was when the restore point was made.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
Unfortunately, I have a friend who keeps asking me to solve problems for her, which I have no idea how to fix. She lives in a different country and recently a person there screwed up her system and then re-installed Windows. Now she has a ton of problems.
Half the local videos she tries to play in Media Player Classic won't play unless she reboots her system, then they play at first, but later won't play. Firefox no longer opens separate windows in response to clicking shortcut icons like she wants. Her MS Word autocorrect entries don't carry over from one document to another. And so on...
I don't have Word, I open everything in browser tabs, not separate windows, MPC always plays whatever videos it's compatible with. I have no idea why she's having these problems and no idea how to fix them.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
Ah, you're still dealing with that? Damn...
"Half the local videos she tries to play in Media Player Classic won't play unless she reboots her system"
I know this is probably a big ask for her, but did she ever try VLC? A lot of legacy players have issues with codec files and the like but I don't think I've ever encountered a file that VLC chokes on. In fact, even if the file is partially corrupt it will often play a portion of the file, whereas other player would refuse to play anything.
The other 2 problems just sound like file problems unless she's really missed the obvious. Firefox still has the option to open links in windows (just uncheck the box in the general options section), while the autocorrect thing could just mean a problem with the local dictionary file. From memory I think you can get around this by creating a new custom dictionary file and setting that to the default, but I'm on a Mac so can't really give you step by step.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
Unfortunately...
She hasn't recently, but she says she thinks she tried it in the past. I've been wanting to have her try it again, but we're never both in the mood at the same time to try it. The weird thing is that MPC only has a problem playing some of the videos, and only after her system has been running for a while. For me, it either plays a video or it doesn't, rebooting doesn't make a difference.
I think I had her try that, but it didn't do what she wanted. She has a bunch of shortcuts saved on her desktop that open various websites in Firefox. (why she doesn't just use bookmarks I have no idea). When she double-clicks them, she says that it used to open a separate window, but now it just adds tabs to an existing window. I was told about a config setting that may do it, but again, she hasn't been in the mood to try it.
It may be a setting in the "Auto Text" options.
She also can't get Service Pack 1 installed. We installed it once, she installed a bunch of other updates, ran into some problem and used System Restore to undo it all. Now it won't install again. In fact, she just used System Restore again last night to try and fix some problem. Her printer's scanner no longer works and she can't install the drivers without SP1.
[ link to this | view in chronology ]
Re:
As opposed to a VPN provider monetising you by collecting your Internet History. Either your ISP, or your VPN provider is in a position to collect your Internet history.
[ link to this | view in chronology ]
Re: Re:
Well, it's guaranteed that my ISP will monetized my internet history/data. And while I get that there are some scummy VPN providers out there, I'll take my chances with a more reputable one that I think is likely to honor what it says.
This seems like a throw the baby out with the bathwater situation, from what I'm hearing.
[ link to this | view in chronology ]
Re:
"Let me guess, this narrative is being pushed by ISP's, data brokers and others that would like easy access to tracking all of your internet searches/history."
Probably not. Ten years ago implementation of encryption of any kind was often suspect at best and most routers were even leakier sieves than they are today. Some browsers might as well have come with built-in backdoors given the way they handled https, and too damn many webpages were still on old plaintext http.
That said VPN's still have a great deal of use today. It just isn't ubiquitously necessary.
VPN's still have a lot of use but given their popularity in a world where governments compete to be the next DDR Caveat Emptor applies more than ever before.
[ link to this | view in chronology ]
Re: Re:
"It just isn't ubiquitously necessary"
I'd argue that they are still very much necessary, just not for the same reasons. It ultimately comes does to who you trust, and just because you can trust the site you're going to visit to give you a more secure connection than you has before, that doesn't mean you should blindly trust everyone else involved in that transaction.
[ link to this | view in chronology ]
Re: Re: Re:
"It ultimately comes does to who you trust, and just because you can trust the site you're going to visit to give you a more secure connection than you has before, that doesn't mean you should blindly trust everyone else involved in that transaction."
I recall "Trust, but verify" being the Word Of God way back when networking was just a bit newer.
It still receives as much respect as Caveat Emptor, though. I can still hear my old mentor in my first job - as a DBA - telling me that for the sake of my sanity I just had to recognize some people just couldn't be helped with any amount of advice and workarounds would have to be built to accommodate those...
[ link to this | view in chronology ]
But-but-but
How will I download all my illegal torrents without a VPN saving me from the BTF?
[ link to this | view in chronology ]
Re: But-but-but
Look, okay, there are a few relevant use cases. If you need your actual IP obscured, you do need one. If you're more afraid from your own ISP than your VPN provider for any reason, you do need one. But... that's pretty much it. And seriously, the way even somewhat respectable YouTube channels push these things presenting them like the quintessential "privacy/safety" panacea that they are certainly not really does make me feel like barfing any second...
[ link to this | view in chronology ]
Re: But-but-but
Citation for the idea that people do this on a regular basis. They're probably far more likely to use one to access a movie that on their existing Netflix subscription in a different country without being forced to pony up the extra subscription being demanded for it where they are.
[ link to this | view in chronology ]
Re: But-but-but
Get an account on a web-based torrent download site.
[ link to this | view in chronology ]
The bigger concern I have is just the unreliability of VPNs. A bunch of VPNs launch with deals like lifetime subscriptions for just x amount of dollars and that's not a sustainable business model, so the VPN goes belly up in a few years and without warning. The servers just go offline and the apps stop working.
TigerVPN is one example of this. Look at the Google Play store reviews for it: https://play.google.com/store/apps/details?id=com.tigeratwork.tigervpn
[ link to this | view in chronology ]
In my country, the government has mandated ISPs keep data on every (TCP,UDP) connection made. If we want privacy, VPNs are essential.
[ link to this | view in chronology ]
Re:
Now, who is that government going to find as a more interesting target for further surveillance, those who records can be accessed on demand if they want them, or those who are hiding their activity.
Hint just because the government demands that records are kept does not mean that they are looked at or searched. Basically you have to come to the attention of the government before they look at your records. Governments have bought into the idea that computers make big data useful, but most of the time all they see is a haysrack, and not the bits of hay that make it up.
[ link to this | view in chronology ]
Re: Re:
"Now, who is that government going to find as a more interesting target for further surveillance, those who records can be accessed on demand if they want them, or those who are hiding their activity."
That's a fallacious argument.
THIS^ is the way most intel agencies operate. A few years back in Sweden an electrician had been communicating with a customer re a job. He'd used technical jargon and explained his explosive migraine made it impossible to finish the job today. He and his wife woke to find their door kicked in and masked individuals aiming rifles at their children. Not an experience I'd wish on anyone and one where tragedy was averted by luck alone.
The safest is to not provide anyone the ability to read anything you send - because the algorithm flagging keywords can't read context. Your communications being unreadable may or may not raise eyebrows somewhere but they also won't risk triggering enough unfortunate keywords to have a message sent to the local SWAT team with your address and a Code Red assault order.
[ link to this | view in chronology ]
Re: Re: Re:
Which also assumes that you are not posting to a site that could also carry out keyword filtering, or somebody reading the post raise an alarm. If you want a private conversation use encrypted email, or and end to end encrypted messaging service.
[ link to this | view in chronology ]
Re: Re: Re: Re:
"Which also assumes that you are not posting to a site that could also carry out keyword filtering, or somebody reading the post raise an alarm."
True enough. The difference being that intel agencies are more likely to have a squid sitting on the backbone providers rather than the end points. The ISP will be the weakest link bar none for mass data collection. At least for web sites at end points you'll need to do some cross-queries before you can match the keywords against a user - hopefully precluding automated filtering triggering erronous escalation flags in anti-terror agencies, etc.
I'd say the current main points of vulnerability are still ISP's.
And if you're on a sensitive site you should probably not give away your real identity with an identifiable account or browser fingerprinting either.
Being utterly anonymous in all your doing is hard work. What you can do easily is to make sure you aren't feeding everything you do past PRISM, along with your real identity in a ready-bundled package.
[ link to this | view in chronology ]
Re: Re:
"Hint just because the government demands that records are kept does not mean that they are looked at or searched"
It also doesn't mean they won't be, and certainly doesn't mean that if they're searched that only those people legally authorised to search will do so. Take some time here to read up about government databases that have been compromised and law enforcement agencies using the presence of a cache of data to go on an unauthorised fishing trip if you don't understand the concerns here.
[ link to this | view in chronology ]
Theres some good vpns out there. Also journalist s may need to use a vpn to avoid government. Surveillance of human rights storys and for security and privacy. Some people need thier ip obscured for legit reasons
[ link to this | view in chronology ]
What is Sonic Breakfast Hours?
Sonic Breakfast Hours – Sonic Drive-In working hours changes from one location to another. Not all Sonic Drive-In restaurants work for the same breakfast hours.
Sonic Drive-In some restaurants are available all day long; some are open at 6.00 am, some other restaurants open at 7.00 am, the closing time is changed for all the Sonic locations, some closes at 10.00 am and others at 11.00 pm.
https://sonic-breakfast-menu.online/sonic-breakfast-hours/
[ link to this | view in chronology ]
I don't agree with the premise of the article shitty VPNs are causing the public to distrust them.
For that, you can blame shit companies like Disney, Amazon, and too many to name here who outright block them from granting access to their sites.
I still use a VPN, but my options grow limited by the day. It makes me wonder why I should continue with one when I'm constantly having to disable it just so I can buy a pair of socks.
If you want to put blame, do it right and where it belongs.
Fuck these companies for taking away my ability to use the internet safely while they convert me into a product.
Fuck them all.
[ link to this | view in chronology ]
Re:
"For that, you can blame shit companies like Disney, Amazon, and too many to name here who outright block them from granting access to their sites."
There's multiple uses for VPNs, one of which is to bypass geographical restrictions on content. While I despite such things and believe that they're a direct result of a massively outdated business model that dates back to a time when natural physical restrictions caused international licensing to develop in a certain way that has no place online, I don't necessarily fault sites for trying to block access to 3rd party content where such access may technically be in violation of said licences. They can go screw themselves when it's their own original content and they're introducing artificial restrictions themselves, but I can understand it when, say, Amazon has the non-US streaming rights for Picard and they might stand to lose that if they don't block access from Americans trying to bypass CBS's condition that Americans subscribe to CBS's streaming platform.
"I still use a VPN, but my options grow limited by the day."
I do wonder what options you're referring to. If it's the above problem with accessing streaming content, it's fairly trivial to disable your VPN for that specific usage.
"Fuck these companies for taking away my ability to use the internet safely while they convert me into a product."
You still have that ability, and it's a real problem if you pay for both the VPN and the things you're trying to access. But, as the saying goes, if you're not paying for one or all of the things you're trying to use, you are the product. Switch to using things where that's not true if that bothers you (although, with modern business practices who knows?)
[ link to this | view in chronology ]
Hi there! Long time listener, first time caller. I used to work for a consumer vpn provider and I can tell you from experience, the industry is awful. If you can move passed the obvious lies that many providers use, like “VPN protect you from hackers” (spoiler, they don’t) then you can start to see the really sneaky shit a lot of them pull. Weaponized SEO to hone in on incredibly sensitive topics that require a high level of privacy at the sake of an individual’s life, is a common tactic. For example, vpn that advertise that they can help people escape abusive relationships. Or, vpn that advertise secure communications for military personnel so they can stay in touch with their family. I have literally seen it all. There are some good companies out there that I believe are doing good work and are run by good people, but outside of Mulvad and TunnelBear (yes they’re owned by McAfee, who are idiots, but the people actually working on TunnelBear are great), I’m not sure if I would be comfortable recommending a provider (least of all the one I worked for.) if you’re genuinely worried about keeping your traffic safe from your ISP or whoever, spin up your own Wireguard based VPN and host it yourself. It’s fast, lightweight and fairly straightforward. Plus, you won’t be paying $5-$10 a month to a Russian oligarch, Pakistani secret police, Chinese government, Israeli intelligence company, or whoever secretly owns your current provider.
[ link to this | view in chronology ]
Bad providers, assisted by bad OS-Support
While there are certainly plenty of bad providers, better OS-Support would go a long way in improving security.
Unless VPN-support is properly implemented in the operating systems, providers have a great excuse to force the use of "VPN-clients" that seem to be specifically designed to open security holes on computers and phones.
[ link to this | view in chronology ]