
Please stop using VPN services for privacy!
March 29, 2024
For many years, VPN companies have advertised their VPNs as a necessary tool for all people who want to preserve their privacy. For the same amount of time, I tried to explain to the people that this view made no sense if not for those company’s sales.
As an example, Onavo, a Meta subsidiary, used to advertise its services, highlighting that, among other advantages, using their product “protects your personal info”. This claim would not be a problem by itself, but it becomes one when a court finds out that this is not actually true and that new courts documents seem to indicate that the behavior was worst than initially thought.
I think it is crucial at this point to clarify what a VPN is and what it does. A VPN is simply a secure pipe from your system to the VPN server itself. This notion means the VPN protects your traffic from being intercepted up to the VPN server. Also, it means that the VPN server can see all your traffic passing by.
Considering this last aspect, the obvious question should be: how much do you trust the VPN server? I use a VPN connection frequently, but I personally control and manage my VPN server, so my level of trust in it is very high. On the other hand, if you buy a VPN service from a company, this company (or potentially other people delegated by this company) manages the server, so they can spy on your traffic.
Another aspect to consider is that a VPN protects your traffic up to the VPN server, but your traffic usually has some more bouncing to do to reach the final destination. The VPN does not protect all the bounces after the VPN server. Some of those bounches are mandatory steps to reach a service since they are very near that service, and therefore, wherever you connect from, you’ll go through them. Other steps are dependent on where you connect from. The most relevant dependent step is the first one, the Internet Service Provider (ISP), which provides the Internet connection to you (if you are connecting directly) or to your VPN server (if you are using a VPN). ISPs are often the control point for government taps, and in some areas of the world, they sell their customers’ traffic data to data brokers. Therefore, your data might be safer if you connect directly to the Internet in a country with strict rules prohibiting ISPs from selling data rather than using a VPN with servers in countries where ISPs can sell user data.
Another important aspect is that VPN service providers are not ISPs. Consequently, even in countries where ISPs can not sell their user’s data, VPN providers can since they are not bound to those rules. And, as far as I know, there is no country today where VPN providers are bound to stricter rules than those that apply to ISPs.
So, closing up this post, I want to emphasize that VPNs are as secure and trustworthy as the servers they run on, and sometimes even less if their servers are in places where it is easy for ISPs or the local government to over-reach.