If you visit a couple of the largest tech media publication on a regular basis, you may have come away with the impression that you absolutely have to “protect yourself” with a shared Virtual Private Network (VPN) provider at all times. All of them have plenty of recommendations for which service you should subscribe to yet they don’t seem to have much of an understanding about how VPNs work or what threats they may protect you against. So why is the tech media obsessed with VPN services?
VPN services do have some legitimate uses especially when you’re out and about and absolutely must connect to an unknown and untrusted Wi-Fi network like the network at an airport or café. The best possible security strategy is to avoid connecting to unfamiliar Wi-Fi network unless you absolutely have to.
The thing about VPN services is that you’ve to place an inordinate amount of trust in these services. When you use a VPN you tunnel and route all your traffic through their network. You’re encrypting your local traffic to protect yourself against a theoretical local snooper or attacker and putting much of your data in the hands of an industry which hasn’t done much to deserve customer trust, and who has repeatedly violated that trust by selling data on what their customers do online to third-parties.
It’s easier for many VPN service providers to spy on your complete traffic — including much of your encrypted web traffic than it would have been for a potential local attacker. You’ve to trust your VPN provider more than a random network. You’ve to install their software and grant their root certificate absolute trust on your device. This level of trust enable them to impersonate any websites; including normally secure websites over HTTPS.
When it comes to VPNs: the cure for potentially insecure networks can be worse than the potential risk you expose yourself to by using them.
So why do large tech media companies recommend you “protect yourself with a VPN” and suggest VPNs provide absolute and impenetrable online anonymity and privacy (even though no such thing is possible)? They’re often just echoing the marketing materials available on the VPN services websites.
Advertisements for VPN services are competitive and they can be very valuable. Full disclosure: the ads on this article are likely to be valuable as I’ve mentioned the keyword VPN more than a few times, and there’s an non-ironic inline advertisement block next to this paragraph.
I called out PCMag in for not clearly disclosing that their VPN coverage featured affiliate partner links that yielded sales commissions to PCMag. In that article, I included a table showing just how profitable these partner programs can be to websites like PCMag. Selling one VPN subscription can give reoccurring revenue for as long as the referred customers keeps renewing their subscription.
VPN services are quite cheap and you can sell them to people located anywhere in the world. It’s a great money-maker as the VPN services are essentially reselling bandwidth from basic servers with easy-to-configure software. All their affiliate partners need to do is to sell a subscription by scaring people into believing they’re a likely target of a sophisticated and targeted attack. Accompanying the article with some dark-cyber-hacker-esq graphic like the feature image for this article doesn’t hurt either.
Don’t get me wrong: it can sometimes be beneficial to use a trustworthy VPN service. However, you should stop and think about the motivations of the article author when you’re seeing anything overly positive written about VPN services in general and especially VPN provider recommendations.