If you visit some of the largest tech media publication on a regular basis; you may have come away with the impression that you must “protect yourself” with a shared Virtual Private Network (VPN). All the media sites have plenty of recommendations for which service you should chose. They don’t seem to have much of an understanding about how VPNs work or what threats they may protect you against, however. So, why is the tech media obsessed with VPN services?
VPN services do have some legitimate uses especially when you’re out and about and must connect to an unknown and untrusted Wi-Fi network; like the network at an airport or café. The best possible security strategy is to avoid connecting to unfamiliar Wi-Fi network unless you absolutely have to.
The thing about VPN services is that you have to place an inordinate amount of trust in the service provider. When you use a VPN service, you tunnel all your traffic through to their network. You’re encrypting your local traffic to protect yourself against a theoretical local network-snooper and putting much of your data in the hands of an industry which hasn’t done much to deserve customer trust. VPN services has repeatedly been found to violate that trust by selling data on their customers’ online activities to third-parties.
It’s easier for many VPN service providers to spy on your complete traffic — including much of your encrypted web traffic — than it would have been for a potential local attacker. You have to trust your VPN provider more than a random network. You have to install the VPN provider’s software and grant their root certificate absolute trust on your device. This level of trust enable them to impersonate any websites; including HTTPS-secured websites.
When it comes to VPNs: the cure for potentially insecure networks can be worse than the potential risk you expose yourself to by using them.
So, why do large tech media companies recommend you “protect yourself with a VPN” and suggest that VPNs provide absolute and impenetrable online anonymity and privacy (even though no such thing is possible)? They’re often just echoing the marketing materials available on the VPN services’ websites.
Advertisements for VPN services are competitive and they can be very valuable to websites. I’ve called out PCMag in for not clearly disclosing that their VPN coverage featured affiliate partner links that yielded sales commissions to PCMag. In that article, I included a table showing just how profitable these partner programs can be to websites like PCMag. Selling one VPN subscription can give reoccurring revenue for as long as the referred customers keeps renewing their subscription.
VPN services are quite cheap and you can sell them to people located anywhere in the world. It’s a great money-maker as the VPN services are essentially reselling bandwidth from basic servers with easy-to-configure software. All their affiliate partners need to do is to sell a subscription by scaring people into believing they’re a likely target of a sophisticated and targeted attack. Accompanying the article with some dark-cyber-hacker-esq graphic like the feature image for this article doesn’t hurt either.
Don’t get me wrong: it can sometimes be beneficial to use a trustworthy VPN service. You probably don’t need one, though. You should stop and think about the motivations of the article author when you’re seeing anything overly positive written about VPN services in general and especially recommendations for any particular VPN provider.