Commenting on the US Congress’ Statement About Unsafe VPNs
Lately, we have been receiving requests from our users to comment on a particular recent United States congress statement. In this statement, two Democrats of the US congress (senator Ron Wyden and representative Anna G. Eshoo) urge action against problematic and unsafe actors in the VPN industry. They also list several arguments that, as they claim, represent “deceptive advertising and data collection practices”.
As a Virtual Private Network provider that prioritizes our users’ security and privacy and takes pride in our customers’ trust, we at VPN Unlimited would very much like to comment on the specific claims listed in the statement. But first, it’s essential to take into consideration the context of this statement - the Roe v. Wade debacle.
What Does Roe v. Wade Have to Do With Unsafe VPNs?
The letter with the statement in question comes in the wake of the Supreme Court's decision to overturn the US's decades-long protections for abortion. According to the congresspeople, one outcome of this decision is that people in states that criminalize abortion may turn to VPNs for privacy to protect their location history, browsing data, and even period tracking apps.
In this situation, Wyden and Eshoo warn about "false and misleading claims about their services" by unsafe VPNs, or even them "selling user data and providing user activity logs to law enforcement." These are pressing concerns that any abortion-seeker should consider if they live in states with criminalized abortion.
We would like to stress that the concerns above are certainly valid. Unfortunately, in this industry legit and responsible services are forced to coexist with unethical and unsafe VPNs. We at VPN Unlimited have always advocated for users to exercise all due diligence when choosing a VPN provider to ensure its credibility.
What Particular Points Do Rep. Eshoo and Senator Wyden Make in Their Statement?
The complete text of the letter can be found here. The blog format doesn’t allow us to address everything that the congresspeople say, so instead, we’ll focus on several key claims.
The Supreme Court decision is what’s brought VPNs into mainstream
While it’s certainly true that this event has given the industry a boost in the US, even before it billions of people all around the world used VPNs to stay private and anonymous and to secure their web traffic. Moreover, VPNs are prominent in countries with a much harsher legal climate and human rights conditions.
VPNs are a popular (and often the only) way to safely view independent information in authoritarian countries like China, Russia, Iran, etc. They allow you to access restricted content, regardless of how well it’s blocked. Any VPN that has been able to successfully and sustainably keep its users’ data and privacy safe in such difficult environments will certainly manage to do the same for the people of the US.
VPN reviews are often affiliated
That is true, unfortunately. It’s a common practice in the industry for large VPN providers to partner with reviewers, or even run their own review websites. This is an unhealthy situation that makes it significantly harder for common users to find a VPN worth its salt.
On the industry scale, this can only be changed by applicable authorities, such as the FTC. But for now, things that you as a user can do to verify the quality of a VPN provider are:
- Rely on customer reviews, e.g. on public platforms like app stores
- Cross-check reviews on different websites to see if everything checks out
VPN services use inaccurate information and hyperbolic statements in advertisements
Snarky that’s-how-any-marketing-works comments aside, this statement feels the least based to us. Sure, it’s easy to come up with examples of some unsafe VPNs misrepresenting their features. However, this hardly means that a significant number of VPNs do this - mostly because many VPN users are techies so they would have seen through any such false advertisement.
We’d also like to address the specific example that the two congresspeople provide - VPNs calling their encryption military-grade, “which doesn’t exist”. This particular statement is simply factually incorrect. As we explain in this piece, according to publicly available sources, the US Government adopted AES as its encryption standard. AES-128 is used for secret (unclassified) information and AES-256 for top secret (classified) information.
Unsafe VPN services can collect and abuse user data
That is true, there have been some cases of unsafe VPN services collecting user data and then either selling it to the highest bidder or leaking it. Users should give such untrustworthy VPNs a wide berth.
It mostly comes down to avoiding free VPNs, for those are usually poorly secured, low-quality, or simply make money selling user data. Also, if you see a VPN that’s been in business for years and has a spotless reputation, this is a clear sign that they pay attention to protecting their clients’ data.
While in this article we’ve argued with some more populistic statements, we welcome the initiative as a whole. It’s important to curtail deceptive and abusive practices and unsafe VPNs that resort to them. Such shady companies endanger users and besmirch responsible and scrupulous services, and without them, both the industry and users will win.