So I was browsing the other day on Twitter and came across a tweet by Windscribe where they were closing down their affiliate program. I thought that was a mean move that would affect the promoters of VPNs. So I went ahead and read their article which made a lot of sense. With the recent developments in the VPN industry, their claims make more sense.
NordVPN and Surfshark VPN recently merged in a somewhat controversial, but expected move. This comes after a Surfshark repeatedly denying that they are the same company as NordVPN like 1000 times. It wasn’t a huge surprise when the two companies announced their merger, though the name of the new company is a bit of a head-scratcher. Cyberspace? In this article, this had been predicted way before the merger happened.
Anyway, the new company will be based in the Netherlands and it’s clear that NordVPN is looking to expand its operations into new markets. Surfshark, on the other hand, is a relative newcomer to the VPN scene but it’s quickly making a name for itself. The merger is a good move for both companies and it will be interesting to see how they compete against the likes of ExpressVPN and Private Internet Access.
NordVPN and Surfshark are just two examples of VPN providers that sponsor popular YouTubers to advertise their products while claiming they are “unbiased.” These companies, along with ExpressVPN, are responsible for the countless misleading VPN reviews that exist on YouTube.
The VPN industry right now is like the 1990s where many different companies that provided Internet service gradually bought each other up, and now we have a few large companies that provide service. Most people are unhappy with the service they receive from these companies. For instance in Canada, the telecom industry is similarly monopolized, and people are unhappy with the service they receive.
According to Windscribe in this article,
The VPN market looks something like this:
- Cyberspace – Owns NordVPN, Surfshark
- Kape Technologies – Owns ExpressVPN, Cyberghost, PrivateInternetAccess, Zenmate as well as VPNMentor (a top VPN “review” site)
- j2Global – Owns IPVanish, StrongVPN, ibVPN, SaferVPN, Encrypt.me, BufferedVPN along with a large number of tech publications
This article extensively covers the companies behind the top VPN providers and who is behind them.
There aren’t many businesses that are independently owned and transparently operated these days. Many of these stores will probably close in the future. And that’s bad news for us consumers.
Someone would ask, Why is this important?
- Data privacy
If the parent companies are actually located in Fourteen Eyes countries, which are typically high-surveillance countries, users’ data could be wide open to those governments. If they are in Russia, China, and other authoritarian or repressive governments, they are forced to provide their data to the governments on a default basis (as we discussed before in our Chinese surveillance analysis). The parent company may also be willing to sell user data.
Recently, US senators have planned an investigation into the foreign servers used to redirect traffic when using a VPN. Senators Marco Rubio (R-FL) and Ron Wyden (D-OR) noted the following PDF
- Data security
If a company you deal with is dishonest, it could lead to a lot of problems. If the parent company has been shown to have major vulnerabilities, or even include suspicious add-ons and possible phishing emails with malware, it could lead to user data being stolen or even their computers being hacked. This could include anything from credit card information to social security numbers, and would seriously impact the people who use the site.
Do you have a choice?
VPNs are services that allow people to browse the internet privately. Many people use them without knowing who owns and operates them, but this is by design. VPN companies often hide behind complex corporate structures that span continents to avoid taxes and make it difficult for consumers to know which VPN companies are owned by the same parent company. If someone decides they don’t want to use a VPN service anymore, they may have difficulty canceling their subscription and finding a replacement. That replacement may be owned by the same company as the VPN they just left.
This means that the companies mentioned above likely spend more on marketing than they do on operations, and they use a marketing technique called ‘re-targeting’ which requires companies to upload personal user data to companies like Google and Facebook. This means that if you cancel your subscription to NordVPN, you might start seeing ads for NordVPN everywhere you go on the internet.
There is more.
It can be argued that mergers are a bad thing, as they usually mean that corporations are combining their resources to eliminate redundancies, consolidate expenses, and have a bigger war chest when it comes to R&D, hiring, and marketing. However, in the VPN world, it usually just means more money for marketing.
Some companies are now offering other products, such as password managers, personal cloud storage, and email, that are not related to privacy. You should do your research to find the products that are best for you.
These are essentially clones of tools that are already well-known and well-tested, and you should be using them instead. You need to explore which items are most suited to their needs. But aren’t all of these services a repository for your most personal data and communications? It doesn’t get any more intimate than having a firm have access to all of your passwords, credit card information, emails, and much more private information you access over the internet. All of this is part of a firm that is organized like a Russian nesting doll and covers three time zones.
A VPN should never log your IP address when you use it. But email, password managers, and cloud storage do. These services contain highly sensitive data and require IP addresses to be stored for security. Storing IP info is not required for a VPN, and a good VPN wouldn’t store any personal data, to begin with. So, there should be nothing for a potential attacker to steal in the first place (although you should still secure your VPN account with MFA).
A single company should not have access to all of your online activities and all of your personal life. Especially a company with such a checkered and corporate structure that makes Google and Apple jealous in terms of how little taxes they probably pay.
So does that mean I stop using commercial VPNs?
Luckily, there are few “trusted” VPNs out here that are at least trying to do their job well. This does not mean they are 100% trusted, but most of their claims have been verified by experts and some of them are open source, so they are audited by the public.
As recommended by tech lore and privacy tools a few of these VPNs include protonVPN, IVPN, Mullvad, and Windscribe. Techlore provides a fantastic VPN tool kit to show how all this was tested and He even goes ahead to explain this in a youtube video.
Remember, besides the basic functionality of a VPN, which is by the way masking your IP address, and not keeping hackers away, as people (paid to promote the VPNs) would put, privacy is key. The HTTPS standard, which is becoming mandatory for sites does most of the things the paid guys claim VPNs do and so you should not be worried as much. And that is why guys like Techlore and Privacytools.io would labor to put such a list together. Their websites contain much more resources that explain these in detail. So you can check them out.
Privacytools.io has this warning on their website:
“Friendly reminder
Using a VPN will not keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic. If you are looking for anonymity, you should use the Tor Browser instead of a VPN. Don’t replace good security practices with a VPN service. If you’re looking for additional privacy from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you.”
So stop trusting random guys who come with threats on how you are in danger only for them to sell to you VPNs which do more harm than good.
Thanks for reading and don’t forget to leave a comment below on what you think. You can also check out other articles on privacy and security here.
