> What's wrong with VPNs? Seems like the tamest thing to sell in terms of ethical impact.
Well, for starters the actual "security" that is often promised from these services is WAY overblown. You are already very secure browsing the internet using https. The TLS standard grants a huge amount of security that doesn't allow for snooping from a MITM.
So, when they start saying "everyone needs to do this to be safe". That's simply a boldface lie.
Your security when going through a VPN is from using https. If you are unfortunate and get a less than scrupulous VPN you might end up with them adding themselves as CAs (yes, some VPNs do that). That allows them to crack and access data within the secure stream.
Most of these VPN services are also trying to get you to do DNS with their DNS servers. Again, a major potential privacy leak problem.
> That's what a security app needs to properly protect you
VPNs aren't anti-virus software and any VPN selling that should be EXTREMELY mistrusted. You are right, they can only provide that sort of service by decrypting your secure payloads. That is where all the scamminess comes into play.
Certainly not every VPN service is bad, but I'd have an inherent mistrust in one that has both a cheap fee and the seemingly endless budget to advertise everywhere on youtube. They are getting money from somewhere and I doubt it's from grandmas signing up for the service.
> Most of these VPN services are also trying to get you to do DNS with their DNS servers. Again, a major potential privacy leak problem.
The privacy problem is most people using Google's DNS servers in the first place. A VPN is unlikely to keep your browsing history out of Google's hands when you're sending them a record of every domain you visit, when, and how often.
A VPN service is basically saying "Trust us more than you trust Google/your ISP" and that by necessity means giving them your DNS traffic as well.
> I'd have an inherent mistrust in one that has both a cheap fee and the seemingly endless budget to advertise everywhere on youtube. They are getting money from somewhere and I doubt it's from grandmas signing up for the service.
They make a lot of their money from file sharers (some of which are also grandmas). The VPN will keep your ISP off your back and the MPA/RIAA at bay.
I assume most VPNs like that are being monitored (if not outright operated) by the NSA or some other three letter agency. It's fine if you're just using the VPN for regular browsing or to torrent TV shows though because they're not going to spoil their honeypot over something so trivial and the VPN's success at keeping pirates safe builds their reputation as a secure service.
Also these services used to call themselves proxies, which is what they are. At some point they co-opted the term VPN because "Private Network" makes for a good soundbite, even though it has nothing to do with what VPNs are actually used for (a network disconnected from the internet except via the VPN gateway). Of course they'll counter by saying they use VPN tech under the hood (OpenVPN, WireGuard).
>VPNs aren't anti-virus software and any VPN selling that should be EXTREMELY mistrusted.
My impression is that it makes browsing wifi networks you don't trust safer. I just let it happen, but I have a few friends who really hate having to connect to any public wifi. That seems to track with how most of the marketing goes when it's focused more on interceptions while traveling instead of on your home network. (And yes. I'm aware this is more equivalent to adding a door lock when a competent hacker has a crowbar and a window right next to it. Sometimes it's about preventing the incompetent ones).
I didn't mean to liken it to ant-virus per se. But the concepts are the same. Anything you choose that needs elevated permissions better be something you go through a fine-toothed comb with and have a stellar reputation. But without naming names, it seems a bit overly alarmist to name all VPNs that dare advertise as scams.
>They are getting money from somewhere and I doubt it's from grandmas signing up for the service.
it may very well be that. It's the same old subscription service virtually every company in the world does. "sign on for this super cheap fee!". Then you keep it around and then normal ratea happen after X months. Then you just keep using it or even forget about it and that's easy steady revenue.
It's dishonest, but in an apathetic sort of way. Not a malicious one. The solution is simply for a consumer to actually watch their banking statements.
Well, for starters the actual "security" that is often promised from these services is WAY overblown. You are already very secure browsing the internet using https. The TLS standard grants a huge amount of security that doesn't allow for snooping from a MITM.
So, when they start saying "everyone needs to do this to be safe". That's simply a boldface lie.
Your security when going through a VPN is from using https. If you are unfortunate and get a less than scrupulous VPN you might end up with them adding themselves as CAs (yes, some VPNs do that). That allows them to crack and access data within the secure stream.
Most of these VPN services are also trying to get you to do DNS with their DNS servers. Again, a major potential privacy leak problem.
> That's what a security app needs to properly protect you
VPNs aren't anti-virus software and any VPN selling that should be EXTREMELY mistrusted. You are right, they can only provide that sort of service by decrypting your secure payloads. That is where all the scamminess comes into play.
Certainly not every VPN service is bad, but I'd have an inherent mistrust in one that has both a cheap fee and the seemingly endless budget to advertise everywhere on youtube. They are getting money from somewhere and I doubt it's from grandmas signing up for the service.