Millions of people turn to virtual private networks (VPNs) for protection online, but these same tools may expose them to privacy and security risks, according to a new investigation.
In a report based on a six-month-long investigation, Digital Citizens Alliance and White Bullet “found that many VPNs have a dubious track record that includes breaking promises to safeguard their customers’ privacy, engaging in shady efforts to woo potential customers, and associating with entities in the dark underbelly of the Internet known to target users for harm.”
The report cited a striking incident in 2020 where seven VPNs allegedly left the data of approximately 20 million people unprotected on a cloud server — data they claimed not to be collecting. Incidents like this emphasize the importance of choosing VPNs carefully, as using some VPNs may come at a high cost to privacy.
Despite lofty promises of anonymity and privacy, not all VPNs live up to their words. “Users may not realize that their VPN provider logs their online activities,” the report said. “Free VPNs may make money by selling that data to third parties.”
A Conflict of Interest
Most users rely on online reviews when choosing a VPN service, but the report noted a potential conflict of interest with some VPN review sites. In 2021, Kape Technologies, the owner of ExpressVPN, acquired several VPN review sites, raising questions about the impartiality of these platforms.
While ExpressVPN insists the review sites and their editorial teams adhere to “impartial editorial standards,” the report described the connection between these VPN review sites and VPN providers as “disconcerting.”
The report also detailed a troubling link between VPNs and piracy sites, noting that while some VPNs claim to protect privacy, they advertise on sites that violate users’ privacy. “The investigation found that VPN providers spend an estimated $45 million annually advertising on piracy platforms,” the report said.
In a statement to the researchers, ExpressVPN denied buying ads on piracy sites, explaining that while it rejects torrenting/piracy sites as affiliate partners, it’s possible some sites “slipped through the cracks by hiding under a sub-affiliate network.”
Meanwhile, NordVPN questioned the researchers’ assertion that VPN providers spend $45 million annually to advertise on piracy sites, describing it as a “false statement.”
“It is also important to mention that in theory, there might be a small window between the appearance of infringing ad and us spotting and blocking the infringer, but these are minor cases,” NordVPN said in response to questions about ads for its service on piracy sites.
Informed Decision-Making
For users, the takeaway is clear: “research and carefully consider” the options before choosing a VPN.
Last year, U.S. Senators urged the Federal Trade Commission to crack down on bad actors in the VPN industry, noting that it’s “extremely difficult for someone to decipher which VPN service to trust.”
VPNOverview firmly believes that trustworthy VPN services are important for a free and open Internet. We recommend assessing each VPN service thoroughly and opting for providers that offer a money-back guarantee.
Our VPN reviews are based on extensive, hands-on testing of the features, security, and performance of VPN services. And we frequently update our reviews based on new tests and the latest developments. Check out our guide to the best VPNs for a rundown of our top-rated VPN services.
For more news, follow us on X (Twitter), Threads, and Mastodon!
