The high number of scammy providers and overall rise in encryption appears to have turned the public sentiment against virtual private network (VPN) VPNs, and whether most consumers actually even need one. As privacy scandals and hacks grew over the last decade, VPNs quickly emerged as a sort of mystical panacea, that could protect you from all harm on the internet. Of course, this resulted in a flood of VPN competitors who were outright scams, made misleading statements about what data is collected, or failed to protect consumer data.
The end result is a new trend in the press where about once a month we get a new story informing you that you probably don’t actually need a VPN. NBC News was the latest last week, pointing out that VPNs aren’t the panacea many people seem to assume:
“Most commercial VPNs are snake oil from a security standpoint,â€ said Nicholas Weaver, a cybersecurity lecturer at the University of California, Berkeley. â€œThey donâ€™t improve your security at all.”
Scammy VPN providers are a major reason for the shift. A Consumer Reports study last month took a look at 16 top VPN providers, and found that the majority of them misrepresented their products or their data retention practices, and many of the companies actually put consumer privacy at greater risk. Only a quarter of the VPNs looked at clearly indicated how long they retain user browsing and other data. The gold rush and regulatory apathy created an environment where the industry’s floorboards rotted out below it, creating products that actually put consumer privacy and security at greater risk.
Granted simple technical innovation is another reason why the VPN is no longer deemed essential. Most browsers implemented HTTPS, making the dreaded (and frankly often unlikely) scenario whereby a nearby coffee shop hacker hijacks the entirety of your finances no longer as much of a threat. There’s also (much to the chagrin of total surveillance fans in intelligence and law enforcement) greater encryption overall, and a parade of browser extensions and plugins that can help provide additional security. Now, you’re far more likely to be subject to a basic human engineering phishing attack, which a VPN won’t help with:
“Users now need to worry far less about being hacked by a fellow coffee shop patron than by a hacker simply sending an email from anywhere around the world to trick them into giving up their passwords and other sensitive information, she said.
Hackers â€œwould likely do a phishing attack on you before they would walk into a cafe with free Wi-Fi,â€ Hancock said. â€œSending people nefarious emails, itâ€™s much easier to do that kind of campaign. Those have been tried and true, unfortunately,â€ she said.”
That’s not to say VPNs don’t still have their function. The technology is still an essential security layer for governments, corporations, or others dealing with extremely sensitive information. But for many ordinary consumers, they’re more trouble than they’re worth, in no small part thanks to an industry that completely lost its soul at the data collection and monetization trough.