Maybe it's just me, but it feels like this is trying to scare people into thinking that the VPNs mentioned are doing this tracking on the sites you visit while using their VPN, when it's really only about the VPN's own website (which people usually visit only when they sign up). It doesn't explicitly say the tracking is happening while using the VPNs in question, but I would bet a large portion of readers assume that's what they're saying.
It really doesn't bother me if a VPN company uses trackers and other tools to optimize their own website, other than the fact that some third parties may have good reason to believe that a visitor uses a VPN if the person visited the VPN's website. That says nothing (or very little) about how private you are when actually using the VPN.
If the VPN company insists on tracking me to this extent when I'm on their website, why should I trust them to not track me when I'm using their VPN?
You would think a company whose core product is supposed to be about privacy would be extra careful to respect its customers' privacy on their own website.
> If the VPN company insists on tracking me to this extent when I'm on their website, why should I trust them to not track me when I'm using their VPN?
I think you make a valid point, but there's a difference between their sales pipeline and their actual product. These VPN providers are businesses, and they're trying to optimize their sales. What demographics are most interested in their products? How did they get there? Does Google Analytics (or Facebook, or similar) have profiles on people shopping for VPNs? Are there advertising patterns that could have better ROI for attracting users?
I'm not defending the ethics of major VPN providers -- they certainly don't all have stellar records -- but I would be surprised if any major SaaS company didn't track user behavior on their brochureware/sales pages.
> What demographics are most interested in their products? How did they get there? Does Google Analytics (or Facebook, or similar) have profiles on people shopping for VPNs? Are there advertising patterns that could have better ROI for attracting users?
Great. But being privacy-conscious organizations, the VPN providers are surely including a clear and explicit opt-in/opt-out to any kind of data collection. Right?
Valid point, but the e-commerce side of the business benefits immensely from these tools (I use FullStory every day for debugging, it's a life saver). I wouldn't say that simply having a replay script on your page is the scarlet letter the author of the post makes it out to be.
All of these VPN services lean really hard into the fear factor for marketing, and this article seems no different. Just identifying a minor worst-case risk on their competitor's sites, extrapolating that risk and hoping no one notices these are websites (not services), and bundling it up nicely in an SEO-friendly blog post. VPN services are notoriously suss when it comes to disclosure anyway, but they're largely marketing to the lowest common denominator of the privacy-paranoid.
Next week's cruft article: "Your VPN provider knows your IP address"
The whole article seems like almost entirely fluff to me. The real concern they posed, and the question they didn't actually answer for some reason:
Which VPN providers are using replay scripts on their website from services that don't properly exclude passwords, payment information, and PII from the replays?
That's actually worth reporting about. The rest seems like fearmongering.
Yes, you and I both recognize that they're only talking about the VPN's own websites, but I'd bet good money that a majority of less-technical readers (not HN readers) won't understand that distinction. It feels like the author knows that, and deliberately failed to point out the fact that the tracking in question doesn't affect a person's privacy while using the VPNs.
Case in point:
> Remember, these trackers are made so that they can track your online behavior, and follow you wherever you go on the internet. Having even 1 of them on your website really defeats any argument for ultimate privacy and anonymity.
Tell me that isn't trying to scare the reader into thinking the trackers can follow your activity while using the VPNs.
I see what you mean. A little bit of "reasonable ignorance" but full understanding on the author's side that people don't read full sentences (or long titles).
nonetheless, the research is still valuable. not very surprising that those antivirus companies with vpns have such huge numbers of trackers
I'm a technical person, and the title absolutely baffles me.
"Top VPNs Recording Users" <-- By itself, this sounds bad and forces me to read the article to get more info. Most people won't, and it muddies the water. Recording users implies that they are somehow recording the browsing history of people using their VPNs. This is the immediate connection a non-technical and technical person would make here. Let's be honest.
"Potentially Leaking Data When Visiting Their Sites" <-- What does this even mean. I am leaking what data, and how would I be leaking it to their site? Why is this pertinent and what does it have to do with them recording users? Are they recording users history and leaking it to their own sites?
So many questions, so much click-bait. The net result is that I had to waste time trying to figure out whether this article was correctly backing up what its title conveyed. I have now given them ad-views, trust the VPNPro website even less, and the web is less well off in general because some > 0 amount of people will start mistrusting VPNs and VPN-review sites.
I know it's the crucial part, that's why they included it in the title as an easy-out in case someone calls them out on their dishonesty.
I'd rewrite your example as below in order to more clearly illustrate how I view the VPN title:
US DoHS Keeping Track On World travelers movements, potentially leaking data when visiting the US.
Note the main title, then the comma, and then the minor clarification. Firstly, the "main" point is at the beginning so that's the one that has the most effect and evokes an emotional response that colors the entire reading. Secondly, the last portion is separated with a comma, adds two points, doesn't clearly state how it modifies the first part of the title and is also ambiguous on its own. It vaguely confuses that tracking happens when they visit the US with the interpretation that the tracking happens all the time but only leaks when they visit the US. It also allows your interpretation that they only tracking while they visit the US. The comma should at the very least have been an "and".
If we wanted a real title that wasn't click-bait, here is my stab at it:
Top VPN providers record website-visitor's click/browsing behavior on their sites, potentially leaking it to metric providers with various degrees of anonymization.
OR.
Analysis of User-Behavior Tools On VPN Providers' Sites. <- This last one shows we can have an honest internet that isn't driven by click-bait, and could instead rely on the integrity of publications and the authors.
> US DoHS Keeping Track On World travelers movements, potentially leaking data when visiting the US.
Even with you changes it still looks easy to tweak or turn into click bate. "Potentially" is a weasel-word, because even safe things could potentially go wrong.
"Every time you fart you spread germs, potentially infecting everyone in the room around you with cholera or other diseases"
With how much of the internet is over TLS, and the fact the you still have to trust someone, be they a VPN operator or ISP, aside from georestrictions and piracy, VPN services are mostly snake oil. It shouldn't be surprising that they're employing marketing tools to sell more of it.
As for them even selling privacy, while I don't trust major ISPs, at least there are more eyes on them. You generally have no idea who's operating a VPN, so even that's dubious.
> Any third party will behave this way. This is the behavior of businesses that need to increase their effectiveness.
It's really not the "third parties" to blame here for the most part. You can make a viable business from selling a VPN service in exchange for money with a contractual requirement that you be respecting privacy in particular ways, so that you can actually get in trouble for not doing it.
But when Shady VPN Corp. starts offering the "same" service for "free" under a different contract because they're logging everything and selling your data, and then all the customers go over there because who doesn't like a free lunch, whose fault is that really?
I hope that, by now, with all the research coming out about that, that people would have stopped using free VPNs by now. it's more than likely a big hustle to do something shady
> it's more than likely a big hustle to do something shady
Of course it is. But it's also the case that doing the opposite of whatever idiots do isn't necessarily smart.
It's like the thing where people say don't use Google because "if you're not the customer you're the product" but then the same people are pushing Microsoft products that not only charge you money but then still do the same thing as Google or worse.
If you're not paying them then you can guess how they're making money, but just because you are paying them doesn't mean they're not doing the same thing. You still have to read the fine print.
Quick summary — top vpn companies use the same trackers as most other when you visit the provider’s website to sign up or download. Says nothing about the actual operation of the VPN itself.
I block the website trackers anyway, so clearly I don’t approve of them. But TBF this has nothing to do with your experience as a customer.
Why the outrage? It's sometimes worth replaying a session to gauge your prospect's behavior and figuring out how to convert them. Also, for people who use a VPN, I would imagine the majority of them would be using an AD-Blocker / Tracking blocker in their browser to stop any attempt by the VPN company to spy on them.
That's likely true. I don't know if I'd call it "outrage" as just...useful information.
Like a live test of a theoretical concept. Privacy over marketing. At some point, they have to improve their offerings and user experience. But I wonder if they went for the quickest option out of the box (there are lots of shady third parties there) or if they considered doing something a bit safer based on their needs.
I know lots of marketers that want A LOT of tools and get A LOT of data -- and not really sure what to do with that data
They appear to be a group with a mission financing themselves with VPN services, as opposed to most other VPN providers, who're just there to make a buck, and wouldn't give two shits to the circumstances as to why a VPN would even be necessary.
Hell, I'm pretty sure, the guys at AirVPN are aware that working for their goals actually reduces their potential customer base, but the mission is more important, it just needs to be financed, and it appears to be going well.
Profit-oriented VPNs would probably (secretly) support legislation inhibiting digital freedoms to make more money.
Also, you can probably guess who's more likely comply with authorities in legal issues...
Find yourself a good VPN provider, worth staying loyal to, and save yourself from future headaches. When I first signed up on AirVPN, they were charging 54€ per annum, now, last I checked half a year ago, they have three-year plans for 45€. I wish them continued success!
On second thought: I understand that VPNs are jsut companies and they need to do proper marketing, testing, UX/UI improvements, etc.
but there's always such in-house/first party trackers like Piwik that i'm pretty sure these "good" VPNs in the list at the bottom with only 0/1 trackers are using
Yes, of course they do. Most governments probably run some tor nodes. The privacy gamble is that you only have privacy if the entrance node and exit nodes are controlled by different operators.
It really doesn't bother me if a VPN company uses trackers and other tools to optimize their own website, other than the fact that some third parties may have good reason to believe that a visitor uses a VPN if the person visited the VPN's website. That says nothing (or very little) about how private you are when actually using the VPN.