Maybe it's just me, but it feels like this is trying to scare people into thinking that the VPNs mentioned are doing this tracking on the sites you visit while using their VPN, when it's really only about the VPN's own website (which people usually visit only when they sign up). It doesn't explicitly say the tracking is happening while using the VPNs in question, but I would bet a large portion of readers assume that's what they're saying.
It really doesn't bother me if a VPN company uses trackers and other tools to optimize their own website, other than the fact that some third parties may have good reason to believe that a visitor uses a VPN if the person visited the VPN's website. That says nothing (or very little) about how private you are when actually using the VPN.
If the VPN company insists on tracking me to this extent when I'm on their website, why should I trust them to not track me when I'm using their VPN?
You would think a company whose core product is supposed to be about privacy would be extra careful to respect its customers' privacy on their own website.
> If the VPN company insists on tracking me to this extent when I'm on their website, why should I trust them to not track me when I'm using their VPN?
I think you make a valid point, but there's a difference between their sales pipeline and their actual product. These VPN providers are businesses, and they're trying to optimize their sales. What demographics are most interested in their products? How did they get there? Does Google Analytics (or Facebook, or similar) have profiles on people shopping for VPNs? Are there advertising patterns that could have better ROI for attracting users?
I'm not defending the ethics of major VPN providers -- they certainly don't all have stellar records -- but I would be surprised if any major SaaS company didn't track user behavior on their brochureware/sales pages.
> What demographics are most interested in their products? How did they get there? Does Google Analytics (or Facebook, or similar) have profiles on people shopping for VPNs? Are there advertising patterns that could have better ROI for attracting users?
Great. But being privacy-conscious organizations, the VPN providers are surely including a clear and explicit opt-in/opt-out to any kind of data collection. Right?
Valid point, but the e-commerce side of the business benefits immensely from these tools (I use FullStory every day for debugging, it's a life saver). I wouldn't say that simply having a replay script on your page is the scarlet letter the author of the post makes it out to be.
All of these VPN services lean really hard into the fear factor for marketing, and this article seems no different. Just identifying a minor worst-case risk on their competitor's sites, extrapolating that risk and hoping no one notices these are websites (not services), and bundling it up nicely in an SEO-friendly blog post. VPN services are notoriously suss when it comes to disclosure anyway, but they're largely marketing to the lowest common denominator of the privacy-paranoid.
Next week's cruft article: "Your VPN provider knows your IP address"
The whole article seems like almost entirely fluff to me. The real concern they posed, and the question they didn't actually answer for some reason:
Which VPN providers are using replay scripts on their website from services that don't properly exclude passwords, payment information, and PII from the replays?
That's actually worth reporting about. The rest seems like fearmongering.
Yes, you and I both recognize that they're only talking about the VPN's own websites, but I'd bet good money that a majority of less-technical readers (not HN readers) won't understand that distinction. It feels like the author knows that, and deliberately failed to point out the fact that the tracking in question doesn't affect a person's privacy while using the VPNs.
Case in point:
> Remember, these trackers are made so that they can track your online behavior, and follow you wherever you go on the internet. Having even 1 of them on your website really defeats any argument for ultimate privacy and anonymity.
Tell me that isn't trying to scare the reader into thinking the trackers can follow your activity while using the VPNs.
I see what you mean. A little bit of "reasonable ignorance" but full understanding on the author's side that people don't read full sentences (or long titles).
nonetheless, the research is still valuable. not very surprising that those antivirus companies with vpns have such huge numbers of trackers
I'm a technical person, and the title absolutely baffles me.
"Top VPNs Recording Users" <-- By itself, this sounds bad and forces me to read the article to get more info. Most people won't, and it muddies the water. Recording users implies that they are somehow recording the browsing history of people using their VPNs. This is the immediate connection a non-technical and technical person would make here. Let's be honest.
"Potentially Leaking Data When Visiting Their Sites" <-- What does this even mean. I am leaking what data, and how would I be leaking it to their site? Why is this pertinent and what does it have to do with them recording users? Are they recording users history and leaking it to their own sites?
So many questions, so much click-bait. The net result is that I had to waste time trying to figure out whether this article was correctly backing up what its title conveyed. I have now given them ad-views, trust the VPNPro website even less, and the web is less well off in general because some > 0 amount of people will start mistrusting VPNs and VPN-review sites.
I know it's the crucial part, that's why they included it in the title as an easy-out in case someone calls them out on their dishonesty.
I'd rewrite your example as below in order to more clearly illustrate how I view the VPN title:
US DoHS Keeping Track On World travelers movements, potentially leaking data when visiting the US.
Note the main title, then the comma, and then the minor clarification. Firstly, the "main" point is at the beginning so that's the one that has the most effect and evokes an emotional response that colors the entire reading. Secondly, the last portion is separated with a comma, adds two points, doesn't clearly state how it modifies the first part of the title and is also ambiguous on its own. It vaguely confuses that tracking happens when they visit the US with the interpretation that the tracking happens all the time but only leaks when they visit the US. It also allows your interpretation that they only tracking while they visit the US. The comma should at the very least have been an "and".
If we wanted a real title that wasn't click-bait, here is my stab at it:
Top VPN providers record website-visitor's click/browsing behavior on their sites, potentially leaking it to metric providers with various degrees of anonymization.
OR.
Analysis of User-Behavior Tools On VPN Providers' Sites. <- This last one shows we can have an honest internet that isn't driven by click-bait, and could instead rely on the integrity of publications and the authors.
> US DoHS Keeping Track On World travelers movements, potentially leaking data when visiting the US.
Even with you changes it still looks easy to tweak or turn into click bate. "Potentially" is a weasel-word, because even safe things could potentially go wrong.
"Every time you fart you spread germs, potentially infecting everyone in the room around you with cholera or other diseases"
It really doesn't bother me if a VPN company uses trackers and other tools to optimize their own website, other than the fact that some third parties may have good reason to believe that a visitor uses a VPN if the person visited the VPN's website. That says nothing (or very little) about how private you are when actually using the VPN.