The biggest scam is that these companies call their products "VPNs" incorrectly to mislead you. A VPN actually has to have a PN that you join your client to in order to access other targets in that private network. Eg you're at home and you want to access your computer at work, so you connect to a VPN set up at your workplace. What these companies give you is just a proxy to the internet.
These products were called "proxies" back in the day, but someone realized "VPN" sounds more awesome and has "Private" in it so they started calling their products that. The only connection these proxies have to VPNs is that they use the same tech under the hood (OpenVPN, Wireguard, etc).
I agree that "private" here is strange, but if you VPN into a private network which happens to have a gateway for the default route... well, that's what these services are; and the term "proxy" was pretty much always operating at a much higher layer of the OSI stack, and so when you say "proxy" the assumption is you are talking about an HTTP CONNECT or SOCKS solution, not something that can give you an IP address on a remote network. Like, yes: the use case is backwards, but the tech is the same and the other terms are wrong.
I disagree with your take. These are VPNs because you are building private overlay tunnels on top of a public Internet underlay. Just because youre not using a VPN to tunnel into a private (e.g. RFC1918) network doesn't mean you haven't established a virtual private network over the Internet.
Also, these are not proxies. A proxy terminates a layer 4/7 connnection from the user, and established its own layer 4/7 connection to the destination, fully man-in-the-middling the connection. When one is using these widely advertised VPN services, there is no layer 4 or 7 proxy^. Rather, the gateway at the VPN PoP is NAT'ing traffic at layer 3.
^IME, many of these services also provide an HTTP or SOCKS proxy, but that's not what a user is using when they have an app on their phone or thick client on the desktop.
Some VPN providers actually provides a virtual network address, so I guess it still counts as a network (albeit an isolated one).
I think a better description is: those companies are using a small set of VPN features to run proxy business.
BTW: In Android OS, if you want to intercept and redirect network traffic, you must(I guess??) use a component called android.net.VpnService(1) introduced in Android 4. Maybe this is what inspired those companies to name their product a VPN. Just a guess of course, but the timing is roughly a match.
Like I said, it's VPN tech under the hood. But just using VPN tech does not make you a VPN, no more than joining two bricks together with cement makes a house. You need to connect lots of bricks in the shape of a house before you can call it a house, and you need to connect machines into an actual private network before you can call it a VPN.
Absolutely. The misinformation in this space is risking yet another greater amount of lives now than it was before. It's OK for those of us in countries with freedoms afforded to us by democracy. It's a nightmare for those who aren't.
I don't think there's anything nefarious around the use of VPN by these services. That's just what they ended up being called because they're using VPN client software and VPN technology to enable the connection. Proxies are different. If someone was providing a Proxy service and calling it a VPN, that would be a scam (although a pretty silly one, imo). Also Proxy services do currently exist, and they have no issues calling themselves a proxy.
Also I setup plenty of "real" VPN connections for businesses that tunneled 100% of internet traffic through the central office, because they wanted to be able to do DPI, etc.
Most VPN companies also just offer OpenVPN configs for download. Not doing that is imho a great indicator their client might be doing a bit more then it should.
It should be noted, that for some of the providers, the OpenVPN configs they provide and their clients actually do different things.
The ones I've dug into do seem to all setup VPN networks with their clients, but some of them do something extra to special case some major media services. You'll see little oddities, like the webpage for disneyplus.com being routed through some special IP, no doubt to work around a block, which the content CDN requests are left to load through the normal VPN connection. The OpenVPN config file does none of this.
On top of this, how they get these IPs that are unblocked, is ... questionable.
Agreed, it’s really dubious how hard ExpressVPN, ProtonVPN, and others are pushing their closed source binary clients. They are not just a convenience wrapper to download config files, there seems to be something more involved. The paranoid in me wonders if it’s some sort of phone-home mechanism so they can identify you if needed or if they are trying to inject ads at layer 4. It really stands out compared to the VPNs that invite you to download and review all of their client and server config files.
I can understand that a couple hours of support can really eat into the margins - but in the same breath the vast majority of users are down to just download the binary client and be on their way - it’s only a small percentage that want to do things low level and we probably aren’t going to need help from support beyond downloading the configs if they are hidden on the website.
Expressvpn actually has the openvpn file as well on their website (for devices their client doesnt support). Although using the IP (instead of the url) in it lead to problems for me since it switched regularly in the subnet. So every few weeks i had to update the file as well as my IpFire config.
In all fairness they also do some reasonable stuff with the client, like blocking your internet connection if you get disconnected from the VPN. But yes, didnt use the client either.
Windscribe have unlimited devices. I think a lot of VPNs know that it's a bullshit tactic to sell more accounts but can't turn that revenue down. They know first hand that people will share accounts rather than just purchase a new one but limiting devices takes that option away.
How is that a scam? The customers - which are probably not extremely technologically savvy - know that they're buying a proxy, even if it's called something else. That's more of a linguistic drift than anything else. If there's a scam here (and there probably is...), this isn't it.
This isn't true for all VPN providers though. There are public VPN providers (Mullvad). Where each of your devices gets its own internal IP on their network and you can use it just as a typical VPN. It's just that most people don't use it that way.
I wouldn't be so sure... if you poke hard enough at the interface some of these VPN clients create, I think you might find more than just the open internet.
No, just speculation based on the gap between skills required to market a successful VPN business, and skills required to implement a secure and private multi-tenant overlay network (not to mention the ethics required to do so honestly).
some years ago i ran a vpn service together with a friend. we had the second skill set you mentioned, but not the first.
we didn’t overhype the privacy aspect (and would in fact explain what _wasnt_ private about vpns, not that anyone was interested in listening) and primarily existed to serve a customer base for other reasons.
it was a good experience, but it went nowhere really. but i did quickly figure out that almost every large vpn provider out there has more of the first skill set you mentioned.
You should just use them for masking traffic on your local network (but not the VPN provider, or their data center, or their ISP), your ISP (but not the VPN provider, or their data center, or their ISP), appearing to come from a different location to the service you are trying to reach, circumventing rate limiting (don't be surprised if you find someone else has already used your VPN's IP for this). And that's it.
None are better than the others for greater privacy such as in lawsuits, warrants, possibility of data being tapped at the data center location, assurance against logging, or protecting you from a criminal indictment. There is no way to prove that any VPN is good for privacy except for their own claims, even if you find a court case that was stonewalled in a way that matched the privacy claims that only is about that particular point in time, you have no way to know about the present or at any point in the future.
Yes, this includes your favorite VPN, that you read about on your favorite blog, or was mentioned by your favorite most trusted youtuber. No, their claims about being in a bunker in Switzerland doesn't increase the viability of their claims.
And yet, looking up VPNs on a search engine are only going to get you these affiliate marketing websites, harping on and on about all the privacy benefits of some particular one thats doing things oh-so-differently.
I don't think Tom Scott ever promoted a VPN product in a YouTube video. He's actually quite selective with his brand deals. From his contact page regarding ads:
* If you're asking about pay-per-click or pay-per-lead advertising, the answer will be no. Please don't ask.
* I do not review products or apps.
* I am unable to accept sponsorship from apps or games that contain microtransactions or gambling.
> I wrote a more honest advert for VPN services and I found a company that was willing to sponsor the video. Unfortunately they kept asking for changes, and we disagreed on those, so at the last minute, I have had to blank their name out.
I feel like these have gotten better over time. The pitch used to be that your ISP was spying on you, now the pitch is that you can pretend to be in a different country. That's closer to the truth. (But of course, everyone has the list of VPN exit nodes and just blocks them. I wonder if any of these VPN services are actually peer to peer, so that your IP is an exit address for people that want to pretend to be in your country. The legal liability sounds staggering, but I guess that's why you set up your company in some country that doesn't care, accept crypto for payments, and hope for the best.)
> I wonder if any of these VPN services are actually peer to peer, so that your IP is an exit address for people that want to pretend to be in your country.
It is not quite peer-to-peer, but not as hidden as you might think. Nord and few other vpns that provide so-called 'residential IPs' are doing this in the background. You have to dig a bit into the T&Cs of the agreement before you find the little clauses that let them use your computer as an exit node.
I do use a VPN exclusively to watch geo-locked television. They have specific connections for particular services,
Which they (I assume) monitor and maintain so they don’t get blocked for long.
I have a Raspberry Pi with OSMC where I installed the plugins for several online services. My friends hate my setup. Sure, you can watch anything you want if you know what you want to watch, but it sucks for browsing the catalogues to see what's available. I also get interrupted once a month when a new Widevine version is released, which takes ~10min to download and install.
And then there's the language issue: if the movie/series is not in a language I speak I need to spend 10-20 minutes hunting for subtitles. That means: download a subtitle, check that the starting time matches (or tweak it manually), skip ahead to ensure that they remain in sync (good luck not getting spoiled while, simultaneously, checking that the subtitles make sense with what's happening on screen), moving everything to the right directory...
All of this is second nature to me so I'm not bothered, but I can totally understand paying a fee for a single-click interface.
> I wonder if any of these VPN services are actually peer to peer, so that your IP is an exit address for people that want to pretend to be in your country.
Hola VPN used to sell access to your connection as an exit node (for web scraping etc..) under the name Luminati. I haven't looked into this in many years. Luminati appears to have been renamed to Bright Data[0] and on the surface appears to be doing the same thing.
My biggest issue is they always go with the claim you can watch Netflix etc from other countries but I can’t even watch Netflix for my own country with Express or Nord VPN as it detects them and won’t allow it. These are the two most advertised VPNs and it’s blatantly false advertisement.
region locks are such an absurd leftover from the entertainment industry, and likely at least in part because they’re not going to improve the systems they put in place to hypercharge folks based on country/local market effects, etc. Really all I have to say it’s just stupid to have them in the streaming age unless you’re pulling in the checks.
I would not like to "just" fire up a digitalocean, AWS or a Raspberry pi. Something reliable enough for a daily driver, no-logging, and a speedier experience from a user in a corner in India.
I have used ExpressVPN but then they exited. I had the opportunity to used ClearVPN for a while, OK but too many bells and whistles. I think I also got IVACY in some discount sale for 5-years. This one just kinda works and I might actually stick to this if nothing bad happens.
I had had tried Mullvad for a few months but was slow from India (2020-ish).
I'm not worried and am not hiding anything from any country's 3-letter institutes. However, I like have one handy that I can go in as my bubble to feel comfortable in.
https://perfect-privacy.com if you're from Europe (they have most of their high bandwidth servers with good peering in Europe).
They've been raided multiple times (and are used by a lot of criminals - I think it's actually a good indicator when fraudsters trust your privacy service).
Mullvad. It's fast for me and I like their approach (honesty, ethics etc. - I don't use services that manipulate, lie, etc. for that I am happy to pay for services that directly write about their pros and cons).
Tried that in China. Didn't work. It's OK when we're in the west but in any country that blocks the internet or censors it you're in trouble. Shadowsocks used to be my go to in China when the AWS trick got killed.
Mullvad is very good. I was on a trip recently where I needed a VPN and decided to try it out after someone I trust recommended it. It didn't ask for any of my information; allowed me to download a wireguard config so that I didn't even need other clients; and it was the first time I was actually able to pay for something useful with crypto.
They are quite good with nice general tutorials. Took a look at their openvpn ones when i was still at another provider. You can also sign up with leaving little data and they have been around for a while. I also never saw a mullvad ad, i think they live by (imho earned) word of mouth.
Thats not to say that they are perfect, your experience may vary with your use case, but in general i havent seen anything to complain about. Not something you can say about many of the other providers.
IMO Restore Privacy [1] is a reliable source for VPN recommendations. For what it's worth, I use Surfshark and am very happy with them (except the lack of a kill switch in the CLI app and the lack of a Linux GUI client).
They were bought up for around a billion dollar from the Israeli company kape technologies (formerly called crossrider). Who also own CyberGhost VPN and Private Internet Access. Screams data mining to me. Then again, i like my tinfoil hat.
On a side note, crossriders former CEO and cofounder having worked at https://en.wikipedia.org/wiki/Unit_8200 in the past. Left long before the takeover though.
edit: With both expressvpn and PIA being among the most widely publicized providers that had their servers seized for non cooperation.
So in layman's terms: "we looked at a bunch of ads, and found that a bunch of them are making bullshit claims". I mean yeah....that is what advertising is: exaggerated, nebulous, or otherwise evasive if not outright false claims.
This may be accepted in US culture, but it's not the norm everywhere. Many countries have a culture that advertising should be truthful and not deceptive, backed up by laws and enforcement. e.g. https://www.asa.org.uk/
> Many countries have a culture that advertising should be truthful and not deceptive
Truthful advertising is an oxymoron, like saying 'peaceful wars'. The only difference in sectors where there is ostensibly more regulation is that the lies are not something concrete like hard figures, but more abstract, like creating the illusion that a product will bring happiness.
It's a spectrum, right. You could make an ad that says "Acetaminophen cures headache symptoms for most people and has minimal side-effects. Don't take a ton of it because then you'll die". That would still increase sales of the drug and I think it's entirely truthful.
I'll say in the defence of advertising that it doesn't need to be a pack of lies. There are countries where it is illegal to publish false information.
That said, Y*tube is not to be trusted as a source of information. When people mistake entertainment for democracy, they are living in Plato's cave.
"Audio version of this research paper available for the hearing-impaired, brought to you by Raycon and Auidble. Get 30% off your next pair of earbuds, and your next 3 audiobooks on us with code SELLOUT"
I've seen Sabine Hossenfelder do a few NordVPN ads in her videos and I don't think she's an idiot.
To be clear though, this isn't a judgement about VPNs or me saying I trust her and so I'll buy that VPN. It's more that as long as the product isn't something too crazy, most content producers will probably happily take the ad money because they need to eat.
While on the topic of NordVPN... a few months ago I was looking to get a little bit of podcast marketing going for my project and spoke to the person responsible for ads on a comedian podcast I like. It's one that is pretty small and would've been affordable for a small operation like mine, but it turned out that NordVPN was already in negotiations to buy out the next year of ads and that was that.
> ...and sometimes
emphasize accessing otherwise unavailable content.
I am most certainly not a lawyer, but I find it hard to imagine that the bolder VPN adverting wouldn't surely rise to the level of tortious interference given they seem to actively induce viewers to actively work around streaming geo-blocks contrary to user agreements
These products were called "proxies" back in the day, but someone realized "VPN" sounds more awesome and has "Private" in it so they started calling their products that. The only connection these proxies have to VPNs is that they use the same tech under the hood (OpenVPN, Wireguard, etc).