| I can't help but shake my head at this whole argument. For literally years I've been telling people that a VPN run by a third party does not enhance privacy or security, but because the consensus is "VPN = secure" it's a losing battle, and I sound like a tinfoil-hat-wearing loon. Most VPN services are not designed to provide privacy or security, and if you have a subscription to one, that's probably not the reason you bought it either. They're designed to provide the minimal amount of traffic hiding required to allow you to pirate TV/movies/video games without getting in trouble or hitting blocked URLs. And it works, or you wouldn't still have the subscription. Now, as both the buyer and the seller need a non-shady cover story, they describe hiding your suspect downloads as "security and privacy" - it's not utterly inaccurate, but it implies far more than what's happening. The problem with the narrative is that it makes laypeople think they are "more secure" when using a VPN, when in reality, the opposite is true. As an example, when I perform a Google search, my traffic is encrypted over SSL, so my ISP can't see that. My ISP can see the domain name of the result I click, and a VPN would mask that from them. But now a new third party (the VPN provider) can see that instead. This makes sense if you're downloading pirated media (as the VPN service doesn't care), but the buyer is in effect trading: 1) An ISP, which is in most western countries heavily regulated, with legal commitments to auditing and your privacy (just not from law enforcement). for: 2) Some computer somewhere that is run by an utterly unregulated company or individual that may or may not know how to configure OpenVPN correctly and that you don't know anything about, other than they run a shady business based on allowing you to download pirate files on the internet. Also they're not at all regulated or audited, and may not even be in a jurisdiction that requires them to protect your data at all. Given this trade-off, trusting a VPN to do a better job of protected your privacy than an ISP seems like madness to me, given that they could easily sell whatever information they have on you on and there's nothing you can do about it (and you'd likely never find out). It may not even be a crime depending on where they're located. There's arguments for VPN in preference to unsecured Wi-Fi, but in reality, how often is that an issue? How many scenarios are there where you can't use mobile data instead? (And even where/when you can't, you still have all the downsides above which may or may not be better). |
Most VPN's raison d'ĂȘtre is providing privacy. If it's publicly known that they don't then that kills their business.
An ISP is tasked with connecting prior to the internet, they don't make claims about privacy, they can reveal information about clients without necessarily putting anyone off, most of the clients for large ISPs have probably never heard of a VPN.
If a VPN wanted to they could get audits by pen-testers to warrant their ability to provide secrecy.
A VPN provider that's been around a while and claims to offer a high level of privacy probably does.
Slight aside:
>My ISP can see the domain name of the result I click, and a VPN would mask that from them. //
There was a paper a little while ago, they directly identified pages by mitm-ing HTTPS by using meta-data (page size alone IIRC). Success was something like 80%.