The Lies of VPN Service Providers

Privacy, anonymity, and security is the main concern for an online user. Many VPN service providers claim that their service helps the user protect their privacy online, and they also help them achieve anonymity; these are the lies of VPN providers.

Let’s take each claim into consideration and analyze the fact behind it.

VPN Service Providers Claim # 1

Your IP address is exposed.

Websites can use it to identify you.

IP address 2Now, look at these two VPN service providers; they both claim that I am at risk, and the entire world is tracking me or looking into what I am doing online.

This is a bogus claim or misinformation; I am connected to a competitors VPN server at this time. According to their claim, I am protected if I am using their service; otherwise, I am naked in the world.

VPN server Let see the fact. Your ISP assigns the IP address dynamically; if you are using X IP at the moment, then you will be using Y at some other time. This is 2020; the IP address is a small fraction of the techniques they use to track people online.

What if I log in to Youtube while using VPN; they won’t track me? They have already placed their cookies on your computer, and they know who you are?

Tracking companies are not interested in tracking devices anymore; they track people, habits, and online activities.

What if I modify or delete my cookies? They have advanced techniques like browser fingerprinting, behaviors pattern recognition system, and many others.

Service Providers Claim # 2

No-log VPN service

Technically and logically, it’s not possible. Consider the surveillance eyes.

These are the alliances between countries to implement global surveillance successfully. These surveillance alliances work together to collect and share mass surveillance data with each other. This network has been spying on people for decades.

According to a law in the UK; internet service providers and telecoms have to record browsing history, connection times, and text messages.

A similar program in the US is called the PRISM. And the same goes for Australia and other countries.

So, the VPN service providers registered in these countries are legally bound to maintain logs and to hand-over these logs to authority when asked.

What if a company is registered in PANAMA? Even if the company is not registered in the mentioned countries, they have their servers in these countries because they are the famous and well-known IP or locations to connect to. Having a server in US means you are following the law of the land.

Service Providers Claim # 3

Network Encryption

Service Providers Claim # 3The service providers claim that the user’s data is secure using encryption and the Govt, ISP, and hackers can’t sniff or see the data you are sending.

Even if we consider that VPN encrypts the data which it does; this encryption is between the user and the server; since VPN works as a client-server model; it encrypts the data between the client and the server, and once the information gets out from the VPN server; it becomes open.  And, it can be sniffed here.

The fact is that everyone uses the TLS or transport layer security, which enforces the encryption; the laymen term is SSL or https. I am sure ordinary people don’t use the ftp or any other plain text protocol to transfer their data. So, at the end of the day, the data is encrypted even if you don’t use the VPN provider.

Yet we have many technicalities to discuss here; what sort of encryption are they using?

What about the pre-shared keys; If the hacker has access to the same VPN network you use, they can also retrieve PSKs keys and decrypt your browsing data, placing the man in the middle attacks.

Think about the IP leakage, DNS leakage, and many other vulnerabilities in the VPN service.

All the discussed facts are the rebuttal of the VPN service providers claim. But, there are some situations where you can, or you should use the VPN. But, not for these mentioned reasons because they are the false claim.

When & Why You Should use VPN

  • You should use VPN if you use a public network, let says; hotspots in Airports, Cafes, or public buildings. But, still make sure to use HTTPS connections.
  • You can also use VPN to access the Geolocked content. For example, you want to see your favorite channel unavailable in the country you are traveling to or residing in.
  • You can also use the VPN to access the private network, which is the VPN’s core purpose, or this is what the VPN is designed for. If you want to access your office internal network from your home; you should use a VPN; or if you are traveling and want to access your home network.

The VPN technology itself is not bad; it serves a purpose and solves critical connectivity problems, but the VPN providers’ claims are just marketing gimmicks. The VPN is not designed to make you anonymous or secure your privacy. Your thoughts?

Irfan Shakeel
Irfan Shakeel, the founder of ehacking project, he also hosts cyber security training classes at EH Academy. He has discovered many vulnerabilities in the famous platforms (like Google, Dailymotion, Harvard University & etc.). He specializes in Network hacking, VoIP pentesting & digital forensics. He is the author of the book title “Hacking from Scratch”.

Most Popular

What Makes ICS/OT Infrastructure Vulnerable?

Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and...

Everything You Must Know About IT/OT Convergence

What is an Operational Technology (OT)? Operational technology (OT) is a technology that primarily monitors and controls physical operations. It can automate and control machines,...

Understand the OT Security and Its Importance

This article discusses OT security and why it is essential for protecting industrial systems from cyberattacks. We will also discuss common control objectives that can...

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...