The abuse of consumer data is nothing new. With ongoing revelations that data collected by social media networks and search engine services has been breached by hackers or sold to third parties, people have become weary of the trustworthiness of companies to protect their data from being misused or sold to third parties.
Acquiring user data has become incredibly lucrative, and analysts forecast that the big data analytics market will exceed $200 billion by 2020. The International Data Corporation (IDC) claims that as of 2017, information-based products had doubled the remainder of product portfolios for nearly one in three Fortune 500 companies.
All of this translates into raw data and other user content being bought and sold in an effort to monetize data as an increasingly important source of revenues. And the IDC projects that 180 zettabytes of data will be created worldwide in 2025, dwarfing the estimated 10 zettabytes created in 2015, meaning the opportunities to create ways of capitalizing upon data collection are perpetually on the rise.
The Privacy Paradox
The concern consumers face with an unscrupulous VPN provider comes from the fact that when a user connects to a VPN they begin to send all of their network traffic through that particular provider. Where you are in the world, everything you search for, say, do or even think (yes- big data can actually predict what you are thinking) is now in the hands of that VPN provider.
As a result, these providers have the opportunity to see, log and potentially even sell a great deal of data about their customers. This tempting “opportunity” has led may VPN companies who market themselves as the protectors of internet privacy to in fact be selling their customers out.
Creating Consumer Advocacy for VPN Customers
When looking for a reputable VPN provider, it’s important that customers learn to identify red flags about the ways companies operate before making any decisions.
To make this easier, Golden Frog recently partnered with the Center for Democracy & Technology (CDT) to create “Signals of Trustworthy VPNs,” which serves as a list of questions to help consumers assess the reliability, basic security and usability of VPN providers before they make a selection.
Transparency about data collection
It’s vital that VPN’s are upfront about their methodology and what they do with customer data they have access to as a company. Do they only share customer information in completely encrypted channels?
They should be willing to showcase who owns and operates every facet of the service they’re providing, which not only includes the parent company but also any subsidiaries they own that may have access to the data that they collect.
For example, does the service work with third-parties, own affiliate sites, or make money by practicing data mining?
Why disclosing third parties matters
Any VPN service that actively uses third parties risks compromising the protection of their consumers from potential data breaches and other cyber vulnerabilities. Companies should make their logging practices crystal clear. If they do log, and most do, they should be actively disclosing what kind of data they keep, how long the records are kept, and for what purpose they have logged the data.
Some providers actually own and operate their own “third party” review websites, creating a conflict of interests by stacking the cards favorably for themselves.
The key way to sniff this out is to see if they have praised a single provider over the competition consistently across the board, or if they – usually in very small print that’s difficult to locate – admit they receive compensation for what are effectively sponsored reviews.
Can a VPN provider verify that they’re No Log?
The term “No-Log VPN” or “zero log vpn” are thrown around as buzzwords by the Internet privacy industry. Unfortunately, these claims are usually more of a marketing gimmick than the honest truth.
Some VPN companies may not log data themselves, but they do rent their servers from third-party companies or use a hosting service that does log customer data. Because the third-party providers perform the actual logging, the VPN company is able to claim they don’t engage in the unpopular practice. If this sounds deceitful, well, it’s because it absolutely is.
Often lost in the fine print, consumer’s miss the part about agreeing to allow for their data to be repurposed or resold without their consent. Companies are legally allowed to say they don’t log even if they work with a third party who does log, so having this knowledge in mind is key to making an informed decision.
VPN providers should constantly be evolving themselves
VPN companies should be investing in upgrading their companies in preparation for the future. A provider should make it a core company value to be at the forefront of all best practices in matters of security, because it is literally the very purpose of their existence to ensure a customer’s data is in safe keeping.
Internet privacy is more vital today than ever before, particularly for regions of the globe subjected to harsh censorship and oppressive government control of Internet access.
Knowing what red flags to look for and understanding common tactics many companies use to manipulate data given to providers by customers will help VPN consumers make informed decisions about which VPN providers to trust with their own online privacy. We call on all VPN providers to adhere to the questions put forth by CDT, ensuring a safer Internet experience for consumers everywhere.
Liz Kintzele is the Vice President of Revenue at Golden Frog, maker of VyprVPN. Liz has been with the company since its inception and is passionate about privacy, security and access to a free and open Internet.
She is focused on building relationships with like-minded companies who share Golden Frog’s vision for the Internet, as well as expanding the platforms where Golden Frog services are available.