VPNs have become an indispensable tool for privacy-minded denizens after Edward Snowden revealed the monumental scale of global mass surveillance. As security experts continue to advocate the use of VPNs – and governments step up online policing – millions of people turn to VPNs for protection.

The “control what you fear” mindset urges corporations, data brokers, and governments to seek control over the VPN industry. If imposing that control is impossible, authorities restrict VPNs. Staying on top of the legislative, geopolitical, and corporate news that affects online privacy is critical if you are a VPN user.
A VPN isn’t just for accessing streaming services but also for work, freedom of speech, and privacy. So, state and private entities will continue to seek ways of imposing their control on the open, uncensored, free Internet without borders.

One of the most glaring cases of a corporate crackdown on VPNs is Netflix. The world’s largest film and TV streaming provider heavily invests in blocking VPN users from accessing its content. The company relies on a long outdated geo-based distribution model that divides its users into tiers. US-tier users have access to a significantly larger repository of Netflix content than everyone else. Subscribers based in other countries can only access the content Netflix makes available in their country.

Not only the availability of content is tiered by country, however. Pricing varies from country to country. Case in point – Australia, where the streaming giant hiked the prices by up to 20%. Not only do Aussies get access to less content, but they also get to pay more than the US users. By aggressively blocking all VPN users, Netflix also cuts out a significant number of US ex-pats living or working abroad and well-intentioned customers who use VPNs for privacy.

As a result, many VPN providers found some of their IP ranges blacklisted by the streaming service even before they were active. Industry experts believe Netflix blocks IPs from certain organizations by default. Some suspect Netflix also caps the number of logins from a given IP address. When that limit is exhausted, it blacklists the address, too.

Unsurprisingly, VPN providers report a lot of their shared IP addresses have been blacklisted. What that means for casual VPN users is even if a VPN successfully bypasses the Netflix VPN guard once, there is no guarantee it will happen the next time. Many – if not most – VPN providers advertise access to Netflix US as one of their bait features. In reality, however, more and more VPNs get blacklisted, and adding new servers provides only a short-term remedy.

First, the Chinese and then the Russian government announced their plans to block the use of VPNs. Given the history of blocking free speech and monitoring their citizens, the governmental crackdown on VPNs in these countries comes as no surprise.

China censors many websites, including YouTube and Twitter, so Chinese denizens rely on VPNs for basic freedom of speech. But now, the Chinese authorities order the national ISPs to block VPNs starting in February 2018. In the future, operating a VPN in China without a corresponding telecommunications license would be a criminal offense. Already, Apple has removed some of the VPN apps from its App Store, while people get prison sentences for distributing access to Virtual Private Networks in China.

Russia may not block access to Twitter, but its censorship is of gargantuan proportions, too. When state- and corporate-owned media are corrupt, the anti-government opposition relies on the Internet and social media. So, the Russian government chose to emulate the Chinese approach to Internet censorship and ban the use of VPNs and other anonymizing technologies as of November 2017. Human rights and anti-censorship organizations express concern that these events are the shape of things to come. Governments worldwide increasingly monitor and censor the Internet activities of their citizens and citizens of other countries.

From Iran to the South and North Koreas, from Saudi Arabia, Syria, Vietnam, and Yemen to Cuba, India, and Turkey, VPNs get banned. Many hope the VPN ban in Russia and China may be temporary measures, but it’s clear governments are developing a growing appetite for online policing.

The concept of privacy online might become extinct if Western governments adopt the same approach. On a side note, many corporate and state players act discreetly. Instead of imposing draconian VPN bans that cause mass outrage, they take control over VPN services to monitor user activities. Case in point – Hotspot Shield.

Security experts blacklist all VPN providers based in the 14 Eyes countries because of data retention laws and mass surveillance in these countries. So, decent US businesses with great work ethics end up at the bottom of the list for privacy-minded folks.

Making matters worse, the recent news of a US-based VPN Hotspot Shield snooping on its users does a bad favor to all American vendors. A privacy advocacy group Center for Democracy and Technology (CDT) filed a 14-page long complaint to the Federal Trade Commission against Hotspot Shield for violating its own Privacy Policy.

While promising complete anonymity, the VPN provider allegedly engages in systematic intercepting, tracking, and collecting of its customers’ data. The CDT and Carnegie Mellon University conducted a profound investigation of the providers’ practices and discovered that Hotspot Shield logs connections and monitors customers’ browsing habits.

Moreover, according to the research, the service also redirects online traffic to partner websites and sells users’ data to advertisers and data brokers. In the world of VPNs, such discovery is a death sentence. More so with the provider injecting Javascript code via iframes for tracking and advertising purposes.

Reverse-engineering of Hotspot Shield source code found that the VPN deploys more than five third-party tracking libraries. If that does not sound bad enough, the apps were found to disclose sensitive data such as names of wireless networks, device IMEI numbers, and unique identifiers like Media Access Control addresses.
These findings cast a shadow on the VPN industry as a whole. Since privacy and encryption are the current buzzwords, opportunistic and downright malicious parties are jumping on the bandwagon. Offering great deals and promising complete anonymity online, they do exactly the opposite.

A research paper by Commonwealth Scientific and Industrial Research Organization (CSIRO) all but destroys the niche of free VPN apps for mobile devices. Having studied 283 free Android VPN apps on Google Play, Australian researchers found that:

  • 75% use third-party tracking libraries
  • 82% access sensitive data such as text messages and user accounts
  • 38% are malware (spyware, trojan, adware)
  • 84% expose users’ real IP via IPv6 DNS leaks
  • Four apps intercept user traffic sent to secure HTTPS connections

Governments step up blanket surveillance; copyright trolls hunt down torrenters; corporations track and profile users worldwide. So, users turn to VPNs en masse. A sharp spike of interest in VPNs has given rise to a horde of opportunistic and malicious companies exploiting the trend. To filter out such ill-intentioned providers, consider the following:

  • Steer clear of free VPNs – if the VPN is free, the provider profits from selling your data.
  • Reputable VPNs do offer free services – but they are extremely limited because they aim to entice users into subscribing to the paid plans. If an offer sounds too good to be true, it most likely is.
  • Due diligence – always research a provider as you would research a car dealer. Read the bestvpn.org reviews, search for user feedback, and scrutinize providers’ Terms of Service and Privacy Policy.

Chances are you’ll blacklist many providers during the research stage.