Disclaimer: Partnerships & affiliate links help us create better content. Learn how.
It’s not the first time in recent months that I’ve seen reports in major publications like Tom’s Guide saying that virtual private networks aren’t particularly useful, despite the fact that the site in question has a section proudly devoted to reviewing and displaying the best VPNs.
Once again, I find myself writing a response to an article that is meant to drum up discussion, using evocative language like “snake oil” to make a point about misinformation in the VPN sector.
This time, it’s after presentations at the ShmooCon hacker conference on March 24.
“The term ‘snake oil’ is used to describe any worthless pseudo-medical remedy promoted as a cure for various illnesses. By extension, snake oil salesmen are charlatans who sell such fraudulent goods.”
the Pharmaceutical Journal
It’s a strong claim that is probably without merit considering VPNs do have their uses. In fact, the article itself notes that issues are more likely to be a case of misinformation, as many services only exaggerate in terms of what they can actually protect against.
“Lots of people use VPNs because they don’t actually know what they do,” said Yael Grauer, an investigative reporter at Consumer Reports. “People are spending a lot of money and still getting hacked, or they’re spending a lot of money for protections they already have.”
That’s a fair assessment, especially if the user thinks that a VPN will protect them from being hacked in all instances. (For example, if the victim inputs their password in a phishing scam, no VPN will be able to save them from the inevitable fallout.)
Regardless, the article notes that:
“Both Grauer and Troutman said that there are legitimate reasons to use VPNs, and that for the most part, the better-known VPNs do a good job of making your network connections more private.”
It’s another report that focuses on the excessive claims made by some VPNs, which does contribute to a landscape that is often filled with misinformation.
The VPN White Paper
Further evidence is provided via a linked white paper entitled: “Security and Privacy of VPNs Running on Windows 10”.
In 2021, Grauer and a team from the University of Michigan tested 51 consumer VPN service providers. She went on to complete a more extensive analysis of 16 major VPN brands.
The research concludes that a portion of providers do “accurately represent their services and technology” while offering helpful guides for users.
“Of the 16 VPNs we analyzed, Mullvad, PIA, IVPN, and Mozilla VPN (which runs on Mullvad’s servers)—in that order—were among the highest-ranked in both privacy and security. However, PIA has never had a public third-party security audit. Additionally, in our opinion, only IVPN, Mozilla VPN, and Mullvad—along with one other VPN (TunnelBear)—accurately represent their services and technology without any broad, sweeping, or potentially misleading statements.”
Protect your devices and data with a secure VPN like Private Internet Access.
So, as with many services, they rely on different levels of marketing, with some preferring to ensure complete honesty and transparency.
Tom’s Guide & VPNs
It’s somewhat ironic that Tom’s Guide has an extensive VPN review section and even includes an ad for Norton 360 Standard (which comes with a packaged VPN) at the bottom of the article.
If VPNs did nothing, why would the majority of large publications have sections of their websites devoted to dissecting what the latest and greatest have to offer?
On the other hand, it’s probably a good thing that they’re highlighting the limits of a VPN, especially given the connotations when using terminology such as “military-grade protection”.
As always, we’d advise against the use of free VPNs, a sentiment that is echoed by both Grauer and Troutman. In fact, they’d go so far as to avoid lesser-known services entirely, which makes sense if you’re looking for an audited provider.
VPNs & Snake Oil: Summary
There are numerous reasons why it makes sense to use a VPN, even if the Tom’s Guide article’s content brings up some interesting points.
Some of the claims made by providers are pretty outlandish but could be taken at face value by unsuspecting users.
One well-known VPN said, “your data will never be compromised” if you used it, Grauer documented in her white paper. Another VPN said it would “protect [you] from hackers and online tracking.” A third promised “absolute privacy on all devices,” and another guaranteed “anonymous surfing.”
It’s easy for me to point out that you won’t be “surfing anonymously” with a VPN if you sign into Facebook or use your Google account. Not to mention, mobile devices are arguably better at tracking and collecting data about a specific user than a computer ever was.
Marketing and advertising for VPNs can be excessive, but there’s no denying that they work in many scenarios.
So, no, VPNs aren’t “snake oil”, although it does make sense to be skeptical of the wildest claims made by providers. After all, many are desperate to get more users to sign up for their service by any means necessary.
Some of the best options like Mullvad and Private Internet Access are mentioned in the white paper, and they’re a great place to start if you’d like to get a feel for exactly what a VPN can or can’t do.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
The cookie is used by cdn services like CloudFlare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Analytics".
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Non-necessary".
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".