VPNs are pricey snake oil.

Consumers are getting scammed by misleading marketing.

I've never met a user with an accurate understanding of just how modestly, if at all, VPNs address their security & privacy concerns.

Time for the industry to get regulatory scrutiny.

The VPN industry nurtures the impression that they actually do things like:

- Stopping malware (NOPE!)
- Hiding you from tracking (mostly NOPE, remember cookies, etc?)

They soak consumers for millions while creating a false sense of security.

Everybody knows what VPNs work for: watching regionally blocked shows, etc.

Don't forget their starring role in censorship circumvention. (great!)

But the ongoing marketing-driven mass misunderstanding of what they do & don't do for privacy and security is unethical & harmful.

VPNs found a market because of other bad privacy situations salient to consumers:

They don't trust their ISPs. Often with good reason.

They don't trust advertisers & platforms either.

And they feel the tickle of surveillance as targeted ads follow them around the web.

Worried consumers are rightly unsure whom they can trust.

Enter VPN companies, who nurture & monetize the fear.

They have convinced masses of users to pay them to send traffic through servers that *they control.*

And provided rather limited value & transparency in return.

The VPN industry has created a mass of self-servingly biased security advice & guidance. And worse.

And it's leaving consumers worse off.

Try this experiment: google for VPN advice & take note how hard it is to figure out what the conflicts of interest are.

To be clear: this thread is about #BigVPN.

You know the names because you have watched a youtube video or listened to a podcast.

They are inescapable.

[I'm not talking about VPNs used in an enterprise setting, managed by your employer's IT team. Different animal]

High risk users (journalists, dissidents, politicians etc) also see #BigVPN's ads.

Like millions of consumers, they buy VPN services, concluding that this helps protect them.

And then they get hacked.

Sometimes I'm the person delivering the bad news.

It makes my blood boil.

We encountered just how badly #BigVPN had distorted users' security perceptions while focus grouping Security Planner.*

*A free expert-driven personalized online safety advice site.

We recently graduated it to the nonprofit Consumer Reports.
securityplanner.consumerreports.org

Working on @SecurityPlanner also meant getting mails from security advice sites... that refused to answer questions about who backed them.

I have my suspicions.

Did my thread make you want legit security advice? Have more qs about VPNs? Check it out.

securityplanner.consumerreports.org

Forgot to add: there are a handful of *good* commodity VPN players.

They communicate honestly, are transparent, and make an effort to educate their users & be corporate good citizens.

It must be incredibly frustrating for them to watch #BigVPN blast past in revenue & users.

I have a theory for why #BigVPN likes sponsorships & affiliates.

It's not just about audiences, it's about *avoiding liability.*

Creators..creatively pitch.

That may mean doing the dirty work of misinforming consumers.

But of course, it's arms-length from the VPN company.