The Dark Side of the VPN Industry – Are all VPNs to be Trusted?

Bestvpn.co September 28, 2018

For users, VPNs are their saviors from all kinds of threats online, but are all of them committed towards protecting your privacy or are they playing against the rules of the game? Let me walk you through all such dubious VPN services which alarmed me and compelled me to write down this post on the Dark Side of the VPN Industry!

Prologue:

Technology has always been intended to be the subservient sidekick of mankind, aiding its efforts to grow and realize its potential even further. But what most people fail to realize often is that, technology, is the quintessential double edged sword, which can bring us as much harm and destruction as it can make our lives better.

Einstein and his thought experiments were never meant to lead us to the development of the atomic bomb, which is the most destructive physical weapon ever invented, but here we are in today’s world, contemplating on how can we end this menace. But such realizations only dawned on us, after we used them on the two Japanese cities that still bear the scars they got from those balls of fire that rained from the sky.

And despite such lessons throughout history, we have still failed to make notice and make amends on how we can be more proactive in controlling the flow of destruction from the tools we created for our benefit.

But irrespective of how powerful nuclear bombs are and how spectacularly horrific the thought of one exploding remains, the damage these weapons of mass destruction can cause remains limited to a certain geographical limit. But, man is funny creature as it never stops to amaze itself on how it can go on to create things which might look useful and benign, but they are used to harm human themselves by some of the most criminal minds amongst us.

The internet, when you look at it first, looks like the perfect dream. A place where you can access anything. From chatting with your friends to knowing about who won the elections in Uganda and from checking the stock price of Apple on Wall Street to buying that latest watch from Amazon, the internet is the ultimate power in the hands of the ordinary human.

But, what most people don’t realize when on the internet is that their seemingly harmless activities can land them in some serious trouble if they fail to stay protected.

VPNs and their role in protecting users:

Your activities on the internet are a goldmine for people with enough interest if they can secure access to it.

Hackers can rake in some pretty good moolah just by slipping in to your data packets and knowing about your sensitive financial information like credit card details, PayPal account credentials etc.

Your ISP can inspect your data packets to get hold of your personal internet surfing habits and then sell that data to advertisers.

Even the Government is not far behind in this as there have been many instances of massive surveillance programs undertaken by them, in order to gather data on citizens in a means to control them.

The only thing standing between our privacy on the internet and these data usurpers is VPNs.

VPN or a Virtual Private Network is a tool whose primary aim is to protect us on the public internet by extending a secure cloud over our internet connections through a mix of security technologies like military grade encryption and privacy ethics like an explicit zero logs policy.

By enabling a VPN over your internet connection, you can hide your online identity and ensure that your data and internet activities are not meddled with, but is that really the case?

Not quite and that’s because, with a high experience of being associated with the VPN industry in the recent few years, I can say with authority that this industry definitely has a dark side, which most users are highly unaware of.

And in this defining blog, I aim to bring out this unseen aspect of the VPN industry before a wider audience so as to let them understand the scope to which this industry has been infiltrated by criminals and other entities, that under the garb of working and providing services in the industry, are serving some intriguingly nefarious purposes.

The HoneyTrap VPNs:

VPNs are, by their industry’s authority, exceedingly trustworthy for users. This is akin to you seeing some security guards on the side walk of your house. You wouldn’t suspect them of being dangerous, but feel more safe in their presence.

But can’t it be the case that a criminal is hiding in their midst, who aim is not to protect but harm with that Gun? Definitely possible, but most of us don’t think this way and that’s the biggest defense these HoneyTrap VPNs have in operating freely in the industry.

But what exactly is a HoneyTrap VPN? I coined this name after I saw a movie of the same name back in 2014. While the movie itself was flimsily executed but it did perpetrate a very important, but often ignored concept of our times, that is luring people in to seemingly harmless, even beneficial things, only to dupe them later on.

HoneyTrap VPNs work on a similar premise. Users often go to VPNs in order to acquire more privacy over their internet connections or to achieve other aims like unblocking geo-restricted websites and support for secure Torrenting. And to the untrained eye, many of the VPN sites out there might give off a feel that they are providing a service like no other.

Replete with marketing gimmicky language, flashy pricing plans, some great designs and logos, these VPN websites look like your average VPN providers who are out there to provide you access to the internet in safer, more secure manner. But, they are in actual, honeytraps, in that they lure people in over the pretext of providing a VPN service but are usually committing some unethical activities that can harm the user exceedingly.

The unethical activities include data mining by way of monitoring people’s activities online, implanting tracking codes in their devices, using your device as a node in a bigger system of bitcoin mining etc.

I actually was quite unaware of the magnitude of this problem until I downloaded a seemingly harmless VPN Android app by a service known as EasyVPN. I am a reviewer, so I need to test things out before I can get down towards writing about it. EasyVPN was on my to-do list as I believed that I had not given Android VPN apps their fair share of reviews, so this ordeal began.

easy vpn honeytrap

This activity, which I indulge in so frequently with similar VPN services, cost me so badly that I was unable to use my Samsung S5 Phone for 2 minutes straight. Embarrassing pop-ups from mainly outlandish porn sites kept coming up and if jogged on too fast with my mobile, I would be left with my device hanged.

easy vpn android app

It then dawned on to me that this app was infested and before doing any research of my own, I went online and checked whether it was actually the VPN app that did all of this or some other app. But my suspicions rung true when I saw a research that had labelled this app as the second most malware infected VPN app on the Play Store.

android affected app

But its not just a rare one or two VPN providers that are doing this, rather, its kind of the other way around these days as most VPN providers have been reported to be HoneyTraps.

The Magnitude of the Problem:

Facebook. This name sounds familiar doesn’t it? And why should it be that way. After all, this service has over 2 billion user globally, which means that if Facebook were a country, it would be the world’s most populated country by at least a billion people.

And everyone knows that Facebook is a massive service and if it does something, then it is not inconsequential. From the Whatsapp acquisition to the Cambridge Analytica Scandal, Facebook has been leading the awakening on the importance of data in serving all kinds of purposes.

But does a lot of people know that Facebook has a VPN of its own? Yes, that’s true. Named Onavo, this VPN service is owned and operated by Facebook since its acquisition in 2013.

Onavo From Facebook

However, Facebook was not so successful in this attempt of its to mine even more intricate data from users through this VPN service and that’s mainly because of the vigilance of privacy experts and authoritative VPN users that didn’t let Facebook to continue with its surreptitious activities with Onavo.

The service has since become infamous due to this very association and Facebook has stopped work on it. There will even be no updates rolling out in the future as well. However, the website is still alive and kicking. So, Facebook has not renegaded on this avenue to mine data, however, because of the whole fiasco, it is not doing so on “Truly Facebook Scale”.

But this brings us back to a very serious realization and it is that, if Facebook, which thrives and survives by selling user data has shown so much interest in the VPN arena, then how many other similar corporate houses be operating VPN services, is anyone’s guess.

Facebook has no relation with the data privacy industry, but even it had interests in this arena, it could have used its massive platform to market Onavo and make it a Best VPN service to compete with the likes of industry big wigs like ExpressVPN and NordVPN.

Instead, Facebook didn’t even announce as boisterously that it has such a service in its fold as it should have and didn’t even give any noteworthy explanation why has it gone into operating in such an unrelated domain. We can understand Facebook’s acquisition of social media services like Instagram and Whatsapp and even of AI and Virtual Reality incubators, however operating a VPN, without even announcing it raised many eyebrows, especially mine.

Onavo’s privacy policy is where the actual problem lies

“We use the information that we receive to operate and improve the Services, develop new products and services, analyze usage of our Apps and other applications on your device, to support advertising and related activities, and for other purposes.”

Privacy policy Onavo

An explicitly stated “Zero Logs Policy” is the Holy Grail of the VPN industry. But it seems like the wind is blowing in the wrong direction at Onavo.

Its privacy policy, which should actually be titled “Data Use and Permission” Policy, states that its uses information from its service to “Improve services” and “Develop new products and services”. And since Onavo is owned by Facebook, this implies that Onavo is the perfect personification of a “HoneyTrap”, in which a VPN is being used as a façade to power Facebook’s data mining objectives.

But Facebook is not the only big corporate powerhouse offering a VPN service at the moment. Other big firms are also offering their VPNs but these services remains shady as they don’t tell how are they going to protect the user. There is no mention of things like server counts, encryption grade etc. and the only thing they seem to be promoting here is their VPN service.

VPNHub, Protecting Your Privacy or funneling you towards a conversion?

PornHub is a world renowned porn site, perhaps one of the biggest in the world and its offering a Free as well as a Premium version of its service.

At first glance, there seems to be nothing wrong with the service. VPNHub looks like your plain old VPN service that has free and premium versions, much like other similar VPN services for e.g. Zenmate. But if you take a closer look at it, then things start to look somewhat shady.

vpnhub

MindGeek, one of the world’s biggest owners of pornographic sites, also owns Pornhub.

Mindgeek

This firm supported the Digital Economy Act of 2017 by the British Government which includes the stipulation that users will have to produce official documents like their Government ID cards, in order to be able to enter Pornsites like Pornhub.

It even developed the tool named “AgeID” that allows users to pass this age verification process seamlessly, but only after paying a small cost.

ageid tool

However, if you want to bypass this restriction, obviously you can do that with a VPN. It’s a straightforward process. Connect to a server outside the UK and enjoy access to adult websites in the UK.

And therefore, its perhaps natural that VPNHub was introduced by PornHub in a bid to ensure that their users come to them for everything. From age verification to bypassing those very age verification systems is now being powered by MindGeek.

VPNHub is free and that plays perfectly for adult sites that MindGeek owns, as most of them are free. However the free version of this VPN will have nuisance ads, which will only go away if you buy the premium version of this VPN.

Okay, this all seems quite confusing as to why MindGeek will first, support a bill for age verification, then go forth and create a tool which aids that bill and then again, creates a VPN to bypass not just that bill, but also the AgeID tool?

This is where the conflict of interest in this VPN lies, the perfect HoneyTrap, a way to lure users in to their VPN service by creating a whole funnel which facilitates conversions.

VPNs are meant to protect users in the online domain from existing threats in the digital domain, and not to first create a threat yourself and then offer the VPN as a solution to it. In my opinion, it’s akin to first creating a fire and then also selling fire-proof suits right besides where the fire rages on.

But this is exactly what the purpose of this blog is i.e. to make users understand that the growing internet censorship and control is making more and more people shift towards using VPNs, which is making this a very lucrative industry that these bigwig corporate are happily obliged to take a big share out of.

The Trap of Free Services:

Maintaining and running a VPN is quite a capital intensive task and that’s because VPNs are no ordinary tech tools. They are built upon highly sophisticated infrastructure which includes an integrated network of servers worldwide, encryption and decryption  facilities, protocol support and more, all of which is quite expensive to maintain and run, therefore most Top VPN providers offer their services for different pricing plans.

So if a VPN provider is offering its services for free, then its definitely making money off of somewhere, which is perhaps the most dangerous thing that users should always think about before subscribing to such a service.

Users are quite easily misled and lured by these dubious Free VPN providers. After all, who doesn’t like a Free service. And these dubious providers are playing on this exact user psyche.

These Free VPN services have to make money off of somewhere, so if its not by offering their services for a price, then what are the options left available for them?

Many, but all of them are incredibly problematic. These methods include inserting tracking codes into user devices, keeping user activity logs and then selling them off to advertisers, converting user devices into nodes to support a bigger botnet network among others.

In my guides, I always deter people from subscribing to these dubious Free VPNs, because firstly, they don’t even perform or provide 10% of the functionality and grit of their Paid counterparts.

Free VPNs cant bypass the more sophisticated geo-restricted sites like Netflix US nor do they provide any sort of fast speeds to speak about a few of their shortcomings.

There is a very old saying that “If you are getting something for free, then you are the product” and nowhere does this manifest itself more than in the world of free VPN services.

Google Play – The Home of Dubious Free VPN apps:

For every scam or dubious business to succeed, it first needs camouflage and secondly it needs a place or a platform where it can spread its tentacles far and wide. And for Free VPN apps, there is not a more perfect place to sustain themselves than the Google Play Store.

The Android operating system is the most used operating system in smartphones globally, so its natural that the popularity of Google Play Store, which is Android’s official app store, is incredibly widespread. But popularity or reach never guarantees that the platform will be safe and secure for users.

The Google Play Store is notorious for hosting all kinds of dubious, malware infected apps. Its system for uploading and hosting apps is quite lax as compared to its more stringent competitor i.e. the iTunes store i.e. the official app store for iOS users.

Just run a search on “VPN” on the Google Play Store and you will come across thousands of VPN Android apps, most of which have no other origins other than operating as an Android app.

Here is a screenshot of a search I ran on the app store for the keyword “ExpressVPN”

Express VPN search result

expressvpn search result google

expressvpn search result google play

From outrageous names that have no relation to a VPN’s functioning like “Yoga VPN” and Mango VPN” to VPNs with icons that show people in intimate scenes, there is no dearth of Android apps for Free VPNs if you go out to search for them.

But lets dig a bit deeper and allow me to walk you through things that you and other unsuspecting users might miss in these seemingly inconspicuous Android VPN Free apps.

If you search the Google App store for Android VPN apps, there is a high chance that you stumble across one service named “GO VPN Proxy Master-Free·unlimed”. It has amassed more than half a million downloads and has an impressive rating of 4.5.

GOVPN on Android

And all it requires for this app to run is to just download and install it, no user verification, no passwords, no account setup, no nothing. Its free and easy, but is it secure.

Not quite.

There are some jarring details about the origins of this apps and the firm behind this on the app store that users can miss quite easily, after all, who reads the privacy policy or goes in-depth to find out who the developers behind this app really are? Right?

Well, I am not one of those and as a privacy freak, I usually go deep down and try to find out what exactly is the motive behind such an astounding, hassle free service.

If you take a look at its developers, it says that is developed by the VPNMaster Team, which sounds quite authentic. But first, lets delve into the kind of user permissions it requires to run on your Android device.

go vpn storage

Firstly, it require permission to not just read the contents of your device’s storage but also have the power to “Modify or Delete” the contents of it. If that isn’t intrusive, then I don’t know what is. If you are still not clear, this implies that the app can delete anything from your device’s storage that it likes or even disable it from functioning altogether. Whether its photo files or your video files, this app can delete them and modify them at will.

GOVPN Device Info

Furthermore, it also requires permission to “Connect and disconnect Wi-Fi”, which means that even if you don’t want your device to be on the internet for a while, this app can turn it on against your will anytime it wants.

VPNMaster

The app will also have access to your “sensitive log data” which in layman’s term means that it can track your activities online. But isn’t is exactly what a VPN is to secure you from i.e. tracking your activities online? Not for this VPN. Users don’t generally go through these permissions quite often and often tick them off to Agree, without even realizing the extent to which they are jeopardizing their own privacy and mobile data security.

But why would an app do that? Well the answer to that lies in the bottom run of the page of this app on Google Play. Scroll over to privacy policy and hover your cursor over it and you will see that the privacy policy of this app is redirecting you to a site known as “TalkingData”.

Talking Data

Wasn’t this app developed by someone named VPNMaster? No, that is just a gimmick for the app page, in order to make this app look and feel more authentic than it actually is.

For those of you don’t know, TalkingData is a Chinese data mining firm. Surprised? Don’t be, because most of the Android apps present on Google Play share such dubious origins and I just scratched the surface here to let you understand as to exactly how unsafe these so called “Free VPN” apps can be to your user privacy.

Now, getting back to the privacy policy, which is one of the worst privacy policies I have ever come across for a VPN specifically, it mentions that it has “Exceptions” on how it can use your data and yes, that contains exceptions for cases like being “Directly related to national security and national defense safety” and for “Directly related to criminal investigation, prosecution, trial and enforcement of judgements”.

Exceptions

Well, this is after all a Chinese firm, which is operating in a country where the Government is the ultimate authority on all things. China is notorious for implementing strict control and censorship over the internet and its users and if a firm housed there, involved in data mining operations is operating a VPN service, then its got to be absolutely avoided.

A VPN that Doesn’t Exist?

But, the scams, nexuses, dubiousness don’t end here as things can even go further in this industry.

Just to provide you with a passing reference at the end of this article, there was a VPN service some time ago that operated by the name of “My Safe VPN”.

With such a harmless looking name, this service was the biggest scam that has ever existed in the industry, because there was no VPN in actual, just a service being run so that people could pay them for a service that never existed in the first place.

This service was so obnoxious that it didn’t even shy away from using the names of popular services and brands as a signatory in its email. One of such emails contained the name of Tunnelbear, which is one of the rarest Free VPN services that can be deemed highly credible.

Tunnelbear took prompt action against MySafeVPN and tweeted that the service needs to cease and desist from using its name of it can expect hard legal action from Tunnelbear.

Tunnelbear tweet

But MySafeVPN was not just using Tunnelbear’s name, it also used the name of Plex, a highly popular streaming service, in its emails, in an attempt to jack the popularity of the service and use its credibility to lure ever more users in to buying the VPN.

Here is a sample email from this scam service. Thousands of such emails were sent to user incorporating the names of other popular services related to the VPN and streaming domain.

plex email

Conclusion:

In 2018, the overall market size of the VPN industry was $20.6 Billion, which is expected to grow to a whopping $35.73 billion by just 2022, which is in the next five years. This signals that this industry is growing massively and that users are becoming more aware of the benefits of using a VPN to protect their anonymity online.

size of vpn industry

But this stupendous growth in the industry will also attract scammers and dubious services who are here to take their share in this highly lucrative pie. And its not just from the sale of VPNs, there is another lucrative fall out from this growth and i.e. from the massive data agglomerations that users could be duped out of by putting honeytraps in the form of VPN services.

The only way out of it is to inform the user as to how it can identify and stay away from such scams, because no one can stop the scammers and dubious providers from playing the game, because, after all, how hard is to build a website or run an email marketing campaign?

To enlighten users, the biggest role will be played by the Top VPN providers themselves. Services like NordVPN, ExpressVPN, PureVPN, Torguard, PIA, VyprVPN, Tunnelbear among others, which rule the roost in the VPN industry, have to come together to protect the users from this menace that could harm them to no ends.

This was my small contribution to this effort and I believe that even more such privacy enthusiasts and industry activists will come forth in the upcoming times to play their role in exposing such dubious and shady VPN services, so users can stay safe from scams that could damage them financially and privacy wise, which after all, is what this industry should be all about.

Bestvpn.co

Bestvpn.co's Biography :

2 Responses to The Dark Side of the VPN Industry – Are all VPNs to be Trusted?

  1. Blackisacolor

    Nord is the provider I use for almost 5months, ever since I realised my computer isn’t totally safe without it. I think I saw an article about someone being hack and their identity stolen. I was freaking out and decided it was time to get a vpn. I’m no expert at it but I feel like it’s doing it’s job. I don’t notice any huge speed drops and I’m able to torrent without worrying about getting a copyright letter. Recommended.

    • Bestvpn.co

      Hello there, thanks for commenting. It’s always nice to hear positive remarks about different VPN services. We’re glad that you didn’t go with any shady providers as mentioned in the post. NordVPN the Panamanian-based provider has quite the established reputation in the marketplace of VPNs. So, far they haven’t been caught leaking out information to Governments, and recently even got a badge from Oakla Speed Test. You’re safe completely!

Leave a Reply

Your email address will not be published. Required fields are marked *