As active participants within the VPN industry, we are pleased to join initiatives such as the Internet Infrastructure Coalition (i2Coalition) and the VPN Trust Initiative (VTI), a consortium of VPN providers tasked with improving digital safety for consumers. Initiatives such as these allow the industry as a whole to take an important stride toward the unification of moral and ethical interests. The VPN Trust Initiative brings together first-hand insights and focuses on advocacy, education and awareness. Ultimately it seeks to address concerns and proactively solve associated challenges by defining VPN best practices, reinforcing industry standards, providing accurate information to government officials and policymakers, promoting appropriate industry-led regulations and informing the wider technology industry.
It also comes at a time when, perhaps more than ever, the VPN industry should be doing its utmost to generate faith among its users. It is particularly disappointing, then, to read recent news regarding Sensor Tower, a popular analytics platform for tech developers and investors. It was discovered that Sensor Tower had been secretly collecting data from millions of people who had installed popular VPN and ad-blocking apps. These apps, which don’t disclose their connection to the company or reveal that they feed user data to Sensor Tower’s products, have more than 35 million downloads collectively. From a user perspective, the underlying technology in these apps actually puts the user at great risk: They labor under the false assumption that they are blocking ads without realizing how invasive the apps actually are. No consent from the user is given whatsoever.
This behavior clearly breaches one of the main tenets of using a VPN service—that a user can expect a zero-log policy. Indeed, not so long ago there was a groundswell for VPNs to proudly announce that they were operating as a zero-log VPN company. It led to many well-known VPN providers announcing the results of audits with claims of zero-log policies and no recording of users’ online activity. Using a no-log VPN service should mean that your provider does not collect or log any of your activity online. The revelations regarding Sensor Towers clearly goes against these sentiments—the company has deceived users, it is violating app store guidelines and it has acted in bad faith by not properly informing users and camouflaging ownership of the apps. For peace of mind (and maximum privacy), it is sensible to choose a no-log VPN provider.
It is also concerning to see both Apple and Google allowing numerous extremely popular (but potentially unsafe) free VPN apps to remain in their app stores. According to a report published last year, 77% of apps identified as potentially unsafe following an investigation continued to pose a risk, with the report revealing that nearly 60% of popular free VPN apps were secretly Chinese-owned and nearly 90% had serious privacy flaws. Sobering reading indeed. It is also frustrating to hear that both Google and Apple have paid scant regard to these findings, with both companies seemingly ignoring formal advice regarding these apps, which continue to pose a privacy risk to users. It doesn’t help either that Google’s algorithm is part of the problem, insomuch as that these apps are able to gain any traction at all.
You might be asking yourself why any of this matters. If you believe that China is inherently the No. 1 enemy of internet freedom, a nation that actively maintains the ‘Great Firewall,’ then why are there so many Chinese-owned apps? After all, VPN use is banned in China, so these Chinese-run services are essentially operating without implicit approval from the Chinese authorities. What, then, does China seek to gain from these free VPN apps? In a nutshell, these apps can gain access to the huge volumes of browsing data that flows through VPN networks. Or, in other words, China gets hold of significant amounts of foreign intelligence data. We should thoroughly investigate VPN services so that we can boast the strictest standards of integrity —after all, hasn’t this been the case regarding another Chinese company, Huawei, and widespread suspicion from the rest of the world?
Free VPNs often make money through other, not-so-obvious channels—they could be serving you ads, for example, or give away your email to their business partners for spamming purposes. Ultimately, caveat emptor: Let the buyer beware. Users should use a VPN with a good track record that truly lives up to its logging promises.