Article Hero
Blog3 minutes read
October 8, 2022
  • telegram
  • facebook
  • twitter
  • github

VPN Industry Running From Privacy Claims

With the emergence of dedicated privacy apps, people are starting to realize that traditional VPNs aren’t an effective privacy tool. When the only thing that they change is a user’s IP address while allowing all manner of other tracking methods through, this isn’t much of a shock.

Rather than update their business model and offer protection from modern privacy and tracking threats, VPN services have started to remove the privacy claims from their websites! That’s right: Instead of changing with the times, they’ve decided to ‘rebrand’.

This article will cover some instances of this happening, and explain why VPNs can no longer compete with modern privacy apps, leaving their user base in danger of being tracked.


Why Can’t VPNs Claim Privacy Protection?

VPNs do nothing to stop the greatest privacy threat of the decade: Device and browser fingerprinting. All of the advertisers, hackers, and scammers are moving over to fingerprinting methods and persistent cache alternatives. Now that third-party cookies are getting retired in Chrome, and have already been retired in the other major browsers, these newer tracking options are popping up everywhere.

Rather than update the way they do business, the VPN industry is backtracking on its old privacy claims and attempting a mass rebrand. How do we know?

Evidence Of The VPN Industry’s Sneaky Rebrand Attempt

So what’s the best way to prove that the VPN industry is running away from its claims of providing privacy, and are instead focusing on security? The Wayback Machine, of course.

The Wayback Machine offers archives of older versions of websites upon request. This allows us to go through and find the old (and often false) privacy claims that a particular VPN used to offer. Compare that to a recent snapshot, and the evidence is damning.

Of course, some VPN companies have gotten wise and told the Wayback Machine that they no longer had permission to archive their site. For those, we have The Internet Archive! They can run, but they can’t hide.

And we’re also taking screenshots of the archives this time, so they can’t threaten anyone else to try and scrub their past transgressions. You’re welcome.

ExpressVPN Tried To Run From its Past - It Didn’t Work

We’ll start with ExpressVPN, who quickly ran to the Wayback Machine and pulled their permission to host archives of their website! They knew that they had to purge their privacy claims from history, or face the backlash… and maybe the lawsuits, who knows?

The old website made a privacy claim so bold, that it was laughable: All data is encrypted so nobody can track you!

The new website doesn’t have the word ‘track’ anywhere on the home page. Their privacy claims are pulled way back: Take charge of your online privacy.

That’s right. ExpressVPN went from ‘surf anonymously’ and ‘nobody can track you’, to ‘take charge’ and no mention of how many people can easily track you through their service. And then they tried to hide their tracks by going after The Wayback Machine. But we caught them in the act anyway.

NordVPN Also Ran From its Past, But We Caught Them Too

Why would you expect the other big VPN service to be any more honest about their past than the first one? NordVPN also demanded that their archive get scrubbed. But just like everything else that they attempt, their efforts were only half effective.

The old website also went way overboard with its privacy claims: ‘With NordVPN, your online activity is truly private, just as it should be.’

The new website cranks those claims back about ten notches: ‘Enjoy online privacy and security with NordVPN.’

That’s right folks, Nord has gone from ‘uncompromised’ and ‘truly private’ to ‘enjoying’ your privacy. Look at all of those mentions of ‘secure’ on the new site, compared to privacy! And in their FAQ they talk about the cost of online privacy… without explaining that they don’t protect people from the biggest privacy threats of the decade. Hilarious.

But CyberGhost Is As Unhinged As Ever

In a refreshing change to the rest of the industry, CyberGhost has been making unrealistic claims for years and they’re not even attempting to hide it! With advances in device and browser fingerprinting over the past few years, it will be interesting to see when they get hit with the first major privacy lawsuit.

The old website has the insanely bold claim: ‘making it impossible for hackers, third parties or other organizations to track you’.

The new website is just as crazy, but their rephrasing makes their claims even bolder, if anything, since they: ‘guarantee total data anonymity across all apps and platforms’.

Using words like ‘impossible’, ‘guarantee’, and ‘total data anonymity’ for years and years, without taking into account just how much modern device and browser fingerprinting has advanced, is bold, to say the least. And potentially self-destructive once the lawsuits start pouring in. But at least they didn’t try to hide their history like the others!

The New Privacy Apps

One of the reasons that most VPNs are toning down their privacy rhetoric, other than legal fears, is the realization that modern privacy apps need to do more than just hide a user’s IP address and make some minor browser tweaks.

The new generation of online privacy apps provides some kind of ‘gapping’ protection. In other words, browsing is actually executed on remote virtual machines, and only the results are sent back to the user.

One example of this technique in action is the Hoody app. Hoody not only uses virtual machines to fully emulate the browsing experience and falsify browser fingerprint reporting, but each individual tab and app is uncorrelated (unless the user manually chooses to link them). This means a user can be browsing YouTube without being logged in, while simultaneously using their Gmail account in another tab. And Google would never link the two activities or browsing sessions.

This is the kind of privacy that VPNs simply don’t offer. That’s why most privacy claims are being watered down or eliminated. Because once people see what is truly possible in the realm of Internet privacy, phrases like ‘uncompromised’, ‘complete’, and ‘total anonymity’ from the VPN industry will ring hollow.

Our prediction: Expect most VPNs to continue to roll back their promises on privacy, and expect the rest to be quickly challenged in courts all over the world.

Will R
Hoody Editorial Team

Will is a former Silicon Valley sysadmin and award-winning non-functional tester. After 20+ years in tech, he decided to share his experience with the world as a writer. His recent work involves documenting government hacking methods while probing the current state of privacy and security on the Internet.

Latest


Blog
Timer7 minutes read

How the Government Hacks You, Final Chapter: IoT Hacks

Chapter 14: IoT Hacks

Will R
6 months ago
Blog
Timer9 minutes read

How the Government Hacks You, Chapter 13: GPS Tracking

Dive into the unsettling world of government-controlled GPS tracking!

Will R
6 months ago
Blog
Timer7 minutes read

How the Government Hacks You, Chapter 12: Garbage Day

Trash Talk: How your garbage can be exploited by hackers, law enforcement, and government agencies

Will R
7 months ago
Blog
Timer8 minutes read

How the Government Hacks You, Chapter 11: Resonance Attacks

It’s time to uncover how government surveillance gets personal.

Will R
7 months ago

Bulletproof privacy in one click

Discover the world's #1 privacy solution

  • Chrome Icon
  • Brave Icon
  • Edge Icon
  • Chromium Icon
  • Coming soon

    Firefox Icon
  • Coming soon

    Safari Icon
  • Coming soon

    Opera Icon

No name, no email, no credit card required

Create Key