Consumer VPNs have always been a tough nut to crack. The FTC has been clear that multiple ISPs share far more personal data about users than they expect, without giving users a meaningful choice on how that data is used. We also know from numerous highly publicized examples that some VPNs can be worse than ISPs, leaving users vulnerable.
Consumer Reports’ Digital Lab evaluated the privacy and security of 16 consumer VPNs running on Windows. The evaluation was based in large part on the Digital Standard, a framework designed to evaluate how technologies respect consumers’ interests and needs.
We uncovered multiple areas where VPNs fell short. This presentation will look at what was discovered: dark patterns, the use of deprecated protocols, and hyperbolic claims about anonymity, untraceability, or “military-grade” encryption. We’ll delve into what might happen to user data in case of a merger, bankruptcy, or acquisition. You’ll also learn which VPNs state in their documentation that they will not pursue legal action against security researchers (hint: not enough).
And though the community is still divided (no, really!) on when or whether to recommend the use of a consumer VPN, we’ll demystify what one can and cannot actually do.