datahacker Blog

The Great Global VPN Swindle

Although I'm a big proponent of VPNs, the industry has become littered with mis-information and outright shams, creating a mixed environment when it comes to advertised claims of privacy protection.

There's a global shill game going on these days, and it's targeted at you - the consumer - and involves VPNs. The old "pump and dump" motif is being widely utilized to generate interest in and and take advantage of consumers, convincing them they have a dire need and of course Vendor Fill-in-the-blank has the solution! Meanwhile, the reality is most people don't need a VPN, most of the time. Many are duped into purchasing a service that does one or more of the following:

  • Doesn't meet their needs
  • Solves a problem they don't have
  • Does not work as advertised
  • Worst of all, may make them LESS secure online

Top it off with the fact the majority of consumers don't understand how VPNs work, nor are they able to convincingly demonstrate whether or not they are working in the first place. Are you truly getting what you're paying for? Do you really know what you're paying for? How do you know?

Why would any reasonable person consciously purchase a subscription for a product they don't fully understand?

Now, after all that gloom, allow me to clear the air and explain how to make an informed decision, how to protect yourself, save money, and ensure you sign-up for the services you actually need (if any). Contrary to how my comments above might seem, I am actually a big proponent of VPNs. What I don't advocate is the willy-nilly decision making practices many people use to choose one, without an inkling of an understanding of the ramifications of their actions. Not all VPNs are created equally, and not everyone needs a VPN for the same reason. Much like shopping for clothes, it's wise to look around and examine what the market has to offer, coupled with one's perceived and discovered requirements. The more you learn, the more you know and the better you become at determining what is appropriate.

How Did This Happen?

If we all referred to VPN service providers as "solution providers," would consumers realign their thought processes and start paying better attention to what they are buying? What is the problem one is trying to solve? Does a proposed "solution" really solve that? Those are the kind of questions consumers should be asking themselves before handing their $ over to a VPN "service" provider. Either way, I'm glad you're here as because you are obviously interested in learning how to avoid the trap of shoddy VPN service providers with good marketing campaigns and instead get what you need!

Brief History of the VPN

Once upon a time (OK, 1996 if you want a real date), a small group of exceptionally geeky I.T. professionals decided it would be a good idea to create a secure virtual conduit to share data between network routers across large networks. The geeks wanted to see if they could link two routers together in such a way as to securely exchange information between them without the possibility of other routers along the virtual path being able to understand the data being communicated. Over time, this evolved into a discussion about security, data, the Internet, and bad guys. Three years later in 1999, their efforts were published with the IETF's blessing as RFC 2637, which defined the first VPN protocol (described as, "tunneling PPP across packet-switched networks"), known as PPTP (Point-to-Point Tunneling Protocol).

And btw, if you see a VPN service provider gloating over their support for PPTP, that is not something to brag about. PPTP is about as hip right now as the Bee Gees.

Perfect Storm to Milk Consumers

VPNs have experienced two recent explosions in interest and growth. The first began around 2014, when corporations started focusing more closely on standardizing products and procedures utilized by remote staff. This produced an increased emphasis on corporate-owned VPN services. Act 2 was the explosion of VPNs in the consumer market beginning in 2017, due to a perfect storm of ignorance, a perceived strong economy (i.e. plentiful disposable income), the Press (read: an abundance of clueless journalists), and several high profile data breaches that directly impacted - and alarmed - millions of people (e.g. Equifax and the WiFi / WPA-2 scare particularly come to mind).

You can read about the original WPA-2 flaw discovered in 2017, or the follow-up research paper that disclosed even more flaws in 2018.

I think of 2017 as the year PRivacy went mainstream in our collective consciousness as a society. All-of-a-sudden, it became apparent to consumers their information was everywhere, and they had lost control of it. True to our modern society's recent propensity to apply knee-jerk reactions to solve every problem, the corresponding reaction for many was to look around for a quick solution to their new found "problem" of online privacy (or lack of). It seems many of them weren't listening to Edward Snowden in 2013, and his warnings in relation to the ridiculous amounts of information being gathered by corporations and governments about consumers when they are online, or they would have been better prepared to begin with.

Panic Buying of Anything Leads to Poor Quality

Suddenly, VPN usage in the consumer market exploded. It also just so happened there was a simultanous growth spurt sales of VPN provider services, which seized upon the opportunity to appeal to the masses and not just us technology geeks who - along with a small group of individuals of questionable character - had been their primary customers for the past nearly two decades.

It boils down mostly due to panic centered around an increasing awareness of the ridiculous amounts of information that are gathered by corporations and governments about consumers when they are online. Suddenly, many people became concerned about their privacy, and protecting it. It also just so happened there was a simultaneous growth in the VPN market, which saw an opportunity to appeal to the masses and not just us technology geeks.

Now, don't get me wrong. I am all for privacy protection. I am a proponent of VPNs, as they ARE very useful when it comes to protecting one's privacy online. What I'm not in favor of is people signing up for services they don't understand, and corporations taking advantage of customer ignorance to sell them a shoddy basket of goods.

One challenge with VPNs is they are simultaneously one of the simplest and most complex concepts in I.T. I know that sounds like it doesn't make sense, but it's quite true. The high-level concept of a VPN is relatively simple. VPNs are supposed to perform two tasks:

  1. Wrap your data in a secure blanket so no one can view it en route; and
  2. Prevent the devices that route your traffic from monitoring where your traffic goes and what sort of data it contains; and/or
  3. Concealing your true IP address and/or physical location

What you know or don't know about VPNs largely depends on how you got to deciding you needed one in the first place. For many people, hiding their IP address is secondary and likely a non-issue. However, if you're an avid streamer or torrent user, then you know that is probably at least one reason why you want a VPN in the first place.

That's simple enough though, eh? True. Most consumers do get the idea of wrapping your data in another layer. More security = better, right? That seems logical. But, the truth? It's complicated (of course)! The gist of it is more is not always better. In some cases, you may actually be exposing yourself to more tracking and less privacy than you were before.

Misleading Marketing or Misinformed Journalists?

There is a lot of bad info in the Wild that is the Internet. Making matters worse, a lot of marketing is disguised as what on the surface looks like a legit 3rd party information source. Unfortunately, these often aren't independent. I'll share a few examples.

A website called, "Tech Company News" posted an article on December 26, 2017 entitled, VPN Use Exploded In 2017. What caught my attention was - in part - this paragraph about 2/3 of the way through the article:

"VPN bypasses the local ISP in favor of a dedicated VPN server. It uses a special protocol, the tunneling protocol, to mask your ID and hide your connection to the VPN server. The VPN server assigns you a new, anonymous IP address for whatever country the server is located in. The connection may also be encrypted for further security."

I'm not sure if the person who wrote this (no author listed) believes everything they wrote or not, but there are so many things wrong with that statement that I don't know where to begin. Let's break it down....

  • "VPN bypasses the local ISP" ... No, it doesn't. Your connection still goes through your ISP. How else is your connection going to go anywhere?
  • "in favor of a dedicated VPN server." ... What actually happens, is you initiate a connection to the VPN server, and then start your connection to a remote server (e.g.
  • "... mask your ID and hide your connection to the VPN server." ... Wrong and wrong. First off, the VPN server needs to know your IP address - and it will when you connect to it - or otherwise it won't be able to return the data you receive from the other end of the connection (note: it is possible to hide it though using a technique called a Double Hop). You can't hide your connection to the VPN server. If it wants to, your ISP can tell it's a VPN connection by performing a Deep Packet Inspection, which many ISPs do (ahem... AT&T... ahem).

The remainder of their statement is not bad, though it oversimplifies the process (and your options, for that matter). However, my beef here is not just with the vague and misleading technical info about VPNs, but also with the fact this site is clearly pandering to advertisers. When you get down to the bottom of the article, the last two paragraphs make a point to mention a specific VPN provider and talk about how great the company's VPN product is. That's a dead giveaway this is a paid sponsorship and not a real review or "news" article.

The Internet is chock full of this crap, and you need to be cautious when taking advice from "review" sites on something you'll be spending money on AND it impacts your privacy.

Navigating Around the VPN Scammers

I'm not going to sugar-coat this for you.

Finding a bonafide VPN provider requires effort

If you are unwilling to perform some due diligence, you have about an 85% chance of choosing a garbage VPN that will fail to protect you properly. And in that case, my advice is save your money and don't bother with a VPN.

Separating the Wheat from the Chaff

Finding unbiased VPN reviews is easier said than done. The Internet is littered with VPN affiliate commentaries disguised as "reviews" and most search engines are complicit by virtue of their heavy focus on marketing (hey, I get it... you gotta pay those data center hosting employee salaries somehow).

There are very, very few - less than a handful - websites with unbiased VPN data that are not VPN affiliates and either have no income at all, or derive income only from the generosity of their supporters. In fact they are so hard to find that other than my site, I only feel comfortable bestowing my highest level of recommendation on one site: That One Privacy Site, operated anonymously by That One Privacy Guy. My top pick.

Top Dog: That One Privacy Site

That One Privacy Site is hands-down the best source of information when it comes to evaluating VPN services. The focus is primarily on privacy, so everything you read there is geared toward regaining control of the privacy of your data and your behavior online.

That One Privacy Site consolidates all its VPN review results into two spreadsheets that are color-coded. There is a lot of data there, and you'll have an easier time digesting it if you first decide what is important. You can use the directional arrows at the top of each column to sort them. If you're familiar with Excel you will have an easy time of navigating the data. You can even download them in various format (including XLS and XLSX - if you want the color coded version, download the file as .XLSX). is divided into sections, with the VPN reviews interwoven within their blog.

Why is this site so good? Why should you explore it right now? Unbiased, independent and comprehensive reviews of VPN services, including speed tests and the most thorough analysis of all angles of VPN providers. The site clearly explains what all the spreadsheet values mean (in plain English) with a glossary/legend found here. I really appreciate that and it's a great example of the level of detail and thoughtfulness the author (who remains anonymous) has put into this site. You can tell someone has spent literally (and likely) thousands of hours on the work represented here.

What to Be Aware of

Not all VPNs are speed tested. Most of the VPN reviews in the spreadsheets to not detail speeds. I suspect this is because the author did not have the time and/or resources to do that for all of them. Instead, they have focused on the scope of each VPN from a privacy protection viewpoint. I have no issues with this. While it's ideal to get as much data as you can on speed, the fact is it will vary for everyone depending on a variety of factors such as your location, the VPN provider's server locations, server load, and your ISP. Therefore, even when finding speed test values, they are best used as a comparison of one to the other for that particular user and a reader should realize their personal experience could vary; primarily, for the reasons mentioned above. In other words, don't blame the messenger if you don't experience identical speed throughput!

You'll also find reviews and discussions of email services, again with a focus on privacy, if you are inclined to research them as well.

Site Weaknesses

Now, there are a few drawbacks to the site, but they are minor:

  1. Navigation can be tedious. For instance, if you want to read a specific VPN review, your best bet quite frankly is to use a search engine. Type in the site URL or name and the VPN name and word "review." There is no search function on the website, so it's much easier to find them with that method. All reviews are found in the Blog section, which makes it a real P.I.T.A. to find them if you scan it manually.
  2. Their VPN test methodology is exceptionally difficult to locate. It's not prominently referenced anywhere, and I find that really surprising given the depth and care taken everywhere else in the site, but I'm going to chalk it up to being an oversight.
  3. Focus seems USA based and/or country neutral. Not a flaw. Just noting you will not find international legal info here.
  4. Non-techies and beginners may struggle with some of the info here. Again, something to be aware of. Not a criticism; but a characteristic.

Questionable Review Sites

While unbiased, independent review sites with no revenue agenda are exceedingly rare and biased affiliate sites are commonplace, there is a third category in between the unbiased and heavily biased sites worth considering. A small number of websites clearly derive income from affiliate relationships with VPN providers, yet genuinely appear to be making an effort to balance that fact with truly useful information. Is this possible? I refer to these sites, "questionable" because there is no way to know their true intentions. It can be really tough to determine which ones are providing you the real deal, versus cleverly steering you toward particular providers. In my opinion, one of the best ways to gauge this factor is to examine how the website presents its information. Is the focus more on the data or more on pop-ups and marketing? Let's break down a couple of them and compare.

First, allow me to bring to your attention the fact there are many VPN provider "review" sites, and some of them (presumably on purpose) have very similar URLs. For instance, the following are all completely different websites:

Point is: please be conscientous when typing in URLs directly!

The Best VPN dot com

A fellow named Rob Mardisalu operates TheBestVPN-dot-com, and find it to be one of the better resources that is clearly trying to bridge this gap between keeping their website genuinely useful and keeping the proverbial lights on. You even find his disclaimer on the home page (though it is barely legible). It reads, "Earnings disclosure: In order to get you the cheapest price possible, we’ll earn a commission if you decide to purchase through our links. Thanks for your support." I give Rob credit for being forthcoming.

Why do I recommend this site? It feels like an enthusiast review site and not an affiliate marketer. Yes, there are a few ads (even on the home page), but they are not obtrusive. The first things the author mentions are how many VPN service providers there are (over 300), the fact he's paid for and used a bunch of them. Now, that's a good start. Then he mentions he's published a whole bunch of "user reviews" on the site. Uh oh. That's a yellow flag. However, scrolling down we immediately see the site's focus ("most important factors of a VPN that we’ve compared") and there's the big one, "Find the detailed review process here." Ok. Now you have my attention. This looks like it could be legit. Let's see what the "review process" looks like: Review Process

Now, that's not the most detailed test plan, but at least it's a test plan. Rob clearly looks like a hobbyist, and I give him kudos for being transparent. He even posts photos of the laptop he uses for testing. You can read through the details he's posted of his review process. Overall, this looks good. No matter what you think of his process, he has one and that consistency is what's most important, as it allows a reader to know they are comparing apples to apples when reading Rob's recommendations. Well done!

Best VPN dot org

See what I did there? vs. As I mentioned previously, you have to watch out for these URLs as there are SO MANY similar URL names when it comes to VPN provider reviews. It's a jungle out there. is apparently run by "Alex," who claims to be a product manager. Well, I'm not sure what being a PdM has to do with reviewing VPNs, but OK. Alex also does not seem to have a last name. Hmm. Well, OK. We are talking about VPNs and privacy, etc.; so, whatever. More importantly, why is this here?

Let's take a look at a screenshot of BestVPN-dot-org's home page.

As you can see, right off the bat, "Alex" and his website establish the following:

  1. Alex is a subject matter expert in VPNs. He's a tech dude who travels internationally - a lot - and uses VPNs all the time.
  2. Right up front he makes a point of telling you most VPN review sites are fakes (read: this must not be one of them, right???).
  3. "Since I've used so many VPNs" - there's that SME reinforcement again.
  4. Another SME reinforcement plug. He mentions a WordPress security guide he wrote, with a link.
  5. Last, but not least, his Top 3 picks are prominently displayed. Wow. That was easy!

So, what are my issues with this site? Oh, where to begin?

  1. Those "top 3" sites are clearly prepared content from those providers. My biggest issue with this is the fact the "best" providers change over time for one reason or another. The VPN market is dynamic. Thus, I have more faith in sites that have a list or spreadsheet format of their top picks. Why? Because those are much easier to update, and they can be automated more easily. It's very challenging to automate attractive artwork displays like what you see here, as the art is often not sized identically, resulting in cosmetic errors that require human intervention unless you don't mind your website looking sloppy.
  2. Scrolling down a bit, we see his reviews are laid out nice and neatly. I like the easy-to-read formatting, the brief summary text, and the button linking to the reviews. However, I can't figure out what order these are in. There doesn't seem to be any. The order he gets paid as an affiliate marketer? The order he wrote them? No order at all? I can't tell if there is any logic to it or not.
  3. I actually skimmed through his document, The Bloggers Guide to Wordpress Security, and his full name appears to be at the bottom of it: Alex Grant. So, maybe that is who "Alex" is. I just don't understand why he'd print his full name here and not on his home page like Rob did (re: Now, commenting on the validity of his WordPress blogging guide, my suspicion is it's outdated. However, it is not a bad document and certainly covers the basics.
  4. "Alex" does a reasonable, cursory job of reviewing the providers he reports on. However, here's what I'm not crazy about when reading his reviews, and why they are of limited usefulness:

    1. He appears to be using the provider's apps. This is a good thing for some folks, but for me personally, I want the raw experience. That means getting into the details of what the provider's service is truly doing behind the scenes. You will only see that first-hand if you're on a platform such as OpenVPN over Linux.
    2. Jurisdictions. He does not explain how important the governmental jurisdiction of the company is for some types of VPN users. This is a really important topic.
    3. Overall just lacking depth. That's a problem because the devil is in the details when it comes to VPNs and security in general.
    4. Alex's internet connection sucks bigtime. Take a look at his base throughput before testing (and this test was not the only one that is so slow in his reports). Quite frankly, if your base internet speed is that low, a VPN is just going to add insult to injury, and you shouldn't plan on doing much with it outside of work related actions such as email and exchanging documents. Speed Test Results Screenshot

Maybe those were tests over a mobile device. I don't know, but those are shit speeds and his native ping is horrible (95ms, ouch)!

My comments are meant as constructive criticism. If anyone has constructive comments for me, please reach out via the email form at the bottom of most pages on this site. I know first-hand how much time and effort it takes to conduct the research and publish reviews, and I commend people who make the effort to create them and share their findings with others.


There are a number of websites that purport to offer advice on a myriad of VPN related topics. They often have one or more catchy features that pique one's interest and start to get you hooked on the site. However, a few rise above the rest. One I was impressed with is ProPrivacy. While I'm not fond of its layout, it does have some gems of useful information spread throughout the site. Here's what I don't like about it:

  • An abundance of annoying pop-up ads all over the site for popular VPNs such as NordVPN.
  • They claim they are an affiliate marketer, but also write unbiased reviews (you can read their disclaimer).
  • The URL "" redirects to Pro Privacy's website. That's a typical VPN marketing/affiliate company gimmick.
  • There's a lot of staff in the company picture, which means more bills to pay, which means more likely this site is for-profit affiliate based.
  • Most of their articles are silly things such as "Top 5 Best VPNs for Netflix." The problem with this is Netflix is public enemy #1 for VPNs. They are well aware of the global trend to attempt circumventing geo-fencing via VPNs and they work aggressively to block VPN access to their service. Therefore, IMHO just tossing out some VPN service provider names with no context and no accompanying analysis and test data on the subject - for this specific purpose - is misleading at worst and ill informed at best. Bottom line: it's not that simple.

Then there are their daily VPN speed test results. These may be useful, but should be taken with a grain-of-salt like everyone else's test results. YMMV. Still, it's a good effort and that is appreciated.

I would say ProPrivacy's best contribution is arguably their article "The Ultimate Online Privacy Guide" (also authored by Douglas Crawford), which is a rather lengthy and surprisingly detailed discussion of encryption types and also touches on cryptography, the NSA, etc. There are A LOT of details in this article, and it covers a wide variety of privacy related issues and how to defend yourself against eavesdropping of them. And considering the fact this company is based in the UK, I was especially surprised to read this statement near the end of Crawford's article, "I therefore strongly recommend avoiding all companies and services based in the UK." Crawford's article appears to have been updated periodically, yet some portions clearly have not been updated with the passage of time. However, that is a relatively minor quip considering the wealth of information and input found in this one article. It's also noteworthy that Crawford's article was audited by an engineer, which adds additional credibility to its content.