Scams and SnakeOil In the VPN Industry
When VPNFTW talks about providers, the chatter is positive and negative. With a VPN being such a great tool, why would we ever talk bad about them.
With every industry, it can get overpopulated. Sadly, the VPN industry has gotten bloated with far to many lies that it has actually gotten hard to find a real provider. While it is hard to find a provider, there are some keywords to detect instant snakeoil. Many claims are large but can be debunked within seconds.
Key Scam and SnakeOil Words:
Bank Level Encryption and Military Grade Encryption
A claim many providers put out is that they have banking level encryption. To start, this may not be falsehood, it can be completely true. The thing is, this means absolutely nothing. Even bank level encryption could be low-level and mean the provider is infact insecure. If the provider is advertising they have bank level encryption, it is recommended to stay away. Why? It simply means nothing, there is far more to encryption than relating the cryptographic algorithm to a high level institution. In short, bank level encryption means nothing in the industry, it may even mean the provider is so low-level they have to use a high-level term (bank) to appear to know what they are doing.
%100 Anonymity
Many providers claim they groundbreaking technology that will erase every track you have online. This is physically and digitally impossible. %100 anonymity is not realistic, especially with a simple one click VPN setup. Anonymity claims should not be so large. Average claims consist of: fend off attackers, encrypt communications, and stop leaving a digital footprint everywhere you go. Such claims are true, anything more is most likely falsehood.
NSA Proof
Ever since the Snowden leaks, providers have been abusing the NSA stories and claiming to be able to defeat them. This is untrue. While some encryption algorithms providers use can not be cracked by the NSA, this does not make the service ‘NSA proof’. Many factors count when looking into a VPN and whether or not the NSA can attack them. Again, a simple VPN will not make you or anyone around you ‘NSA proof’. The NSA is not only alive in the digital world as some provider believe.
Matrix Cryptography
One of the best pieces providers abuse is encryption algorithms. Many providers or programs claim to have new age encryption, some even claim to have ‘matrix-level’ algorithms. What does this mean? Nothing. There is no such thing as matrix level encryption or alien level encryption. Some even claim to have new mathematics inside their algorithms, which is again hokum. Cryptography expert, Bruce Schneier, has an entire newsletter about cryptography snakeoil here.
[name]ware
A lot of companies promote products with what people call hyperware, snitchware, or crapware. This means flat out lies, oversold products, and just items that are too flashy to be realistic inside the security industry. While this may not be a huge red flag, hyperware can lead to security risks as there is so much junk built into VPN providers softwares, it actually causes problems and can jeopardize your security.
Overall
There are a lot of shams inside the industry, and this article could go on and on about all of them. The ones listed above are common snake oil found in the industry. While this snake oil resides all over the industry, we are helping to clean it up and choose to provide on real providers. If any providers listed on our website advertise any of the above claims, we will absolutely note it. In short, stay away from VPN’s that advertise and claim such falsehood.
OK, good start. So,,,,, how do you accomplish safe decentralized surfing that is private. I simply believe I should not be the 200’th person to read my mail, news searches, blog reading. I should be the only one at my mail box. Regards
Hi, I’m seriously confused about VPNs, TOR and the NSA. Some sites say that the NSA can’t crack VPNs, TOR gets you added to the “Persons of Interest” list and so on.
Does anyone know the truth?
Let’s assume that I’m a “Person of Interest”, for the sake of argument OK? Maybe I use TOR, maybe I blogged 911 was an inside job, etc. So now the NSA monitors every bit of data going through my ISP, which is a cable modem FWIW. The router is an Asus AC-3200 which connects with OpenVPN to my VPN, which is ExpressVPN. It uses RSA 2048 bit encryption and SHA256 key sizes. BUT the NSA would have been there while I created my account and would have recorded any keys, passwords, etc. Then I connect to the router with a laptop which is booted from a TAILS usb, which has TOR pre-installed as part of TAILS.
Dnsleaktests show no leaks at all.
So, can the NSA listen in to everything I’m doing or not? Please, let’s set the record straight.
Thanks, Rob