Steps towards trusted VPNs
VPNs have become quite popular in recent years for a number of reasons, and more and more they are being touted as a privacy tool. The question is whether using a VPN does improve privacy. It is clear that VPNs are quite useful for getting access to things on the internet when direct connections are blocked. VPN providers include a number of tactics in both their client apps and server infrastructure to ensure that their users are able to make a connection. Then once users are connected, all of their traffic that goes over the VPN will see the internet from the point of view of the VPN’s server. That is how VPNs “unblock” the internet. In contrast, some are using VPNs to selectively block things, like making a system-wide adblocker.
To answer the question about whether they are a useful privacy tool, let’s start with the history of where VPNs came from. VPN stands for Virtual Private Network. They were developed by large companies with multiple offices and travelling employees. The goal was to link together all of these offices so that internal data could be freely shared between them without that data going over the internet as easily readable unencrypted plain text. Then travelling employees could also safely access the internal data via any internet connection. The key piece of this picture is that the users, employees in this case, already had to trust their VPN provider. The VPN provider was the company they worked for, and the data they were handling belonged to the company. So there was no attempt to hide user information from the VPN provider. Indeed quite the opposite: companies linked the VPN access to each employee’s “single sign-on” account. Built into the design of VPNs is full trust of the VPN provider, with the aim of keeping the data private from the internet. This setup was also by design, since many large companies wanted to ensure their employees work laptops were still going through the corporate firewall, where the company could block certain sites (e.g. malware, porn), then also monitor employees internet activity to ensure they are not exposing files that the company does not want to be public.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25417835/51684715392_2615642caa_o.jpg)
