I currently have a paid subscription to Proton VPN. I am puzzled by the following recommendation that was recently released by the United States Cybersecurity Agency.
I don’t know what that Agency refers to as “questionable security and privacy policies.” Does this apply to Proton VPN?
“Do not use a personal virtual private network (VPN). Personal VPNs simply shift residual risks from your internet service provider (ISP) to the VPN provider, often increasing the attack surface. Many free and
commercial VPN providers have questionable security and privacy policies.”
As an American I would strongly advise anyone to ignore what the American government tells you to do. Seek out advice from other places instead. The American government has no interest in your privacy.
I get CISA’s point, and some (most?) VPNs have very bad practices in terms of security of privacy, so their warning is a fair one. I trust Proton though, so I don’t think this applies here.
They do miss a few points though:
A VPN will protect your device and traffic when using WiFi
A VPN will make your traffic anonymous from everyone, including your ISP. It won’t be fully protected, but it will become impossible (or more difficult) to tie it back to you
A VPN can allow bypassing geoblocking
A VPN will make it harder for a hacker to monitor your traffic and then to target you
The US government repeating the same message that Russian and Pakistani governments told their citizens might be the best advertisement for using a VPN that I have ever seen.
That makes perfect sense to me. Telecoms are generally fairly secure and are regulated. So, from data security perspective one might consider them substantially more vetted than a random VPN provider.
But that is purely from a security standpoint. Google and Microsoft are both very secure as well. That has nothing to do with their privacy policies and data harvesting.
The entire purpose of using a virtual private network is to achieve a higher degree of privacy and anonymity then you would with just using your telephone connection. In the vast majority of cases, you get that. To what degree, well, that largely depends on the quality of the VPN provider and the money you pay for the service. Their individual practices, and policies, obviously differ from company to company. Just like with any other service provider, you have to place a certain amount of trust into them, as you engage in the service relationship.
It is completely logical that, when referring to any and all VPN providers on the planet, “questionable security and privacy policies“ are most definitely presented in some of them. As the Roman expression goes, Caveat Emptor, or buyer beware.
The advice is for ‘highly targeted individuals’, who are less concerned with friendly government monitoring and are more concerned about being targeted by advanced cyber threats (such as hostile states) etc. In these cases trusting your ISP is much better than using a VPN.
This is the US government we’re talking about. They want to be able to control our population and monitor us. There’s nothing else I can add that the other commentors have said, all great points and such. While they are right that some VPN services are trash at security, I trust proton. Been using it for a while and especially to sail the high seas and it’s been great to me
Probably because the rich doesn’t want you to use a VPN and protect yourself so that they can sell your information easier. You’re not a person you’re a product.
However, if your organization requires a VPN client to access its data, that is a different use case.
That part is very important.
The warning is about free and commercial VPN providers. Most of them you should never touch, no matter how good the pricing appear to be.
Think of a VPN provider as a Internet Service Provider, because that is what a VPN provider really is. Both are able to monitor your traffic.
It’s funny when people say they want to use a VPN provider to avoid being spied on by their Internet Service Provider. They continue to be spied on, just by another provider.
There are very few VPN providers that are trustworthy. Mullvad VPN and Proton VPN are among the very few trustworthy providers.
Dear CISA, GTFO! I trust Proton VPN more than my ISP, and certainly more than free WiFi.
What I dont trust is the advice from agency that failed to prevent foreign enemy from intrusion via backdoors they created for domestic spying. Why shouldnt domestic ISPs be compromised?
Eh… Way over generalized. Should have more of the reasoning behind it but most people really don’t care about the technology and just want something that works.
In the wise words of a github commenter: “…Just give me the fucking exe you smelly nerds!”
VPNs absolutely are worth having but to simply find a cheap or free one without research and to use it without knowing what it gets you… Yeah, kinda increases your attack surface.
It’s a reasonable point. A vpn gets you an encrypted tunnel so your isp and anyone else between you and the vpn provider can’t see what you’re doing. But the vpn provider can see what you’re doing. So you need to ask yourself, which do you trust more, the isp or the vpn provider?
If that means, “What do I trust more, Comcast or Proton?” that’s not so hard to answer, but for some people it’s not so clear.
I use an open-source, proven no-logs, high speed VPN provider to bypass network filters on corporate networks, keep my traffic encrypted on public WiFi, and hide my activity from my ISP to prevent them from selling it to advertisers for targeted advertisements when I’m already paying them for the privilege of using their infrastructure.
It’s really not that hard to understand or complicated. Not everyone who uses a VPN is a privacy/conspiracy nut. Some just have practical use cases.