Reading this article, I found many things about it that are misleading for VPN consumers. While the article does make some valid points, a vast majority of the arguments presented are misinformed, biased, and simply not true.
Myth #1 There Isn’t a Good VPN out There
Ken Hawkins, the author, says he can’t pick a good VPN since most lists of good VPNs out there are riddled with affiliate links, and most information from websites can’t be verified. Unfortunately, this author also name drops a popular Reddit user to verify his claims.
Additionally, placing your trust in a VPN chart that is injected with one person’s personal views is not smart. This individual who runs the chart is not public, kept anonymously, so we can’t trust his agendas or even hold him accountable.
At times, from observing his behavior on Reddit, ThatOnePrivacyGuy (this is the owner of the linked VPN chart) seems more worried about taking down affiliates or revealing VPNs sneaky marketing campaigns instead of helping users choose VPNs like we do. If you’re looking for a subreddit that can help you choose a VPN without censorship or harsh rules, check out reddit.com/r/virtualprivatenetwork.
Just like VPN websites that falsely advertise, he can put data and change it as he chooses (or not update data–after all, he’s one guy managing hundreds of VPN data). We have found a fair amount of information in this chart to be inaccurate. Most recently, to prove this, we found that HotSpot Shield has five simultaneous connections available while the chart only says 2.
Choosing one VPN over another just because they donate to some nonprofit organization is not sound reasoning. Is that supposed to make it less likely to be a honey pot? If the NSA was covertly running a VPN, I would assume they would intentionally donate money to various organizations just to dispel suspicion.
Mentioning other lists and their affiliate links–how is that relevant? What, so you can’t use other lists to create your own? You shouldn’t be anyway; you should be testing VPNs out yourself–and not relying on some chart either.
Firstly, information can be verified by testing a VPN. I have personally identified encryption rates, speeds, and multiple aspects from a VPN provider–features and specifications that can separate good from bad.
Another way to tell if your VPN is logging is if they forward you regular DMCA notices. In this case, they are most certainly logging user activity. Many VPNs like Hidemyass and IPvanish have done this in the past although they may have changed this policy recently.
Myth #2 VPNs Aren’t for Anonymity
This section of the article is just confused. On one hand it suggests VPNs are not good for anonymity, then it says that they are, and you should use them in conjunction with a Tor Browser.
The article cites this quote “using public VPNs for anonymity is foolish and potentially dangerous, no matter how securely it’s configured, just because the technology was not designed at all for anonymity. VPN services require that you trust them, which is a property that anonymity systems do not have.”
So what, we are just supposed to use nothing? Or put all of our trust in a free Tor Browser? Again this section of the article seems confused in that it provides a quote saying how VPNs are useless, but then it just says to use them with a tor browser.
Furthermore, the article even admits that there have been “malicious Tor exit nodes in Russia that have been modifying binaries” but it still recommends Tor over VPN by saying that “engineers work incredibly quickly to patch security vulnerabilities. The same may not be true for all VPNs.”
No matter how fast Tor vulnerabilities are fixed there seem to be new ones popping up every year. From compromised Tor websites, honeypot Tor nodes and even an incident where a particular government agency paid off University researchers $1 million dollars to gain access to the Tor onion routing network.
So what? VPN teams and companies are not run by paid individuals with their customer’s security in mind? Isn’t Tor ran by volunteers? Wouldn’t you rather your service be ran with people who make money (and thus stay invested) than by people who aren’t paid to keep consistent updates?
Overall, Tor is not encrypted, slower than your mom’s AOL dial-up, and had numerous security issues over the years.
Myth#3 VPNs Are Not Safe for Torrenting
The article starts off by saying that some VPNs don’t support torrents. Well, don’t use these, or don’t include them in your list?
Then the article cites an author saying that “there’s no way for users to verify what VPN providers say,” Campbell said. “They must judge providers by reputation, relying on news reports, discussion in online forums, and so on.”
Actually, there is, you can check if your IP address is encrypted and changed. This means you can’t be tracked down, and you are much better off than using an encrypted IP.
Also, saying something isn’t “necessarily safe” is just misleading. Sure, no one said all VPNs are equal. But that doesn’t mean there aren’t good VPNs to use for torrenting. Again and again, it just seems like the author hasn’t done enough testing and research, and is just blaming all VPNs for the problems of the few.
Myth #4 VPNs Don’t Protect from Ads
So? Most don’t claim to do so. You should always be using additional tools with a VPN to protect your online security. In fact, a lot of VPN websites have blog posts detailing supplemental security tools or some even design more like encrypted email.
Some VPNs like TorGuard, Spotflux, and even Cryptostorm now offer ad blocking and known malware blocking included in the VPN package.
A VPN is not an end-all security tool, and you shouldn’t be thinking of them that way, but they are still an incredibly useful tool for masking one’s IP address and encrypting all of your web traffic.
Myth #5 VPNs Put You At Risk
The main argument in this section is that using a bad VPN could put you at a security risk. That’s like saying you shouldn’t use virus protection since you might accidentally download a virus / malware.
With some research and careful consideration, using a VPN WILL never put you at risk.
Myth #6 VPNs are Not Secure
In this article, the author makes a particular point to mention how VPNs don’t provide good security and are easily breached. He makes a large claim about IPsec vulnerabilities simply by quoting another researcher that failed to provide any proof of concept:
“If I know the preshared key for your [ipsec] VPN and I am somebody who has control of the Wi-Fi access point, and you’re using a preshared key with a VPN I know, then I can basically man-in-the-middle attack and decrypt everything you’re doing,” said White. “The security you get that kind of attacker when the preshared key is known is not very strong.” – Kenn White
First, if a hacker has full control of your Wifi router’s access point then the IPsec preshared key is the least of your worries. It’s probably too late for a VPN to protect you anyway.
In the seconds prior to VPN authentication any open applications that talk to the web could certainly be intercepted by an attacker, just by connecting to the wifi. Remember, you haven’t even turned on the VPN yet.
Perhaps the best takeaway from this is when connecting to an unknown or compromised wifi AP you should first close any active web apps, and USE OPENVPN! Did we mention you should use OpenVPN only? Check out this article we made that lists the differences between the various protocol options available.
While this is a potential MITMA attack (man in the middle attack), the pre-shared key is used for authentication of the IPSec VPN–not the encryption/decryption process. So, Kenn’s statement that he can “decrypt everything you’re doing” is not exactly right.
Additionally, this type of attack is extremely difficult to pull off, even for the most seasoned attacker. So, let’s say Kenn White was sitting outside your house in a white van and had gained FULL access to your internet gateway / wifi router. Assuming he had obtained necessary access to the router without breaking into your house, he would first have to spoof an IP address to authenticate the connection, which involves injecting fake BGP routes. This is something that is easier said than done – even for the most experienced hacker.
What the ArsTechnica article failed to point out is that most of the trusted VPN providers in business today, including TorGuard, ExpressVPN and PIA strictly use OpenVPN in all of their VPN software. So, as long as you are using the “stock” OpenVPN app that your provider gives you then this type of attack is completely useless.
Myth #7 All VPNs Use Weak Protocols
This point includes information that some VPNs use outdated protocols. That is true, but once again, the best VPNs use OpenVPN. We’ve reviewed VPNs that have bad protocol support, and ranked them accordingly.
But just because some offer these protocols, doesn’t mean the provider is flawed or insecure. In fact, it’s actually better when VPN providers support these protocols.These protocols can be useful in specific instances where security isn’t top priority, like streaming Netflix, or gaming.
For example, TorGuard VPN, PIA, and ExpressVPN (our top rated VPN) exclusively use OpenVPN in their VPN software applications. This is highly regarded as the most secure VPN option available.
Just because PPTP and L2TP/IPSec is not as secure as OpenVPN does not make it completely useless. These options often require smaller resources and thus run faster on slower DSL lines. This can be very useful when streaming Netflix in a region that does not have fast cable internet access. While PPTP, L2TP, and socks5 proxies are not nearly as secure as OpenVPN encryption, they can be very useful for IP masking in certain situations. When running on your secure home wifi network this can be relatively safe.
Different levels of privacy call for various levels of operational security. Remember, not all VPN users are hiding from government agencies – some of them just want to download and stream last night’s show as fast as possible.
Myth #8 All VPNs Keep Logs
This point of the article is that a lot of VPNs collect information, and that is true. A lot of VPNs do have bad log policies, and VPNs do require information to run their services–but that doesn’t make them not worth using. Giving VPN companies a small amount of data to encrypt more of your data is a worthy sacrifice.
The VPNs we recommend have been vetted by the community and proven themselves as non-logging services.
This point in the article also mentions that VPNs can’t necessarily protect you if you are criminal–especially depending on the location. That is true if you are a criminal doing high stakes crimes getting attention, and some law agency manages to track you down, you might get in trouble.
However, since good VPNs give out shared IP addresses, and don’t log data, it’s hard to isolate users. That, and a lot of good VPNs also don’t let criminals use their accounts, whether due to fraud, or going against their TOS.
I wouldn’t worry about this unless you are some terrorist or pedo.
Myth #9 All VPNs Leak Information
This part of the article focuses on some research that was done on top VPN providers in Google. Some of our best VPNs that we’ve ranked are actually on this list, and we can confirm that
TorGuard uses internal DNS, which is not possible to hijack, even if the research claims otherwise. TorGuard forces user’s DNS requests through each VPN server connection to ensure it is not feasible for an attacker to hijack any DNS requests.
Other VPNs on this list have had security problems in the past, and we’ve noted them, but the article does mention that they don’t know if they’ve made improvements, but we’ve seen some–especially from ExpressVPN in the past few months.
Again, conducting research, testing VPNs, and understanding the technology can go a long way–picking the best VPN, or VPNs isn’t easy, but it’s possible.
Myth#10 All VPNs are Marketing Devils
This section is true to an extent, but again, just because there are so many bad VPNs out there, doesn’t mean there aren’t good ones.
The article says that if a VPN claims to offer everything, be suspicious, and rightfully so. We’ve tested a lot of VPNs that claim it all, but we’ve also tested some that do claim it all and have it all. It’s not easy to do, and maintaining a VPN is a continuous process that some companies can’t handle on every front.
The website attempts to put websites like us down since we are an affiliate of these sites, but we illustrate just as many examples as they do. We don’t recommend Hola or VPNs that have poor policies and bad applications.
That’s why our rating system exists! In fact, you’ll find that in many of our reviews we explain that services claim to have it all–while we remain skeptical.
Why Best10VPN can help you choose a VPN:
We test every VPN extensively, noting encryption rates, speeds, performance, and we regularly check to keep VPNs accountable for advertised features. This is why we have an article listing VPNs that work with Netflix even if a lot claim to do so and don’t.
We aren’t afraid to give VPNs bad ratings if they don’t deserve it. This article keeps iterating that VPNs often have bad logging policies, security flaws, inadequate protocols, or marketing campaigns looking to swill users. Our reviews find all of these details and aggregate it into an accurate score. If a VPN is under an 8 rating, you probably will have some problems later on down the line.
Unlike this ArsTechnica article, we are VPN experts who have tested over 50 VPN providers personally. We don’t rely on quotes to push forward our findings. Instead, we have created content based on strict reviews from accurate tests and research through our accountability and respect towards the end users–meaning that we never accept payment to raise review scores.