Two US lawmakers have written a letter to the US Federal Trade Commission (FTC) urging it to take action to prevent VPN providers from using ‘deceptive advertising and data collection practices.’
They have demanded a crackdown on consumer VPN providers, which they argue are operating in a highly unregulated sector and are essentially conning people into using their services with false and misleading claims.
What does the letter say?
The letter has been sent by two Democratic lawmakers, Congressional Representative Anna Eshoo (D-California) and Senator Ron Wyden (D-Oregon).
It is notable that Wyden, in particular, has leant his name to this letter as he has been a staunch advocate for online freedoms in the past and was especially vocal on topics such as cyber-security and net neutrality during the Trump administration.
The trigger for this letter appears to have been the recent ruling by the US Supreme Court which overturned the Roe vs. Wade precedent that made abortion permissible in the USA.
As a result of that ruling, abortion has already been banned in nine US states and abortion rights have been dramatically curtailed in many more. Eshoo and Wyden note that women who want to have an abortion are increasingly being told to use a VPN to protect their privacy when looking for reproductive healthcare online.
They note that this advice has “brought VPNs into the mainstream among American internet users and resulted in a significant market boom.”
However, they note that there are an awful lot of VPNs on the market, and it is hard to know which ones offer legitimate privacy protections and which ones don’t.
Lawmakers’ VPN privacy worries
In their letter, Eshoo and Wyden talk about ‘consumer VPNs’, but the concerns that they raise are all too familiar to anyone who has read our analysis of so-called free VPNs.
They note, as we have previously, that many VPN security claims are untested and raise concerns that some VPN review sites have connections to or are even owned by the VPN providers they are supposed to be reviewing.
The letter went on to attack VPN providers for misrepresenting their services with false security claims, citing the use of the phrase ‘military-grade encryption’ as one such example, insisting that such a thing doesn’t exist.
They also note many VPNs promote having a no user logs policy which is, according to the two lawmakers “nearly impossible to verify”. They go on to cite a security leak from back in 2020, in which it was claimed that seven VPNs which claimed no user logs policies had leaked more than 1.2TB of personal user data, including internet logs.
They also noted examples of VPN providers handing over user data to law enforcement bodies on request.
The implication being made in this letter is that it is irresponsible to recommend that women seeking an abortion in the US should use a VPN since their privacy might be compromised and they could be left exposed to legal, physical, and emotional repercussions.
Let’s address some of the points made in this letter in turn.
First of all, the letter raises some very legitimate concerns about the VPN sector as a whole. They are concerns that we have raised ourselves across multiple stories and reviews on this site and will continue to do so.
But it is important to contextualise that these concerns are only legitimate when looking at the sector as a whole. They do not apply to the best VPN providers in the sector, and we will come to explain why.
It is right to say that there are a lot of dodgy VPN review sites on the internet. Some have financial links to the VPN companies they promote, and others are even owned by VPN providers.
This is wrong and is a practice which damages the entire sector. VPNCompare is transparent about the fact that, while we do receive a small affiliate payment if you sign up to a VPN through our site, we have no direct financial links to any VPN company.
This can be seen in our reviews where we criticise all VPNs where we see gaps in their service. The same cannot be said for a lot of our competitors.
Eshoo and Wyden are also right to say that it can be difficult to tell where a VPN’s claims stand up to scrutiny and where they don’t. Some VPN providers have started conducting independent audits which solve this problem. Our reviews are also totally independent and trustworthy.
Their claim about ‘military-grade’ encryption is a more curious one. What most VPN providers mean by that phrase, is that they are using encryption that is on a par with that used by the US Military. That means it is essentially uncrackable and is a commonly known fact that is not disputed.
It is not suggesting that a particular VPN used by the military employs such encryption standards as the letter claims.
What are the solutions to the lawmakers’ concerns?
Given all that, are the calls made in the letter for the FTC to regulate the VPN sector a sensible one?
The problem is that the VPN industry is a global one with providers based in many different countries around the world, including many in offshore locations, which allow them to implement the best possible privacy policies for their customers.
Most of the dodgy VPNs, which tend to be the free ones, are located in places like China. Either way, they do not fall under US jurisdiction and, therefore, FTC regulations will not apply to them anyway.
If the FTC decided to go down the road of blocking VPNs that don’t comply with regulations, they are going to end up in the same situation as China and Russia, playing a game of whack-a-mole with VPNs that they cannot possibly win.
The suggestion of a brochure for women seeking abortions on how to protect their data, including advice on how to use VPNs safely, is a very good idea.
But it is not an original one. VPNCompare has many guides on how to keep data secure and advice on which VPNs offer genuine security and privacy and which don’t.
It is an important issue, and it is vital for women seeking abortions to be able to do so safely and privately in a country which is increasingly hostile towards them. But that information is already out there. All the lawmakers and the FTC need to do is push people towards it.