US lawmakers push FTC to crack down on VPNs

Two Democratic lawmakers are calling on the Federal Trade Commission to stop VPN providers from using deceptive practices to mislead customers into believing their services are secure.

“The VPN industry is extremely opaque, and many VPN providers exploit, mislead, and take advantage of unwitting consumers,” US Rep. Anna Eshoo (D-California) and US Sen. Ron Wyden (D-Oregon) told the commission.

In a letter(Opens in a new window) sent to the FTC today, the lawmakers urge the agency to crack down on the consumer VPN industry for engaging in deceptive marketing claims and shady data practices. They point to the impact of the Supreme Court overturning Roe v. Wade, which has already led nine US states to ban abortions. The lawmakers are now worried abortion seekers will flock to VPNs, under the presumption the services will protect their digital privacy.

The problem is that users have no way to verify the data protection claims from VPN providers, including if they truly maintain a “no-logs” policy on processing user data. “There are hundreds, if not thousands, of VPN services available to download, yet there is a lack of practical tools or independent research to audit VPN providers’ security claims,” the lawmakers wrote.

Of course, customers can rely on review sites and blogs to help them find a worthy provider. But the lawmakers point out that “some VPN review websites are owned by companies that also offer VPN services. Meanwhile, blogs can profit from partnerships with the VPN providers.

“Many popular VPN services also spread inaccurate information on their websites,” the letter added. The lawmakers cite a study(Opens in a new window) from Consumer Reports last year, which found 12 out of the 16 VPN services examined “either inaccurately represented their products and technology, or made hyperbolic or overly broad claims about the kinds of protection they provide their users.”

This can include pushing marketing language that promises the customer complete anonymity and untraceability when in reality advertisers and governments can still track users’ activities through other means via their internet browsing sessions. For example, if you allow Google to log your browsing or search history, despite using a VPN.

The other worry is that the VPN providers will secretly turn over customer data to law enforcement if subpoenaed or sell access to it for marketing purposes. Eshoo and Wyden added: “We’re highly concerned that this deceptive advertising is giving abortion-seekers a false sense of security when searching for abortion-related care or information, putting them at a higher risk of prosecution.”

VPN providers have indeed gone overboard with certain marketing claims and employed shady tactics, which has made it harder for consumers to understand which ones are trustworthy. So an FTC crackdown could provide the regulatory jolt the industry needs. That said, VPNs can protect your digital privacy if you use them correctly and fully understand their limitations.

The FTC confirmed it received the letter from Eshoo and Wyden, but declined to offer any additional comment. Nevertheless, earlier this week, the FTC warned it would go after companies that make misleading claims about your data being “anonymized” when it’s not.

In their letter, Eshoo and Wyden added: “We also urge the FTC to develop a brochure for abortion-seekers on how best to protect their data, including a clear outline of the risks and benefits of VPN usage.” PCMag