VPNs aren’t as protective as you think they are, says US Congress

In the wake of Roe v. Wade repeal, Democrats want to clamp down on VPNs that make ‘false and misleading claims’ about privacy.

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Members of the US government are urging action against deceptive VPN marketing.

Two Democrats in the United States congress have writtena letterto the Federal Trade Commission to urge chair Lina Khan “to take enforcement actions against the problematic actors in the consumer Virtual Private Network (VPN) industry,” based on what they consider a serious issue: “deceptive advertising and data collection practices.”

The letter, from senator Ron Wyden and representative Anna G. Eshoo, comes in the wake of the Supreme Court’s decision in Dobbs v. Jackson, which overturned the US’s decades-long protections for abortion. One outcome of the Dobbs decision, the congresspeople write, is that VPNs are being recommended as a privacy tool amid concerns that browsing data, location history andeven period tracking appscould be weaponized in states that criminalize abortion.

“As the recent Supreme Court decision in Dobbs v. Jackson Women’s Health Organization has amplified concerns about digital reproductive privacy, people seeking abortion are increasingly told that installing a VPN is an important step for protecting themselves when seeking information on abortion in states that have outlawed and criminalized abortion,” the letter states.

Congress' criticism of VPN practices

Wyden and Eshoo argue that the VPN industry’s lack of oversight, “false and misleading claims about their services,” and “selling user data and providing user activity logs to law enforcement” are pressing concerns for abortion-seekers living in states that are in the process of criminalizing it.

The letter bases its argument on a detailed2021 white paper by Consumer Reports, which scrutinized 16 popular VPN providers for security and data privacy. Some of the report is dense and technical, while other sections delve into the confusing and misleading marketing language that many VPNs use to puff themselves up. One popular example was “military-grade encryption”—as Consumer Reports pointed out, “there is no specific VPN standard for ‘the military,’ and this term is often a red flag for security professionals.”

Consumer Reports' study is strong evidence that VPNs are, at the very least, not foolproof tools for online anonymity. There’s a lot of data about specific providers to dig into, but here are some particular points that stood out to me:

The biggest gaming news, reviews and hardware deals

Keep up to date with the most important stories and the best deals, as picked by the PC Gamer team.

Consumer Reports highlighted a 2018 case in which VPN IPVanishprovided user data logs to the US Department of Homeland Security, despite its website claiming it kept no logs. But other cases have proven VPNs truthful on the subject, like a2018 hacking lawsuitin which VPN Private Internet Access testified it could not produce any traffic data in response to a subpoena.

The point is, subscribing to almost any VPN includes some degree of risk: you’re taking it on faith that they really don’t keep any logs, and hiding your IP address isn’t the guaranteed privacy protection some VPN marketing makes it out to be.

If you’re already a VPN subscriber or thinking of using one, Consumer Reports’resulting recommendationsoffer a concise breakdown of what to look for, and highlight three VPNs that got top marks for privacy and security. But the question now is whether the FTC will look into regulating how VPNs handle user data or how they’re marketed.

Eshoo and Wyden’s letter to the FTC asks the commission to “take immediate action under Section 5 of the FTC Act to curtail abusive and deceptive data practices in companies providing VPN services to protect internet users seeking abortions.” Section 5,outlined here, broadly declares unlawful “deceptive practices” that can mislead consumers and empowers the FTC to enact complaints or penalties for those violations. But even if the FTC does turn an eye towards VPNs, it could be months or years before it has any real effect.

The letter’s second request may have more immediate benefit to those seeking abortions: it asks the FTC to “develop a brochure for abortion-seekers on how best to protect their data, including a clear outline of the risks and benefits of VPN usage.”

FTC chair Lina Khan hasn’t yet responded to the letter specifically, but the commission didpublish a statementon July 11 that it is “committed to fully enforcing the law against illegal use and sharing of highly sensitive data.”

Wes has been covering games and hardware for more than 10 years, first at tech sites likeThe WirecutterandTestedbefore joining the PC Gamer team in 2014. Wes plays a little bit of everything, but he’ll always jump at the chance to cover emulation and Japanese games.

When he’s not obsessively optimizing and re-optimizing a tangle of conveyor belts in Satisfactory (it’s really becoming a problem), he’s probably playing a 20-year-old Final Fantasy or some opaque ASCII roguelike. With a focus on writing and editing features, he seeks out personal stories and in-depth histories from the corners of PC gaming and its niche communities. 50% pizza by volume (deep dish, to be specific).

Pud’s Dolbus gets you 5.1 surround sound from headphones with a side of deadly Saw trap nightmares

Five things I wish I’d known before buying my first gaming mouse

How to get the best ending to Dragon Age: The Veilguard—or the worst, if you’re curious