Virtual private networks are marketed as a cloaking device to trick Internet users into believing they are anonymous online. However, it’s no secret that VPNs sell user data for money.
By Steven Ehrlich, Forbes Team
There is an old saying among marketers, “If you’re not paying for the product, then you are the product.” Over the past two decades, “free” Internet services like Google and Facebook have built giant, innovative businesses by essentially selling their customer data to advertisers.
Virtual private networks (VPNs) are much more insidious. These products are marketed as an easy way to browse the Internet privately, away from the prying eyes of governments and corporations. They are widely used by businesses to protect confidential information. The VPN market exceeds $50 billion and more than a billion people worldwide use these hiding apps. However, talk to industry leaders like Roger Dingledine, founder of the Tor Project, whose website promises “You have the right to browse without being monitored,” and you’ll soon discover that most VPNs are private in name only. “It all comes down to a question of privacy by promise,” says Dingledine. “You have no way of knowing if we are cheating on you.” According to Dingledine, the main privacy threats include whether a company keeps a log of user activities, even if it promises not to, and the ability of VPN operators to monitor traffic flows to infer when a user visits a website.
Nick Percoco, head of security at Kraken, started working with VPNs more than 20 years ago. At the time, it was primarily a business-to-business product, used by organizations requiring increased security in their online communications, such as banks. Percoco points out that VPN issuers have begun to monetize “privacy” by marketing their products to consumers. “People started to view having a VPN on my phone or computer as super secure and ultra private,” Percoco says. “You simply teleport to an arbitrary point on the Internet. We know that over the years many VPN companies record what their customers do and sell that data to people. One of these providers called “Hide My Ass” requires users to take additional steps to stop the sale of their data Not exactly privacy by default.
Since many people don’t value privacy enough to pay for it, VPNs sell customer data to fund their operations, in addition to offering subscription plans. The latest entry into the virtual private network market is a Swiss-based blockchain startup called Nym Technologies. Its founder, Harry Halpin, says his new NymVPN does not need to sell customer data because blockchain technology will be used to create a “self-sustaining economy.” NymVPN belongs to the crypto category known as DePIN, for decentralized physical infrastructure, because it relies on a blockchain to coordinate the operation of its network. In fact, a key differentiator for NYM is that its blockchain and the tradable tokens it produces are used as payment for the VPN, which is expected to fund the entire operation.
“We have technology that no one else has, we add noise to your data to confuse surveillance tools using artificial intelligence,” insists Halpin. “It’s now or never for this kind of technology.”
Ohoriginally from South Carolina, Halpin does not aim to be a privacy advocate. That changed when he studied for a doctorate in computer science at the University of Edinburgh in Scotland, focusing on artificial intelligence and large language models that became the precursors to companies like OpenAI. At the time, he was primarily interested in climate activism.
His focus changed in 2009, when he was arrested by Danish authorities while in Copenhagen protesting the government’s lack of action on climate change as a delegate to the United Nations Conference on climate change. “At that time, I became interested in privacy, anonymity and security. Then, in 2011, while I was finishing my PhD, I started working on VPNs, mainly because I had friends in North Africa. Halpin said. “I found the Tunisian revolution against Ben Ali very inspiring. As someone targeted by undercover police officers, I was in a dark situation and it inspired me to see the courage of all these young people in Tunisia, Egypt and elsewhere (uprising against authoritarian regimes).
After supporting protesters by helping them install various VPNs during the Arab Spring, Halpin went to work for Sir Tim Berners-Lee, inventor of the World Wide Web, to help make web browsers like Google Chrome more secure. His next revelation came after Edward Snowden’s revelations in 2013. “I realized that the problem of mass surveillance is much worse than I thought because Snowden revealed that you now have a global passive adversary who can monitor every (data) packet with a divine eye. view of the Internet,” Halpin says, referring to Snowden’s revelations about US government surveillance when he was an NSA analyst.
It turns out that the European Union agreed. So in 2015, he submitted a $4.5 million grant proposal described by Halpin as designed to “build NSA-proof anti-surveillance software, because they didn’t want the phone of (former German Chancellor Angela) Merkel being spied on. » Halpin won the scholarship and launched Nym.
The grant funded Halpin’s research into a concept known as mixed networks or “mix-nets,” which offer the ability not only to conceal a user’s online activity, but also their identity. These differ from simple VPNs because they use a relay network to mix messages and break links between senders and recipients. The problem is that mixed networks use a lot of computing power, so they are slow.
“They couldn’t accommodate general-purpose VPN-type traffic,” says Halpin.
HAlpine Nym, which has about 50 employees, including convicted Wikileaks spy and security consultant for the startup Chelsea Manning, recently launched its new VPN, NymVPN, in beta. It’s still a work in progress. For Halpin and his team to succeed, they must solve two complex problems simultaneously. First, they need to create a mix-net that operates at usable speeds. When Forbes used NymVPN during a video chat, the screen remained frozen and pages took more than 30 seconds to load. The company has already had to compromise to some extent, offering a faster “two-hop” VPN, which uses a pair of relays to complement its more secure, but slower, “five-hop” alternative. Manning says of the comparison: “You trade anonymity for speed. » However, the two-hop method is recommended for video calls or sending large files. Halpin and Manning aim to find a way to organize data packets more efficiently and leverage hardware to reduce this slowness, especially when setting up the initial set of nodes.
“The closer we can bring packet exchange to bare metal, the more secure and faster it is,” says Manning, referring to the efficiency brought by hard-coding programs directly onto silicon chips, as opposed to executing software programs. to accomplish tasks on generic hardware.
The company’s next challenge comes from the crypto markets. Currently, Nym’s token is languishing, down 92% since its launch in April 2022, and there is little activity on the blockchain. Almost no applications are currently underway on Nym, despite a $300 million innovation fund established by venture capitalists on behalf of Nym in October 2023. “We thought people would be very excited about mixed networks, but we received very few proposals,” says Halpin. “There were maybe 30 proposals, only one of which got venture capital funding. » Halpin’s team in Nym has decided to create its new VPN, which it hopes will be the flagship application of its privacy-focused blockchain.
Tor’s Dingledine warns that Nym’s reliance on demand for its blockchain and higher prices for its token as its VPN’s funding mechanism is risky. “There are some drawbacks to the capitalist approach,” says Dingledore. “One of the main questions is why people participate in the first place. Is the main goal user safety or profit? If it’s profit, you will place your relay in the cheapest place possible.
DePIN, as a crypto industry, has attracted over $16.8 billion in 1,746 transactions since 2020 according to Pitchbook, but this is still largely unproven. The only project considered a success at present is Helium, a blockchain-based wireless hotspot service that promises to create what it’s billed as “the people’s network.” However, in its short history, it has already had to transition from operating its blockchain to the $72 billion (market cap) Solana and faced accusations of internal enrichment. Its token, HNT, is down 88% from its 2021 all-time high of $54.88, and the network only generates around five thousand dollars per day in fees.
Undeterred, Halpin and his team strive to continue building a better mousetrap. “One of the biggest problems I see in (VPN) technology right now is the lack of vision, where people keep building the same thing,” says Manning. “The most fun part of this project is that the mix-net is something new. »