After India, US lawmakers have asked the Federal Trade Commission (FTC), led by Lina Khan, to stop hundreds of companies that offer Virtual Private Network (VPN) services to individuals from misusing and lying about data.
A VPN is an online service that users can use to connect to the Internet more safely.
But, lawmakers said the consumer VPN industry is full of misleading advertising and bad data practices.
Misleading claims from VPNs services
Anna G. Eshoo (D-CA) and Ron Wyden (D-OR) wrote a letter about abusive practices in the consumer VPN industry. These include making false or misleading claims about their services. Also selling user data, giving user activity logs to law enforcement, even though they promise “total anonymity,” and not keeping an eye on the industry.
“We urge you to use your authority to take enforcement actions against the problematic actors in the consumer VPN industry, focusing particularly on those that engage in deceptive advertising and data collection practices,” they said.
The lawmakers said that the VPN industry is not very clear. Many VPN providers take advantage of consumers who don’t know what’s happening.
In India, the Indian Computer Emergency Response Team (CERT-In) issued a directive asking all VPN providers with users in the country to meet more rules.
The new rules, which go into effect on September 25, require VPN service providers, data centers, and cloud service providers to keep customer information like names, email addresses, phone numbers, and IP addresses for five years.
Because of the new rules, top VPN services like NordVPN, Surfshark, and ExpressVPN have taken their servers out of India.
The US lawmakers said that it is tough to figure out which VPN service to trust, especially in a crisis.
“There are hundreds, if not thousands, of VPN services available to download, yet there is a lack of practical tools or independent research to audit VPN providers’ security claims,” the letter read.
In December 2021, Consumer Reports (CR) found that 75% of leading VPN providers misrepresented their products and technologies. They also made exaggerated claims about the security they offer on their websites, like advertising “military-grade encryption” that doesn’t exist.
Advocacy groups have also found that the most popular VPN services lie about how their products work and don’t give their customers enough security.
“VPN services have also been exposed for collecting, and, in some cases, abusing, user data. In 2020 it was revealed that a leading analytics firm used personal data from over 35 million people who had downloaded one of their 20 VPN and ad-blocking apps to power their analytics platform without consent,” the letter said.