Fear, Uncertainty and Doubt Fuel the Politics of VPN Regulation

Last week, an excellent Ars Technica article discussed the international politics of VPN regulation.

The suggestion that the VPN industry needs to be regulated because people might use the service for illegal behavior is off base. Even a spoon can be used a murder weapon, but that doesn’t mean we need to regulate spoons. A legitimately operated VPN service is no different than an Internet Service Provider. We know who our customers are, and we have session information enabling us to tie an IP address from which illegal activity occurred back to a customer. At Golden Frog we only keep these session logs for a period of 30 days, and we state so very clearly in our Privacy Policy. Although we keep session data, we don’t inspect or record your traffic, have any backdoors in our VPN encryption or use third parties to run our service.

There’s a lot of misunderstanding about the world of VPNs, and specifically around the VPN service industry. Here at Golden Frog we operate VyprVPN – one of the world’s most respected VPN services. We run VyprVPN because we believe in privacy, security and a free and open Internet. We believe a reporter should be able use a VPN to his encrypt in-flight Wi-Fi connection to prevent a hacker from snooping on him, and to secure in-flight Internet systems that are designed to be more insecure than typical public Wi-Fi.  We believe that a person on the Internet has a right to access the content they legally purchased, even when their Internet Service Provider (ISP) interferes through blocking, throttling or bad network management to allow congestion to highly demanded services. We believe that people in countries that impose censorship should have access to the same Internet as everyone else.

VPN services are not, and should not, be viewed as anonymizing services. Even providers that espouse anonymity are lying to themselves and their customer base, as a VPN does not make you anonymous. The depths that some VPN services go to lie in this regard even goes to their naming — the so-called “HideMyAss” VPN service provider had a very public outing a few years ago which illustrated that VPN services are actually not anonymous. Instead of claiming anonymity, it’s more accurate to say VPNs greatly increase your privacy and security in an increasingly insecure world.

The call to regulate the VPN industry is off base by a long shot. Fear, uncertainty and doubt are once again being used to fuel this panic over “encryption” taking the Internet dark. Golden Frog is not in business so customers can commit criminal behavior and get away with it; we’re in business to provide people privacy, security and access to a free and open Internet. Our encryption keeps the service you use to connect to the Internet (ISP, Wi-Fi, etc.) secure, and prevents others on the same network (that shady guy in the back of the plane, for example) from snooping on your traffic for personal, private or public gain. Much like Apple is fighting to ensure their customers have security from bad guys hacking their phones, we’re trying to help our customers keep bad guys from invading their everyday lives. Regulating the VPN industry would do absolutely nothing to prevent illegal activities from hiding behind encryption, but it would do everything to place law-abiding citizens at greater risk for attack.

Michael Douglass

Michael is Co-CTO of Golden Frog. He leads the software development teams that build Golden Frog’s online privacy services, and has worked at Internet companies for the entirety of his 20+ year career. Michael crafted the first prototype of VyprVPN, is passionate about the US Constitution and believes firmly in every human’s self-evident and unalienable right to privacy and security.

Read more posts by Michael Douglass →