The Importance of VPNs

In June 2013, documents leaked by NSA contractor Edward Snowden revealed what the government had been doing. The PRISM program collected communications directly from nine major tech companies including Google, Facebook, Apple, and Microsoft.^[1] A separate program gathered phone metadata from every major carrier - who you called, when, for how long, from where. Mass surveillance of ordinary citizens was already happening.

Four years later, Congress made things worse. In March 2017, S.J.Res. 34 eliminated rules that would have required internet service providers to get your permission before selling your browsing history.^[2] The vote was 50-48 in the Senate, 215-205 in the House. Your ISP can now legally monetize everywhere you go online. One policy analyst put it bluntly: your ISP "knows more about your browsing habits than Facebook and Google combined" because all your traffic flows through them.

Beyond government and ISPs, a data broker industry profits from your information without your knowledge. The FTC studied this industry in 2014 and found companies holding data on virtually every American consumer.^[3] One broker maintained over 700 billion data elements. Another added 3 billion new data points every month. They collect from public records, commercial transactions, and online activity, then sell profiles to advertisers, employers, and landlords. FTC Chairwoman Edith Ramirez noted that data brokers often "know as much - or even more - about us than our family and friends."

Government surveillance is documented. ISP data sales are legal. Data broker harvesting is ongoing. These are facts, not fears.

A Virtual Private Network creates an encrypted tunnel between your device and a server you choose. Your internet traffic travels through this tunnel before reaching its destination. Your ISP can no longer see which websites you visit. They see only encrypted data going to the VPN server. Websites see the VPN's address, not yours. Your location and browsing patterns become harder to track.

Public WiFi makes this protection more urgent. Coffee shop networks, airport terminals, hotel connections. Anyone on the same network can potentially intercept unencrypted traffic. A VPN encrypts everything before it leaves your device. Whether you're checking email or logging into your bank, the encryption happens on your end first.

A VPN is a real barrier between your activity and those who want to harvest it, even if not a perfect one.

The hard part is choosing a provider that actually protects you rather than one that just claims to.

No-log policies need specifics. "No logs" should mean no activity logs and no connection logs. If a provider uses vague language like "we don't sell your data," they're dodging the question. Ask what they record. If they can't answer clearly, assume they record everything.

Jurisdiction determines who can compel access. VPN providers operate under the laws where they're incorporated. The Five Eyes alliance (the US, UK, Canada, Australia, and New Zealand) shares intelligence extensively. Providers in these countries can be legally forced to collect data or gagged from telling you about it. Providers that prioritize privacy often incorporate in Switzerland, Panama, or similar jurisdictions with stronger legal protections.

Verify claims through audits. Several providers with "no-log" marketing have handed user data to authorities when pressed. PureVPN did it in 2017. IPVanish did it for Homeland Security in 2016. Words on a website mean nothing. Trustworthy providers submit to independent security audits and publish the results.

Free VPNs are the worst option. A 2016 study of 283 free VPN apps found that 38% contained malware, 67% included tracking libraries, and 18% didn't encrypt traffic at all.^[4] One popular free service was caught selling user bandwidth to a subsidiary that ran it as a botnet. Another, owned by Facebook, harvested detailed browsing data while marketing itself as a security tool. Free VPNs need revenue somehow. That revenue comes from selling your data.

VPNs have real limits. Websites track you through browser cookies and device fingerprinting regardless of your IP address. Logging into Google or Facebook ties your activity to your identity no matter what VPN you're using. A VPN encrypts traffic between you and the server. It won't stop malware already on your machine or fix bad security habits.

Any provider promising "complete anonymity" is lying. Good providers tell you what they protect and what they don't.

The surveillance described above exists because harvesting your data is profitable and nothing stops it. ISPs, data brokers, and ad networks built their business models around collecting your information without meaningful consent. A VPN breaks part of that chain. Your ISP can't sell a browsing session they can't see. Brokers can't harvest data points that never reach them.

PSI is building a no-log VPN service for THRIVE members. Jurisdiction outside Five Eyes, transparent policies, no advertising revenue model to corrupt the incentives.

Your information has value. You should decide who gets it.

References

1.↑

Gellman, Barton; Poitras, Laura (2013). “U.S., British intelligence mining data from nine U.S. Internet companies in broad secret program”. The Washington Post.

2.↑

(2017). “Congress just voted to let internet providers sell your browsing history”. TechCrunch.

3.↑

(2014). “Data Brokers: A Call for Transparency and Accountability”. Federal Trade Commission.

4.↑

Ikram, Muhammad; Vallina-Rodriguez, Narseo; Seneviratne, Suranga; Kaafar, Mohamed Ali; Paxson, Vern (2016). “An Analysis of the Privacy and Security Risks of Android VPN Permission-enabled Apps”. ACM Internet Measurement Conference.

Education, Liberty, and Democracy

The Social Contract, Explained