No, Tom’s Guide, VPNs Aren’t “Snake Oil”

It’s not the first time in recent months that I’ve seen reports in major publications like Tom’s Guide saying that virtual private networks aren’t particularly useful, despite the fact that the site in question has a section proudly devoted to reviewing and displaying the best VPNs. 

Once again, I find myself writing a response to an article that is meant to drum up discussion, using evocative language like “snake oil” to make a point about misinformation in the VPN sector. 

This time, it’s after presentations at the ShmooCon hacker conference on March 24.

VPNs & “Snake Oil”

There’s a quote behind the headline. “VPNs are internet snake oil,” said James Troutman, a director of technology at Tilson Broadband. 

But are VPNs really “snake oil” products? According to the Pharmaceutical Journal:

It’s a strong claim that is probably without merit considering VPNs do have their uses. In fact, the article itself notes that issues are more likely to be a case of misinformation, as many services only exaggerate in terms of what they can actually protect against.    

“Lots of people use VPNs because they don’t actually know what they do,” said Yael Grauer, an investigative reporter at Consumer Reports. “People are spending a lot of money and still getting hacked, or they’re spending a lot of money for protections they already have.”

That’s a fair assessment, especially if the user thinks that a VPN will protect them from being hacked in all instances. (For example, if the victim inputs their password in a phishing scam, no VPN will be able to save them from the inevitable fallout.)

Regardless, the article notes that:

After all, you might want to stop your ISP from throttling your connection, or you might want to unblock streaming and torrenting sites. A VPN is also great for improving privacy as long as you stick with a trustworthy audited provider. 

It’s another report that focuses on the excessive claims made by some VPNs, which does contribute to a landscape that is often filled with misinformation. 

The VPN White Paper

Further evidence is provided via a linked white paper entitled: “Security and Privacy of VPNs Running on Windows 10”. 

In 2021, Grauer and a team from the University of Michigan tested 51 consumer VPN service providers. She went on to complete a more extensive analysis of 16 major VPN brands.

The research concludes that a portion of providers do “accurately represent their services and technology” while offering helpful guides for users.

“Of the 16 VPNs we analyzed, Mullvad, PIA, IVPN, and Mozilla VPN (which runs on Mullvad’s servers)—in that order—were among the highest-ranked in both privacy and security. However, PIA has never had a public third-party security audit. Additionally, in our opinion, only IVPN, Mozilla VPN, and Mullvad—along with one other VPN (TunnelBear)—accurately represent their services and technology without any broad, sweeping, or potentially misleading statements.”

Protect your devices and data with a secure VPN like Private Internet Access.

Get PIA VPN

So, as with many services, they rely on different levels of marketing, with some preferring to ensure complete honesty and transparency. 

Tom’s Guide & VPNs

It’s somewhat ironic that Tom’s Guide has an extensive VPN review section and even includes an ad for Norton 360 Standard (which comes with a packaged VPN) at the bottom of the article. 

If VPNs did nothing, why would the majority of large publications have sections of their websites devoted to dissecting what the latest and greatest have to offer? 

On the other hand, it’s probably a good thing that they’re highlighting the limits of a VPN, especially given the connotations when using terminology such as “military-grade protection”. 

As always, we’d advise against the use of free VPNs, a sentiment that is echoed by both Grauer and Troutman. In fact, they’d go so far as to avoid lesser-known services entirely, which makes sense if you’re looking for an audited provider.

VPNs & Snake Oil: Summary

There are numerous reasons why it makes sense to use a VPN, even if the Tom’s Guide article’s content brings up some interesting points. 

Some of the claims made by providers are pretty outlandish but could be taken at face value by unsuspecting users. 

One well-known VPN said, “your data will never be compromised” if you used it, Grauer documented in her white paper. Another VPN said it would “protect [you] from hackers and online tracking.” A third promised “absolute privacy on all devices,” and another guaranteed “anonymous surfing.”

It’s easy for me to point out that you won’t be “surfing anonymously” with a VPN if you sign into Facebook or use your Google account. Not to mention, mobile devices are arguably better at tracking and collecting data about a specific user than a computer ever was. 

There’s a reason why many companies enforce the use of a VPN. It can help improve online privacy when used in conjunction with everything from antivirus software to a premium password manager.

So, no, VPNs aren’t “snake oil”, although it does make sense to be skeptical of the wildest claims made by providers. After all, many are desperate to get more users to sign up for their service by any means necessary.

Some of the best options like Mullvad and Private Internet Access are mentioned in the white paper, and they’re a great place to start if you’d like to get a feel for exactly what a VPN can or can’t do.