Virtual Private Networks are marketed as a cloaking device to trick internet users into thinking they are anonymous online. However, it’s an open secret that VPNs sell user data for money.
By Steven Ehrlich, Forbes Staff
There’s an old saying among marketers, “If you are not paying for the product, then you are the product.” Over the past two decades, “free” internet services like Google and Facebook have built giant innovative businesses by essentially selling their customer data to advertisers.
Virtual private networks (VPNs) are far more insidious. These products are marketed as a simple way to browse the internet privately, free from governments and companies’ prying eyes. They are widely used by corporations to protect proprietary information. The market for VPNs surpasses $50 billion with more than a billion people worldwide are using these cloaking applications. However, talk to industry leaders like Roger Dingledine, founder of the Tor Project, whose website promises “You have the right to browse without being watched,” and you will soon find out that most VPNs are private-in-name-only. “It all comes down to privacy by promise,” says Dingledine, “There is no way for you to know if we’re screwing you.” Key privacy threats, according to Dingledine, include a company keeping a log of user activities, even if it promises not to, and the ability of VPN operators to monitor traffic flows to deduce when a user visits a website.
Nick Percoco, Chief Security Officer at crypto exchange Kraken, began working with VPNs over 20 years ago. At the time, they were primarily a business-to-business product, used by organizations requiring increased security in online communications, such as banks. Percoco points out that VPN issuers started to monetize ‘privacy’ by marketing their products to consumers. “People started to equate having a VPN on my phone or my computer as super secure and ultra-private,” says Percoco.”You’re just teleporting yourself to some arbitrary point on the internet. We know that over the years, many VPN companies record what their clients are doing and sell that data to people.” One such provider called “Hide My Ass” requires users to take extra steps to stop the sale of their data. Not exactly privacy by default.
Since many people don’t value privacy enough to pay for it, VPNs sell customer data to fund operations, in addition to offering subscription plans. The latest entry into the virtual private network market is a Swiss-based blockchain startup called Nym Technologies. Its founder Harry Halpin says his new NymVPN doesn’t need to sell customer data because blockchain technology will be used to create “self-sustaining economics.” NymVPN falls under the crypto category known as DePIN, for decentralized physical infrastructure because it relies on a blockchain to coordinate the operation of its network. In fact a key differentiator for NYM is that its blockchain, and the tradeable tokens it produces, are used as the payment rail for the VPN, which should fund the entire operation.
“We have a technology that nobody else does, we add noise to your data to scramble surveillance tools using artificial intelligence,” insists Halpin. “Its now or never for this kind of tech.”
Originally from South Carolina, Halpin did not set out to be a privacy crusader. That changed when he studied for a PhD in Informatics at the University of Edinburgh in Scotland, focusing on artificial intelligence and large language models that became precursors for companies like OpenAI. At the time, he was primarily interested in climate activism.
His focus changed in 2009, when he was arrested by Danish authorities when he was in Copenhagen to protest a lack of government action on climate change as a delegate to the United Nations Climate Change Conference. “At that time, I became interested in privacy, anonymity, and security. Then, in 2011, as I was finishing my PhD, I did some early work on VPNs, primarily because I had friends in North Africa.” says Halpin. “I found the Tunisian revolution against Ben Ali very inspiring. As someone who was targeted by undercover police, I was in a dark place, and it inspired me to see the courage of all these young people in Tunisia, Egypt, and elsewhere [rise against authoritarian regimes].”
After supporting protesters by helping them get set up with various VPNs during the Arab Spring, Halpin went to work for Sir Tim Berners-Lee, inventor of the World Wide Web, to help make web browsers like Google Chrome more secure. His next epiphany came following the Edward Snowden revelations in 2013. “I realized that the problem of mass surveillance is much worse than I thought because Snowden revealed that you now have a global passive adversary that can watch every [data] packet with a god’s eye view of the internet,” says Halpin referring the Snowden’s revelations about the U.S. government’s surveillance from his days as an NSA analyst.
It turns out that the European Union agreed. So in 2015, it put out a $4.5 million grant proposal described by Halpin as designed to “Build NSA-proof anti-surveillance software ,because they didn’t want [former German Chancellor Angela] Merkel’s phone to be spied on.” Halpin won the grant and started Nym.
The grant funded Halpin’s research into a concept known as mix-networks or “mix-nets”, which offer the ability not only to conceal a user’s online activity but their identity as well. These differ from simple VPNs because they use a network of relays to shuffle messages and break linkages between senders and receivers. The catch is that mix-nets use a lot of computational power, so they are slow.
“They couldn’t scale to general purpose VPN style traffic,” says Halpin.
Halpin’s Nym, which has about 50 employees, including convicted Wikileaks spy Chelsea Manning who serves as a Security Consultant for the startup, recently launched its new VPN, NymVPN in beta. It is still a work in progress. For Halpin and his team to succeed they must solve two complex problems simultaneously. First, they need to create a mix-net that performs at usable speeds. When Forbes used NymVPN during a video chat, the screen kept freezing and pages took more than 30 seconds to load. The company has already had to compromise to some degree, offering a faster “two-hop” VPN, which utilizes a pair of relays to complement its more secure, but slower “five-hop” alternative. Manning says of the comparison, “You are trading anonymity for speed.” However, the two-hop method is recommended for video calls or sending large files. Halpin and Manning aim to find a way to more efficiently organize data packets and leverage hardware to reduce this sluggishness, especially when setting up the initial set of nodes.
“The closer we can get the packet exchange down to bare metal, the more secure it is, the faster it is,” says Manning, referring to the efficiency that comes with hard-coding programs directly onto silicon chips as opposed to running software programs to accomplish tasks atop generic hardware.
The company’s next challenge comes from crypto markets. Currently Nym’s token is languishing, down 92% since it launched in April 2022, and there is scant activity on the blockchain. Hardly any applications are running on Nym right now despite a $300 million innovation fund set up by venture capitalists on behalf of Nym in October 2023. “We thought people would be very excited about mix-nets, but we received very few proposals,” says Halpin. “There were maybe 30 proposals, of which only one got venture capital funding.” Halpin’s team at Nym decided to build its new VPN, which he hopes will be the killer-app for his privacy focused blockchain.
Tor’s Dingledine warns that Nym’s reliance on demand for its blockchain and higher prices for its token, as its VPN’s funding mechanism is risky. “There are some downsides to the capitalist-based approach,” says Dingledore. “One of the big ones is, why people participate in the first place. Is the primary goal user safety or profit? If it’s profit, you will put your relay in the cheapest possible place.”
DePIN, as a sector within crypto, has attracted more than $16.8 billion in 1,746 deals since 2020 according to Pitchbook, but it is still largely unproven. The only project held up as a success right now is Helium, a blockchain-based wireless hotspot service that promised to create what it is being touted as “the people’s network.” However, in its short history, it has already had to switch from operating its blockchain to moving on top of $72 billion (market cap) Solana, and it has faced accusations of insider enrichment. Its token, HNT, is down 88% from its all-time high of $54.88 in 2021, and the network only generates about five thousand dollars a day in fees.
Undeterred, Halpin and team endeavor to continue to build a better mousetrap. “One of the biggest problems I see in [VPN] technology right now is a lack of vision, where people keep building the same thing,” says Manning. “The most fun part about this project is that the mix-net is something new.”
Read the full article here