Web users need to take the initiative and read the privacy policies of the privacy platforms they

As Online Privacy Becomes Commercialized, Consumers Need to Get Educated

Commercial Virtual Private Networks (VPNs) are playing an increasing role in the current battle between privacy-conscious web users and government agencies seeking to increase their surveillance reach. But as online privacy becomes yet another product, ready to be branded and packaged, the problem of dishonest vendors, and a lack of education amongst customers, threatens to undermine any real benefit the market can bring.

Since the PRISM revelations, VPN usage is on the increase. IVPN saw an increase in sign-ups of around 56% in the two months following Edward Snowden's revelations. Other VPNs also reported an increase in business (as did privacy-orientated search engine DuckDuckGo). On the face of it, this is great news. More web users are starting to take online privacy seriously and are aware their private data is no longer (or never was) secure. But it also highlights a lack of education amongst web users. Why? Because VPNs will do virtually nothing to protect your data from the kind of surveillance outlined in the leaked PRISM documents.

The whole point of PRISM was to create backdoors into the web's most popular services, such as Google, Yahoo and Facebook. These backdoors allowed the NSA to intercept user data and harvest their information. That information could then be linked to the user's account and identity. VPNs can prevent an eavesdropper knowing a user's location and IP address, and prevent an ISP from recording your internet activity, but once you've signed up for a Gmail account you're on your own––that data is stored on Google's servers and is accessible by anyone who may have a backdoor onto those servers.

Web users need to take the initiative and read the privacy policies of the privacy platforms they're signing up for.

So, there is evidently a danger of web users not being properly educated on how to protect their data and a risk that VPN companies will exploit the climate of fear generated by the PRISM revelations, offering a wrong solution to the problem. Indeed, some VPNs have been less than honest when it comes to promoting their services in other ways. For instance, one of the key reasons to use a VPN––as touched on above––is its ability to avoid the data retention practices of an ISP. Nearly all ISPs will retain user data for a set period of time in the United States, and every ISP in Europe is forced by law to retain data for the entirety of a users' subscription and up to two years after the subscription ends.

VPNs are able to get around the above by wiping their logs of user activity regularly and reducing the period of data retention to, in some cases, minutes. The problem is not all VPNs actually state how regularly they wipe user data, and when you look closely at their privacy policies, you'll find some of the most popular services retain data for just as long as a regular ISP. Some of the biggest VPNs on the market may retain user data for two years, whereas others may only retain information for a few months.

It's therefore very important for web users to understand what kind of online privacy they are getting for their money and whether or not that service is actually offering the kind of protection they expect. Organizations such as the Electronic Frontier Foundation do a great job at educating the public on these matters, but web users also need to take the initiative themselves and actually read the privacy policies of the privacy platforms they're signing up for. 

About the Author

Nick Pearson is CEO of IVPN.

Featured

  • Pragmatism, Productivity, and the Push for Accountability in 2025-2026

    Every year, the security industry debates whether artificial intelligence is a disruption, an enabler, or a distraction. By 2025, that conversation matured, where AI became a working dimension in physical identity and access management (PIAM) programs. Observations from 2025 highlight this turning point in AI’s role in access control and define how security leaders are being distinguished based on how they apply it. Read Now

  • Report: Cyber Attackers Continue to Turn to AI-Based Tools to Avoid Detection

    Comcast Business recently released its 2025 Cybersecurity Threat Report, a comprehensive analysis of 34.6 billion cybersecurity events detected between June 1,2024 and May 31, 2025. Now in its third year, the report offers business leaders a unique perspective into the evolving threat landscape and provides actionable insights to help organizations strengthen their defenses and align cybersecurity with business risk. Read Now

  • Axis Communications Creates AI-powered Video Surveillance Orchestra

    What if cameras could not only see the world, but interpret it—and respond like orchestra musicians reading sheet music: instantly, precisely, and in perfect harmony? That’s what global network technology leader Axis Communications set to find out. Read Now

  • Just as Expected

    GSX produced a wonderful tradeshow earlier this week. Monday was surprisingly strong in the morning, and the afternoon wasn’t bad at all. That’s Monday’s results and asking attendees to travel on Sunday. Just a quick hint, no one wants to give up their weekend to travel and set up an exhibit booth. I’m just saying. Read Now

    • Industry Events
    • GSX
  • NOLA: The Crescent City

    Twenty years later we finds ourselves in New Orleans. Twenty years ago the aftermath of Hurricane Katrina forced exhibitors and attendees to look elsewhere for tradeshow floor space. Read Now

    • Industry Events
    • GSX

New Products

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.