Trust is hard to build and telling the truth is a valuable habit to support this process.
Trust is also easy to lose and telling lies (even white ones) is a fast way to diminish it.
When picking a VPN service, the most important questions to ask are: do I trust them to act in my best interest? Can I trust that they do not inspect my traffic or log my activities?
Most popular VPN services are guilty of a practice that plagues bad parenting, budding relationships and political discourse: false promises. However, they stay popular as most customers don’t know they were enticed by lies.
We discussed how popular providers over-promise in our earlier post, ‘Why you don’t need a VPN’. Now we observe the five most common, misleading tropes in the industry.
TL;DR - 9 out of 10 of frequently recommended VPN services we observed used at least one of the misleading wordings we have identified. The three boldest (PIA, HotSpotShield, CyberGhost) used all five. TunnelBear was the only provider to pass with a clean slate.
Here are the promises and claims we recommend providers to get rid of:
1. “Become anonymous”
and its variations, “achieve anonymity”, “total anonymity”, or “surf the web without a trace”.
Perfect anonymity online is close to impossible to attain. You need to understand your threat model, use tactics like compartmentalization, airgapped and burner devices, getting around device fingerprinting… and the list goes on. Using a VPN alone will get you nowhere near an anonymous presence online. You can be tracked without major efforts after giving out personally identifiable information, through collected behavioral data and with cross-device tracking.
VPN services promising “total anonymity” are not just misleading, they are dangerous to their customers - especially to journalists, dissidents and people living under totalitarian regimes. Why do they do this? Because fear, uncertainty and doubt creates a strong emotional need, and promising a cure-all sells the service.
6 out of 10 most recommended providers are guilty of promising “anonymity” in some shape or form.
ExpressVPN home page - “Stay secure and anonymous online”
CyberGhost home page - Promises “total data anonymity across all apps and platforms”
ProtonVPN home page - “Our anonymous VPN service enables Internet without surveillance”
2. “Complete privacy”
and its variations, “most private”, perfect privacy", “truly private browsing” or “absolute privacy”.
Next on the list is the little brother of the anonymity promise, “perfect privacy”. Privacy is a spectrum. Just as zero privacy is not possible - even in extreme cases your thoughts can remain private - you cannot attain complete privacy either. There are many ways to capture your behavior, actions and inputs offline and online, generating pieces of data that reflect a piece of your personality or behavior. That data can be used to violate your privacy.
Some providers also add “total security” and “perfect security” to their promises - a similarly dumbfounded claim.
6 out of 10 most recommended providers are guilty of promising “complete privacy” or variation of it.
Private Internet Access home page, black friday promo - “Full online privacy for only 1,94 €/month”
SurfShark country promo pages - “allows you to surf in complete privacy”
VyprVPN (get vyprvpn page) - “Total Privacy and Security”
3. “Fastest VPN”
and “highest speeds” or “best VPN speeds”.
Using a mediocre VPN can slow your connection down - speed matters, and this pushes brands to make lofty claims about it.
Yet most VPN companies use the same service providers and very similar hardware setups to run their servers. Recent advancements in VPN protocols (particularly WireGuard) offer better speeds, but if the “best” services use them, it creates no speed advantages for any of them.
While many other factors affect your connection speed, you need to trust your VPN to pick good infrastructure partners, use the latest hardware, deploy the best protocols, not oversell their servers or throttle your speeds.
Good VPN providers will likely yield similar speeds for a significant sample size of customers averaged over time. Measurements will vary across different locations, devices, times, etc. and network conditions change all the time. There are no universally applicable metrics to award the title of “Fastest VPN”.
For these reasons such claims can not be true, and assuming one service will offer the fastest connection for each potential subscriber is misleading.
NordVPN Fast VPN page - “The fastest VPN experience on the planet”
HotSpotShield Fastest VPN page - “Get the world’s fastest VPN experience”
TorGuard VPN and Proxy network page - “The fastest VPN and Proxy Network”
4. “Military grade encryption”
or “industry-leading encryption” and “most encryption”.
“Military grade encryption” is a popular marketing gimmick in the VPN provider sales vocabulary. There is no fixed standard set in militaries for encryption, and implementations vary across different segments of armed forces.
There are weak encryption protocols which you obviously don’t want to see used by a VPN service e.g. PPTP. However, the vast majority of providers implement the same level of encryption using OpenVPN or Wireguard with the default cipher (AES-256-GCM / ChaCha20). Providers don’t develop their own encryption protocols (excluding obfuscation layers). Providers calling their encryption technology “industry-leading” is misleading.
ExpressVPN Blog - “ExpressVPN for routers protects all your devices with military grade encryption!”
Private Internet Access home page - “…to provide the highest speeds and most encryption.”
SurfShark streaming promo - “all of your data is protected by a military-grade encryption system”
5. “The best VPN”
or “market leading VPN” and “best VPN for X”.
Eight out of ten VPN providers we looked at claimed they are the best for everyone or for a specific purpose. This number alone demonstrates the issue with this claim.
No VPN solution works universally well for each customer’s needs. A comparison website, after careful, independent evaluation might judge that a brand offers the “best all-around solution on the market”. But for service providers to claim they are the best for you is a bold move.
This problem points to a general issue with US-focused marketing, where advertisers enjoy flexibility for wording in advertising. But even there you need to support your claims with substantial, objective evidence.
TorGuard country promo pages - “Don’t settle for second best. Use the best VPN for Australia.”
NordVPN home page title - “NordVPN: Best VPN service. Online security starts with a click.”
VyprVPN home page - “Get the best VPN for streaming with lightning-fast and reliable connections”
We have empathy for the marketing teams of VPN providers. The competition is fierce. Writing copy that sells is hard. You need to optimise for juicy search keywords.
Yet, you should not make promises or claims that are untrue.
Start removing the misleading words from your websites today.
VPN providers included in this research and their score:
Private Internet Access 5/5
Download the full table to review scores.
All websites were observed during a period between 15 November and 1 December 2020.
Suggest an edit on GitHub.