> One of these markets involves competing on security and privacy.
one of the points raised in the article is that it's difficult to evaluate whether the VPN actually follows its logging policy. if they say they don't log, you pretty much have to take their word for it until information to the contrary somehow goes public. it's entirely possible that LE could be using a VPN as a honeypot and forcing everyone they catch to stay quiet through a plea deal. you'd never know until someone broke ranks. the VPN company could just as easily log your traffic and sell your usage data. unless they're sloppy about it, how would you find out?
> One of them involves colluding on influencing FCC policy.
That is an extremely US-centric view.
Aside from that, physical ISPs have something to lose, as they have a very real infrastructural investment; whereas becoming a "VPN provider" literally does not entail more than "rent a few servers, run OpenVPN, buy a billing system license, hire a marketing guy".
It's entirely viable for a VPN provider to just disappear overnight and set up shop under a different unrelated name at virtually no cost to them, if their old brand gets burned. That significantly changes the trust equation, and not in favour of VPN providers.
Unless they're a (natural or artificial) monopoly, like... pretty much every ISP in North America is. Comcast has the reputation of, well, Comcast, and they're doing just fine.
> Becoming a "VPN provider" literally does not entail more than "rent a few servers, run OpenVPN, buy a billing system license, hire a marketing guy".
Yes, that's a good thing: it means that VPN providers, unlike telcos, are under selection pressure. Which means that for VPN providers, unlike telcos, reputation actually means something; the top VPN provider is striving much harder for your dollar than the top telco is.
Certainly, don't pick a VPN provider at random, but you wouldn't anyway.
> Unless they're a (natural or artificial) monopoly, like... pretty much every ISP in North America is. Comcast has the reputation of, well, Comcast, and they're doing just fine.
Once again, that is an extremely US-centric view.
> Yes, that's a good thing: it means that VPN providers, unlike telcos, are under selection pressure. Which means that for VPN providers, unlike telcos, reputation actually means something; the top VPN provider is striving much harder for your dollar than the top telco is.
Except that isn't how the industry works, at all. Virtually all "reputation" that VPN providers have originates from paid product placements (see: the myriad "VPN reviews" that are chock full of affiliate links, YouTube ads, etc.), and providers are assumed legitimate unless shown otherwise by default.
This means that said "reputation" is 100% reproducible under a new brand without ever having a single long-term customer vouching for you. There's no competition on quality; the competition is on marketing only.
Exactly why the industry has turned out that way and doesn't follow the "competition breeds quality" narrative that people on here love to put forward, is left as an exercise to the reader.
> Once again, that is an extremely US-centric view.
It's a Canada-centric view, for me. :)
But seriously, does anyone care about VPNs outside of North America? Why would you, if your ISPs aren't awful? Do most VPN services even bother to advertise outside of the North American market?
> This means that said "reputation" is 100% reproducible under a new brand without ever having a single long-term customer vouching for you.
Why pay attention to word-of-mouth reputation, when survival under competitive pressure is a much more objective signal of reputation of its own?
If the bad actors need to restart with a new brand every few years, then why not just look for the oldest brands around (who must therefore have done this the least), and then sort those by the number of negative news articles you can find about them (which should exist, given that they haven't laundered their brand-identity much)?
It's the same thing you do to figure out who to order from on AliExpress: look at who's put themselves out there the longest while doing active business, without accruing negative ratings in the process.
Or, as well, it's the same thing you do when deciding whether it's worth it to try out a new restaurant in your neighbourhood: you give it a few months, and if it's still around, then it's probably good.
> Virtually all "reputation" that VPN providers have originates from paid product placements
I can think of a few prominent counter-examples, those being sold by security vendors. I run Freedome because I trust the people behind F-Secure to be doing approximately the right thing.
I would guess that it's because higher quality is pretty hard to achieve relative to most services. You can only offer a few things, stability, speed, perceived security and given the ease of use of the cloud, providing all three of those is relatively simple. The smattering of new VPN services are a little like altcoins in that respect. Going from perceived security to demonstrable security will require a strong demand and right now it seems ignorance is blunting that demand for individuals, where companies just roll their own servers they know they can trust and have access to.
One of these markets involves competing on security and privacy. One of them involves colluding on influencing FCC policy.
So even if a particular VPN provider is inept or corrupt, my expected return on the investment is higher than trusting TWC.