Your IT Consultant
Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.
Don’t Use US-Based Virtual Private Networks
December 14, 2020
We've said it many times in our security presentations. Not all VPNs are created equal. It's not just about whether there are vulnerabilities or if the VPN is fast at processing data. One of the reasons you select a particular VPN is for privacy reasons. CNET has its recommendation that you should look to a different country if privacy is a primary focus. It really doesn't matter how strong the encryption is. The issue is whether the company will hand over your information if requested by the government. There are specific examples cited in the CNET post.
"In 2018, US-based VPN IPVanish cooperated secretly with the FBI, logging user data for the agency during a criminal investigation. Riseup, another US-based VPN, was prevented from updating its warrant canary in 2017 when the FBI handed the company a couple of subpoenas and silenced it with a gag order. PureVPN, based in Hong Kong with US servers, wasn't outside of the reach of the FBI when it handed over user data in 2017. HideMyAss — a VPN company located in the UK, a Five Eyes member nation — likewise handed over information to the UK feds in 2011."
There you have it. Pile on the fact that our government continues to insist that there be backdoors for encryption and your choice should be a VPN from a country that will not cooperate under government pressure.