Following India, US legislators have requested the Federal Trade Commission (FTC), headed by Lina Khan, examine abusive and misleading data practices by hundreds of businesses offering private network (VPN) services to individuals. A VPN is a type of online service that promises to increase consumers’ online security.
The consumer VPN sector, according to the MPs, is plagued with dishonest advertising and improper data activities. The letter from Senators Ron Wyden (D-OR) and Anna G. Eshoo (D-CA) details some abusive practices in the consumer VPN sector, including the promotion of false and misleading claims about their services, the sale of user data to third parties, and the provision of user activity logs to law enforcement despite claims of “total anonymity,” as well as a general lack of industry regulation.
The senators continued, “The VPN sector is incredibly opaque, and many VPN companies take advantage of, deceive, and mislead unsuspecting customers.” All VPN providers with consumers in India have been asked to comply with extra regulations by the Indian Computer Emergency Response Team (CERT-In).
“We urge you to use your authority to take enforcement actions against the problematic actors in the consumer VPN industry, focusing particularly on those that engage in deceptive advertising and data collection practices,” they said.
The new regulations, which go into effect on September 25, compel cloud service providers, data centers, and VPN service providers to keep client information such as names, email addresses, phone numbers, and IP addresses for a minimum of five years.
“There are hundreds, if not thousands, of VPN services available to download, yet there is a lack of practical tools or independent research to audit VPN providers’ security claims,” the letter read.
Due to the new guidelines, top VPN service providers NordVPN, Surfshark, and ExpressVPN have withdrawn their servers from India.
The US lawmakers claimed that it is very challenging for people to determine which VPN provider to trust, particularly for those in emergencies. On their websites, many well-known VPN firms also disseminate false information.
Consumer Reports (CR) discovered in December 2021 that 75% of top VPN suppliers on the market misrepresented their goods and technology or overstated the level of security they offer consumers on their websites, such as by claiming to utilize “military-grade encryption” that doesn’t exist.
Advocacy organizations have discovered that popular VPN firms purposefully misrepresent the capabilities of their products and fall short of giving their customers adequate security. “VPN services have also been exposed for collecting, and, in some cases, abusing, user data. In 2020 it was revealed that a leading analytics firm used personal data from over 35 million people who had downloaded one of their 20 VPN and ad-blocking apps to power their analytics platform without consent,” the letter said.
Also Read: Amazon Celebrated its most successful Prime Day in 2022 with over 300 million Items Sold