Are VPNs NSA Proof?

by Colin Berkshire

I was at a security round table and one of the people I was speaking with asserted that the US Government was connected with nearly all of the public VPN services that consumers choose. This idea floored me.

It would certainly explain how VPN providers can stay in business by charing only a $39.95 lifetime subscription fee. (A price which cannot possibly cover their long-term costs.)

The thought is that VPN providers sell their data streams to the NSA (where they are privately owned) or that if directly owned by the NSA they simply have all pf your data.

What’s the legality of this?

Well, it is perfectly legal for the NSA or any governmental agency to open up a VPN service, set up servers outside the United States, and watch and record all of your traffic. Their privacy policy probably doesn’t include a “non-use” provision, and it probably contains Google Privacy Policy language allowing them to use the data for “legal purposes”. (“Legal Purposes” means anything legal. It does not mean for purposes in legal proceedings.)

Where the US Government doesn’t own the VPN service company then they are free to purchase a “firehose” from that company. That is, to pay them money for sending them data. There is NO REGULATION that prohibits the government from spying on you, or purchasing your data feed once it goes outside the United States.

So I have to admit that it makes perfect sense that VPN companies would have strong governmental ties. What better place to spy on people than right at the focal point of their data (the VPN server) and on persons who are trying to hide and protect data for some (nefarious?) reason.

Remember that once your data crosses international boundaries, all of your constitutional protections are lost. You have no right to privacy.