A good reason to be wary of commercial VPN providers, as do you really know they’re not collecting data? I used to use PIA VPN years ago, but it came out that there were companies gobbling up VPN providers, and the company that bought PIA was run by a guy with a connection to Israeli intelligence. If you are going to use a commercial VPN, look for auditing by third parties to verify they don’t collect data and see if you trust the firm doing the auditing. I’m not doing anything illegal or needing to switch countries, so I run my own PiVPN server with Wireguard which also has a Pi-Hole/Unbound DNS server to mask my home IP and give me added privacy from DNS snooping, ad/tracking/malicious site blocking, and since I manage the server myself I can trust it and can move it around to different server locations if desired. And I also have redundant Wireguard VPN servers at home I can use and give access to my local network using my Pi-Hole/Unbound DNS servers, which can be done on a simple Raspberry Pi for free. And if you need extra obscurity, there is Tor and Tor Browser which can give you three server hops around the world (six if accessing a Tor hidden server). And related to this topic, Latest iOS Found to Bypass VPN Connection for Some Services.
https://restoreprivacy.com/australia-fines-meta-vpn-firm-13-5m-for-collecting-user-data/
By Heinrich Long
The Australian Federal Court has imposed a penalty of AUD 20M (USD 13,500,000) to Onavo Protect, a VPN service provided by Facebook Israel (Meta), for collecting user data for commercial purposes.
The court examined the case after a relevant “false advertising” complaint submitted by the ACCC (Australian Competition & Consumer Commission) in 2020 and determined that the company violated the Australian Consumer Law by not disclosing that it collected user data for marketing and targeted advertising purposes.
The violations occurred between February 2016 and October 2017, when the Onavo Protect VPN app was installed by over 270,000 Australians, users of iOS and Android devices.
The free VPN app was promoted as a tool to help users keep their data safe, protect their personal information, and enjoy a fast and secure internet browsing experience. Nowhere in the app listings was it mentioned that user data would be collected for commercial or any other purposes, so users were not adequately informed about how the service vendor handled their data.
“In the case of the Onavo Protect app, we were concerned that consumers seeking to protect their privacy through a virtual private network were not clearly told that in downloading and using this app they were actually facilitating the use of their data for Meta’s commercial benefit.” ACCC Chair, Cass-GottliebACCC Chair, Cass-Gottlieb
As the investigation determined, Onavo and Facebook Israel collected user data from the app, not applying any anonymization whatsoever, aggregated it, and shared it with an extensive network of advertising partners.
The data collected includes the entire internet activity performed while the app was active and also records of app activity, access, and usage times for any other apps the user had on the same device, which is a highly intrusive and privacy-breaching practice.
Onavo is no longer active and does not offer any VPN services, but the Australian court decision highlights the dangers of trusting free VPN apps, especially those published by companies whose core business model is to collect user data.
Additionally, this ruling serves as a vindication for the ACCC and Australian consumers. Facebook had previously refuted the allegations of unlawful user data collection and deliberately misleading users about the safety of their data while utilizing the app. Instead of opting for a settlement and reforming its data collection methods, the company opted to defend its practices in court.