Article

The Poisoned Pill of Private VPNs: Privacy for Sale

// September 07, 2025

The final execution of the free internet has begun. We are witnesses to a process begun two decades ago when we first lost control of the network. The fevered war for user data in lockstep with state-sponsored surveillance capitalism means we are no longer safe online. Our privacy is no longer a right. Our protections are no longer assured. It’s dangerous to go alone out there, take this!

Sounds like a NordVPN pitch, right? Indeed, use of private VPNs have skyrocketed of late, with end users of the internet more concerned about the extractive practices of the digital meadows where they used to play. It’s not just corporate trading of data that’s concerning, but the right to one’s privacy itself, and the last vestiges of sovereignty they have left.

In the UK, the Online Safety Act - a fantastically authoritarian piece of legislation passed under the guise of protecting children online - now demands that UK citizens hand over their passport and their PII to American verification companies to access certain websites. Not just the obviously over-18 sites you might expect, but Spotify, Twitch, and other services many users consider basic. A similar approach is being debated in France, Germany, Australia, and several US states, with real-name registration enforced in other countries globally. 

Protecting children online is important, yes. Yet this cost far exceeds the face-value cost of a minor inconvenience to those verifiably as age. It means the UK government has direct surveillance of individual user activities online, and that the US companies processing the data are now a critical attack vector for hackers. Meanwhile, private VPN companies are tracking and collecting more data for trade than ever, as users flock to their service to retain their freedoms. Whoever is ultimately benefiting - it certainly isn’t you.

Why VPNs are a False Messiah 

Ultimately, the recourse to VPNs is a false elixir. VPNs are marketed as anonymous browsing that hides your data from ISPs and governments, but in actual fact you are just replacing one middleman for your data with another. By outsourcing your privacy, you are just putting your trust in someone else - in this case an opaque company you heard about from your favourite streamer. With these kinds of marketing budgets, they’re getting more for their spend than just your subscription dollar. As for the free ones - well, you do the math.

VPN providers can easily log traffic or sell data if they choose. Many are openly doing so. The industry exists to act as a data heist for the users they sell privacy to. Many do at least claim to protect your data with genuine regard, especially if you pay for the service. But let’s suppose for a moment a private VPN provider is extremely diligent about its user data, and is ideologically driven by its users’ welfare and their right to privacy - it’s irrelevant. These companies are still a centralized pain point where data is concentrated. They are still subject to jurisdictional and legal pressures. Governments can subpoena them, or simply pass laws to seize the data for itself. 

The Problem with Privacy as a Service

Privacy as a service is fragile - and governments aren’t blind to them and the activities they mask. If VPNs normalize the idea that privacy can be brokered, much like insurance, it plays directly into a dangerous model of state and corporate control. The internet, rigged up the way it is, will never offer true sovereignty to its users and - as we rely more on our online systems in our daily lives - the more of our individual autonomy as citizens we will relinquish. The real tin-foil hat take is that the reason governments aren’t banning VPNs (yes VPNs can’t all be banned, we mean the easy retail access to them) is that it ultimately plays directly into their hands over any medium term horizon window.

Privacy-brokers bolted onto the old internet isn’t the answer. The answer is a new internet. A new approach to data sovereignty that means the end user can control over who or what can use it and why. A world in which users can use offline applications, where many critical functions they rely on don’t need to be connected beyond the local device network at all. One where their online credentials are automatically shielded when they use commercial services, but where they can verifiably prove they are who they say they are when it comes to important governmental and social functions. A world where the user controls the data lifecycle, and apps come to user data - not the other way around. Privacy by default.

Privacy by Default: The New Grail

Source Network’s stack is the privacy-by-default infrastructure for this new world. Our data management stack helps developers build apps and manage device networks that respect user sovereignty. Apps where users can cryptographically verify the data they provided has only been used in a way they agreed it could be. Because DefraDB excels at managing edge device networks, then instead of all user data needing to be de facto shuttled to a central server, data for app functionality can live on-device and sync peer-to-peer. LensVM helps smooth the transitions between these differing devices by helping transform data structures among devices in the network.

Privacy isn’t just for individuals either, but for companies engaged in sensitive commercial work or strategic national infrastructure. Having data live exclusively on-prem and having ways to manage that data in a fully traceable, auditable and sovereign way - without relying on third party providers - is gold-dust to just about every major industry in the world - from construction and manufacturing to space exploration, agriculture and even video games. The fact that it massively bolsters communication latency and resilience within those systems is just a giant added bonus. Proper P2P data management is a holy grail where few understand just how revolutionary drinking from it would be. 

It means the ability to create proper digital utilities locally by using any device network in a given area to power them. Local internet, local traffic systems, local administration and bureaucracy, local Uber, local Reddit. No giant central data center stars waiting to go supernova, but a webway of interconnected device systems powering the internet and protecting the data of those within it, where every device in that system talks to each other privately by default, with the data always owned by its progenitor, not passing through opaque companies or centralized clouds - but local, sovereign and verifiable.

The VPN boom is just the latest symptom of a broken internet. A frenetic cry from retail to claw back their safety not knowing they are walking straight into the arms of an accomplice who, whether they are on your side or not, will eventually break. Private VPNs are a danger because they are manacled to the old logic of the internet - a logic which dictates that our privacy is something we have to buy back. They do not make you sovereign. They do not make you safe. Only by rewiring the system we have, and rewriting the rules we never never agreed to, can we make the web a safe, free and Open place to play.

Stay up to date with latest from Source.

Unsubscribe any time. Privacy Policy