Privacy Problems with VPNs

by | Sep 2, 2020 | Security, Technology, VPN

So you’ve decided that your online privacy is important enough that you want to use a VPN.

Which VPN should you use? Here are a few important problems to think about, with serious implications to your privacy.

There are dozens of “VPN-as-a-Service” providers on the market today. Their advertising is everywhere. They sure seem easy to use. What problems do they have?

Criminal attraction

When you operate a global VPN infrastructure for thousands of customers, you become an attractive target for bad actors. In October 2019, a major VPN vendor announced that their security had been compromised. For over a year and a half (!!) hackers were hijacking connections from VPN customers, rendering customer traffic visible to the hackers, and customer privacy non-existent.

In the same way that a major ecommerce site is a more attractive target to criminals than a small-time webshop, criminals are attracted to shared VPNs like moths to a flame. If your vendor operates a shared global infrastructure, there is simply no avoiding this. The hackers will never stop, the rewards are too great.

How is Bubble different?

When you launch your Bubble at, we launch a dedicated system just for you, and then remove all access we have to it. You connect your devices directly to your Bubble. We cannot see the traffic between your devices and your Bubble. We have very limited access to your system. We can see if it’s running or not running, and we can shut it down if you don’t pay your bill, but that’s about all we can do.

If Bubble, Inc. servers are somehow compromised, there is no way for the intruders to then gain access to your dedicated Bubble, because even we do not have access.

Your individual dedicated Bubble also makes for a very uninteresting target for criminals. The much larger payoff from a security breach with a shared VPN keeps their attention focused on the big money. Your Bubble is small potatoes to them.

Is your VPN selling your data?

Many VPN vendors make money by selling data about their customers. In this feverishly competitive industry, vendors look for every place they can generate incremental revenue. For many VPN companies, this means selling customer data. Although your network connections are encrypted, the name of every site you connect to is sent unencrypted, in plaintext — and is thus visible to your VPN vendor. Your VPN can sell data on what sites you visit, when and how often. And that’s just where it starts. They can also sell data on where you’re connecting from, how much data you send to/from various sites, and more. In a world where your browsing history alone is enough to identify you, this is scary stuff!

How is Bubble different?

Your Bubble is a dedicated system, just for you. Bubble, Inc. does not have any direct access to your Bubble. Bubble cannot see any of the traffic between your devices and your Bubble. There’s simply nothing for us to sell.

Our dedication to protecting your privacy is the primary driving force behind Bubble. We will never seek to generate revenue from third-parties, because that would create a fundamental misalignment with our commitment to our customers. To hammer that point home, our Privacy Policy prevents us from ever selling whatever little data we do have, for example your browsing history on our main website.

Do you trust the black box?

When you use a shared VPN, you have no idea what happens inside the VPN. Your devices send all their traffic there, and data comes back, but what happens in between? Were criminals lurking inside? Did your vendor capture some of your data to sell to someone else? You simply have no way of knowing.

How is Bubble different?

No other VPN will ever give you access to their source code, they would see this as a threat to their business. Bubble does not view our customers as adversaries, and takes the opposite approach: every single piece of software on your Bubble is open source. This means you can review the source code and see what it’s doing. Even if you don’t know how to do this, you can sleep safer knowing that other white-hat open source hackers are looking at it, helping to find any vulnerabilities and get them patched.

No other VPN will ever give you direct access to the systems that carry your traffic — this would terrify them! Here again, Bubble takes the opposite approach: because your Bubble is yours and yours alone, you can log into it directly. This requires some basic knowledge of SSH (Secure Shell) and some familiarity with using Linux from a command-line interface, but any customer can do it. Just install your SSH key, log in, and look around. Maybe you don’t believe us when we say that we have no access to your Bubble? You can login and verify this directly. You can install additional monitoring tools if you want. Your Bubble runs on Ubuntu 20.04 LTS, so most things you’d want to do should be pretty easy. Please try not to break anything 🙂

The Bubble Difference

Bubble flips the traditional vendor/customer trust relationship on its head. Instead of mistrusting our customers, we trust our customers. For example, we trust them with direct access to the system that’s carrying their traffic. And instead of expecting our customers to trust us, we expect our customers to be skeptical of any privacy claims we make. We’ve built our company and technology to be open and transparent so that customers can verify our privacy claims themselves.

Ready to try Bubble? Sign up here!


Author: Jonathan Cobb

Founder and CEO of Bubble, Inc. Jonathan’s mission is to create software that gives free citizens complete control over their own personal data security.

Bubble Newsletter

Online privacy and data security information direct to your inbox!

Check Out These Related Posts