Original text from Javier Mateos
Translation|Odaily Planet Daily Golem (@web3golem)_
The neutrality of the internet cannot be guaranteed by simply replacing one overseer with another.
Recently, an increasing number of VPN providers are using ads like “They are watching you,” “Your IP is not secure,” and “Enjoy truly private browsing” to entice users to subscribe. VPNs (Virtual Private Networks) are often marketed as the ultimate tool to “escape censorship,” “protect privacy,” or “freely browse the internet.” However, this view is overly simplistic—and in many cases, even very dangerous. In environments where there is no net neutrality or where the state controls internet access infrastructure, VPNs cannot guarantee immunity from censorship or protection of privacy. In fact, service providers may be blocked, pressured, or even directly forced to hand over user data to regulatory authorities (we will review precedents on this later). But even without state intervention, we have long since handed our data over to so-called “trusted” third parties, entrusting our security to others without truly understanding who we are trusting.
In this article, we will attempt to explore why VPNs are not a panacea, why merely “transferring” control of the network is insufficient to solve the problem, and how this “illusion of privacy” can be counterproductive. At the same time, this article will analyze the technical and legal limitations of VPNs, list cases of their failures in the real world, and discuss why when we truly talk about digital freedom, we may need to go beyond the scope of VPNs.
The issue is not who controls access, but that no one should control it.
The Death of Net Neutrality
As our conversations take place through instant messaging apps, as our lives are selectively displayed on social media, and as we increasingly purchase products and services through screens, it proves that we have long been living in a primitive metaverse, one that those who wish to profit from this new environment (be it businesses or governments) understand well. Ultimately, everything about us becomes tradable, with examples like Google, Apple, Amazon, Cisco… being abundant.
In addition to controlling every aspect of our lives, these large companies have also ventured into the VPN business, beginning to control our internet access rights. Many countries around the world are now actively designing internet access, especially regarding net neutrality. In some cases, they even directly undermine net neutrality, violating the principle of equal treatment of data traffic to impose prioritization, control, or restrictions.
Net neutrality, sometimes referred to as the principle of net neutrality, means that internet service providers (ISPs) must treat all internet communications equally, regardless of content, website, platform, application, device type, source address, destination address, or communication method, providing consistent transmission rates for users and online content providers (i.e., no price discrimination). — Source: Wikipedia
But what is most concerning is that the majority of people in society are even unaware of the existence of net neutrality. Even when it appears in public discussions, it is often hidden behind vague headlines or framed as a debate about whether the internet should be considered a basic public service. Yet its true implications are rarely explained: What interests are involved? Who benefits from it? Who is excluded? There is no real public discussion—only agendas pushed by those with the most power and the most infrastructure.
The Dual Role of VPNs: They Can Help You Avoid Some People, But May Also Expose You to Others
Digital privacy is no longer the exclusive domain of cybersecurity software; where there are interests, there are transactions, and where there are transactions, there are actors attempting to seize value. The moral high ground once defended by early cypherpunks has now been occupied by major internet players.
Phil Zimmermann's great contribution—creating PGP (Pretty Good Privacy) at the dawn of the internet's mass adoption in 1991—now seems to be dissolving into a new dystopia: even discussions about privacy are being exploited by those conducting surveillance.
This is not to demonize the state or large companies; the focus should be on decentralization. Cypherpunks did not invent VPNs, but they did lay the cultural and cryptographic foundations that allowed them to be part of a broader digital sovereignty ecosystem, with their legacy more closely tied to Tor, decentralized networks, end-to-end encryption, and anonymity, while VPNs originally emerged from the corporate world.
How VPNs Work
VPNs create an encrypted tunnel between the user's device and a remote server, thereby protecting the traffic between these two nodes. They use tunneling and encryption security protocols (such as OpenVPN, WireGuard, or IPSec) to prevent intermediaries (such as local ISPs or surveillance agencies) from reading or modifying the data in transit. While this functionality is crucial, protecting the source of the connection (i.e., the user) is equally important, if not more so. In fact, as mentioned earlier, many VPN services focus their marketing more on the latter than the former, replacing the user's real IP address with that of a remote server, thereby helping to hide the user's location, bypass geographic restrictions, or evade local censorship mechanisms. The main technical functions of VPNs include:
Encrypting traffic to protect privacy
Hiding the user's real IP address and location
Bypassing region-based blocks by simulating connections from other locations
Allowing secure remote access, such as employees or users connecting to an internal network in a corporate environment
These functions explain why VPNs are closely related to digital freedom and anonymity, but VPNs also have some fundamental limitations that weaken their ability to guarantee net neutrality or unrestricted access.
VPNs Cannot Resist Censorship
In authoritarian regimes or areas where net neutrality is not guaranteed, the state often controls the main nodes of internet access and has legal grounds to require ISPs to assist in surveillance, censorship, or selective content blocking, which may also extend to VPN providers.
Although VPNs are not classified as ISPs in most countries/regions because they do not provide direct internet access but rather encrypt and redirect user traffic, in jurisdictions where telecommunications are strictly controlled by the state, VPN services are functionally treated as ISPs. Therefore, the following situations may arise:
The state can detect and block unauthorized use of VPNs
VPN providers may be forced to hand over user data
Unauthorized use of VPNs may be illegal and subject to penalties
The absence of net neutrality means that any type of traffic may be discriminated against
In short, VPNs are merely a technical tool. In a legal framework and infrastructure that actively obstructs, they cannot enforce freedom or neutrality.
From Theory to Reality: VPNs in the Real World
As mentioned earlier, VPNs did not originate from altruistic movements, nor are they a philosophical response to defend digital freedom. They were created and developed by businesses primarily to ensure secure connections within geographically dispersed commercial networks. It was only after 2001 that VPNs became popular as a “solution” for personal privacy.
However, platforms or companies offering free VPN services often bundle other services (such as web browsers, security suites, etc.). Why is that? The answer is simple: “If you are not paying for the product, then you might be the product itself.”
Behind free VPN services, there may be the following pitfalls:
Data collection (connection times, IP addresses, usage patterns): This data may then be sold to third parties or used to build highly profitable digital profiles;
Market testing: Using user groups to test new services and validate their usability models;
Brand loyalty and reputation: Free VPNs can be used as marketing tools, positioning tools, or as part of corporate social responsibility (CSR) strategies, especially when bundled with paid products;
Free-to-paid conversion models: Limited speed versions, server number restrictions, or data traffic caps, all aimed at converting free users into paying customers.
The paradox in all of this is that the very purpose for which people install VPNs is often the opposite of the outcome that ultimately occurs: we delegate our privacy rights while thinking we are protecting them. Now, in addition to the services that VPN service providers may offer, these tools must also operate within specific legal and judicial frameworks. Let’s take a look at how different countries treat VPNs.
Russia and Iran: Strict Regulation and State Control
Russia requires VPN providers to register users and cooperate with national security agencies. As a result, some providers have been fined or even shut down for non-compliance. To reinforce this policy, Russia has passed laws penalizing unauthorized VPN promotion.
In 2024, at the request of the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor), Apple removed 25 VPN applications from its App Store in Russia.
Starting in 2024, Iran mandates that VPNs obtain state licenses, which include systematically handing over user data to intelligence agencies. A resolution from Iran's Supreme Cyber Space Council imposes strict restrictions on internet access, further tightening state control over censorship evasion tools.
VPNs That Passively or Actively Hand Over User Data
In fact, in a highly interconnected but legally fragmented world, VPNs are not islands; they are rather weak links in a global chain.
In 2019, in a case between Finland and Germany, Finnish police forced a VPN provider to hand over user logs for a German investigation, despite the provider claiming to adhere to a “no-logs” policy; in 2020, some free VPN services were found to be selling user data to third parties, with over 1.2 TB of data leaked from seven different VPN service providers in one incident; jurisdictions under the “Five Eyes” (a surveillance alliance between the United States, the United Kingdom, Canada, Australia, and New Zealand) require VPN service providers to cooperate with national surveillance efforts.
The key issue remains that even in places where VPNs are banned or strictly restricted, many citizens still rely on them to bypass censorship. However, when these VPNs come from unknown or untrustworthy sources, surveillance, privacy breaches, and even identity theft may no longer stem from the state, but from opaque operators that lack names, faces, or clear jurisdictions. Traffic is still monitored—it's just a different overseer.
Net Neutrality in the United States is Not Free
Surprisingly (or perhaps not so surprisingly), in a country like the United States, where technology wields such significant influence, net neutrality is not a fixed, unquestionable principle.
A well-known case occurred in 2014 when internet service provider Comcast was found to be throttling Netflix's traffic, directly affecting the quality and speed of content. This case sparked a strong backlash from the public and politicians, exposing how ISPs can interfere with access to certain services. In response, in 2015, during the Obama administration, the Federal Communications Commission (FCC) reclassified internet access as a telecommunications service and implemented rules prohibiting blocking, throttling, and paid prioritization.
However, in 2017, under the leadership of FCC Chairman Ajit Pai during President Trump's term, these rules were repealed by executive order, with the FCC claiming that the rules were overly regulatory and stifled innovation and private investment. With the change in presidential administration in 2021, Biden and the FCC reignited the push for net neutrality. In 2024, they introduced a "protection order" that restored many of the original protections and provided relief mechanisms for consumers and small businesses.
With another shift in political leadership, the situation reversed again after Trump returned to the White House. On January 2, 2025, the Sixth Circuit Court of Appeals (covering states like Ohio, Kentucky, Michigan, and Tennessee) ruled in the case of Ohio Telecom Association v. FCC that the FCC lacked the statutory authority to issue the order. This ruling overturned the protection order through judicial decision before it could take effect in those states.
So, what is the current situation? We can summarize it as follows: at the federal level, after the court ruling, there are currently no fully effective net neutrality rules in place. Only a few state-level laws (such as those in California, New York, and Washington) retain their own protections. The Sixth Circuit's ruling will take effect immediately—unless the Supreme Court appeals and overturns the ruling. Until then, or until Congress enacts new legislation, there will be no unified federal framework.
This fragmented landscape places consumers in a position where the equal treatment of internet traffic entirely depends on state laws—and the future rulings of the Supreme Court or legislative actions by Congress.
The Current State of VPN Regulation in Europe, Latin America, and Africa
Europe: Balancing Privacy and Security Amid New Challenges to Net Neutrality
In the EU, while the use of VPNs has not been banned, concerns are growing over upcoming initiatives like ProtectEU and Chat Control, which may require the installation of backdoors or the logging of metadata, severely impacting user privacy. These measures are driven by the legitimate and urgent need to investigate and combat Child Sexual Abuse Material (CSAM), representing an important step in protecting minors and ensuring digital safety.
However, the focus of this debate must also include the broader implications for encryption integrity and net neutrality. Undermining these pillars could jeopardize the privacy of all users and open the door to greater abuse and vulnerabilities.
Meanwhile, Europe has been a staunch defender of net neutrality. The Open Internet Regulation ensures that internet service providers treat all data traffic equally—without discrimination, restriction, or interference—regardless of sender, receiver, content, application, or service. Its purpose is to guarantee end users the freedom to access and share information, as well as the ability to use and provide the services and applications of their choice.
However, as the potential outcomes of ProtectEU and Chat Control suggest, the increasing pressure for surveillance and data access may conflict with these principles. If ISPs are required to inspect or filter traffic, even for narrow purposes, it could set a precedent that undermines the principle of net neutrality. The focus should be on whether security needs can be balanced with the fundamental rights of privacy and an open internet.
Latin America: Freedom Within a Regulatory Framework, with Net Neutrality as a Pillar
In most Latin American countries, the use of VPNs remains legal, and their coexistence with the original frameworks of net neutrality and data protection is crucial. The region generally leans towards protecting online freedoms, with net neutrality playing an important role in this focus. Here are some relevant examples:
Brazil: The "Marco Civil da Internet" (Brazilian Internet Civil Rights Framework) is landmark legislation that explicitly protects the principle of net neutrality. It ensures that internet service providers (ISPs) do not discriminate when handling data packets, thereby providing a level playing field for online services and applications (including those accessed via VPN). Admittedly, ISPs are required to retain traffic logs for up to 12 months for judicial purposes (reflecting a balance between freedom and oversight), but the commitment to net neutrality remains strong. A clear example is that ISPs cannot offer data packages that speed up access to a particular streaming platform while throttling access to others—this would violate core principles.
Argentina and Uruguay: Both countries have received adequacy rulings under the EU's General Data Protection Regulation (GDPR). This facilitates cross-border VPN operations without incurring additional obligations, which is a positive step for the free flow of data and services. Regarding net neutrality, while the laws in these two countries are not as explicit as Brazil's, their regulatory frameworks generally support non-discriminatory traffic. In Argentina, the Audiovisual Communication Services Law (Law No. 26.522) is interpreted in some contexts as indirectly supporting net neutrality. In Uruguay, although there is no specific net neutrality law, its regulations and policies tend to favor non-discriminatory access to the internet.
Chile: The 2024 Data Protection Law reform established a data protection agency and strengthened users' digital rights. While the bill does not directly restrict or constrain the use of VPNs, this advancement in personal data protection is crucial for the broader digital ecosystem. Chile was the first country in Latin America to pass net neutrality legislation—Law No. 20.453 (2010), which prohibits ISPs from blocking, interfering with, discriminating against, or otherwise limiting any user's right to use, send, receive, or provide any lawful content, application, or service over the internet.
Africa: Direct Restrictions and Content Control Challenge Net Neutrality
In some African countries, direct restrictions on VPNs are justified under the guise of controlling "illegal content," with the definition of "illegal content" often being vague. This typically overlaps with weak or nonexistent net neutrality frameworks. While countries like Egypt, Morocco, South Africa, and Nigeria have adopted a more flexible or structured approach to VPN use (with specific restrictions), others maintain stricter policies.
- Tanzania (2020 regulations, effective from 2023): The country prohibits the use of VPNs without prior approval from regulatory authorities. Violators may face fines or even imprisonment if the service is not registered. This is one of the strictest VPN regulations globally. Tanzania's lack of strong net neutrality legislation gives ISPs greater freedom in traffic management, including restricting or blocking services, especially those deemed problematic by the government. This creates an environment where both VPN use and content access are restricted.
It is worth noting that Egypt, Morocco, South Africa, and Nigeria, with their more developed digital markets and clearer regulatory frameworks, have become key players on the African continent, which is why they are specifically mentioned. However, there are significant differences among them: Tanzania imposes severe penalties for using VPNs to circumvent internet blocks, supplemented by deep packet inspection technology; Morocco regulates the import of encryption technologies and exercises some control over key content; South Africa generally allows widespread use of VPNs but imposes restrictions on circumventing copyright protections; Nigeria, while lacking sufficient regulation, is committed to promoting a thriving digital economy, focusing on expanding internet access and improving infrastructure. Despite these differences, compared to other African countries, these four provide a relatively more open environment and hold higher expectations for progress in net neutrality and digital rights.
Solutions: Decentralized Internet Infrastructure
When we connect to the internet, we do so through a series of protocol stacks that range from the physical layer to the logical layer, from transmitting data to imparting meaning to that transmission. From a technical perspective, the layers we discuss include:
Network Interface (Physical Layer)
Internet (IP Layer)
Transport Layer (TCP/UDP)
Application Layer (the content we use: social networks, streaming, services, etc.)
The real controversy primarily occurs between the transport layer and the application layer. While the transport layer should be neutral, allowing all data to flow without discrimination, the application layer has become the center of power, with a few companies concentrating the design, monetization, and control of the digital experience at the application layer. The conflict between the application layer and the transport layer is not merely a technical conflict: it is a struggle for control over the "value-added" layers, which do not necessarily care about users, leaving users trapped between competing layers without any layer truly guaranteeing sovereignty, privacy, or real freedom.
The true long-term solution that can genuinely ensure neutrality, privacy, and resistance to censorship is a decentralized internet infrastructure that is collectively managed and maintained. The most promising approaches include:
Mesh networks and community networks: Each node is an active participant, both providing and receiving access. Projects like Althea or LibreMesh demonstrate how communities can self-organize to build local connected mesh networks without relying on large operators.
Blockchain-based connection incentive protocols: Platforms like Helium or SpaceCoin use tokens to coordinate and reward nodes that provide coverage and bandwidth. Additionally, the success of Bitcoin and other crypto assets has proven the effectiveness of distributed incentive mechanisms in challenging and reshaping existing power structures, confirming that blockchain-based models can be a true engine for transforming the telecommunications ecosystem.
P2P-blockchain hybrid systems: Platforms that combine direct peer-to-peer data exchange with distributed ledger registration, allowing for packet transmission and tracking who provided which resources.
These solutions eliminate single points of failure and control, increase the cost of censorship, and democratize internet access. By distributing the transport layer and application layer among multiple participants (users, validators, etc.), they promote de facto net neutrality, capable of resisting economic and political pressures.
Conclusion
When we talk about neutrality, privacy, and resisting censorship, merely designing decentralized protocols is not enough—we need citizens who are technically aware and politically active.
When the blockchain world emerged, I often thought of lessons about Bitcoin (and its close ties to net neutrality), which mentioned that if internet access were restricted by a country or provider, using a "magical" VPN would be sufficient to bypass the block. But as we have seen, the reality is quite different: everything depends on the country, specific applications, provider policies, and our level of trust in each service. Not all VPNs are secure, and not all applications allow for the circumvention of geographical restrictions; using software from unknown sources also carries risks.
This seemingly effortless digital comfort creates an illusion of freedom while reinforcing compliance: we delegate sovereignty to opaque participants in exchange for everything to "function normally." For this reason, the real battle is not only taking place at the transport layer or application layer, nor solely in the code of mesh networks or smart contracts—but unfolds in the minds of people.
Digital education with civic awareness can truly ensure neutrality and privacy. Without this foundation, any decentralized network risks becoming a "soft" surveillance system, difficult to detect and irreversible.
If the path to decentralization is controlled, then what is the meaning of decentralized systems? The only way to maintain internet freedom is to abandon passive comfort and embrace technological civic awareness.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
