Integration of VPNs in OS and Browsers - The new Snake oil in 2022

Google does it and others like Opera doing it too. Integrating VPNs into their products in the name of security. But how trustworthy are those promises…

In theory good but in the real-world a concerning trend
In theory integrating another protection layer sounds good and probably helps to fight GeoIP location restrictions but let us talk about the potential drawbacks.

  • You must trust the provider because interception and inspection is hard to impossible
  • It might renders DNS based adblockers useless, depending on if its a real VPN or a proxy. Those two things are not the same even tho Opera still claims they use a VPN.
  • You might be forced to pay for it to unlock questionable features such as integrated adblocking, depending on the business model.
  • Some VPN implementations are worse than using VPNs from known players such as Mullvad, PIA, Proton etc. It could result in data leakages.
  • Besides the trust argumentation auditing the connection makes it nearly impossible, so you have no control nor do you know what is going on. On a home network that might not be the problem but it becomes a problem on enterprise networks or school networks when you actually want to block certain things. There are also - depending on the country - laws you must obey, sanctions, anti-encryption law etc.
  • The VPN usage could trigger more CAPTCHAS and more fingerprinting because more people might use the service which looks suspicious to e.g. CloudFlare which then only triggers more countermeasures.
  • Bloatware, assuming you use already a VPN you do not need yet another one. There is no point to use a proxy with a VPN or another so-called VPN on top of your existing running VPN. Some router OS supporting directly Wireguard, OpenVPN etc. so there is no point except GeoIP restrictions and testing to use another encrypted layer in your network.
  • Criminals can hide in plain sight and swim with the mass.

These are only a few argumentation against integrating a VPN into the OS or the Browser.

Opt-in is the key
I think everyone needs to decide for himself to use a VPN or not, the user should be in control and not Google, Opera, Brave etc. Users should be given a choice and they should be made aware of drawbacks as well as what is going on if you decide to trust such free services.

Implementation and a choice
Solving this puzzle is easy, everyone should decide for himself to download and install extensions, install VPN software and so on. We are not kids that needs parenting that tells us what we shall do.

One approach could be to make such changes entirely optional. There probably should only be a banner, info what you can click away, but integrating it directly into products can lead to problems, people tend to use such things more often, we had such topic with Internet Explorer and the Windows OS. It took decades and lawsuits until MS finally changed something on the OS to give the user a choice what Browser to use and yet it is still far away from being good.