Original article by Javier Mateos
Compiled by Odaily Planet Daily Golem ( @web3_golem )
The neutrality of the Internet cannot be guaranteed by replacing a single watchdog.
Recently, more and more VPN vendors have used advertisements such as “They are watching you”, “Your IP is not secure”, “Enjoy real private browsing” to motivate users to subscribe. VPNs (Virtual Private Networks) are often promoted as the ultimate tool to “evade censorship”, “protect privacy”, or “browse the Internet freely”. However, this view is too simplistic - and in many cases, even very dangerous. In an environment without net neutrality or state control of Internet access infrastructure, VPNs do not guarantee freedom from censorship or privacy. In fact, service providers may be blocked, pressured, or even forced to hand over user data to regulators (we will review precedents in this regard later). But even in the absence of state intervention, we have long handed over our data to so-called “trusted” third parties, entrusting our security to others without truly understanding who we trust.
In this article, we will try to explore why VPNs are not a panacea, why simply “changing” control of the Internet is not enough to solve the problem, and how this “illusion of privacy” is counterproductive. At the same time, this article will analyze the technical and legal limitations of VPNs, list examples of their failure in the real world, and why when we really talk about digital freedom, perhaps we should go beyond the scope of VPNs.
The problem isn’t who controls access, but that no one should control it.
Net neutrality is gone
As our conversations take place over messaging apps, as our lives are selectively displayed on social media, as we increasingly buy products and services through screens, it is evidence that we already live in a primitive metaverse, and those who wish to profit from this new environment (businesses or governments) are well aware of this. Ultimately, everything about us becomes tradable, as can be seen from Google, Apple, Amazon, Cisco, and many more.
In addition to controlling everything about our lives, these big companies have also entered the VPN business and started to control our Internet access. Many countries around the world are now actively designing Internet access, especially in terms of network neutrality. In some cases, they even directly undermine network neutrality and the principle of equal treatment of data traffic in order to impose features such as priority, control or limitation.
Network neutrality, sometimes referred to as the principle of network neutrality, means that Internet service providers (ISPs) must treat all Internet communications equally, regardless of the content, website, platform, application, device type, source address, destination address, or communication method, and should provide users and online content providers with consistent transmission rates (i.e., no price discrimination). ——Source: Wikipedia
But what’s most worrying is that most people in society don’t even know net neutrality exists. Even when it comes up in public discussion, it’s usually hidden behind vague headlines or framed as a debate about whether the internet should be considered an essential public service. But its true meaning is rarely explained: What interests are involved? Who benefits? Who is excluded? There’s no real public discussion here – just an agenda pushed by those with the most power and the most infrastructure.
The dual role of a VPN: It can hide you from some people, but it can also expose you to others
Digital privacy is no longer the exclusive domain of cybersecurity software. Where there is interest, there is transaction, and where there is transaction, there are actors trying to grab value. The moral and philosophical high ground once defended by early cypherpunks has now been occupied by major Internet players.
Phil Zimmerman’s great contribution, creating PGP (Pretty Good Privacy) at the dawn of mass internet adoption in 1991, now seems to be disintegrating into a new dystopia: even discussions about privacy are being exploited by entities that engage in surveillance.
This isn’t about demonizing nations or big corporations; the point is to put the spotlight on decentralization. The cypherpunks didn’t invent VPNs, but they did lay the cultural and cryptographic foundations that allow them to function as part of a broader digital sovereignty ecosystem, and their legacy is more closely associated with Tor, decentralized networks, end-to-end encryption, and anonymity, whereas VPNs originally originated in the corporate world.
How VPNs Work
A VPN creates an encrypted tunnel between a user’s device and a remote server, protecting the traffic between the two nodes. It uses tunneling and cryptographic security protocols such as OpenVPN, WireGuard, or IPSec to prevent a middleman (such as a local Internet Service Provider (ISP) or surveillance agencies) from reading or modifying data in transit. While this functionality is critical, protecting the source of the connection (i.e., the user) is just as important, if not more so. In fact, as mentioned above, the marketing of many VPN services focuses more on the latter than the former, as VPNs replace a user’s real IP address with that of a remote server, helping to hide a user’s location, bypass geographic restrictions, or circumvent local censorship mechanisms. The main technical features of a VPN include:
Encrypt traffic to protect privacy
Hide the users real IP address and location
Bypass region-based blocking by simulating a connection from another location
Allows secure remote access, such as for employees or users in a corporate environment to connect to an internal network
These capabilities explain why VPNs are so closely associated with digital freedom and anonymity, but VPNs also have some fundamental limitations that weaken their ability to guarantee network neutrality or unrestricted access.
VPNs are not censorship-resistant
In repressive regimes or areas where net neutrality is not guaranteed, the state often controls the main nodes of internet access and has legal grounds to require Internet Service Providers (ISPs) to assist in surveillance, censorship, or selective content blocking, but this can also extend to VPN providers.
While VPNs are not classified as ISPs in most countries because they do not provide direct internet access but rather encrypt and redirect user traffic, in jurisdictions with strict state control over telecommunications, VPN services are functionally considered Internet Service Providers. As a result, the following scenarios may apply:
Countries can detect and block unauthorized VPN use
VPN providers could be forced to hand over user data
Using a VPN without state authorization may be illegal and punishable
The lack of net neutrality means any type of traffic can be discriminated against
In short, VPNs are just a technological tool. They cannot enforce freedom or neutrality where the legal framework and infrastructure actively prevent them.
From theory to reality: VPNs in the real world
As mentioned before, VPNs did not originate from an altruistic movement or a philosophical response to defend digital freedom. They were created and developed by businesses, primarily to ensure secure connections within geographically dispersed business networks. VPNs became popular as a solution to personal privacy only after 2001.
However, those platforms or companies that offer free VPN services usually bundle other services (such as web browsers, security suites, etc.). Why is this? The answer is simple, If you are not paying for the product, then you may be the product.
There are several possible reasons behind free VPN services:
Data collection (connection times, IP addresses, usage patterns): This data is then sold to third parties or used to build highly profitable digital profiles;
Market testing: Use user groups to test new services and verify their usability models;
Brand loyalty and reputation: Free VPNs can be used as a marketing tool, a positioning tool, or as part of a corporate social responsibility (CSR) strategy, especially when bundled with a paid product;
Freemium model: limited speed versions, server limits, or data caps, all designed to convert free users into paying customers.
The paradox in all this is that the very purpose of installing a VPN is exactly the opposite of what ends up happening: we entrust our privacy to others, thinking we are protecting it. Now, in addition to the services that a VPN service provider may offer, these tools must also operate within a specific legal and judicial framework. Let’s take a look at how different countries treat VPNs.
Russia and Iran: Strict regulation and state control
Russia requires VPN providers to register users and cooperate with state security. As a result, some providers have been fined or even shut down for not complying. To enforce this policy, Russia passed laws that penalize unauthorized VPN promotion.
In 2024, at the request of the Russian Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor), Apple removed 25 VPN apps from its App Store in Russia.
Iran has made it mandatory for VPNs to obtain a state license, which includes systematically handing over user data to intelligence services, since 2024. A resolution by Iran’s Supreme Cyberspace Council has imposed severe restrictions on internet access, further tightening state control over censorship circumvention tools.
VPNs that passively or actively hand over user data
The reality is that in a hyperconnected yet legally fragmented world, VPNs are not islands; rather, they are the weak link in the global chain.
In 2019, in a case between Finland and Germany, Finnish police forced a VPN provider to hand over user logs for a German investigation, even though the provider had claimed to have a “no logs” policy; in 2020, some free VPN services were found to sell user data to third parties. In one incident, more than 1.2 TB of data from seven different VPN providers were leaked; jurisdictions under the “Five Eyes Alliance” (a surveillance cooperation network between the United States, United Kingdom, Canada, Australia and New Zealand) require VPN service providers to cooperate with state surveillance efforts.
The key issue is that even in places where VPNs are banned or severely restricted, many citizens still rely on them to bypass censorship. However, when these VPNs come from unknown or untrusted sources, surveillance, privacy breaches, and even identity theft may no longer come from the state, but from opaque operators with no name, no face, and no clear jurisdiction. Traffic is still monitored - its just by a different person.
Net Neutrality in the United States Is Not Free
Surprisingly (or perhaps not so surprisingly), in a country as technologically powerful as the United States, net neutrality is not a fixed, unquestioned principle.
A high-profile case occurred in 2014, when internet provider Comcast was found to have throttled Netflix traffic, with its network management measures directly affecting the quality and speed of content. The case sparked a strong public and political backlash, exposing how internet service providers can interfere with access to certain services. In response, in 2015, during the Obama administration, the Federal Communications Commission (FCC) reclassified internet access as a telecommunications service and implemented rules prohibiting blocking, throttling, and paid prioritization.
However, in 2017, under President Trump’s administration, under FCC Chairman Ajit Pai, these rules were repealed via executive order, with the FCC claiming they were overly regulatory and stifled innovation and private investment. With the change of president in 2021, Biden and the FCC reignited their push for net neutrality. In 2024, they introduced a “protective order” that restored many of the original protections and gave consumers and small businesses relief mechanisms.
With political leadership shifting again, the tide turned after Trump returned to the White House. On January 2, 2025, the Sixth Circuit Court of Appeals (covering states such as Ohio, Kentucky, Michigan, and Tennessee) ruled in Ohio Telecommunications Association v. FCC that the FCC lacked the legal authority to issue the order. The ruling overturned the protective order by judicial decision before it could take effect in those states.
So where do we stand now? We can summarize it this way: At the federal level, there are no fully effective net neutrality rules in place as a result of the court ruling. Only a few state laws, such as those in California, New York, and Washington, retain their own protections. The Sixth Circuit’s ruling will take effect immediately—unless the Supreme Court appeals and overturns it. Until then, or until Congress enacts new legislation, there will be no unified federal framework.
This fragmented landscape leaves consumers in a situation where equal treatment of internet traffic depends entirely on state laws — and future Supreme Court decisions or legislative action by Congress.
The State of VPN Regulation in Europe, Latin America, and Africa
Europe: Balancing privacy and security amid new challenges to net neutrality
In the EU, while VPN use is not banned, there are growing concerns about upcoming initiatives such as ProtectEU and Chat Control , which could require the installation of backdoors or the logging of metadata, severely impacting user privacy. These measures are driven by the legitimate and urgent need to investigate and combat online child sexual abuse material (CSAM), and they are an important step in protecting minors and ensuring digital safety.
However, this debate must also focus on the broader implications for the integrity of encryption and net neutrality. Weakening these pillars could jeopardize the privacy of all users and open the door to greater abuse and vulnerabilities.
At the same time, Europe has been a staunch defender of net neutrality. The Open Internet Regulation ensures that Internet service providers treat all data traffic equally - without discrimination, restriction or interference - regardless of sender, receiver, content, application or service. Its purpose is to safeguard the ability of end users to freely access and share information, and to use and provide services and applications of their choice.
However, growing pressure for surveillance and access to data could come into conflict with these principles, as ProtectEU and Chat Control may bring. If ISPs are required to inspect or filter traffic, even for narrow purposes, this could set a precedent that undermines net neutrality. The focus should be on whether security needs can be balanced with fundamental rights to privacy and an open internet.
Latin America: Freedom within a regulatory framework, with net neutrality as a pillar
In most Latin American countries, the use of VPNs remains legal, and its coexistence with net neutrality original and data protection frameworks is crucial. The region generally tends to protect online freedoms, and net neutrality plays an important role in this focus. Here are some relevant examples:
Brazil: The Brazilian Internet Civil Rights Framework (Marco Civil da Internet) is a landmark legislation that explicitly protects the principle of net neutrality. It ensures that Internet Service Providers (ISPs) do not discriminate when handling data packets, thereby providing a level playing field for online services and applications, including those accessed through VPNs. Granted, ISPs are required to keep traffic logs for up to 12 months for judicial purposes (reflecting a balance between freedom and surveillance), but the commitment to net neutrality remains strong. An obvious example: ISPs cannot offer data plans that speed up access to one streaming platform while throttling access to others - this would violate core principles.
Argentina and Uruguay: Both countries have received adequacy rulings under the EU General Data Protection Regulation (GDPR). This facilitates cross-border VPN operations without additional obligations, which is a positive step for the free flow of data and services. As for net neutrality, while the laws in both countries are not as clear as in Brazil, the regulatory frameworks in both countries generally support non-discrimination in terms of traffic. In Argentina, the Law on Audiovisual Communications Services (Law 26.522) is seen in some interpretations as indirectly supporting net neutrality. In Uruguay, despite the absence of specific net neutrality laws, its regulations and policies favor non-discriminatory access to the Internet.
Chile: The 2024 Data Protection Law reform established a data protection agency and strengthened users’ digital rights. While the bill does not directly restrict or constrain the use of VPNs, this advancement in personal data protection is critical to the broader digital ecosystem. Chile was the first country in Latin America to pass a net neutrality law – Law 20.453 (2010), which prohibits Internet Service Providers (ISPs) from blocking, interfering, discriminating against or otherwise limiting the rights of any user to use, send, receive or make available any lawful content, application or service over the Internet.
Africa: Direct restrictions and content controls challenge net neutrality
In some African countries, outright restrictions on VPNs are imposed in the name of controlling “illegal content,” which is often vaguely defined. This often overlaps with weak or non-existent net neutrality frameworks. While countries such as Egypt, Morocco, South Africa, and Nigeria have taken a more flexible or structured approach to VPN use (with specific restrictions), others maintain stricter policies.
Tanzania (2020 regulations, effective from 2023): The country prohibits the use of VPNs without prior approval from the regulator. If the service is not registered, violators can face fines or even imprisonment. This is one of the most restrictive VPN regulations in the world. Tanzania’s lack of strong net neutrality legislation gives ISPs greater freedom to manage traffic, including throttling or blocking services, especially those deemed problematic by the government. This creates an environment where both VPN usage and content access are restricted.
But it is worth mentioning that Egypt, Morocco, South Africa and Nigeria are key players on the continent with their more developed digital markets and clearer regulatory frameworks, which is why they are specifically mentioned. However, there are some important differences between them: Morocco imposes severe penalties on the use of VPNs to circumvent network blocks, supplemented by deep packet inspection technology; Morocco regulates the import of encryption technology and imposes some control on key content; South Africa generally allows widespread use of VPNs, but has restrictions on bypassing copyright protection; Nigeria, while less regulated, is committed to promoting a thriving digital economy, focusing on expanding network access and improving infrastructure. Despite these differences, all four countries offer a relatively more open environment than other African countries and have higher expectations for the progress of net neutrality and digital rights.
Solution: Decentralized Internet Infrastructure
When we connect to the Internet, we do so through a series of protocol stacks that go from the physical layer to the logical layer, from transmitting data to giving meaning to the transmission. From a technical perspective, the layers we discuss include:
Network interface (physical layer)
Internet (IP layer)
Transport layer (TCP/UDP)
Application layer (what we use: social networks, streaming media, services, etc.)
The real dispute is mainly between the transport layer and the application layer. While the transport layer is supposed to be neutral, allowing all data to flow without discrimination, the application layer has become a center of power, where a few companies concentrate the design, monetization, and control of digital experiences. The conflict between the application layer and the transport layer is not just a technical conflict: it is a struggle for control of value-added layers that do not necessarily truly care about users, who remain trapped between competing layers, none of which can truly guarantee sovereignty, privacy, or true freedom.
The real long-term solution that can truly ensure neutrality, privacy, and censorship resistance is a decentralized Internet infrastructure that is collectively managed and maintained. The most promising approaches include:
Mesh and community networks: Each node is an active participant, both providing and receiving access rights. Projects like Althea or LibreMesh show how communities can self-organize to build local connectivity mesh networks without relying on large operators.
Blockchain-based connectivity incentive protocols: Platforms like Helium or SpaceCoin use tokens to coordinate and reward nodes that provide coverage and bandwidth. In addition, the success of Bitcoin and other crypto assets has demonstrated the effectiveness of distributed incentive mechanisms in challenging and reshaping existing power structures, confirming that blockchain-based models can be a real engine of change in the telecommunications ecosystem.
P2P-Blockchain Hybrid Systems: Platforms that combine direct peer-to-peer data exchange with a distributed ledger registry, allowing data packets to be transferred and track who provided which resources.
These solutions eliminate single points of failure and control, raise the cost of censorship, and democratize Internet access. By distributing the transport and application layers to multiple actors (users, validators, etc.), they promote de facto network neutrality that is resistant to economic and political pressure.
in conclusion
When we talk about neutrality, privacy, and censorship resistance, it’s not enough to just design decentralized protocols — we need a technologically aware and politically active citizenry.
When the world of blockchain emerges, I often think of the lessons on Bitcoin (and its close connection to net neutrality), where it was mentioned that if Internet access is restricted by a certain country or provider, using a magic VPN is enough to bypass the blockade. But as we can see, the reality is quite different: everything depends on the country, the specific application, the providers policies and how much we trust each service. Not all VPNs are safe, not all apps allow geo-circumvention, and using software from unknown sources also carries risks.
This seemingly effortless digital comfort creates both a false sense of freedom and reinforces compliance: we delegate sovereignty to opaque actors in exchange for everything “just working.” That’s why the real battles don’t just happen at the transport or application layer, or in the code of mesh networks or smart contracts — they happen in people’s heads.
Digital education with civic awareness can produce true protection of neutrality and privacy. Without this foundation, any decentralized network is likely to become a soft surveillance system that is both difficult to detect and irreversible.
What is the point of a decentralized system if the path to decentralization is controlled? The only way to preserve online freedom is to abandon the comfort of passivity and embrace technological citizenship.
