Original source by Javier Mateos
Translated | Odaily Golem (@web3_golem)
Internet neutrality cannot be guaranteed by simply replacing one supervisor.
Recently, more and more VPN providers use advertisements like "they are watching you", "your IP is not safe", and "enjoy truly private browsing" to stimulate user subscriptions. VPNs are often promoted as the ultimate tool for "escaping censorship", "protecting privacy", or "freely browsing the internet". However, this view is overly simplistic - and in many cases, even very dangerous. In environments without network neutrality or where the state controls internet access infrastructure, VPNs cannot guarantee freedom from censorship or privacy protection. In fact, service providers may be blocked, pressured, or even directly forced to hand over user data to regulatory authorities (we will review precedents for this later). But even without state intervention, we have long since handed over our data to so-called "trusted" third parties, entrusting our security to others without truly understanding who we are trusting.
[The translation continues in this manner, maintaining the original structure and meaning while translating to English]Brand loyalty and reputation: Free VPNs can be used as marketing tools, positioning tools, or as part of a corporate social responsibility (CSR) strategy, especially when bundled with paid products;
Freemium model: Limited speed versions, server number restrictions, or data traffic caps, all aimed at converting free users to paid users.
The paradox is that people install VPNs precisely for a purpose opposite to the ultimate result: we delegate our privacy rights, thinking we are protecting them. Now, in addition to the services provided by VPN service providers, these tools must also operate within specific legal and judicial frameworks. Let's look at how different countries treat VPNs.
Russia and Iran: Strict Regulation and State Control
Russia requires VPN providers to register users and cooperate with national security departments. Therefore, some providers have been fined or even shut down for non-compliance. To reinforce this policy, Russia passed laws punishing unauthorized VPN promotion.
In 2024, at the request of the Russian Federal Service for Supervision of Communications, Information Technology, and Mass Media (Roskomnadzor), Apple removed 25 VPN apps from its App Store in Russia.
From 2024, Iran mandates VPNs obtain state permission, including systematically handing over user data to intelligence departments. A resolution by Iran's Supreme Cyberspace Council imposed strict internet access restrictions, further strengthening state control over circumvention tools.
VPNs Passively or Actively Surrendering User Data
In fact, in a highly interconnected but legally fragmented world, VPNs are not isolated islands but weak links in a global chain.
In 2019, Finnish police forced a VPN provider to hand over user logs for a German investigation, despite the provider claiming a "no-log" policy; in 2020, some free VPN services were found selling user data to third parties, with one incident involving over 1.2 TB of data leaked from seven different VPN services;jurisdictions under the "Five Eyes" alliance (monitoring cooperation network between the US, UK, Canada, Australia, and New Zealand) require VPN service providers to cooperate with national monitoring efforts.
The key issue is that even where VPNs are banned or strictly limited, many citizens still rely on them to bypass censorship. However, when these VPNs come from unknown or unreliable sources, monitoring, privacy leaks, and even identity theft may no longer come from the state but from opaque operators without names, faces, or clear jurisdictions. Traffic is still monitored—just by a different monitor.
US Network Neutrality is Not Free
Surprisingly (or perhaps not), in a country with such technological influence as the United States, network neutrality is not a fixed, unquestionable principle.
A notable case occurred in 2014 when internet provider Comcast was found to be restricting Netflix's traffic, directly affecting content quality and speed. This case sparked strong public and political backlash, exposing how internet service providers can interfere with service access. In response, in 2015, during the Obama administration, the Federal Communications Commission (FCC) reclassified internet access as a telecommunications service and implemented rules prohibiting blocking, throttling, and paid prioritization.
However, in 2017, during President Trump's term, under FCC Chairman Ajit Pai, these rules were abolished by executive order, with the FCC claiming the rules were over-regulated and stifled innovation and private investment. With the 2021 presidential transition, Biden and the FCC reignited the push for network neutrality. In 2024, they introduced a "Protection Order" restoring many original protections and providing relief mechanisms for consumers and small businesses.
With another political leadership change, the situation reversed after Trump's return to the White House. On January 2, 2025, the Sixth Circuit Court of Appeals (covering Ohio, Kentucky, Michigan, and Tennessee) ruled in the Ohio Telecommunications Association v. FCC case that the FCC lacked statutory authority to issue the order. The ruling overturned the Protection Order in these states before it could take effect.
So, what is the current situation? We can summarize it as follows: At the federal level, after the court ruling, there are currently no fully effective network neutrality rules. Only a few state laws (such as those in California, New York, and Washington) retain their own protections. The Sixth Circuit Court's ruling will take immediate effect—unless the Supreme Court appeals and overturns the ruling. Until then, or until Congress passes new legislation, there will be no unified federal framework.
This fragmented landscape puts consumers in a situation where equal treatment of internet traffic entirely depends on state laws—and future Supreme Court rulings or congressional legislative actions.
VPN Regulation Status in Europe, Latin America, and Africa
Europe: Balancing Privacy and Security Under New Challenges to Network Neutrality
In the EU, while VPN use is not prohibited, concerns are growing about upcoming initiatives like ProtectEU and Chat Control, which may require backdoor installation or metadata recording, significantly impacting user privacy. These measures are driven by the legitimate and urgent need to investigate and combat online child sexual abuse material (CSAM), representing an important step in protecting minors and ensuring digital security.
However, the debate must also focus on broader implications for encryption integrity and network neutrality. Undermining these pillars could jeopardize all users' privacy and open doors to greater abuse and vulnerabilities.
Meanwhile, Europe has been a staunch defender of network neutrality. The Open Internet Regulation ensures internet service providers treat all data traffic equally—without discrimination, restriction, or interference—regardless of sender, receiver, content, application, or service. Its purpose is to guarantee end-users' freedom to access and share information and their ability to use and provide services and applications of their choice.
However, as potential results from ProtectEU and Chat Control suggest, growing pressures for monitoring and data access may conflict with these principles. If internet service providers are required to inspect or filter traffic, even for narrow purposes, it could set a precedent that undermines network neutrality principles. The focus should be on whether security needs can be balanced with fundamental privacy rights and an open internet.
Latin America: Freedom Within Regulatory Frameworks, Network Neutrality as a Pillar
In most Latin American countries, VPN use remains legal, and its coexistence with network neutrality principles and data protection frameworks is crucial. The region generally tends to protect online freedoms, with network neutrality playing a key role in this focus. Here are some relevant examples:
Brazil: The 'Marco Civil da Internet' is a landmark legislation that clearly protects the principle of net neutrality. It ensures that Internet Service Providers (ISPs) cannot discriminate when handling data packets, thus providing a fair competitive environment for online services and applications (including those accessed via VPN). Admittedly, ISPs must retain traffic logs for up to 12 months for judicial purposes (reflecting a balance between freedom and supervision), but the commitment to net neutrality remains steadfast. A clear example is that ISPs cannot offer data packages that accelerate access to one streaming platform while limiting access to others - this would violate the core principle.
Argentina and Uruguay: Both countries have received adequacy decisions under the EU's General Data Protection Regulation (GDPR). This benefits cross-border VPN operations without additional obligations, which is a positive step for the free flow of data and services. Regarding net neutrality, while their laws are not as explicit as Brazil's, both countries' regulatory frameworks generally support non-discriminatory traffic. In Argentina, the Audiovisual Communication Services Law (Law No. 26,522) is interpreted by some as indirectly supporting net neutrality. In Uruguay, although there is no specific net neutrality law, its regulations and policies tend to favor non-discriminatory internet access.
Chile: The 2024 Data Protection Law reform established a data protection agency and strengthened users' digital rights. While the law does not directly restrict or constrain VPN use, this advancement in personal data protection is crucial for the broader digital ecosystem. Chile was the first Latin American country to pass a net neutrality law - Law No. 20,453 (2010), which prohibits Internet Service Providers (ISPs) from blocking, interfering with, discriminating against, or otherwise limiting any user's right to use, send, receive, or provide any legal content, applications, or services through the internet.
Africa: Direct Restrictions and Content Control Challenge Net Neutrality
In some African countries, direct VPN restrictions are justified under the guise of controlling "illegal content," with the definition of "illegal content" often being vague. This typically overlaps with weak or non-existent net neutrality frameworks. While countries like Egypt, Morocco, South Africa, and Nigeria have adopted more flexible or structured approaches to VPN use (with specific restrictions), other countries maintain more stringent policies.
Tanzania (2020 regulations, effective from 2023): The country prohibits VPN use without prior approval from the regulatory authority. Violators may face fines or even imprisonment if services are unregistered. This is one of the world's most restrictive VPN regulations. Tanzania lacks robust net neutrality legislation, giving Internet Service Providers greater freedom in traffic management, including restricting or blocking services, especially those deemed problematic by the government. This creates an environment with limited VPN use and content access.
It is worth noting that Egypt, Morocco, South Africa, and Nigeria, with their more developed digital markets and clearer regulatory frameworks, have become key players on the African continent, which is why they are specifically mentioned. However, there are significant differences between them: Egypt imposes severe penalties for using VPNs to circumvent network blockades, supported by deep packet inspection technology; Morocco regulates encryption technology imports and exercises some content control; South Africa generally allows broad VPN use but restricts bypassing copyright protection; Nigeria, while lacking strong regulation, is committed to promoting a vibrant digital economy, focusing on expanding network access and improving infrastructure. Despite these differences, compared to other African countries, these four nations offer a relatively more open environment and have higher expectations for progress in net neutrality and digital rights.
Solution: Decentralized Network Infrastructure
When we connect to the internet, we do so through a series of protocol stacks that range from the physical layer to the logical layer, from transporting data to giving meaning to that transport. From a technical perspective, the levels we discuss include:
Network Interface (Physical Layer)
Internet (IP Layer)
Transport Layer (TCP/UDP)
Application Layer (the content we use: social networks, streaming, services, etc.)
The real controversy primarily occurs between the transport layer and the application layer. While the transport layer should be neutral, allowing all data to flow without discrimination, the application layer has become a center of power, with a few companies concentrating control over digital experience design, monetization, and control. The conflict between the application and transport layers is not merely technical: it is a struggle for control of the "value-added" layers, which may not truly care about users, who remain trapped between competing layers, with no layer genuinely guaranteeing sovereignty, privacy, or true freedom.
The true long-term solution that can ensure neutrality, privacy, and resistance to censorship is a decentralized internet infrastructure managed and maintained collectively. The most promising approaches include:
Mesh Networks and Community Networks: Each node is an active participant, both providing and receiving access. Projects like Althea or LibreMesh demonstrate how communities can self-organize to build local mesh networks without relying on large operators.
Blockchain-based Connection Incentive Protocols: Platforms like Helium or SpaceCoin use tokens to coordinate and reward nodes providing coverage and bandwidth. Moreover, the success of Bitcoin and other crypto assets proves the effectiveness of distributed incentive mechanisms in challenging and reshaping existing power structures, confirming that blockchain-based models can be true engines of transformation in the telecommunications ecosystem.
P2P-Blockchain Hybrid Systems: Platforms that combine direct peer-to-peer data exchange with distributed ledger registration, allowing data packet transmission and tracking of resource providers.
These solutions eliminate single points of failure and control, increase the cost of censorship, and democratize internet access. By distributing the transport and application layers among multiple participants (users, validators, etc.), they promote de facto net neutrality, capable of resisting economic and political pressures.
Conclusion
When we discuss neutrality, privacy, and resistance to censorship, merely designing decentralized protocols is insufficient - we need citizens with technological awareness and political activism.
When the blockchain world emerged, I often recalled lessons about Bitcoin (and its close connection to net neutrality) that suggested using a "magical" VPN was enough to bypass blockades if internet access was restricted by a country or provider. But as we've seen, the reality is quite different: everything depends on the country, specific applications, provider policies, and our trust in each service. Not all VPNs are secure, not all applications allow geolocation circumvention, and using software of unknown origin carries risks.
This seemingly comfortable digital ease creates an illusion of freedom while reinforcing compliance: we delegate sovereignty to opaque participants in exchange for everything "functioning normally". This is precisely why the real battle is not just occurring in the transport or application layers, nor merely in mesh networks or smart contract code - but is unfolding in people's minds.
Digital education with civic consciousness is more effective in truly guaranteeing neutrality and privacy. Without this foundation, any decentralized network risks becoming a "soft" surveillance system that is both difficult to detect and irreversible.
What meaning would decentralized systems have if the path to decentralization is controlled? The only way to maintain network freedom is to abandon passive comfort and embrace technological civic consciousness.
