Ask HN: Why should I not start a VPN business?

4 points by iDemonix ↗ HN
Seeing as Chairman May looks set to retain her role as PM of the UK, and pressing on with her anti-open-internet legislation, VPNs seem like a business that are going to only become more and more popular.

I'm a 9-5 DevOps/SysAdmin, and I run personal projects on Digital Ocean. I could setup something on DO or AWS to automatically spin up servers and could write the site up in Laravel. I've been looking to start up a paid site/service for a while.

What I want to know is, why shouldn't I start? I'm based in the UK, servers would be global (DO or AWS regions). Is it a messy thing to get involved with, or can I protect myself with terms and conditions? Obviously I don't hold any logs etc. If someone used the service and did something illegal (child porn or terrorism), would I be getting raided?

I've got the tech side mostly covered, but I'm a little unsure about the legalities.

9 comments

[ 2.8 ms ] story [ 41.5 ms ] thread
You can start your VPN business, but you may run into issues and cause your customers to conduct chargebacks, refunds or sue for not being able to reliably offer services. If blocking/disrupting/unauthorized decryption of their encrypted traffic occurs in the future you should inform your customers of this issue so none of them are unaware.

Now if it becomes illegal in the UK to offer any encryption services, require backdoors or lower grade encryption you may need to migrate your residence and business to another country to legally continue business operations.

I think one of the biggest things swinging it are legality, I'm almost certain it won't be illegal to offer encryption services, but then there's a lot of things I didn't think would happen in politics lately...
There's no shortage of vpn services. How would you get customers? Next to legal issues, that would be my primary concern.
This. There's a ton of VPN services and while it is in theory a good business model (I know somebody who has a niche VPN business which makes tens of millions of dollars per year), getting customers might be hard.
And it has to be said that while some people want a VPN for "good reasons" a lot of VPN users will be the abusive kind - you'll need to deal with them too. Hard if you don't have logging, but if you keep logs you'll get fewer clients.
I wouldn't sign up for a VPN based out of the UK. Frankly, May scares the shit out of me - her ideas about regulating communications comes across as more than slightly fascist.*

* My head of state is He-Who-Must-Be-Impeached; so I'm getting more familiar with fascism on a day-to-day basis. (I won't even use an email provider located in the US due to the way the government over here behaves).

I agree and would extend it to be not trusting a VPN company or a director of a company operating on the UK, even if all the servers are in overseas locations.

There is a large provider based in Gibraltar. I'm not sure how trustworthy they could be but from what I remember it's all about the law and applicability and where an individual lives. IANAL

Unfortunately, the proposed encryption ban is still very much alive. If that proposal becomes a law any kind of useful VPN service will be illegal.

If May and her three Brexit stooges have their way with the UK you might rather want to provide relocation and off-shoring services ...

I thought about it but the thing is that anything like this is probably going to be used for undesirable things by undesirable people and although my moral compass isn't exactly strong I didn't really want to be involved in that.