Tagged: virtual private network

Distrust and Verify: Your ISP and Choosing a VPN

Earlier this year, I noted that the Senate had eliminated consumer protections for broadband customers. This change could result in Internet Service Providers sniffing your broadband data to potentially sell your browsing history to marketers. Yes, it sucks.

I also noted that one way to counter this practice would be to mask your broadband traffic through a Virtual Private Network (VPN). When you tunnel your traffic through a VPN, your ISP can’t tell what websites or Internet hosts you are visiting. All it can see is that you’re transmitting and receiving encrypted data to your VPN provider.

However, tunneling all your traffic through a VPN is not an ideal solution because the performance of your broadband connection will suffer. There are still perfectly good reasons for using a VPN:

  1. You’re connected to an untrusted network, such as a public WiFi hotspot in a cafe, hotel, or airport.
  2. You’re trying to access geofenced content, such as information that is not available in your country but is in another.
  3. You don’t trust your Internet connection because you’re in a foreign country or on the premises of a business competitor.

But a VPN doesn’t provide you with 100% security or privacy. Instead you’re simply replacing the ISP you might distrust with a VPN provider that you might trust a bit more. Your VPN provider will “know” every website that you visit while you are connected to it. And just as your ISP does, some VPN providers keep logs of what sites their users are visiting.

Boni Satani recently coauthored a guide on The Best VPN that surveys 118 VPNs and their policies that indicate that they do not keep logs of their subscribers’ activity. If you’re considering subscribing to a VPN, I would recommend reviewing this guide to help find a VPN that does not log your traffic. Of course, you’re the final arbiter of what is the best VPN for you. Do your homework and choose widely.

Personally, I use TunnelBear for occasions when I’m at an untrusted public WiFi network and don’t want someone to “sniff” my data. Their privacy policy states that they do not “store users originating IP addresses when connected to our service and thus cannot identify users when provided IP addresses of our servers.” They may log what site you visit but they cannot associate that information with you. And they have those cute bears.

Update: I should reiterate that using a VPN doesn’t guarantee complete privacy or anonymity. For example, the FBI was able to use PureVPN’s IP address logs to determine that a PureVPN user was allegedly cyberstalking a former roommate and her friends. PureVPN was listed in the Best VPN survey of VPNs that do not keep logs. They apparently do.

Senate Eliminated Broadband Consumer Privacy Protections Today

Earlier today, the Senate voted 50-48 to repeal rules meant to protect broadband consumers’ privacy from being collected and sold by requires Internet Service Providers (ISPs). The rules, passed last October in the final months of the Obama administration, required ISPs to do two simple things:

  • allow users to opt-out of collecting consumer data
  • require ISPs to opt-in to the collecting of more sensitive data, such as financial information and browsing history

This still has to pass the House and get signed by the President, but if you’re expecting either to block passage of this repeal, I have a bridge to sell you.

With the Senate passing the repeal, those rules protecting your privacy are now history. Your ISP can collect and market any information they have about you or can gather through sniffing your broadband connection. Of course, in an ideal world, you could switch to another ISP, which might not do this collecting. But because of the great expense required to enter the broadband market, there is no true ISP competition. Hell, even a well-heeled company like Google couldn’t penetrate this market. Online privacy is basically toast.

As an armchair political observer, two things stick out:

  1. Is this against the Senate’s own rules? Repealing these rules was because Congress passed and the President ratified the “Congressional Review Act.” The Act’s aim is to allow Congress to repeal any rules that had passed in the last months of the Obama administration with a simple majority, which the Republicans currently have in both chambers. Accordingly, repealing broadband privacy protection rules needed just a simple majority, rather than the filibuster-proof sixty-plus votes required to pass new legislation. I wonder if someone could argue that repealing old laws requires the passage of a new law. Isn’t that how it worked with Prohibition: repealing the 18th Amendment required passing the 21st Amendment?

  2. Since when is privacy a partisan issue? Except for the legislators who are in the pockets of the telecom industry, I don’t see how this is a partisan issue, where fifty Republicans supported it and forty-eight democrats opposed it. I can’t imagine how even the most right-wing fascist would be in favor of this, much less entertain the idea of a left-wing extremist consenting to corporations harvesting selling our consumer data. Like globalization, free trade, and income inequality, these are issues that bind the left and the right together more than it divides them. I thought only corporate fat cats and their lap dogs favor this kind of stuff.

Perhaps it’s time to consider tunneling all your traffic through a VPN to protect your privacy, although that is not a very practical solution.