By Ashish Shah, Solution Architect, & Bill Jones, Senior Solution Architect
Bottom Line: Using a VPN might be a good idea, but you need to have confidence you can trust the VPN provider. (Check out Wikipedia for a definition of a VPN.)
What Has Changed?
“The House voted on [March 28, 2017] to approve a measure already passed by the Senate, which disapproves of an FCC rule that would have required Internet providers to ask permission before selling consumers’ personal data.” – NPR.org
Essentially, Congress has made it possible for Internet service providers (ISPs) to sell metadata data about their users.
The Electronic Frontier Foundation (EFF) actively works to protect online privacy. The EFF posted an article on March 19th titled, “Five Creepy Things Your ISP Could Do if Congress Repeals the FCC’s Privacy Protections” (before the Congressional vote on the 28th) and their post is referenced and quoted in the March 30th Wired “If You Want a VPN to Protect Your Privacy Start Here”. Please note that the Wired content is a significant subset of the EFF statement. One of the more interesting things about the EFF statement is that several of the things they are warning about are already being done. Given the recent vote in Congress, the actions they discuss are likely to become more widespread. Let me tell you a bit out what is going on and what I plan to do…
Is a VPN for Personal Use a Need? Probably Not. Is It a Good Idea? You Decide.
First off, I have no immediate plans on getting a VPN for personal use, but that may change as things progress. My reasoning is based on two things:
1) My web search history is already available for purchase from search engine companies. My shopping history is probably available for purchase from online retailers. In other words, there is a ton of metadata about me already available. Now, Congress has just made it possible for my ISP to sell that same metadata, without asking my permission.
2) A VPN will connect my computer to the Internet through the VPN provider’s network. As a result, the people who provide the VPN service can do the things that my ISP can do. Yes, my ISP won’t be able to see my traffic, and the VPN provider’s ISP won’t know who I am or where I am. But, the VPN provider will know all of that stuff. So, unless I have confidence that I can trust that VPN provider more than I trust my ISP, I don’t know that I’ll gain that much. And figuring out which VPN provider I can trust is going to take more work than I want to put in right now.
How Can a VPN Protect Privacy?
Leveraging encrypted Proxy or VPN technologies that provide an alternative route for online traffic (thus hiding from the broadband provider) would be smart. While, most of the users would have some sort of option to connect into their corporate network from home for VPN, their company VPN policies may not allow them to use the corporate VPN for personal use. As noted earlier, it can be hard to vet out a trustworthy VPN provider. Essentially moving the burden of privacy from one provider to another.
And, VPN technology (encryption of traffic through a private tunnel), by its very nature typically results in slower access to applications or sites, which may frustrate users. There’s also a chance that certain content providers, like some streaming services, will block your connection because they do not allow VPN access to their content.
What about Tor (i.e. Onion Routing)?
Onion routing is an anonymizing tool for Internet traffic, and Tor is one of its most widely adopted implementations. Tor encrypts user traffic and routes it through a number of Internet relays. Unfortunately, using Tor can violate an ISP’s terms of use agreement, so using it could result in some uncomfortable conversations with your ISP about your contract. So please review your ISP contract before implementing Tor or other onion routing tools. You can find more information on Tor here.
Is the Regulation Change a Bad Thing for Users?
Not necessarily. ISPs may use advertising to subsidize the cost of their services. So in exchange for trying to sell their product, they may cut the price of user’s service or offer them free or special access to content.
What Does this Mean for Me?
Since the rollback of the FCC rules and time of implementation are unclear, users won’t notice much difference in how companies are protecting their privacy in the short term. Eventually, you’ll see an influx of targeted advertising and potentially unwanted ads that follow you on the internet. For example, when you sign up for a Facebook account, you give them permission to present you with targeted ads. What could happen now is that other content providers will also be able to present targeted ads to you.
Broadband providers are moving into the content business, and they are likely to get more creative about how to use and monetize your online information to maximize their profits.
Read down to the bottom of this March 30th article “EFF: Verizon will install spyware on all its Android phones,” posted on Engadget. There have already been three updates discussing how Verizon will not be taking personal content. Verizon has even posted statement about their commitment to your privacy. As you can see from these daily updates, the landscape of privacy is full of hills and valleys that we will all be crossing together!