No perfect way to protect privacy

April 9, 2017 by Troy Wolverton, The Mercury News
Credit: Wikipedia

Now that Congress has given internet service providers the green light to keep tabs on your online activities and do as they wish with that information, you might be wondering what you can do about it.

The good news is there are two different technical tools you can use - the Tor system and , or VPNs. The bad news is both tools can be difficult to use and VPNs can be costly. The even worse news is that both, but particularly VPNs, may pose an even bigger risk to your privacy and security than your 's prying eyes.

"Those two are the best technological solutions we have," said Kevin Riggle, a cybersecurity professional who previously worked at web company Akamai Technologies. But, he added, "neither of them are good solutions."

Many consumers have found themselves looking for a good privacy solution following the recent passage by Congress of a resolution that would overturn privacy rules voted in place last year by the Federal Communications Commission. Those rules, which were due to take effect later this year, would have required broadband providers to seek customer approval before collecting or sharing information about them or their . It would have also required companies to take "reasonable" steps to protect the data they collected and to alert customer if that data had been compromised by hackers.

Perhaps the most popular answer for consumers is to sign up for a VPN.

A virtual private network is a service that connects your computer or other device with a server on the internet. VPN services typically encrypt all the traffic between your computer or device and their servers and routes all of your online traffic - web browsing, email, videos - through those servers before sending it on to its eventual destination.

Because your data is scrambled, your broadband provider typically can't see what sites you're visiting or what you're doing online when you use a VPN. They also can't see what's in your email or what's on the websites you're visiting. All they can generally see is that you are connecting to a private network.

Most VPNs are available for desktop computers and both Android and Apple smartphones. Some can be connected directly to your internet router so that all traffic through your home network passes through them. And if you're really geeky, you can set up your own VPN using open source software called Algo that will run on your own server or on a cloud service like Amazon's EC2.

But VPNs aren't a perfect solution for protecting privacy. They can be difficult to configure and use. They can slow your access to online sites and services. And because strongly advise users to stay away from free VPNs, you can expect to spend between $3 and $13 a month to use one.

More disturbingly, you may be less secure using a VPN than you would be otherwise. Security experts have noted that the encryption keys used by some popular virtual private networks are known and easily broken, meaning it wouldn't be hard for someone to snoop on data you sent through them.

Potentially much worse, by using a VPN, you may be swapping the devil you know for the devil you don't, giving the VPN provider a God's eye view of your online activities. While many networks promise to protect your privacy and not keep track of what you do on the internet, most are black boxes and almost none of their claims have been independently verified, security experts warn.

"You basically have to have faith in them that they're telling the truth," said Paul Bischoff, an editor at Comparitech, a website that reviews privacy and security products.

Security experts like Bischoff recommend that you do plenty of research before signing up for a VPN. Scrutinize their privacy policies and terms of service to see what data they collect, how long they hold on to it and what they do with it. Check to see if they are using secure encryption keys. And see if there are any press reports about how they've responded to subpoenas or other legal requests that they turn over data.

The other option is to use Tor, which works kind of like a multistage VPN. Tor routes your online data through multiple servers and encrypts it along the way. So, like a regular VPN, it obscures your online activities from your broadband provider; all that provider can detect is that you are using Tor.

But Tor also helps shield your activities from the servers through which your data passes. And the last server in the chain, the one that connects you to your destination, doesn't know your internet address, so it can't tell who is trying to reach that site.

Unlike many VPNs, Tor is free to use and it's something of a gold standard in shielding online activity.

But it too has its shortcomings. Because online traffic sent through Tor goes through multiple servers, it can be painfully slow to use, so much so that it's typically not good to use if you're trying to stream videos or wanting to compete with other people head-to-head in online games. Some sites even block Tor users.

Tor is typically accessed through a custom web browser. Although you can configure your computer to route your traffic through the Tor network, that's much more difficult for the average user to do. And if you're on an iPhone, it's basically impossible. An app called Orbot allows Android users to connect to the Tor network and use multiple apps through it. But if you use an iPhone, your only Tor options are web browsers.

And Tor could have security problems. There have been reports that the National Security Administration and even malicious hackers are monitoring traffic on the network, and the use of Tor could draw more attention to users than they would otherwise get.

"Tor is by far the best thing we have available today," said Riggle. "But that's far from saying it's perfect."

Indeed, when it comes to protecting your activities from your broadband provider, the best solution is not a technical one but a political one - the one the FCC already came up with, and that Republicans in Congress have now chucked out the window.

Explore further: What the death of broadband privacy rules means

54 shares

Related Stories

Most internet anonymity software leaks users' details

June 29, 2015

Virtual Private Networks (VPNs) are legal and increasingly popular for individuals wanting to circumvent censorship, avoid mass surveillance or access geographically limited services like Netflix and BBC iPlayer. Used by ...

Dems urge Trump to veto bill blocking online privacy rule

April 2, 2017

Senate Minority Leader Charles Schumer is urging President Donald Trump to veto a resolution that would kill an online privacy regulation, a move that could allow internet providers to sell information about their customers' ...

Recommended for you

A not-quite-random walk demystifies the algorithm

December 15, 2017

The algorithm is having a cultural moment. Originally a math and computer science term, algorithms are now used to account for everything from military drone strikes and financial market forecasts to Google search results.

US faces moment of truth on 'net neutrality'

December 14, 2017

The acrimonious battle over "net neutrality" in America comes to a head Thursday with a US agency set to vote to roll back rules enacted two years earlier aimed at preventing a "two-speed" internet.

FCC votes along party lines to end 'net neutrality' (Update)

December 14, 2017

The Federal Communications Commission repealed the Obama-era "net neutrality" rules Thursday, giving internet service providers like Verizon, Comcast and AT&T a free hand to slow or block websites and apps as they see fit ...

The wet road to fast and stable batteries

December 14, 2017

An international team of scientists—including several researchers from the U.S. Department of Energy's (DOE) Argonne National Laboratory—has discovered an anode battery material with superfast charging and stable operation ...

5 comments

Adjust slider to filter visible comments by rank

Display comments: newest first

aksdad
not rated yet Apr 09, 2017
Please stop the misinformation! Congress did not give "internet service providers the green light to keep tabs on your online activities and do as they wish with that information." ISPs had that right for 25 years until the FCC made a new rule just 5 months ago that prevented ISPs from tracking and using your browsing activity. The contentious new rule was implemented on a strictly party-line vote of the FCC commission over the opposition of every Republican commissioner. They noted that it gave Google, Bing, Yahoo and other search engines an unfair advantage because they were not restricted from tracking and using your browsing information. Congress overturned the rule just a couple weeks ago, returning to the status quo of the last 25 years.
EmceeSquared
2 / 5 (4) Apr 09, 2017
What is your point? The FCC finally passed a rule that finally stopped ISPs from tracking and selling/exploiting your Internet activity, despite Republican FCC commissioners trying to stop it. And then the instant they had the power the Republicans destroyed it. Yes it didn't also stop Google, Microsoft, Yahoo and others from exploiting your traffic through them, but if that was the problem then the solution was to set the rule to prohibit those from doing it too. Not to destroy the insufficient but real protection we had. What kind of logic are you applying? Purely partisan Republican logic?
aksdad
1 / 5 (1) Apr 10, 2017
Two points, Emcee. First, the article misrepresented what actually happened, implying that Republicans were granting ISPs sweeping new power, which they didn't. The press--and apparently you too--are virulently anti-Republican and report news to make Republicans look bad instead of actually reporting on the merits of their actions.

Second, the merits. As a consumer, I prefer that my browsing not be tracked for no other reason than that it feels like companies know too much about me, but none of what they know is actually sensitive. There are rules against them giving away sensitive information like medical information, SSN, etc. In fact, their knowledge of my browsing history actually is a benefit to me. Instead of seeing random ads on websites for things that I have no interest in, I generally see ads that are targeted to my interest, based on my browsing history. It's still the equivalent of junk mail, but it's more useful to me than random junk mail.
aksdad
1 / 5 (1) Apr 10, 2017
And most importantly, Emcee, unaccountable, unelected bureaucrats like the FCC commissioners should not be making law. It goes entirely against the core American values of a representative democracy; you know, "government of the people, by the people, for the people" that Abraham Lincoln extolled. Hmmm...old Abe Lincoln was a Republican wasn't he? Maybe you don't like him either.

American government works like this: Article 1 is the Legislature where our elected representatives debate and make laws. They are accountable to us. Article 2 is the Executive; our president and the agencies set up by the legislature under him to enforce laws. Article 3 is the Judiciary where people accused of breaking the law are guaranteed a fair hearing and a reasonable consequence if they are found guilty. Nowhere in the Constitution is there a provision for a fourth branch--the bureaucracy--that gets to make laws. That power belongs solely in the Legislature.
EmceeSquared
2 / 5 (4) Apr 11, 2017
No, "granting ISPs sweeping new power" is the strawman that you are adding to the article. It doesn't say that. It says that the Republican government is taking away the protection that exists.

The Constitution instructs the government to protect our privacy, but Republicans like you don't care about that - you care about what the corporate propaganda tells you is good. Or, more likely, you care about disliking whatever the corporate propaganda tells you Democrats think is good, like privacy.

FCC commissioners don't make law. They make rules under laws that Congress passes and a president signs. That's how a big country with new telecom tech and aggressive businesses are managed by a republic elected by the people. What you're describing is corporate anarchy, except for the arbitrary power of a president who didn't run on deleting the privacy protections we have.

aksdad:
Two points, Emcee.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.