VPNs prevent marketers, others from cashing in on your browser history
With ISPs given free rein to sell customer data, consumers should take steps to protect their privacy
By Roger Yu, ThirdCertainty
Virtual private networks are back in the spotlight.
In March, Congress voted to repeal rules that would have required internet service providers to get customer permission to sell their web-browsing data. ISPs are now free to market valuable customer information, triggering concern among privacy advocates.
Detailed behavior profiles created by ISPs could be particularly handy tools for marketers targeting those most vulnerable to predatory sales campaigns, including the poor and tech neophytes. “Further overreaching by ISPs … opens the doors to all kind of abuses that shouldn’t happen,” says John M. Simpson, privacy project director for the advocacy group, Consumer Watchdog. “The kind of profiling that will be done, and what ISPs will do with those profiles, is completely inappropriate.”
Related story: Ruling lets ISPs sell your personal information
Rule proponents say consumers can protect their privacy by “opting out” of ISPs’ ad-targeting programs. But opt-out notices from ISPs often get lost in the mail, and people often are too busy to proactively take action to wiggle out of ISPs’ default setting.
As the ISPs claim their lobbying victory, privacy advocates consistently recommend VPNs for customers who are mindful of guarding their online habits.
A VPN is a private internet network, using servers often located in other countries, that encrypt your connection—and disguise your location—so that others outside of the network, including your ISP, can’t see what you’re doing online.
“If you continually use VPN technology, all ISP will see is your computer in your house going to an exit point that you define, which may be another country,” says Travis Witteveen, CEO of German cybersecurity firm Avira, which offers VPN and other protection software. “They will see that you’re sending traffic there.”
VPNs slowly catching on in U.S.
Use of VPN is still relatively limited in the United States. Only about 5 percent of internet users surf through VPNs, according to blog VPNMentor, citing research from GlobalWebIndex. It’s much more popular in developing countries, such as Turkey and China, where more content is likely to be censored or blocked.
Given the limited use in the U.S. and growing concerns about the ISPs’ marketing zeal, experts believe VPN usage will only grow in the coming years. And a wide variety of commercial VPNs, including free options, are pitching their product aggressively to court new users.
Using a VPN is particularly recommended when a user is in an unsecured Wi-Fi environment, which could entice hackers in the local network to eavesdrop on your traffic. Home networks may be safer, but without VPN protection, ISPs and websites can easily track your browsing history through cookies and other tracking devices.
VPNs also are handy when you want to browse freely in certain countries that block traffic to some sites. China, for instance, blocks Facebook, Google and NYTimes.com.
Downloading some questionable content, such as copyright-protected media files or torrent files, could be a case for VPN usage.
Finding a trustworthy VPN
VPNs may offer protection from ISPs’ snooping, but VPN providers ostensibly then will have your internet activity data that you were initially afraid to render to ISPs. Shopping for a trustworthy VPN is a task worth investigating.
Pay attention to a VPN’s terms of service. Some VPNs will state clearly that they don’t keep logs of user activity.
Some experts believe it’s better to avoid free VPN services and stick with vendors that require subscription since they’re less likely to sell your data. “It’s not a lot of money,” Witteveen says.
Shopping for reliable VPN providers should include an assessment of where they’re located. “The country of origin is important,” Witteveen says, adding that some governments will not be as open about data privacy laws.
In the United States, encryption is considered a weapon, and government approval is needed, Witteveen says. That means they’re often involved, he says, adding German privacy laws are more stringent on VPN providers.
Customers also should choose to work only with VPN vendors that are large enough and have the financial strength to sustain their services. Customers should conducts some research to see if a VPN vendor has ever marketed its customer data.
Speed is a concern
Because it’s an additional layer of encryption, some customers worry that VPN slows data transmission speeds. Witteveen says it’s a legitimate concern if you’re dealing with a vendor with limited capacity. “If your VPN provider is a big enough company, then you won’t even notice latency.”
Customers also should review how the VPN is implemented. Some VPNs are merely browser extensions, and only surfing activity within the browser is encrypted. Other apps aren’t protected.
Some VPNs will seek more payment for faster speeds or have performance restrictions. Others may impose data limits or ban torrent files.
Of course, VPNs are hardly the cure-alls they’re often touted to be. Ethically questionable VPN vendors that closely log your activity undoubtedly exist. Some say they’re just a glorified proxy with limited protection. They say the only encrypted part of the connection is from your computer to the VPN.
Witteveen says customers should embrace protective measures beyond VPN. Browser security software, ad-blocking tools, encrypted surfing, software updates and password protection should work in tandem.
“VPN is one piece of the data puzzle,” Witteveen says. “If you’re getting concerned, you need to invest more.”
More stories related to data privacy:
Don’t expect Trump to leave internet rules, regulations intact
Fair or foul? New forensics tools raise privacy concerns
Who’s listening? Privacy questions echo across the Internet of Things