At this point you’ve probably heard more than you want to about the resolution responsible for rolling back the internet privacy regulations approved in 2016 - otherwise known as Senate Joint Resolution 34 - or House Joint Resolution 86. But just in case, or you’re thinking to yourself, “What?”, here’s a quick recap:
In November of 2016 the FCC released new guidelines designed to protect consumer privacy in regards to what Internet Service Providers (ISPs) can and cannot do with data they obtain from your internet usage. This includes things like financial data, app usage, medical data, and your browsing history. In March of 2017 however, these regulations were rolled back, but since they never actually went into effect not much has changed.
That being said, consumer privacy advocates are having a hard time with this because of the lack of clarity on what ISPs can and cannot do. While ISPs say they should have the ability to collect and sell information for advertising revenue like Google and Facebook, privacy advocates are worried about this lack of clarity being taken as ISPs being given explicit permission to sell data obtained from your online history. Even though there’s technically been no prohibition in the past and it hasn’t been done on any sort of large scale basis, the fear is that these new rules will serve as an effective “go ahead” to start such data monetization.
This was just a brief overview of a larger and more complicated issue, and if you would like to read more in depth we would suggest this article from The Verge.
Should You be Using a Private VPN?
Now because of this we have been hearing a lot about individuals wanting to set up a VPN, or Virtual Private Network, on their private home network to keep them safe from the prying eyes of their ISP and others, and we’ve seen a lot of tech blogs talking about why you should, and how to set them up. But here’s our (maybe) unpopular opinion: Don’t. At least not if you're doing it with the expectation that it will genuinely improve your privacy.
First, if you’re unsure of what a VPN is and why they are commonly used in an office setting, read up here!
Now, let’s say you do disable cookies… these sophisticated ad companies can still track what you’re doing using other methods, such as browser fingerprinting, a technique used to identify users using patterns of information available when someone visits a website, and other more subtle means of online tracking. Most commonly available ways to prevent this are not actually useful.
One of the major reasons for our opinion stems from the fact that VPNs can significantly increase the odds of your traffic being monitored and logged by government institutions. The way that VPNs relay traffic makes it possible for governments to monitor that traffic in the same way your cable provider can monitor a cable modem. They can see all your traffic and tie it back to you, as this article explores in some more in depth.
To achieve even the minimum amount of privacy on the internet you need to:
- Disable many features in your browser, many that you use on a regular basis - here are some examples
- “Automatically send error reports”: This allows your browser to send reports to the vendor when it crashes, and while it helps them to fix issues, it also can expose sensitive data.
- Third Party Cookies (or even all cookies): Cookies allow websites to remember you but are heavily used to track online behavior. For example, Amazon is able to tell that you are reading a specific article on the internet because of third party cookies.
- Disable Flash: Flash has a multitude of security and privacy issues.
- Keep “Do Not Track Request” turned off: This causes your browser to request it not be tracked when online, but ironically makes you more identifiable and subject to tracking (like we discussed above with VPNs).
- Install browser extensions to block some types of web tracking
- HTTPS Everywhere: This causes your browser to automatically encrypt connections on many sites. This extension notices when you request a non-secure page and substitutes a secure one - when available.
- Adblock Plus, with Easylist Privacy turned on: Blocks advertisements, which are a constant source of tracking.
- Stop using several online services
- Google and Facebook for example.
The point of this blog was not to freak anyone out, or deter you from using the internet (obviously we love the internet.) We also aren't advocating an “all advertising and ad targeting online is bad” position. Whether you like it or not, advertising is what pays the huge amount of fun and useful services available online for free or nearly free.
But the internet is always getting more and more complicated, and by extension so is keeping yourself secure on the internet. And the reality is that privacy online isn't something that can be won back by flipping a switch handing all of your internet traffic to a third party VPN service.
As with most things in life, it’s important to be informed, read the fine print, and ask questions. If you think your ISP is tracking you and selling information you don’t want it to, ask about it, find out how to opt out, and research what you can do to keep yourself protected.
And all of this is not to say that using a VPN is bad. VPNs are useful for keeping networks secure and hackers out, but when it comes to stopping web tracking, maintaining realistic expectations and taking into account that it may only draw more attention instead of divert it, they may not be the right option for everyone.