Why Is Everyone Talking About VPNs?

Thorin Klosowski Aug 17, 2017. 24 comments

Yesterday, the House of Representatives approved a measure that killed an upcoming FCC ruling that would have required internet providers to ask your permission to sell your browsing data. Now, everyone’s trying to find a way around this, and virtual private networks (VPNs) are the most popular means of doing so. But what the heck are they?

Before we start, it’s worth catching up on politics at play here. Back in October, the FCC laid the groundwork for a new rule that required you to opt-in to ISPs collecting your browsing data and selling it to advertisers. Collecting and selling data is something ISPs have been doing and want to continue doing, but the FCC was going to make that slightly more difficult for them. The FCC’s new privacy rule was supposed to go into effect in December of this year, but last week the Senate voted to remove it. Yesterday, the House followed suit, and there’s no reason to expect the President to do any different.

You’re probably asking yourself why or how this even happened, because an ISP asking you if it’s okay to sell your private data seems straightforward and simple enough. Hell, it feels downright American, because most apps, operating systems, and other services need to do the same. Opponents of the FCC regulations suggest that we, the consumers, should have the freedom to choose an internet provider that doesn’t track and sell our data... even if they all do.

AT&T , Sprint, and T-Mobile have all sold smartphones with preinstalled tracking software, Verizon secretly bundled phones with tracking files , and Comcast once suggested charging extra for privacy . Regardless of all that, chances are you don’t have the luxury of choice for your home ISP. Every city I’ve ever lived in has one or two ISP options at the most. Here are the privacy policies from the largest U.S. ISPs, and none of them are going to keep your data to themselves:

After the bill passed the Senate, tech bloggers around the U.S. quickly came back with a solution to get around your ISP tracking you: VPNs . A virtual private network encrypts your traffic before it leaves your device, and that data stays encrypted while it goes through your ISP’s network. Once it reaches the VPN’s server, it then decrypts the data then sends it off to the internet at large. It’s a middleman between you and the internet. So your ISP can only see a bunch of encrypted traffic that looks like random characters. To your ISP, using a VPN all the time looks like you only visit one web site. Then they couldn’t sell your data because they’d have no idea what you’re looking at on the internet. VPNs are subscription services that range from free to $10/month.

Historically, VPNs are most popular for security. Businesses use them because it’s an easy way for remote employees to access their work network securely when they’re away. That same security goes for the rest of us too, especially when we’re using public Wi-Fi . I’ve used a VPN while traveling at hotels or working from coffee shops for a very long time.

VPNs are also a popular means to get around geo-restricted content or government blackouts. A provider can host a VPN anywhere in the world, and wherever that VPN is, that’s where you’ll appear to the internet. So, if you use a VPN in England, you can access the the UK version of the internet, including all that BBC content you’ve been dying to watch. If you’re in North Korea, you can circumvent that country’s censorship. VPNs do not provide anonymity, they merely encrypt your traffic, making it hard for a third-party snooper to see what web sites you visit.

VPNs are all the rage today, but they’re no magic bullet. The hotter these things get, the shadier the business practices will be, and nobody can stop them.

A VPN knows as much about your web traffic as your ISP would. A VPN might hide that traffic from the ISP, but they could be collecting and selling that same data themselves. Worse, VPNs aren’t regulated and there’s no strong peer review system, which means it’s hard to find one that’s trustworthy. A lot of VPN software is free and open source, which means anyone with reasonable technical skills can set one up and charge you to access it pretty easily. If you want to display your tin foil hat proudly for a second, there’s even the possibility that the VPN companies are collecting and selling data to government, or heck, maybe they’re even run by governments, because why not at this point.

Case in point, earlier this year, researchers released a white paper that found that 18 percent of Android VPNs didn’t encrypt traffic at all. Why? Because they don’t have to. They can do whatever they want. Sure, once they’re caught, they go out of business, delete their apps, and disappear, but they can pop up in another form as quickly. Encryption is only one piece of that puzzle. Security is important, but so is privacy. If your VPN provider is logging all your traffic and selling it, then they’re no better than your ISP.

We’ve broken down a system for finding a reliable VPN before , so I won’t repeat that here, but the short version is: free is almost always bad news and do your research before you subscribe to a VPN provider. That One Privacy Site has a massive list of VPNs that includes what country they’re based in (which also means what jurisdiction they fall under), whether the VPN logs traffic, whether it logs IP addresses, accept anonymous payment methods, and tons more. For our take, we’ve found Private Internet Access, SlickVPN, NordVPN, Hideman, and Tunnelbear have all been reliable and transparent over the years. Remember, it’s not just your home internet provider that’s collecting this data, it’s your cell phone provider too, so you’ll need to use a VPN at home and on the go to get around this.

If you don’t want to trust your data to a third-party VPN, I don’t blame you, but creating your own solution isn’t exactly simple. To roll your own VPN that’s useful for circumventing your own ISP’s data tracking, it needs to be off-site. That means you’ll need to host it on a web server. Popular options for doing so include Streisand, Sovereign, OpenVPN, and AutoVPN. Streisand is the simplest of these tools, but you’ll still need to know how to set up an Ubuntu server on Amazon, DigitalOcean, or the other providers they support, and you’ll need some technical know-how to do it. Also, while the software itself is free, the web server isn’t. You will at least get the peace of mind that your VPN is fully under your control though.

Circumventing the system might feel like an earnest political statement where you can lounge on the couch covered in salt and vinegar chips with your middle finger in the air, but it’s not only lazy, it’s also a bad way to influence change. As a tech site, a VPN is obviously the solution we come up with, but this is a policy problem. Placing the burden of privacy on the consumer right now suggests that Congress has no interest in providing us with a solution in the future.

VPNs and privacy-focused browser extensions are a temporary workaround, but we can’t and shouldn’t have to sustain that forever. It’s a statement, but there still needs to be a long-term plan. We need to push for more security and better privacy practices from our ISPs and the sites we visit, because clearly the government isn’t going to help us without a fight.

Here’s one small example: more sites could make the switch from HTTP to HTTPS, which secures your connection to a web site. It also makes it harder for your ISP to see what you’re doing on any web site, as they can only see that you’re at YouTube, not which video you’re on. This isn’t easy by any means. Last year, Wired detailed their process and they ran into a lot of problems. Adding the HTTPS Everywhere browser extension is great for the tech-minded amongst us, but my mom, who also doesn’t want her ISP tracking her, isn’t going to do that.

Finally, to state the obvious, your ISP isn’t the only one tracking you. Nearly every web site, from Google to Amazon to some random blog deep in internet-land, track and collect your browsing data. They do this through cookies or scripts, and their data profiles of you are likely much more advanced than your ISPs. Using an extension like uBlock Origin or Disconnect can help block that data collection, but if you still insist on being logged into your Google account all the time, that’s all for naught. This will all happen regardless of whether you’re on a VPN. Remember, a good VPN only solves one part of the problem, obscuring your traffic from your ISP or from gnarly snoopers on public Wi-Fi. Tons of other places collect data about you.


Other Thorin Klosowski's posts

Quickly Convert Between Fahrenheit and Celsius Without a Calculator Quickly Convert Between Fahrenheit and Celsius Without a Calculator

If you live in one of the few countries that use the Fahrenheit temperature scale (that would be the United States, the Bahamas, the Cayman Islands, Liberia, Palau, the Federated States of Micronesia and the Marshall Islands), you may not be used to dealing in Celsius. But that doesn’t mean that it doesn’t pop up from time to time,...

Build a Tiny, Portable Wi-Fi File Sharing Beacon Build a Tiny, Portable Wi-Fi File Sharing Beacon

Ever needed to share a bunch of files with a group of people but didn't feel like carrying on your laptop to do it? Over on Node, Chris Robinson put together a guide for building a tiny file sharing beacon that shares anything you put onto its micro SD card.The box here is about the size of a box...

Slidebox Quickly Organizes iOS Photos Into Albums Slidebox Quickly Organizes iOS Photos Into Albums

iOS: Sorting through and organizing photos is a problem for most of us and one that hasn’t really been solved despite a ton of attempts. Slidebox keeps things simple by allowing you to organize your photos with a few quick gestures. Once you connect Slidebox to your photo library, you can delete photo with an upward swipe, or toss...

Tell Your Boss You're Overwhelmed with Work with These Scripts Tell Your Boss You're Overwhelmed with Work with These Scripts

We all know that it’s tough to say no to work sometimes, but it’s often also about figuring out how to prioritize when bosses, clients, and colleagues keep piling more on your plate. The Muse put together a few helpful scripts for dealing with this problem. The gist here is pretty simple: explain that you’re busy right now, but...

Suggested posts

It's Time to Find a Safe Deposit Box Alternative It's Time to Find a Safe Deposit Box Alternative

Safe deposit boxes are legendary for revealing items that fix problems—at least, they do in Hollywood stories. But in real life, safe deposit boxes may not be the haven for your valuables they used to be. A horrifying story from the New York Times recounts the tales of some people who put their valuables (think diamonds and rare watches)...

Uninstall These Eight Browser Extensions That Stole Data from Millions Uninstall These Eight Browser Extensions That Stole Data from Millions

A massive data leak was recently discovered by cybersecurity researcher Sam Jidali, revealing private information for 45 major companies and millions of individuals. Dubbed “DataSpii” by Jidali and his team, the leak was perpetrated by innocent-looking Chrome and Firefox browser extensions that collected and distributed users’ browsing data—URLs that revealed private information about users and a long list of...

Delete These Banned Apps From Your Android Delete These Banned Apps From Your Android

Google recently removed several apps from the Google Play Store after discovering they violated the Play Store terms of service—and, more importantly, could be used as stalkerware. That doesn’t mean they’re deleted from your Android device, though, so now’s a great time to remove them.If you’re unfamiliar with the phrase, “stalkerware” involves giving a third party access to another...

Check if Your Android Device Has Been Infected by Malicious Adware Check if Your Android Device Has Been Infected by Malicious Adware

Another wave of sketchy apps has been banned from the Google Play Store. This time around, the offending apps all came from one publisher, CooTek, who has been accused by the security firm Lookout of deploying the malicious adware BeiTaAd in its apps.According to 9to5Google’s summary of events leading to the Play Store ban, Lookout began investigating a number of...

You Should Update Your Sprint Password Right Now You Should Update Your Sprint Password Right Now

Sprint customers, change your account password right away—especially if you own a Samsung device.As originally reported by ZDNet, Sprint informed its customers that a major security breach took place on June 22. Hackers used an as-yet-undefined vulnerability on a promotional Samsung website to obtain Sprint customer information. Sprint has yet to disclose how many accounts were implicated or how...

Keep an Extra Car Key Fob by Your Bed Keep an Extra Car Key Fob by Your Bed

Most of us know the basics about how to make our homes unattractive to burglars—get a security system installed (or at least put one of those stickers in your window), keep a light on with a timer when you’re traveling, get a yappy dog, etc. But what do you do if you think someone might have ignored all your...

How to Get Through Airport Security Faster How to Get Through Airport Security Faster

Mile High WeekFlying the "friendly skies" is often hell, but it doesn't have to be. It's Mile High Week, and we're investigating everything flight-related, from how to score cheap tickets to the best time to book, from how to fall asleep on a long-haul flight to how to win the perennial war over armrests. Wheels up.  When you’re late for...

Update Your Logitech Wireless Dongle Right Now Update Your Logitech Wireless Dongle Right Now

A few years ago, hackers discovered that they could remotely take control of a PC by exploiting a vulnerability in Logitech wireless dongles. According to The Verge, dongles that Logitech is shipping today are still vulnerable to the same remote access hack—dubbed “MouseJack.”—a list that includes the manufacturer’s Unifying Receiver and G900 wireless gaming mouse.While Logitech did roll out...

How to Wipe Your Smart Gadgets Before You Get Rid of Them How to Wipe Your Smart Gadgets Before You Get Rid of Them

You probably know you have to wipe your old computers and smartphones clean before you sell, donate, or recycle them. After all, you don’t want whoever ends up with your secondhand gadget to access your documents, login credentials, or any personal information.The same is true for smartphone gadgets—and even more important, we’d argue, given how much time they probably...

How to Set Up Two-Step Authentication on Your Microsoft
Account How to Set Up Two-Step Authentication on Your Microsoft Account

If we’ve said it once, we’ve said it a million times: You should use two-factor authentication everywhere you can. It’s an easily enacted security measure that should give you a lot more peace of mind.Technically, Microsoft protects its apps with “two-step verification ” rather than two-factor verification. Alex Simons, vice president of program management for Microsoft’s Identity Division, describes...