FCCs, ISPs, VPNs? Oh my!
Hi, everyone! Leo Notenboom here for AskLeo.com. Earlier this week, Congress voted to roll back some FCC privacy protections that basically would have prevented our ISPs from selling or sharing the information that they gather as a part of providing our internet services.
Most people are thinking of this or referring to this as your browsing history, but in reality it’s pretty much anything that your ISP can see while you’re using your internet connection, which is actually a lot more than browsing history, although browsing history is perhaps the easiest to at least get a handle, on and perhaps, in some cases, maybe even be embarrassed by.
So, this all sounds pretty bad, right? Well, it does and there are definitely privacy issues at play here, but one thing I want to be very clear about is that in a practical sense, today, this actually changes nothing. The rules that are being rolled back, hadn’t yet been put in place. What this means at a very practical level is that your ISP actually always could sell or share your data to whatever purpose they might have in mind.
It’s not something that they now are suddenly allowed to do. It’s something that they’ve been able to do, and in fact, have been caught doing from time to time in the past. The change, the only change is that the rule that would have prevented this is now not going to be put in place, assuming of course, that President Trump signs this, which every indication is that he will if he hasn’t already by the time you see this.
So, there’s lots of sensational headlines extolling the virtues of privacy and VPNs, which I’ll talk about in a minute. The real issue, the reason that I want to talk about this today is really the question that we should be asking ourselves is should we be concerned? Is there something going on here that really puts our privacy at that much more risk than it was already?
The short answer is, of course, both “yes” and “no”. Like I said, nothing’s really changed today versus last week. The privacy that you had a week ago, two weeks ago, is exactly the same as the privacy you have today. That being, not much. There’s a lot of opportunity for your ISP, which I’ve for a long time said, can see everything you do. There’s a lot of opportunity for them to gather and collect data about what it is you and I do on the internet, and no doubt, they do.
It is an issue in the sense that by rolling back these rules, Congress has given the ISPs kind of sort of a green light to keep doing it and probably do more of it and I think that rightfully has a lot of people concerned. Privacy is no small issue and this is sending, in my opinion, the wrong message about what’s important.
It’s not the ISP’s ability to sell or profit from the data that they collect about us; it really does boil down to our right, if you will (I don’t know if it’s a real “right”) but our expectation at least of privacy when we use the internet and the connectivity that it all provides.
So, am I concerned? Well, not really. Certainly not in the short-term. I stick by what I keep saying over and over again: you and I as individuals, we’re just not that interesting, but there are some issues coming up, I think, like I said, that sends a green light for to allow the ISPs to do more aggressive data collection and potentially do more things with it once they have it.
One thing I do want to clear up is that your information can’t be bought. By that I mean, I can’t go out and say, “I want to go and buy Leo’s browsing history.” That’s not how this works and unfortunately, there have been some moves afoot in reaction to this latest vote that have people actually collecting money to go out and buy Congress people’s browsing histories or whatever other information their ISPs might make available.
Like I said, it doesn’t work that way. The way it really works, the way that I understand that it works; it’s more of an aggregate data collection that advertisers and others are purchasing. For example, an ISP might say, “Of my million customers, 100,000 of them went to askleo.com in this period of time.” That’s it. They might be able to slice it and dice it in ways that are interesting to say that, “Ok, of those 100,000 that went to askleo.com, 50,000 were in Washington state; 20,000 were in California” – that kind of thing but they don’t make available data down to the individual level and to the degree that they might, they actually do attempt to anonymize the data.
So, for example, the data they might have says that well, we can target computers that have visited askleo.com so that you can place ads on Ask Leo! visitors specifically. Again, that’s not knowing who you are or even associating any of that data with it to you by name, but it is allowing a certain amount of insight and visibility into where a large number of internet users might be going, what they might be doing and what they might be buying.
As I said, with this green light being given by Congress, does it mean that they could do more? Absolutely. They can see everything you do and it certainly is possible that they could take things down to a much finer granularity. I just don’t believe that they do. As individuals, I remain convinced that we are really, really uninteresting, at least to marketers.
Now, I will say that certainly the information is there and has always been there for people like law enforcement to come in with the appropriate justification and paperwork and so forth (court orders) to allow them to look at that data in a more granular fashion, but that’ not what we’re talking about here; it’s not really what this latest change is all about.
This is all about rolling about privacy protections that really boil down to the data that’s being exposed en masse about our activities from a marketing perspective more than anything else.
So I’ve talked about ISPs and I’ve talked about the FCC, where did VPN come in? Well, if you’ve paid any attention to the tech news of the last week, it’s all been centered around VPNs. VPNs are going to save us from this invasion of privacy. What I really want to do here is basically say, “Hold your horses just a minute.”
VPNs are interesting technology; I have one; I use one occasionally, but I think this mad rush to see VPNs as a panacea, as a way to really hide ourselves from our ISPs actually runs the risk of making things worse ,unless we’re very, very careful along the way.
Now to be clear, if you travel, as I do, a VPN is a great solution for keeping yourself safe in open Wi-Fi situations. I’ve talked about that in prior articles. The bottom line is that you want to make sure that everything you’re transmitting into the open Wi-Fi that could be sniffed by someone else is encrypted, and by definition, a VPN does exactly that. It encrypts all of your data regardless of what it might be in such a way that anybody sitting in the coffee house that might be monitoring the open Wi-Fi, can’t understand, can’t see what you’re doing; they can’t sniff your data.
That’s not what we’re talking about this week, actually. It’s good; it’s useful but it solves a completely different problem. The issue here is that we’re concerned that our ISPs are monitoring what we are doing and the same technology of a VPN that prevents hackers from being able to see what’s going by in the open Wi-Fi scenario actually can prevent ISPs from seeing what we’re doing as well.
All your ISP would see if you’re using a VPN is that you’re using a VPN. In fact, they might be able to see which VPN you’re using but that’ about it. They can’t see which websites you’re visiting; they can’t see what files you’re downloading; they can’t see what video or audio you’re streaming. All they see is data going to and from this VPN service.
Here’s the catch: All you’ve really done is replaced one point of concern with another. If you don’t trust your ISP, your electing to trust your VPN provider to the exact same degree, if not more so because very often, your VPN will be from or located in a different country, subject to completely different regulations that may or may not protect you as much or at all as someone who is local to your area.
So just getting a VPN isn’t necessarily as solution and getting one without really doing some due diligence can really cause you some problem. VPN providers are coming out of the woodwork and now there are VPN comparison sites so you can figure out which one to choose. You would think that would be a good thing. A VPN comparison site would be a great way to compare features and functionality and pricing and all those other kinds of things that we might care about for VPNs.
Here’s the problem: VPN providers often incentivize marketing for their product, and they do that by what are called affiliate links. In other words, if you read about a VPN on a site like this one, like mine (I’ll talk about my specific situation here in a second) if you read about a VPN here at Ask Leo! and I provide you a link to that VPN’s service and you then sign up for that VPN, I’ll get a cut. I’ll get a small piece of the price.
What that means is there is an incentive for me to promote that VPN over all of the others regardless of how good any of them might be. The issue then is how do you know what VPN reviews to trust much less what VPNs to trust? The answer is it’s really, really hard; I’m not going to make a recommendation for a specific VPN, because the market is just that confused, that flooded and that misleading.
I do have a couple of pointers to a couple of articles that have reference information from at least one source that I trust, and that’s the EFF: the Electronic Frontier Foundation. They actually point to a third party that has some comparisons of a collection of VPNs, which is great. That’s the closes thing to something that I would trust that I’ve been able to find.
But the bottom line is that to just quickly go out and get a VPN because you think you need it to protect yourself from your ISP, well, you may not need to protect yourself from your ISP; you certainly don’t need to protect yourself from your ISP anymore this week than you did last week, and by rushing out and getting the wrong VPN, you may be putting yourself at more risk.
I want to be clear: Privacy is a big deal. I don’t want to minimize that, and I do think that the direction that US lawmakers have taken this is the wrong direction. I believe that the privacy rules that they rolled back should not be rolled back. If anything, they should be examined and perhaps strengthened, but that’s where we are today; that’s not the world we live in.
So, we’re on our own. Like I said at the beginning of this year, in a lot of ways for Ask Leo! this is the year of privacy. I’ve been focusing a lot on privacy related issues; I’ve been writing privacy related articles and I’ve got a privacy related project that I hope to announce within a few weeks.
The issue here, though, is that it’s important to be aware of, and if anything, this recent brouhaha has at least raised the awareness of what’s happening with respect to your privacy when you use the internet in the United States and by the way, I did want to make the point that if you’re not in the United States, you’re probably in either of two camps. You’re either saying, “Wow, how could you let things get that bad” or you’re saying, “Welcome to our world. This is what we’ve been living in forever.”
So, there’s a broad spectrum of privacy related issues already even when you step outside of the United States, so all of these privacy related tools and solutions and ways of thought are continued to be very, very important no matter really happens or where. So what can you do? What are my recommendations?
Well, the first is probably the best result of this entire conversation and all of this stuff that’s happening in the news. Be aware of your privacy. Be alert. Understand what it means to share data. I still claim that by and large, we’re our own worst enemies. I continue to see people over share and share information in places and in ways that in some ways make this whole ISP issue a non-issue. You’re much safer with respect with your ISP than you are with the information that you are regularly sharing yourself, publicly, for everybody to see.
Second, if you’re in the United States, contact your senators and representatives, and let them know that privacy is an important issue to you, assuming that it is, of course. I’m not asking you to state an opinion that you don’t have but it seems like privacy would be something we all should care about, we all do care about, and the only way I think we’re going to get any long-term solution out of this, at the legislative level is if we all make our opinion known, and let our elected officials understand that they’re doing things in a way that we don’t want them to be done.
They are giving away our privacy in ways that don’t benefit the people whom they claim to represent and finally, consider supporting organizations like the EFF, the Electronic Frontier Foundation. These are the people who are boots on the ground, dealing with the legal and other implications of the legislation of the government policies. They’re out there helping people who have been wronged; they’re out they’re lobbying for things to be set right. They are an organization that I support personally. It doesn’t have to be EFF; there are plenty of other organizations or other ways that you can make a difference to help make sure that privacy starts to be retained and perhaps maybe even we get an opportunity to dial the knob back just a little bit from where Congress has just recently taken it.
So, as always, what’s your take? I’m interested in your opinion on this issue. It’s a very controversial one. It is one that has a lot of people upset and concerned. I will say one thing about the comments. First of all, here’s a link to this article out on Ask Leo!. It’s where all the comments are; it’s where I read all of the comments; the comments are moderated to keep out the trolls, and they are a place for discussion. Absolutely love contrary opinions as long as they are stated respectfully.
Now the one thing that I have to avoid in this particular case, is I’m going to be very, very careful about VPN recommendations because I suspect that some of you have experience with specific VPN providers and might like to mention who they are. That being said, I’m going to keep an eye out, because it’s also an opportunity for spammers to come in and spam their less than reputable VPN providers.
Speaking of which, I promised earlier I would mention which VPN I’m using. I’m currently using Tunnel Bear. Now, Tunnel Bear is if you take a look at some of the comparison charts provided by the third party that the EFF links to, they’re not 100%; they’re not the best in all categories, but I’ve been using about I think three months. I’ve been very happy with the service. I’ve been very happy with the throughput; I’ve been very happy with how it’s worked with all of my devices including as it turns out, a Chrome book that I’ll be talking about in a couple of days.
In the spirit of full disclosure, I am going to point out that I’ve been using it for three months, and I’ve actually been mentioning it occasionally in a couple of random places. A couple of days ago, I decided, “You know what? If it’s going to be a thing, I’d like to find out if they have an affiliate program.” And as it turns out they do, so I’ve signed up for the affiliate program, and yes, what that means is if you find Tunnel Bear through a link that I provide, and you sign up for their service? I’m going to get a small piece. That doesn’t affect your price, that’s how affiliate links work,
But the important thing here, I think, is that I’m obviously, there’s a certain amount of trust I hope you place in me. The process that I just outlined is in fact the process that I use for any product. I use it; I hear about it; I play with it; I figure out if it’s any good; if it meets my needs, then and only then do I find out if they have an affiliate program, because as you know, generating revenue for Ask Leo! is one of the things that needs to happen in order to keep the site available and free for you, so we do that among other things with an affiliate link and full disclosure that they’re being used.
If you don’t want to use an affiliate link, TunnelBear.com – it’s not that hard. But if you are interested in Tunnel Bear, taking a look at it and going through one of my links, I thank you, I’ll get a cut. There are plenty of other VPN providers to choose from. Varying costs, Tunnel Bear happens to be kind of nice just because it’s got a very friendly user interface, but I encourage you to do your own due diligence before you invest in any VPN and to the point of: Do you really, really need one? If not, you may not need to do a thing.
So anyway, leave a comment down below on askleo.com. Here’s that link again. I will see you again next time. I’m Leo Notenboom for askleo.com. Take care everyone.
Was that video interesting? Helpful even? Well, then I could use your help. I’ve got a Patreon project underway. You’ve got an opportunity to contribute and help support askleo.com to help me do what I do: Help more people, answer more questions, produce more information about technology that hopefully can help you and others use it more effectively and with more confidence. Visit patreon.com to learn more. Among other things, you get rewards depending on the level of your patronage. So check out patreon.com/askleo to learn more and help contribute to askleo.com. Thanks.
- Post-FCC Privacy Rules, Should You VPN? – Krebs on Security – Brian Krebs, former Washington Post tech reporter, looks at the situation.
- Choosing A VPN – That One Privacy Guy’s – Guide to Choosing the Best VPN (for you) – That One Privacy Site – The site that Brian Krebs was referred to by the EFF. A lengthy discussion of the various issues involved in selecting a VPN. Also includes a lengthy and detailed comparison table.
- TunnelBear – (affiliate link) – The VPN service I’ve been using for a while.
- How Do I Protect Myself from My ISP? – If you’re using an internet connection from a source you don’t trust, there are a few alternatives.