Become a Patron of Ask Leo! and go ad-free!
Transcript
FCCs, ISPs, VPNs? Oh my!
Hi, everyone! Leo Notenboom here for AskLeo.com. Earlier this week, Congress voted to roll back some FCC privacy protections that basically would have prevented our ISPs from selling or sharing the information that they gather as a part of providing our internet services.
Most people are thinking of this or referring to this as your browsing history, but in reality it’s pretty much anything that your ISP can see while you’re using your internet connection, which is actually a lot more than browsing history, although browsing history is perhaps the easiest to at least get a handle, on and perhaps, in some cases, maybe even be embarrassed by.
So, this all sounds pretty bad, right? Well, it does and there are definitely privacy issues at play here, but one thing I want to be very clear about is that in a practical sense, today, this actually changes nothing. The rules that are being rolled back, hadn’t yet been put in place. What this means at a very practical level is that your ISP actually always could sell or share your data to whatever purpose they might have in mind.
It’s not something that they now are suddenly allowed to do. It’s something that they’ve been able to do, and in fact, have been caught doing from time to time in the past. The change, the only change is that the rule that would have prevented this is now not going to be put in place, assuming of course, that President Trump signs this, which every indication is that he will if he hasn’t already by the time you see this.
So, there’s lots of sensational headlines extolling the virtues of privacy and VPNs, which I’ll talk about in a minute. The real issue, the reason that I want to talk about this today is really the question that we should be asking ourselves is should we be concerned? Is there something going on here that really puts our privacy at that much more risk than it was already?
The short answer is, of course, both “yes” and “no”. Like I said, nothing’s really changed today versus last week. The privacy that you had a week ago, two weeks ago, is exactly the same as the privacy you have today. That being, not much. There’s a lot of opportunity for your ISP, which I’ve for a long time said, can see everything you do. There’s a lot of opportunity for them to gather and collect data about what it is you and I do on the internet, and no doubt, they do.
It is an issue in the sense that by rolling back these rules, Congress has given the ISPs kind of sort of a green light to keep doing it and probably do more of it and I think that rightfully has a lot of people concerned. Privacy is no small issue and this is sending, in my opinion, the wrong message about what’s important.
It’s not the ISP’s ability to sell or profit from the data that they collect about us; it really does boil down to our right, if you will (I don’t know if it’s a real “right”) but our expectation at least of privacy when we use the internet and the connectivity that it all provides.
So, am I concerned? Well, not really. Certainly not in the short-term. I stick by what I keep saying over and over again: you and I as individuals, we’re just not that interesting, but there are some issues coming up, I think, like I said, that sends a green light for to allow the ISPs to do more aggressive data collection and potentially do more things with it once they have it.
One thing I do want to clear up is that your information can’t be bought. By that I mean, I can’t go out and say, “I want to go and buy Leo’s browsing history.” That’s not how this works and unfortunately, there have been some moves afoot in reaction to this latest vote that have people actually collecting money to go out and buy Congress people’s browsing histories or whatever other information their ISPs might make available.
Like I said, it doesn’t work that way. The way it really works, the way that I understand that it works; it’s more of an aggregate data collection that advertisers and others are purchasing. For example, an ISP might say, “Of my million customers, 100,000 of them went to askleo.com in this period of time.” That’s it. They might be able to slice it and dice it in ways that are interesting to say that, “Ok, of those 100,000 that went to askleo.com, 50,000 were in Washington state; 20,000 were in California” – that kind of thing but they don’t make available data down to the individual level and to the degree that they might, they actually do attempt to anonymize the data.
So, for example, the data they might have says that well, we can target computers that have visited askleo.com so that you can place ads on Ask Leo! visitors specifically. Again, that’s not knowing who you are or even associating any of that data with it to you by name, but it is allowing a certain amount of insight and visibility into where a large number of internet users might be going, what they might be doing and what they might be buying.
As I said, with this green light being given by Congress, does it mean that they could do more? Absolutely. They can see everything you do and it certainly is possible that they could take things down to a much finer granularity. I just don’t believe that they do. As individuals, I remain convinced that we are really, really uninteresting, at least to marketers.
Now, I will say that certainly the information is there and has always been there for people like law enforcement to come in with the appropriate justification and paperwork and so forth (court orders) to allow them to look at that data in a more granular fashion, but that’ not what we’re talking about here; it’s not really what this latest change is all about.
This is all about rolling about privacy protections that really boil down to the data that’s being exposed en masse about our activities from a marketing perspective more than anything else.
So I’ve talked about ISPs and I’ve talked about the FCC, where did VPN come in? Well, if you’ve paid any attention to the tech news of the last week, it’s all been centered around VPNs. VPNs are going to save us from this invasion of privacy. What I really want to do here is basically say, “Hold your horses just a minute.”
VPNs are interesting technology; I have one; I use one occasionally, but I think this mad rush to see VPNs as a panacea, as a way to really hide ourselves from our ISPs actually runs the risk of making things worse ,unless we’re very, very careful along the way.
Now to be clear, if you travel, as I do, a VPN is a great solution for keeping yourself safe in open Wi-Fi situations. I’ve talked about that in prior articles. The bottom line is that you want to make sure that everything you’re transmitting into the open Wi-Fi that could be sniffed by someone else is encrypted, and by definition, a VPN does exactly that. It encrypts all of your data regardless of what it might be in such a way that anybody sitting in the coffee house that might be monitoring the open Wi-Fi, can’t understand, can’t see what you’re doing; they can’t sniff your data.
That’s not what we’re talking about this week, actually. It’s good; it’s useful but it solves a completely different problem. The issue here is that we’re concerned that our ISPs are monitoring what we are doing and the same technology of a VPN that prevents hackers from being able to see what’s going by in the open Wi-Fi scenario actually can prevent ISPs from seeing what we’re doing as well.
All your ISP would see if you’re using a VPN is that you’re using a VPN. In fact, they might be able to see which VPN you’re using but that’ about it. They can’t see which websites you’re visiting; they can’t see what files you’re downloading; they can’t see what video or audio you’re streaming. All they see is data going to and from this VPN service.
Here’s the catch: All you’ve really done is replaced one point of concern with another. If you don’t trust your ISP, your electing to trust your VPN provider to the exact same degree, if not more so because very often, your VPN will be from or located in a different country, subject to completely different regulations that may or may not protect you as much or at all as someone who is local to your area.
The other thing that’s going on here and this has to do a lot with the promotion of VPNs that we’ve been seeing literally in the last few days, we’re seeing VPNs mentioned in article, after article, after article. There are a lot of shady VPNs out there; there are a lot of VPNs that basically get thrown together; they provide some level of service; they may or may not have any privacy policy at all; they may or may not have state agencies in whatever country they’re located in, monitoring what they’re doing and in turn what you’re doing.
So just getting a VPN isn’t necessarily as solution and getting one without really doing some due diligence can really cause you some problem. VPN providers are coming out of the woodwork and now there are VPN comparison sites so you can figure out which one to choose. You would think that would be a good thing. A VPN comparison site would be a great way to compare features and functionality and pricing and all those other kinds of things that we might care about for VPNs.
Here’s the problem: VPN providers often incentivize marketing for their product, and they do that by what are called affiliate links. In other words, if you read about a VPN on a site like this one, like mine (I’ll talk about my specific situation here in a second) if you read about a VPN here at Ask Leo! and I provide you a link to that VPN’s service and you then sign up for that VPN, I’ll get a cut. I’ll get a small piece of the price.
What that means is there is an incentive for me to promote that VPN over all of the others regardless of how good any of them might be. The issue then is how do you know what VPN reviews to trust much less what VPNs to trust? The answer is it’s really, really hard; I’m not going to make a recommendation for a specific VPN, because the market is just that confused, that flooded and that misleading.
I do have a couple of pointers to a couple of articles that have reference information from at least one source that I trust, and that’s the EFF: the Electronic Frontier Foundation. They actually point to a third party that has some comparisons of a collection of VPNs, which is great. That’s the closes thing to something that I would trust that I’ve been able to find.
But the bottom line is that to just quickly go out and get a VPN because you think you need it to protect yourself from your ISP, well, you may not need to protect yourself from your ISP; you certainly don’t need to protect yourself from your ISP anymore this week than you did last week, and by rushing out and getting the wrong VPN, you may be putting yourself at more risk.
I want to be clear: Privacy is a big deal. I don’t want to minimize that, and I do think that the direction that US lawmakers have taken this is the wrong direction. I believe that the privacy rules that they rolled back should not be rolled back. If anything, they should be examined and perhaps strengthened, but that’s where we are today; that’s not the world we live in.
So, we’re on our own. Like I said at the beginning of this year, in a lot of ways for Ask Leo! this is the year of privacy. I’ve been focusing a lot on privacy related issues; I’ve been writing privacy related articles and I’ve got a privacy related project that I hope to announce within a few weeks.
The issue here, though, is that it’s important to be aware of, and if anything, this recent brouhaha has at least raised the awareness of what’s happening with respect to your privacy when you use the internet in the United States and by the way, I did want to make the point that if you’re not in the United States, you’re probably in either of two camps. You’re either saying, “Wow, how could you let things get that bad” or you’re saying, “Welcome to our world. This is what we’ve been living in forever.”
So, there’s a broad spectrum of privacy related issues already even when you step outside of the United States, so all of these privacy related tools and solutions and ways of thought are continued to be very, very important no matter really happens or where. So what can you do? What are my recommendations?
Well, the first is probably the best result of this entire conversation and all of this stuff that’s happening in the news. Be aware of your privacy. Be alert. Understand what it means to share data. I still claim that by and large, we’re our own worst enemies. I continue to see people over share and share information in places and in ways that in some ways make this whole ISP issue a non-issue. You’re much safer with respect with your ISP than you are with the information that you are regularly sharing yourself, publicly, for everybody to see.
Second, if you’re in the United States, contact your senators and representatives, and let them know that privacy is an important issue to you, assuming that it is, of course. I’m not asking you to state an opinion that you don’t have but it seems like privacy would be something we all should care about, we all do care about, and the only way I think we’re going to get any long-term solution out of this, at the legislative level is if we all make our opinion known, and let our elected officials understand that they’re doing things in a way that we don’t want them to be done.
They are giving away our privacy in ways that don’t benefit the people whom they claim to represent and finally, consider supporting organizations like the EFF, the Electronic Frontier Foundation. These are the people who are boots on the ground, dealing with the legal and other implications of the legislation of the government policies. They’re out there helping people who have been wronged; they’re out they’re lobbying for things to be set right. They are an organization that I support personally. It doesn’t have to be EFF; there are plenty of other organizations or other ways that you can make a difference to help make sure that privacy starts to be retained and perhaps maybe even we get an opportunity to dial the knob back just a little bit from where Congress has just recently taken it.
So, as always, what’s your take? I’m interested in your opinion on this issue. It’s a very controversial one. It is one that has a lot of people upset and concerned. I will say one thing about the comments. First of all, here’s a link to this article out on Ask Leo!. It’s where all the comments are; it’s where I read all of the comments; the comments are moderated to keep out the trolls, and they are a place for discussion. Absolutely love contrary opinions as long as they are stated respectfully.
Now the one thing that I have to avoid in this particular case, is I’m going to be very, very careful about VPN recommendations because I suspect that some of you have experience with specific VPN providers and might like to mention who they are. That being said, I’m going to keep an eye out, because it’s also an opportunity for spammers to come in and spam their less than reputable VPN providers.
Speaking of which, I promised earlier I would mention which VPN I’m using. I’m currently using Tunnel Bear. Now, Tunnel Bear is if you take a look at some of the comparison charts provided by the third party that the EFF links to, they’re not 100%; they’re not the best in all categories, but I’ve been using about I think three months. I’ve been very happy with the service. I’ve been very happy with the throughput; I’ve been very happy with how it’s worked with all of my devices including as it turns out, a Chrome book that I’ll be talking about in a couple of days.
In the spirit of full disclosure, I am going to point out that I’ve been using it for three months, and I’ve actually been mentioning it occasionally in a couple of random places. A couple of days ago, I decided, “You know what? If it’s going to be a thing, I’d like to find out if they have an affiliate program.” And as it turns out they do, so I’ve signed up for the affiliate program, and yes, what that means is if you find Tunnel Bear through a link that I provide, and you sign up for their service? I’m going to get a small piece. That doesn’t affect your price, that’s how affiliate links work,
But the important thing here, I think, is that I’m obviously, there’s a certain amount of trust I hope you place in me. The process that I just outlined is in fact the process that I use for any product. I use it; I hear about it; I play with it; I figure out if it’s any good; if it meets my needs, then and only then do I find out if they have an affiliate program, because as you know, generating revenue for Ask Leo! is one of the things that needs to happen in order to keep the site available and free for you, so we do that among other things with an affiliate link and full disclosure that they’re being used.
If you don’t want to use an affiliate link, TunnelBear.com – it’s not that hard. But if you are interested in Tunnel Bear, taking a look at it and going through one of my links, I thank you, I’ll get a cut. There are plenty of other VPN providers to choose from. Varying costs, Tunnel Bear happens to be kind of nice just because it’s got a very friendly user interface, but I encourage you to do your own due diligence before you invest in any VPN and to the point of: Do you really, really need one? If not, you may not need to do a thing.
So anyway, leave a comment down below on askleo.com. Here’s that link again. I will see you again next time. I’m Leo Notenboom for askleo.com. Take care everyone.
*
Was that video interesting? Helpful even? Well, then I could use your help. I’ve got a Patreon project underway. You’ve got an opportunity to contribute and help support askleo.com to help me do what I do: Help more people, answer more questions, produce more information about technology that hopefully can help you and others use it more effectively and with more confidence. Visit patreon.com to learn more. Among other things, you get rewards depending on the level of your patronage. So check out patreon.com/askleo to learn more and help contribute to askleo.com. Thanks.
Do this
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Leo, start looking into the way “Big Data” (about 5,000 pieces of personal information on every US voter) affected the outcome of Brexit and the last US presidential election–both campaigns run by a new company headed by Alexander Nix called Cambridge Analytica– and I think you may change your mind about ‘we’re just not that interesting’ to companies who have our individual information to sell. Not a happy story
Here are a few of these sources:
Cambridge Analytica Channel 4
https://www.youtube.com/watch?v=1zVvIjtY31s
Company psychologically tailors ads to voters
https://www.youtube.com/watch?v=hdqox8CsdRs
The Data That Turned the World Upside Down
https://motherboard.vice.com/en_us/article/big-data-cambridge-analytica-brexit-trump
Alexander Nix, CEO Cambridge Analytica – OMR Keynote | OMR17
https://www.youtube.com/watch?v=6bG5ps5KdDo
Trump’s plan for a comeback includes building a ‘psychographic’ profile of every voter
https://www.washingtonpost.com/politics/trumps-plan-for-a-comeback-includes-building-a-psychographic-profile-of-every-voter/2016/10/27/9064a706-9611-11e6-9b7c-57290af48a49_story.html?utm_term=.8e5961f80b8b
another interesting one
The Story of How Our Facebook Likes Shaped the US Presidential Elections
https://www.youtube.com/watch?v=FmZFLJlNED0
But those all indicate how crowds are interesting. I’m not saying that’s not a problem – it can be, and I’m certain we have a long way to go to understand the ramifications and control.
My point is that as an individual person what I do matters to these organizations not one whit. They care about what large numbers of people do. That’s why they data is collected and sold or shared.
Not sure I’m understanding you, Leo…the 5,000 bits of data on each individual adult in the US is not anonymized data. The political campaign accessed individuals’ data to do such things as visit specific homes to use tailored tactics to influence their votes; they use what one article called ‘dark posts’ on Facebook (that can be seen by certain individuals, but not by others) using individualized data to influence votes, or to motivate (scare in some instances) people to get out to vote. A non-political example was given about a person owning a beach who wants to keep others out. One (honest) tactic would be to put up a sign saying ‘private beach, no trespassing’; a different sign would warn people they would be eaten by sharks (totally made up–but works really well!).
If politicians could be trusted to be truthful and full of integrity, this would not be as much of a problem. But I think we all know how many untrue things were made up about candidates. And I think we all are feeling how very deeply divided we are as a nation–due in large part, it seems, because we are all getting different ‘facts’. Plus, there is the most important general issue of what I see as our inalienable human right to privacy. And there are many other very nefarious ways that individual data could technically be used in the future, if no controls are set in place.
This is veering off your topic of VPNs and purely technical advice so I won’t comment anymore. However, you are in a position to influence a great many people, and that is why I hope you look more into this topic.
thanks, Leo!
You’ve missed a point…your comment about Facebook only relies on one thing, mandatory participation.
The internet data in whole is made from highly fragmented and somewhat random data points.
Not everyone is on Facebook, nobody has required them to be and for them to make a broader and more detailed profile of their users as well as those that merely graze their data (i.e. read things on FB but aren’t members) they still have to gather data from other sources than Facebook. It would be prohibitive to operate as the sole source to gather their own data.
And another thing you forget about everyday, and welcome more often than not, is how stories as well as ads are placed for you by the data given what you prefer (still a patchwork of clicks and returns used, not Jolene Blow).
The truth is that the internet is COMMERCIAL, and equally true that even with the amount of data transferred every second you have a business contract with the ISP and they have to state how your data is used. If you do not like the outcome, you can use another provider perhaps, even in a ‘one-horse (franchise) town. At this point there are too many ways to send information in the US that it probably bugs those that want to control it. To be blunt, They banned all but the Nazi Party and sent dissenters to death camps etc in the scenario you can’t tie to any leader or dictator and not even Der Fuhrer as radio made it nigh impossible to silence opposition. As long as ANY information can come in and go out there is no political vacuum.
And to complete the Off-Topic reply to the Off-Topic reasoning before (which isn’t that OT) NO, the information flows freely, real and not real, unimpeded, which neither solves anything anybody wanted nor makes anyone any more popular. so nobody ‘wins’.
Maybe ‘democracy’. But back to the 1s and zeros. The only free platform is one that you own completely and control the content on. Talking to yourself is what it’s called.
In your example, were the signs aimed at specific individuals or at a group (whomever would want to use the beach)?
“If politicians could be trusted to be truthful and full of integrity” – when has this ever been the case?
“our inalienable human right to privacy.” Where did you get this? The Declaration of Independence shows only “life, liberty, and the pursuit of happiness” as being inalienable. The basic Constitution and original Bill of Rights do not include a right to privacy.
Even today there are some communities where the concept of privacy is alien – and I don’t mean suppressed countries. Privacy is something one person/group imposes on others. Actually, the only difference between ad firms prying into your personal life and a nosey neighbor/coworker is their motive. I hear all sorts of clamor about people wanting to keep certain groups from obtaining their information, but nothing about any movement to stop nosey people from doing the same thing. Strange. Again it seems to boil down to who’s doing it. Keep it up and the only ones with access to our personal information will be malware writers/distributers, terrorists, foreign governments, and other nefarious groups.
This is interesting, and my group will look at the links and analyze. However, there is a new awareness dawning, and as stated above, most of the mainstream media, political parties, and fortune 500 companies have their own agenda and must not be trusted. There is a way around the slants and lies. Americans need to learn how to obtain original source data (and be willing to make the effort) instead of blindly following some talking head on the television or a Facebook personality with 3 million likes.
Like him or not (and I never did) Glenn Beck preached going to original source information instead of trusting a media that has lost all sense of journalistic integrity. A good example is Donna Rice, former National Security Advisor. While in office, she made several false assertions about the underlying cause for the attack on the U.S. Consulate in Benghazi – saying it was caused by a YouTube video produced by a lone individual in Los Angeles. The media blindly backed her claim, but it was absolutely false. Subsequent FOIA requests, and reviews of U.S. government message traffic revealed not only that it was a coordinated Al Qaeda attack, but that she knew it was the night of the attack. However, I still know people who adamantly believe the YouTube fable.
We must teach people how to obtain Original Source Information and stop allowing these Corporate Monoliths to shape our thoughts and opinions. They are dividing all of us but our interests are pretty much the same. How could that be? All the information of mankind is at our fingertips today. We must learn to use it…
I find the example of Benghazi not such a good example of something you could confirm. It might be a bit difficult to confirm, as you’d have to go to classified documents to either confirm or deny it. That wasn’t possible till much later when the documents were declassified.
I said I wasn’t going to add anything more, but just discovered that I left out the most important article (and the most readable one although every long)…am including a couple of quotes: (the ‘micro-targeting of individuals is the key, as far as I’m concerned.) I’m done posting now 🙂
How the Trump Campaign Built an Identity Database and Used Facebook Ads to Win the Election
https://medium.com/startup-grind/how-the-trump-campaign-built-an-identity-database-and-used-facebook-ads-to-win-the-election-4ff7d24269ac
[Trump campaign] built thousands of different web sources that were “micro-targeted at different segments of voters.”
“Trump’s risky bet on micro-targeted Facebook ads to discourage African Americans and young women from voting was handsomely rewarded with a presidential campaign victory. …
“Trump’s revolutionary database, named Project Alamo, contains the identities of 220 MILLION PEOPLE in the United States, and approximately 4,000 to 5,000 INDIVIDUAL DATA POINTS ABOUT THE ONLINE AND OFFLINE LIFE OF EACH PERSON. Funded entirely by the Trump campaign, this database is owned by Trump and continues to exist.
“Trump’s Project Alamo database was also fed vast quantities of external data, including voter registration records, gun ownership records, credit card purchase histories, and internet account identities. The Trump campaign purchased this data from certified Facebook marketing partners Experian PLC, Datalogix, Epsilon, and Acxiom Corporation. (Read here for instructions on how to remove your information from the databases of these consumer data brokers.)
“Another critical supplier of data for the Trump campaign and Project Alamo was Cambridge Analytica, LLC, a data-science firm known for its psychological profiles of voters. …
with the new info that… they are now using browsing history to adjust or cretic credit scores.. maybe this should be a time for a revisit of this topic??
Do you have a citation for that claim? I’d love to read it.
Not happy with them seeing my browsing history or where I’m posting things at!
Strangely enough Bank of America blocks access via a VPN. On the other hands SSL is more effective than a VPN anyway.
It depends on what it is you’re attempting to be effective at. 🙂 Using SSL your ISP can still see that you’re visiting your bank.
I live in Europe and have used a VPN for years to get access to content not available in this country. That said, I’ve been harping for a long time on the dangers of a VPN. They have access to everything your ISP would have had access to, and I tend to believe many if not most are more unscrupulous than your ISP. I trust many ISPs more than any VPN. The privacy laws are very strict here, to the point where it’s illegal for a newspaper to mention a suspected criminal’s name (IMO a good thing). When I travel back to the US, my home computer can be my VPN. I can access my computer in Germany via TeamViewer. I haven’t used it for that, because I haven’t needed to, but if the need presents itself, it’s available.
“I’ve been harping for a long time on the dangers of a VPN. They have access to everything your ISP would have had access to, and I tend to believe many if not most are more unscrupulous than your ISP.” – I completely agree. While VPNs certainly have their uses – such as circumventing geo-blocks – they really don’t do anything to improve security or privacy. In fact, using a VPN may very well be less secure and private than connecting directly to your ISP.
Leo, thank you for your information. Would my security be improved if I created a separate email address exclusively for accessing bank accounts, IRA and stock trading site accounts, etc. or are unique passwords sufficient? I would never use this separate email address for browsing.
Long unique passwords are your best protection along with second factor authentication if your accounts support that. Separate bank accounts could help a little, to the degree that the email account you use to access your financial accounts wouldn’t be circulating.
Email addresses aren’t used for browsing to begin with, so this would be unrelated to that.
Having a single account with a strong password is typically enough (as long as you have an appropriate, separate, “recovery account” also in case you ever get locked out). I tend to use a separate email account for “important” things not for security, but to control spam somewhat, and so that I know that anything coming in on that account is … important.
I go to the bank, and since all but one are nice ladies I’ve known for four decades in one case, and it’s nearby, why NOT?
‘Social’ is bugging them in person.
I do 99% of my banking online, as you might imagine. BUT I do periodically show up in person at my local branch just to maintain the contact. Part social (I’ve known these people for years) and part strategic (ya never know when you might need the bank to help w/ something), it’s nice to stop in and say hi. 🙂
I like your objective way of approaching this subject. There are way too many scare-mongers taking advantage of society today.
It’s all about getting people to click on scary headlines, I’m convinced. See https://askleo.com/how-the-internet-is-breaking-journalism-and-what-it-means-to-you/
They had to send letters to do this before the internet, always telling her that her Social Security would get cut off by some so and sos, unless she sent them money to help fight them.
We, her grandchildren had to explain this to her 30 years ago.
Privacy…something that the younger generation does not expect. Privacy…something the older generation is so saddened and shocked at losing.
If someone would just hack the ISP records of a few Congressmen trolling p*o*r*n sites, then we’d get our privacy back.
If it’s hack, its unlikely anything would change. What we need is someone to legally gain access to sensitive data like that. Then we’s see the laws change. I’m not holding my breath.
Leo,
How about an article about how to set up your own VPN? If I could do that
for a few hundred dollars (mostly for a dedicated computer to run the VPN
open source software), that would seem much safer and even cheaper than
paying say $10/month to a commercial VPN whose privacy policies may or
may not protect me.
Honestly, I’ve looked into doing it myself. It’s amazingly complex, can be expensive, and very easy to get wrong. Honestly, that last item is what worries me the most: thinking you’re protected but because of some oversight, you’re not.
Leo,
Many thanks for the explanation that makes sense. I’m tired of misleading headlines and you have clarified the issues. I have tried paid VPN’s but the degradation of service is so bad I removed them. Now glad to hear I don’t really need an VPN.
I agree with Leo that most info gathered or sold by the ISP’s is mostly a sort of market survey, I guess if they stood in a market or mall with a clip board and asked what sites you visit you would probably tell them, as we all usually search for things we are interested in.
I do feel however that if the government snoop on certain people they have a genuine need to do so in order to keep the public safe, and I for one agree with this, as I have nothing to hide.
It’s not a matter of having nothing to hide. It is a matter of whether or not you would be willing to have everything about you made public.
“I have nothing to hide.”
To quote Edward Snowden: “Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.”
Well said!
Very helpful video.
Thank you Leo.
Great article Leo. Appreciate your valuable time to address this murky issue.
Seconding the last two gentlemen.
I think the most important part of all of this is the AIM of the marketers. They really do want to know the habits of every single person. Sure, maybe it’s an aggregate that’s collected, but their aim conflicts with my privacy. Their collection of MY data, from what I’m thinking, to should be forbidden. In a perfect world, nobody’s data is interesting. In reality, I can see some big money being paid out to reveal the IPs of users of ABC Widget in my town.
The gold (I wanted to type goal, but in a way gold is really what it is. The gold standard of advertising) of advertisers is pure targeted ads; no more shotgun advertising. That’s not longer aggregate data. That means they have personal information on you. It may only be accessed via an algorithm, but they still have that info and a different algorithm can be used for less benign purposes.
I somewhat disagree. When we visit a site, all it really sees are our IPs. Targeting then goes to that IP, not actually the individual.
I let my granddaughter use my computer to look for a few items online. Then I started getting ads for those, and related, items. Although it was my IP, it wasn’t me. However, the tracking company had no way of knowing that. Also, I got a copyright violation once. It said that someone with my IP [note that it did not say “you”.] had downloaded a pirated movie. However, it wasn’t me, it was one of the tenants using the Internet service for the house.
As Leo has stated in other articles, they can only see my ISP and possibly track my location to wherever the ISP’s hub is located. [Mine is about 6 miles where I live. Reading Microsoft’s forums, one person was complaining because the location showed 85 miles away, and in a different country.]
You hit the nail on the head. But unfortunately, I don’t think the current Congress and President are likely to make any laws to limit data collection and distribution.
“all it really sees are our IPs” isn’t exactly true. If you’ve been to that site before it sees the cookies of that prior visit. If you’ve been to other sites that use the same advertising network, then the advertising network sees all the sites you’ve been to including this one. And if you’ve actually LOGGED IN to anything covered in the prior list, then you’ve provided specific, personal, identification to the site.
Yes, much “tracking” is limited to IP address only, but that’s not to say that’s the only level at which tracking can occur.
Tracking IP, cookies, browsing history are trivial matters. The technology exists for someone to search your drives and emails on your machine and send back entire files – if they choose to. And if they do, the “law” (now) doesn’t consider this as hacking, but normal pursuit of business objectives.
Good morning Leo,
Comment on ‘new vid formate” if I may.
Suggest family pics.and misc memorabilia be removed as only act as a distraction.
Means a lot to you of course but distracts from your message somewhat.
Suggest use blue or green screen and project relevant stuff in the background to
make it a bit more relevant and varied each time. A bit more work but decent film production has never been easy.
Personal opinion.
Johno
Thanks for that nice summary, Leo. One of my concerns is the information that ISPs are not prevent from ‘selling’. This includes sensitive information, specifically social security numbers. While this is, practically speaking, a part of mass effort for marketing purposes, the proliferation of SS numbers into an increased number of databases is just increasing the risk of those SS numbers getting stolen.
The best way to actually see what information your ISP collects and how that is used is by reading their Privacy Statement. Since this is part of the contract between you and them, it is legally binding on them.
My ISP’s Privacy statement tells what they “may” collect and what they “might” do with it (permission granted, but not necessarily acted upon). It tells specifically what they will not do with that information (unless by legal means, such as a court order).
If you are thinking of using a VPN, make sure to read the Privacy Statement as well as user ratings.
You should also read the Privacy Policy of Google, Yahoo, Facebook, and a host of other services you use. See how they compare with your ISP.
You also need to understand where the VPN is located to understand whether or not the privacy policy carries any weight at all with respect to you and your location. (for example, even if legal everywhere, is it even enforceable across borders?)
Something you didn’t mention is the rationale behind rescinding the unenforced requirement. Part of it is the usual party politics: if they’re for it, I against it – if they’re against it, I’m for it.
Another aspect, which I’ve read elsewhere, is more complicated.
The restriction only applied to the FCC, which includes ISPs. Companies like Google, Yahoo, Facebook and many VPNs come under the FTC, which did not have the same restrictions. So, yes, the ISPs had a legitimate complaint – they can, but we can’t.
From what I understand, the opponents to the restriction (Democrats as well as Republicans) want Congress to enact a law that will apply to both the FCC and FTC. That would be more effective, and provide better privacy protection, than a one-sided regulation.
I agree that repealing the restriction does tend to send the wrong signal to ISPs. Congress would have to stop bickering over minor issues and actually do something constructive for a change – and do it quickly. Voice your desire for a law that would stop everyone (not just one group) from selling your information. Contact your Congressional members (House and Senate), maybe Speaker of the House, and even the President and Vice President. If we don’t do our part and take action, we can’t expect someone else to do it for us. Protection of individual privacy is up to each individual – not some group.
This is slightly off topic, but as it relates to privacy, I’m posting it here. A couple of days ago, I got an email from a friend who wanted me to print a boarding pass. I printed it, and 2 days later, I got this popup on my computer. I know, it’s probably benign, but the process which caught that has the capability of sending that information back to Microsoft and possibly sold to a third party. Somehow I find that worrysome.
Is there any value to getting more than one VPN? I have a lifetime subscription to one, and have had three offers for different VPNs hit my inbox this week.
As long as it works, one should be enough. The only exception I can think of is if you use it to access a site with content unavailable in your country and the site gets wise to your VPN and blocks it. And if you get any offers for any VPNs, be very wary as VPN scams are rampant now.
All of the offers (including the original one) have been through StackSocial/Yummy Software/X-Mirage (which took me an annoying amount of time to figure out were all the same, needing the same username and password). I’ve been happy with the one (Hotspot Shield), so I guess I don’t need the rest. Thank you.
Aaaaand now a search for “VPN scams” shows I might have been the victim of one, since I bought it through StackSocial. So far so good though. By the prices listed, I’ve already gotten my money’s worth. One year anniversary is coming up in June, so I’ll see.
You can use only one at a time.
I think that you are not to the point that “we-users are not of interest to advertising and marketers”. I contrary I think that THEY have computing power now to collect ALL and slice ALL of our browsing and other histories etc etc. And In my experience if they CAN they WILL !