What’s going on and how you can protect yourself with a VPN and other methods
Privacy on the Internet. These days privacy and the digital world don’t seem to play well with each other. In a way, this has been true since the early beginnings of the Internet and if you’re a student of history, the problem of balancing any technology with the privacy rights of a nation’s citizens has always been a challenge. This is even true in nations where the government takes a proactive role in protecting it’s citizen’s privacy rights like Switzerland.
However, in the United States, something is happening that has never happened before. Our elected officials recently voted to pro-actively revoke consumer privacy regulations enacted by the FCC under the Obama administration that had been set to take effect this year. If President Trump signs the bill into law, which all signs point to him doing, then the FCC has effectively lost all ability to protect consumers from spying by their Internet providers and other entities with whom they share information. Your ISP can sell your browsing history and anything else you transmit to anyone willing to pay and they can do this without your consent or knowledge. It also paves the way for a reversal of Net Neutrality laws put in place by Obama’s FCC.
For those unaware of what all of this means; there is nothing happening now that will immediately affect you. In fact, technically nothing has changed at all since the new regulations had not been put in place. What has changed is that congress has flipped the status quo of the FCC being responsible for protecting consumers from the overreach of Internet service providers or anyone else that collects information about you (basically everything on the Internet). Republicans ISP Lobbyists argue that the free market should choose the winners and the losers for Internet services. If consumers are worried about Comcast and Verizon invading their privacy, then the free market will give rise to new ISP’s that don’t spy on you or their customers will force them to reverse course.
The free market is a great idea in theory. I actually believe in free market ideas and consider myself a fiscal conservative. However, in the case of Internet privacy and Net Neutrality, the free market concept cannot apply because we don’t have a free market. Most consumers have only two choices for high-speed Internet access. Many consumers only have one (myself included). It’s all fine and good to tell me that I have every right to tell Verizon to shove it and go elsewhere, but the reality is I can’t.
I have two choices: do business with Verizon and have high-speed Internet access or have no Internet access at all. The free market isn’t going to solve this for me anytime soon as I live in a rural area and Verizon has a local monopoly. I have lived in this area for over 10 years and there is zero financial incentive or public demand for a competitive ISP, let alone one that cares about consumer privacy. Most of my neighbors are farmers and ranchers and are unaware of digital privacy issues. Believe me, if there were another option, I would drop Verizon in a second.
The larger issue here is that this is likely only a first move in a series of regulation changes that will result in the elimination of the current Net Neutrality rules set in place by the FCC. For those unacquainted, Net Neutrality is the name given to the idea that all data on the Internet should be treated equally. Your Netflix stream should be given the same attention and priority as your Grandma’s game of Candy Crush.
ISP’s hate the concept of Net Neutrality since it’s their view that it is unfair to them. They know that you like Netflix and are likely going to stay a customer of Netflix. They also know you aren’t willing to pay much more for Netflix than you are paying right now. So, in the ISP’s view, you are using a lot of bandwidth to watch Netflix and your grandma is barely using any bandwidth to play Candy Crush.
Net Neutrality says that both activities should be treated equally, meaning that your Grandma is likely paying about the same amount for high-speed Internet that you are. ISP’s argue that it costs them more money to transmit Netflix, so you should pay more. Since they know most people won’t or can’t pay more, they believe they should be able to charge Netflix directly since they have deeper pockets. In the current political climate, there is nothing to stop ISP’s from imposing these “taxes” on anyone they believe they can extort money from. Not only is this bad for consumers as it is likely to drive prices for services up, it also serves as a large barrier to entry for any new startup looking to disrupt an established market.
Let’s say you have developed a new streaming service that is sure to be a Netflix killer. You already have to pay developers and licensing fees for content. Now you also need to pay up front protection money to pay the ISP’s to guarantee the quality of service to your customers. Good luck getting investors to sign up for that.
So, I’ve given you a very basic primer of what’s going on now and what is likely to happen with Internet privacy. If you actually read this article to this point, then you are likely having one of two reactions. One, you’re saying I’ve got nothing to hide, so I’m not worried. I have several ISP choices and I’m good. If you really believe that, then there is nothing more for you here. Move along.
Two, your mad/scared and you want to know what you can do to protect your privacy and an open Internet. Great, welcome aboard. I’ll do what I can to show you the way.
How to protect your privacy on the Internet
There are several steps you can take to protect your privacy on the Internet. I will focus on two that in my opinion are the easiest to implement for the average non-technical user and offer the most bang for your buck in terms of the privacy you gain. I’m also including some options and information for the more technical reader.
Ad Blockers and Encryption Browser Ad Ons
Since most non-government privacy invasion happens in order to build a marketing profile on you, one of the first things you should do is install Ublock Origin https://www.ublock.org/. It is available on the desktop for Firefox, Safari, and Chrome and will eliminate a large number of advertisements and tracking. This protects your privacy since the trackers are blocked and has the added bonus of making the websites you visit load faster.
You should also grab Privacy Badger https://www.eff.org/privacybadger and HTTPS Everywhere https://www.eff.org/https-everywhere from the Electronic Frontier Foundation (EFF). While you are there, give them a donation so they can continue their important work protecting you online!
Privacy Badger informs you when websites are spying on you and allows you to selectively block websites that invade your privacy. HTTPS Everywhere checks a list of websites that are known to offer a secure encrypted connection and if you visit one, it will “force” your browser to use the secure encrypted connection. This will not stop ISP’s from knowing what websites you visit, but it will prevent them from seeing what you do on those websites.
All of the three mentioned browser add-ons are open source and free. This means that programmers can look at the source code to see if anything fishy is going on with the software and that no one is making money directly from your use of the software.
OK, but I am hardly every on a desktop you say? What about my phone?
Mobile devices generally cannot make use of these ad blockers because of the proprietary systems of the major device makers (Apple & Google). Fear not because there is an answer to mobile privacy and it has the bonus of working on the desktop also. It does, however, come with some trade-offs and limitations.
Virtual Private Networks (VPN’s) and DIY DNS Poisoning with PiHole
A VPN is a special connection that you can establish from your mobile device, desktop, laptop or even your home router. The VPN takes all traffic from the device and sends it through an encrypted tunnel. This makes it impossible for your ISP to see what you’re doing. They can see you are using bandwidth, but they can’t see what sites you visit or any of your private data. The advantages of using a VPN are obvious. Your ISP can’t see what you’re doing, so they can’t build a marketing profile and therefore there is nothing to sell to advertisers.
There are however downsides to going with a VPN. First, while your ISP can’t see what you’re doing, the VPN provider can. So you’re trusting the VPN provider to respect your privacy. This is not necessarily a bad thing since the VPN provider has a financial motive to keep your data safe. However, even though all of the major consumer and business VPN providers claim that they don’t log any of their customer’s activities and therefore cannot and will not assist a third party investigating one of their users; it is only partially true.
They may have every honest intention of logging as little as possible, but the nature of computers, servers, and the Internet means that there are bread crumbs left behind for someone to follow. Also, even if the VPN provider takes every step possible to protect their user’s activities, there is always the possibility that they will be sold to or otherwise acquired by another company with different opinions about your privacy. Finally, if the VPN provider is headquartered in or operates it’s servers in the United States, then it is subject to legal orders for the search of their systems and their customer lists just like any other American company.
You also have the option to roll your own VPN using the popular open source OpenVPN server. The obvious advantage is that you in effect become your own VPN provider and therefore know what the VPN is doing on both sides. The downside is that you are still trusting your hosting provider as they can see all of your traffic as it exits the VPN tunnel on their network. However, since their business model is to sell you server space and bandwidth, they theoretically have less of a motivation to spy on you and sell your data. That said, the same rules from above still apply.
For those readers that are technically inclined, Digital Ocean has an excellent tutorial on how to roll your own OpenVPN server on one of their Ubuntu 16.04 Droplets here: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04. You could also likely use these instructions to perform the install on any Ubuntu 16.04 Server install if you have access to another host or source of high bandwidth.
Finally, if you do decide to choose a VPN provider or to roll your own VPN, you should consider doing business with a company that has its headquarters and servers located somewhere like Switzerland that offers very strict consumer privacy laws.
A company I personally like is Proton Mail https://protonmail.com/. They offer free and paid fully encrypted email accounts. Unlike Gmail, no one will be scanning your email for keywords to serve advertisements and you can transparently send a fully encrypted email with other Proton Mail users. They also have the option to send encrypted emails to users that are on other email providers in the form of encrypted links. The best part is that if you are in their visionary paid plan, you get ProtonVPN for free. Your traffic will exit the VPN tunnel in Switzerland.
One word of caution for all of you wannabe secret agents out there. Once your traffic exits and then reenters the United States, it is theoretically subject to monitoring by any three letter government agency, so please plan accordingly.
How to shut your Pi Hole!
My last suggestion is my personal favorite. You can setup your own home DNS server to poison the advertising system tracking servers before any of it even reaches your desktop or phone. This technique is superior in many ways to other methods since the tracking server never gets the opportunity to load any data on any device. This means, that no advertisements will load, no zombie cookies will be set and the ad tracker won’t even know that it failed.
This magic can be accomplished with the incredibly clever free project called Pi Hole https://pi-hole.net/ which runs on the very popular Raspberry Pi single board computer https://www.raspberrypi.org. Install is very simple even for a non-technical user. Just buy a Raspberry Pi, boot up Raspbian (the default operating system) open up a command prompt and type one line:
curl -sSL https://install.pi-hole.net | bash
After you enter the command, just follow the on-screen directions. Pi Hole includes the option to run as your networks DHCP server so all IP addresses on your network are handed out by the Raspberry Pi Hole server. This means that all devices on your local network including phones and tablets on WIFI will not load ads or ad server/tracking URLs. Not only does this give you a level up on privacy when you are on your home network, but it also makes the Internet and your desktops faster since all of the bandwidth getting eaten up by advertising gets dropped before it loads.
One last thing
Assuming you read all the way to the end of this book of an article about privacy, please allow me to recommend an actual book written by someone who knows way more about staying private than I do. Kevin Mitnick is still known as the world’s most wanted hacker. He managed to evade the FBI for several years while on the run and has written several books about his adventures. These days he is a highly paid and sought after security consultant and has recently published a timely new book called The Art of Invisibility https://www.mitnicksecurity.com/shopping/books-by-kevin-mitnick. In this book, Kevin lays out many techniques for staying invisible on the Internet and it is written for both technical and non-technical readers. Kevin’s other books are great also.
I will leave you with a favorite quote of mine that is most often attributed to Benjamin Franklin: “Those who surrender freedom for security will not have, nor do they deserve, either one.”
This could very well read: “Those who surrender privacy for convenience will not have, nor do they deserve, either one.”