Now that Congress has given internet service providers the green light to keep tabs on your online activities and do as they wish with that information, you might be wondering what you can do about it.
The good news is there are two different technical tools you can use — the Tor system and virtual private networks, or VPNs. The bad news is both tools can be difficult to use and VPNs can be costly. The even worse news is that both, but particularly VPNs, may pose an even bigger risk to your privacy and security than your broadband provider’s prying eyes.
“Those two are the best technological solutions we have,” said Kevin Riggle, a cybersecurity professional who previously worked at web company Akamai Technologies. But, he added, “neither of them are good solutions.”
Many consumers have found themselves looking for a good privacy solution following the recent passage by Congress of a resolution that would overturn privacy rules voted in place last year by the Federal Communications Commission. Those rules, which were due to take effect later this year, would have required broadband providers to seek customer approval before collecting or sharing information about them or their online activities. It would have also required companies to take “reasonable” steps to protect the data they collected and to alert customer if that data had been compromised by hackers.
Perhaps the most popular answer for consumers is to sign up for a VPN.
A virtual private network is a service that connects your computer or other device with a server on the internet. VPN services typically encrypt all the traffic between your computer or device and their servers and routes all of your online traffic — web browsing, email, videos — through those servers before sending it on to its eventual destination.
Because your data is scrambled, your broadband provider typically can’t see what sites you’re visiting or what you’re doing online when you use a VPN. They also can’t see what’s in your email or what’s on the websites you’re visiting. All they can generally see is that you are connecting to a private network.
Most VPNs are available for desktop computers and both Android and Apple smartphones. Some can be connected directly to your internet router so that all traffic through your home network passes through them. And if you’re really geeky, you can set up your own VPN using open source software called Algo that will run on your own server or on a cloud service like Amazon’s EC2.
But VPNs aren’t a perfect solution for protecting privacy. They can be difficult to configure and use. They can slow your access to online sites and services. And because security experts strongly advise users to stay away from free VPNs, you can expect to spend between $3 and $13 a month to use one.
More disturbingly, you may be less secure using a VPN than you would be otherwise. Security experts have noted that the encryption keys used by some popular virtual private networks are known and easily broken, meaning it wouldn’t be hard for someone to snoop on data you sent through them.
Potentially much worse, by using a VPN, you may be swapping the devil you know for the devil you don’t, giving the VPN provider a God’s eye view of your online activities. While many networks promise to protect your privacy and not keep track of what you do on the internet, most are black boxes and almost none of their claims have been independently verified, security experts warn.
“You basically have to have faith in them that they’re telling the truth,” said Paul Bischoff, an editor at Comparitech, a website that reviews privacy and security products.
Security experts like Bischoff recommend that you do plenty of research before signing up for a VPN. Scrutinize their privacy policies and terms of service to see what data they collect, how long they hold on to it and what they do with it. Check to see if they are using secure encryption keys. And see if there are any press reports about how they’ve responded to subpoenas or other legal requests that they turn over data.
The other option is to use Tor, which works kind of like a multistage VPN. Tor routes your online data through multiple servers and encrypts it along the way. So, like a regular VPN, it obscures your online activities from your broadband provider; all that provider can detect is that you are using Tor.
But Tor also helps shield your activities from the servers through which your data passes. And the last server in the chain, the one that connects you to your destination, doesn’t know your internet address, so it can’t tell who is trying to reach that site.
Unlike many VPNs, Tor is free to use and it’s something of a gold standard in shielding online activity.
But it too has its shortcomings. Because online traffic sent through Tor goes through multiple servers, it can be painfully slow to use, so much so that it’s typically not good to use if you’re trying to stream videos or wanting to compete with other people head-to-head in online games. Some sites even block Tor users.
Tor is typically accessed through a custom web browser. Although you can configure your computer to route your traffic through the Tor network, that’s much more difficult for the average user to do. And if you’re on an iPhone, it’s basically impossible. An app called Orbot allows Android users to connect to the Tor network and use multiple apps through it. But if you use an iPhone, your only Tor options are web browsers.
And Tor could have security problems. There have been reports that the National Security Administration and even malicious hackers are monitoring traffic on the network, and the use of Tor could draw more attention to users than they would otherwise get.
“Tor is by far the best thing we have available today,” said Riggle. “But that’s far from saying it’s perfect.”
Indeed, when it comes to protecting your activities from your broadband provider, the best solution is not a technical one but a political one — the one the FCC already came up with, and that Republicans in Congress have now chucked out the window.
Published at Fri, 31 Mar 2017 16:30:00 +0000