In theory, getting a VPN is good advice. But the technology hasn’t caught up to modern standards yet, and some “safe” services could put you at greater risk.
Last week, Congress voted to gut proposed internet privacy rules set out by the outgoing Obama administration that would have prevented your internet provider from selling your browser history to advertisers. President Donald Trump signed the bill a day after, making it law.
Many turned to what appeared to be an obvious solution: A virtual private network (VPN).
The idea of using a VPN is simple enough. The good ones are designed to push your internet traffic through a protected and secured tunnel, which shields your browsing records — such as the websites you view — from your internet provider. (As a result, some VPNs push your internet traffic through servers in other countries to trick content providers, like Netflix, into thinking you’re in a different place — usually in order to gain access to content in other geographies.)
But VPNs, for the most part, are lousy, often over capacity, and almost always significantly reduce your internet speeds. And, sometimes services simply don’t work or load because they can detect you’re using a VPN, forcing you to jump off the VPN — effectively defeating the point of using the service on a long-term basis.
And, a lot of the time, the bad ones won’t protect your privacy as they promise.
Some services are better than others. We’re not here to tell you the best ones or pick sides, but there are some pointers to note from our sister-site CNET and here on ZDNet. For example, paid services are usually better at hiding your traffic than free services where the customer is usually the product.
But what compounds the problem is that some phony VPN services promise to protect your privacy, but they don’t and are simply cashing in on the news, said Motherboard.
The big question to ask yourself is: Should I trust this VPN provider? More often than not, you can’t and shouldn’t.
Why? Not least because VPN providers don’t always encrypt your web traffic, or don’t use their own domain name servers (which means your internet provider can still see the websites you’re accessing), and some are using their own in other countries, which means you’re beholden to their laws. As security researcher Troy Hunt said in a recent blog post, because VPN providers control your traffic, “they can inspect it, modify it, log it, and have a very good idea of what it is you’re up to.”
As security reporter Brian Krebs notes, many VPN providers “claim they keep zero records of customer activity,” but “this is almost always untrue if you take the time to read the fine print.”
Often, the reality most will face is that you’re paying for a VPN service that you have to trust more than your internet provider not to collect, monitor, or sell your data.
As famed security sensation Swift On Security said in a recent tweet:
It’s not to say that there aren’t good VPN providers out there, but you have to weigh up the reasons why you want to protect your browsing history and other data.
When push comes to shove, there are better ways to protect your browsing data than using a VPN.
And while nothing is perfect, and the web will never be completely secure (nothing ever is), you’re better off taking advantage of plugins like HTTPS Everywhere, which pushes for secure pages over non-secure pages where available.
Amazon, Google, Facebook, Twitter — and yes, even Pornhub and YouPorn, your favorite online adult destinations, all offer HTTPS by default, which masks the page and its content (albeit not the domain) from internet-browsing snoopers.
And when all else fails, your internet provider isn’t going to be able to monitor your activity on the Tor anonymity network any time soon.
And there’s almost never going to be a widespread adoption of a VPN service from the average internet user, nor should there be. And many will inherently choose convenience, ease, and faster speeds over security and slowdowns, defeating their point altogether.
Given that this entire saga started with Congress voting to scrap internet privacy rules, the question to ask isn’t “how do I protect my internet history,” it’s “how do we get out of this mess?”