We are in a world where everyone is trying to get a hold of your information. Corporations and governments want to know what you’re buying, what you’re saying, and essentially what you’re thinking.
The world is waking up to the Internet’s privacy problem, and an arms race has started between groups trying to harvest your information and activists trying to protect your information from unwanted intrusion. As this race heats up, one of the primary issues facing Internet users today is exposure of their IP address, which is often directly tied to their identity online. A VPN is touted as a good solution to this issue, as it masks an individuals traffic by mixing it with the traffic of other users to make tying specific actions to specific users difficult.
The key features that a VPN service needs in order to be private are:
-Security – The service should rely on strong encryption that cannot be easily broken.
-Leak Protection – The service should be well engineered to prevent data from exiting the device through the regular connection rather than the VPN.
Recently, we have seen a rise in big telecoms touting new VPN services as add-ons to their other services. On the surface these might seem like a good idea, until we think about why these companies would want to create a VPN service. There is a massive difference between a VPN service and a privacy focused VPN service.
When you establish a tunnel to a VPN server, you are tunneling all of your traffic to that server. This means that the VPN server can see everything that an Internet Service Provider can see. They can see which sites you visit, which services you use, and harvest all kinds of information about you. You are trusting your VPN provider to keep your data private or to not retain any data at all.
Then you have to consider these new VPN services that are ran by the big telecoms. Many users are getting VPNs specifically to get their data away from their ISP who is probably collecting and selling their information. These companies have a horrible privacy track record, and place profit over privacy at any and all cost to the user.
The three services i’m going to talk about today are Verizon Safe VPN, AT&T Secure Wifi VPN, and Sprint Secure Wifi.
All three companies are involved in NSA surveillance
Their involvement has been increasing over time, despite bad press
AT&T toyed with the idea of monitoring all customer traffic for ads, charging users more to opt-out
The AT&T surveillance program ended after about a year
If you do more independent research about these three companies, you’ll find that they have throttled or blocked services in the past, installed supercookies on people’s devices, sold or traded customer information with affiliates and governments alike, and you’ll find that they are in general enemies of privacy.
Data. Remember earlier where I mentioned needing to trust your VPN provider? These new services want to get at all of your data in a world where it is increasingly difficult to see what you’re doing at any given moment.
All three of these services have questionable privacy policies that allow excessive data collection and sharing:
You’ll notice that while there’s a lot of language about security on this app. There’s zero mention about privacy.
They also leave room for greater collection and sharing “with your permission.” And as we all have experienced with privacy policies in the past, using the application is giving consent. This creates another legal loophole where you’ve given them “permission” to engage in other types of sharing that are broader than defined in the policy.
Find out if your VPN service can prove that it does not collect user information. And if the service is made up of activists that actually care about privacy. Do not trust large corporations that are directly tied to surveillance to protect your privacy!
Derek is a cryptographer, security expert and privacy activist. He has twelve years of security experience and six years of experience designing and implementing privacy systems. He founded the Open Source Technology Improvement Fund (OSTIF) which focuses on creating and improving open-source security solutions through auditing, bug bounties, and resource gathering and management.