'Just Use A VPN' Isn't A Real Solution To The GOP's Decision To Kill Broadband Privacy Protections

from the snoopvertising-incorporated dept

Not too surprisingly, VPN providers say they're seeing an interest spike in the wake of lawmakers' full frontal assault on consumer broadband privacy protections. The attack on the rules comes as the broadband industry is suffering from an overall decline in competition, something of notable concern to privacy advocates. Some VPN providers were quick to use the debate as a marketing opportunity, with VPN provider Private Internet Access taking out a front page ad in the New York Times shaming the 50 Senators who sold consumer welfare down river in exchange for AT&T, Comcast, Verizon and Charter campaign contributions.

VPN provider NordVPN says it has seen an 86% spike in new subscriber inquiries since the effort to kill the rules began, something it's quick to note happens every time privacy is threatened by myopic lawmakers worldwide:

"Such spikes in user interest in VPNs are not unusual - whenever a government announces increase in surveillance, people turn to privacy tools. We saw similar spikes back in November when UK passed the law dubbed ‘The Snoopers Charter’ or after the revelation about CIA surveillance by the Wikileaks. We are worried about the global tendency to invade Internet users’ privacy, and we are glad we can offer a reliable tool that helps people keep their information private. We want to stress that privacy tools are needed every day, not only during such moments - to protect yourself from ever-growing online security threats and increasing surveillance."

When ISPs were busy lobbying to have the rules killed, they were quick to insist that they don't really collect much data about consumers anyway (patently false). They were also quick to try and argue that killing consumer broadband privacy protections isn't that big of a deal -- because consumers could just protect themselves by using encryption and a VPN. One particular study (pdf) by the telecom-sector funded Information Technology & Innovation Foundation put it this way:

"ISPs do not have nearly the visibility critics suggest. First, as the cost of processing has continued to drop, the number of online services and sites that use encryption has dramatically increased. As a result, ISPs will have less and less insight into customers' Internet usage. Second, any customers who have a heightened sensitivity to privacy concerns are able use tools like Virtual Private Networks (VPN) or even onion routing to obscure online communications. Third, ISPs only have a partial view of subscriber online behavior since most use multiple devices and service providers."

This argument has also been pushed around by many folks that aren't keen on additional government regulation, but want to convince themselves the erosion of privacy protections in a captive, uncompetitive market isn't that big of a deal. But as Princeton computer Scientist Nick Feamster pointed out a year ago, ISPs know an alarming amount about you via DNS records, deep packet inspection, location data tracking and other commercial surveillance. And neither encryption nor VPNs alone are enough to ensure your private data isn't being tracked, collected, stored, and sold:

"Traffic from VPNs doesn’t simply disappear: it merely resurfaces in another ISP that can subsequently monitor user activity. The opportunities for observing user traffic are substantial. For example, in a recent simple experiment that postdoc Philipp Winter performed, web requests from Tor exit relays to the Alexa top 1,000 websites traversed more than 350 Internet service providers considering the DNS lookups from these exit relays, the traffic from these exit nodes traverses an additional 173 Internet service providers."

Meanwhile, Feamster was also quick to point out that the myriad of internet-of-broken-things devices in most homes usually aren't compatible with VPN use:

"VPN clients are typically for desktop machines and, in some cases, mobile devices such as phones and tablets. As previously discussed, IoT devices in homes will continue to generate more traffic. Most such devices do not support VPN software. While it is conceivable that a user could set up an encrypted VPN tunnel from the home router and route all home traffic through a VPN, typical home gateways don’t easily support this functionality at this point, and configuring such a setup would be cumbersome for the typical user."

As Wired quite correctly points out, a VPN also won't help you if your wireless carrier is installing snoopvertising locally on your phone (remember CarrierIQ?). Nor is it a bulletproof solution for ISPs like Verizon that have creatively started modifying user packets to covertly track subscribers around the internet. Nor does it prevent you from an ISP charging you more to opt out of data collection (something AT&T and Comcast have both flirted with). A VPN also won't protect you from companies that have flirted with providing worse customer service based on your credit score.

And, of course, in using a paid-for VPN service, you're basically just moving the area of attack. Now, instead of your ISP snooping on you, you need to worry about the VPN company, because they get the same insight into your traffic patterns as your ISP. And while many VPNs insist that they don't monitor, record, or track this stuff, not all do, and there's been little done to see if various VPN companies are telling the truth. Certainly, many VPN companies stake their entire reputation on privacy and not snooping through your surfing data -- and hopefully the potential risk to their reputation for not being honest about that stops abuses, part of the problem is that no one really knows. Kevin Riggle has a good post outlining why you should be skeptical and careful, if you think a VPN is the answer to your privacy concerns.

Long story short, you're going to hear a lot of people say "just get a VPN" in the wake of Congress' decision to sell your privacy down river for ISP campaign contributions. But a VPN isn't a silver bullet that magically compensates for fading regulatory oversight of an uncompetitive (and anti-competitive) telecom sector, where neither regulatory authority nor competition impede these companies' hoovering up of consumer data. A VPN is just one tool for anybody hoping to protect their traffic from the ever-expanding, watchful gaze of your now unshackled broadband provider, and it may not even be a very good one. And it's a problem if people jump on VPNs thinking that it's "the solution." It is not.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: broadband, congress, privacy, vpn


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Ninja (profile), 29 Mar 2017 @ 5:55am

    Even if VPNs were a definitive solution you'd still be shelling extra cash just to have basic functionality (privacy). This is wrong on multiple levels even if you disconsider Americans already pay a kidney for their internet connections.

    And this is just another ugly episode of the dysfunctional history of the advertising industry. It's become a cancer. It's aggressive and it's out of control. And the other cancer (politicians) joined it.

    link to this | view in thread ]

  2. identicon
    Anonymous Coward, 29 Mar 2017 @ 6:44am

    As I understand it, this rule was never implemented or enforced. Was the threat of action enough to dissuade ISPs from engaging in these kind of ad sales, or has it already been happening?

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 29 Mar 2017 @ 6:47am

    >it's a problem if people jump on VPNs thinking that it's "the solution."

    A technical option is almost never the solution with the powerful modern states we have. Especially if you get a non-US VPN which will almost certainly lead to incidental collection.

    link to this | view in thread ]

  4. identicon
    Christenson, 29 Mar 2017 @ 6:54am

    VPN -- yet *ANOTHER* cost on my internet bill!

    Might be voluntary, but only partially so, but still.

    Tell me, congrescritters, has YOUR family been visiting Ashley Madison lately?

    link to this | view in thread ]

  5. icon
    Uriel-238 (profile), 29 Mar 2017 @ 6:54am

    Meanwhile on the limbus of the darknet

    We anarchists, terrorists and child-pornographers are going to have plenty more noise in which to conceal our dark work.

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 29 Mar 2017 @ 6:59am

    I'm surprised the NYT would sell a front page ad. That must have cost them a fortune.

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 29 Mar 2017 @ 7:12am

    So if a VPN is not a solution, then what is the solution?

    link to this | view in thread ]

  8. icon
    timmaguire42 (profile), 29 Mar 2017 @ 7:18am

    I'm not surprised Rand Paul is 1 of the 2 Republicans who voted no. Who's the other one?

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 29 Mar 2017 @ 7:19am

    The only winning move is not to play. - Joshua

    nuff said.

    link to this | view in thread ]

  10. identicon
    Anonymous Coward, 29 Mar 2017 @ 7:20am

    Re:

    Vote the pirate party or any other other party or individual that represents ordinary people into power.

    link to this | view in thread ]

  11. identicon
    Brian Carnell, 29 Mar 2017 @ 7:33am

    Riggle article

    Disagree with a lot that is in the Riggle article, especially this,

    "Don’t use VPN services which advertise BitTorrent anonymity or content geolocking circumvention. Whatever your views on its ethics and morality, copyright infringement is a crime in the US, and a VPN provider which will turn a blind eye to crimes committed by its users is likely to commit a few of its own."

    If a VPN doesn't provide such anonymity then it is doing one of two things. It is either a) maintaining logs so that it can respond to DMCA requests or take other actions, or b) it is blocking the BT protocol.

    Both render the point of using a VPN pointless.

    link to this | view in thread ]

  12. icon
    Derek Kerton (profile), 29 Mar 2017 @ 7:43am

    It's Not Easy, Nor The Default

    Setting up a VPN is non-trivial for non-techies, and it's also not free.

    We've seen this drill played out dozens of times:
    - Did average users update their PCs or phones regularly, to get security updates, PRIOR to that being automated? No.

    - Did the average user put a freaking password on their Wifi gateway before that was a required step of setup? NO!

    The average person doesn't understand, well, pretty much anything about what is going on when they connect to the Internet. Sadly, they count on their service providers, their gov't representatives, and their regulators to learn about this, and solve their problems for them. That's what we pay those people to do, after all.

    But it's clear that the ISPs want to take our money, and also sell our data, double dipping. (or triple, or quad...Karl, what are we up to now?)

    Our gov't officials are fucking clueless, and don't do the homework to figure tech out (they don't "know all the hashtags"), but DO sell us out for chump change from the ISPs.

    And our regulators are now full-fledged partisans, who arrived pre-sold out via the revolving door between K-street and gov't. Looking at you, Ajit Pai.

    They sold us down the river. And they did it for chump change. All because people don't understand that they've been sold out.

    link to this | view in thread ]

  13. identicon
    I.T. Guy, 29 Mar 2017 @ 7:54am

    Re: Riggle article

    "VPN provider which will turn a blind eye to crimes committed by its users is likely to commit a few of its own."

    For me, that's a feature.

    link to this | view in thread ]

  14. identicon
    Anonymous Coward, 29 Mar 2017 @ 8:06am

    and then how long before VPN is banned for personal use? when are people going to wake up and realise that almost every person in politics is accepting bribes to sell out the people and ensure that companies get to know whatever they want about everyone, and can then pass that info on to the various security forces, that were the ones after it from the beginning and stopped from getting it? and when are people going to realise that everything Trump is doing is contrary to the people and everything to do with aiding industries, companies, corporations, because all he's interested in is money and has already made deals to be handsomely rewarded for selling out every single ordinary person ijn the whole of the USA? once you all accept what hes doing, perhaps then you can do something about it, but i'll bet he will have every bit of resistance to what he wants trampled on and keep re-introducing all that fails until he gets what he wants!!

    link to this | view in thread ]

  15. identicon
    Anonymous Coward, 29 Mar 2017 @ 8:13am

    "wake up and realise that almost every person in politics is accepting bribes to sell out the people"

    When are you going to wake up and realize this has always been the case, that does not make it right - but please stop acting as though this is a new thing caused by those you blame for same.

    link to this | view in thread ]

  16. identicon
    Anonymous Coward, 29 Mar 2017 @ 8:33am

    Re: Riggle article

    Riggle me this Batman. If a VPN doesn't provide such anonymity then it is doing one of two things?

    link to this | view in thread ]

  17. icon
    compujas (profile), 29 Mar 2017 @ 8:49am

    Re:

    He actually didn't vote at all. Isakson (R-GA) is the other who also didn't vote. Had both voted No it would've been a split 50-50, gone to the VP for a tie-break, and the result would've likely been the same anyway. Not a single republican actually voted no.

    link to this | view in thread ]

  18. icon
    Narcissus (profile), 29 Mar 2017 @ 8:54am

    Going dark?

    So, in serving their corporate overlords they managed to increase attention for anonymity tools and encryption. To me it sounds like they made the NSA's job a bit harder.

    They also increased the market for good solutions to stay anonymous online so it's a matter of time before somebody finds one.

    link to this | view in thread ]

  19. icon
    lgm (profile), 29 Mar 2017 @ 9:07am

    Re: Riggle article

    Also both VPN providers Riggle's recommends don't allow setup of OPENVPN client. You have to use their apps so no router VPN.

    link to this | view in thread ]

  20. icon
    That One Guy (profile), 29 Mar 2017 @ 9:31am

    Re:

    The rules weren't in force yet, no, the 'problem' was that it would have seriously cut down on the profits the ISP's could get, by requiring them to provide clear information as to what they were collecting and more importantly change it from opt-out(assuming that was possible) to opt-in, which would require them to convince people that they data they were collecting to sell wasn't really that big of a deal.

    With a threat to easy money like it that makes perfect sense why they fought so hard to block the rules, and then to keep them from coming into play when that didn't work.

    link to this | view in thread ]

  21. identicon
    Beech, 29 Mar 2017 @ 9:32am

    The cure

    I think I know how to fix this problem. There is just about 1 way for the common man to get a response from this administration, so here we go:

    "Hey! Trump! I dare you to veto this bill, or are you too chicken? ! I've talked to all of the people, the best people, and they told me that only a loser with tiny hands would pass up the chance to veto this bill. I bet you don't have the guts to do it. I double dog date you! "

    link to this | view in thread ]

  22. icon
    That One Guy (profile), 29 Mar 2017 @ 9:36am

    Re:

    As an echo of one of my comments from yesterday, just because it's happened before doesn't make it any more acceptable now, and if you want it to stop a good first step is to call out those engaging in it now.

    Also, who's acting like corruption in politics is new, because it doesn't seem to be the TD articles I'm reading. New and inventive ways of corruption maybe, but hardly new in general.

    link to this | view in thread ]

  23. icon
    Dave Cortright (profile), 29 Mar 2017 @ 9:37am

    The title is misleading; it's not black or white

    Maybe VPN isn't a full solution to the problem, but it certainly is better than doing nothing. I mean, obviously switch to one of the ISPs on this list if you can. But barring that, yes a VPN is going to help you out. And yes it's an extra expense, but again, what's the alternative? Do nothing and let the ISPs have their way with your privacy.

    Regarding ease of use, I see it as a market opportunity. If VPN services are willing to take out full page ads, they could also spend money on creating and supporting a dedicated VPN router for their customers.

    link to this | view in thread ]

  24. icon
    That One Guy (profile), 29 Mar 2017 @ 9:37am

    Re: The cure

    Well, it worked to get him to okay a disastrous military operation...

    link to this | view in thread ]

  25. identicon
    Anonymous Coward, 29 Mar 2017 @ 9:39am

    IMO this is great news. Look; The corporations are paying lip service at best to the Gov's privacy rules. The penalties are pathetic for them getting caught, and the rewards are great. I already have to use a VPN, Ghostery, No-Script, etc etc to remain private, that IMO is proof positive that what we currently have is not working. By getting rid of these faux rules, maybe we end up forcing the common person to learn how to protect their own privacy. Hell the Gov is the worst offender. They make the rules and then don't play by them. All in the name of bullshit national security. If this gets to the main stream media, and privacy protection/encryption starts becoming main stream, maybe we can take back our privacy from these ass holes.

    I'm thinking they are about to shoot themselves in the foot, and start the biggest whack-a-mole game since the AA's went after Napster.

    Just my opinions.

    link to this | view in thread ]

  26. identicon
    Anonymous Coward, 29 Mar 2017 @ 9:39am

    Re:

    Well it IS new in the sense that yesterday we HAD privacy rules and then the new administration comes in and today we don't.

    So you know... ;)

    link to this | view in thread ]

  27. identicon
    Anonymous Coward, 29 Mar 2017 @ 9:42am

    Carriers

    As Wired quite correctly points out, a VPN also won't help you if your wireless carrier is installing snoopvertising locally on your phone (remember CarrierIQ?).

    The fix for that is to not buy phones from your carrier, just as you don't buy computers from your ISP. And ideally to install a clean OS image on whatever system you buy, but it's not so practical on phones.

    link to this | view in thread ]

  28. identicon
    Anonymous Coward, 29 Mar 2017 @ 9:42am

    Re: Re:

    What makes you think the ISP's, Corporations, or anyone else was going to take these rules seriously? The Government hovers up your data as fast as they can. You think because of a few rules the corporations won't do the same? right!

    link to this | view in thread ]

  29. identicon
    Anonymous Coward, 29 Mar 2017 @ 9:42am

    Re: Re:

    This is just the latest in a series of denials from people who are starting to realize that Trump is an idiot who conned them.

    In the weeks and months to come these people will be unable to use even this denial. There are probably some new denials to follow after that but they will continue to get more and more crazy. Soon, enough people will realize they were wrong. Maybe 2018, maybe 2020. But it's happening.

    link to this | view in thread ]

  30. identicon
    Anonymous Coward, 29 Mar 2017 @ 9:45am

    Re: The title is misleading; it's not black or white

    How much more difficult and expensive would it be if everyone used a VPN tunnel from their router? No one thinks it would be impossible, but I bet it would cost a fortune for companies to try and snoop if the customers were using counter-measures.. especially if there were several different options/combinations of options..

    link to this | view in thread ]

  31. identicon
    Anonymous Coward, 29 Mar 2017 @ 9:56am

    Re: Re: The cure

    Lets be fair eh? Trump by no means has the market cornered on disastrous military operations. I believe Obama carries the record, by a huge margin, on civilian casualties to date. Trump has a long LONG way to go to catch up.

    https://en.wikipedia.org/wiki/Civilian_casualties_from_U.S._drone_strikes#Total_numbers

    link to this | view in thread ]

  32. identicon
    Anonymous Coward, 29 Mar 2017 @ 10:05am

    VPNs are good for road trips, so I cannot get in trouble if I accidentally break state laws regarding wireless hotspots

    I use VPN all the time on road trips. While California law the the CFAA do not specifically requuire permission to use any open WiFI hotspots, other state laws do, so I use a VPN to hide my activity, so that if I do accidentally break state laws, they cannot identify me from what sites I go to, since the VPN encrypts it.

    States laws in Florida, Michigan, and a few other states are stricted on this than CFAA, which is why when you travel out of state, you need to use a VPN with any WiFi, to stay out of legal hot water.

    So, if you take road trips, like I like to do, using a VPN when connecting to any WiFI connection is just a good idea.

    link to this | view in thread ]

  33. identicon
    Anonymous Coward, 29 Mar 2017 @ 10:18am

    Re: The title is misleading; it's not black or white

    better bet would be a local mesh network, and random routing to the ISP connection. That way the collected data no longer relates to a single user or family, and greatly reduces the value of the data.

    link to this | view in thread ]

  34. icon
    wereisjessicahyde (profile), 29 Mar 2017 @ 10:19am

    Re:

    It wasn't a front page ad. It was a full page ad.

    link to this | view in thread ]

  35. icon
    That One Guy (profile), 29 Mar 2017 @ 10:26am

    Re: Re: Re: The cure

    Oh no argument there, my point was that what amounted to a double-dog dare was enough for Trump, something I really hope never worked for Obama.

    link to this | view in thread ]

  36. identicon
    Anonymous Coward, 29 Mar 2017 @ 10:43am

    Re: Re: Re: Re: The cure

    "my point was that what amounted to a double-dog dare was enough for Trump"

    It did indeed seem like that was the case. I hope it's not.

    link to this | view in thread ]

  37. identicon
    Thad, 29 Mar 2017 @ 11:14am

    Re: Re: Re:

    Are you arguing that we shouldn't have laws because people are just going to break them anyway?

    link to this | view in thread ]

  38. identicon
    Thad, 29 Mar 2017 @ 11:17am

    Re:

    He didn't vote no, he signed on as a co-sponsor and then was absent for the vote. Rand Paul supported this, because it removed a government regulation.

    link to this | view in thread ]

  39. icon
    Uriel-238 (profile), 29 Mar 2017 @ 11:20am

    regarding clean phones

    There's no phone service I know of (certainly no major carrier) that requires proprietary software to use their service. So one alternative is to purchase a phone directly from the manufacturer. Excepting iOS phones (which lock your phone to the carrier once chipped) manufacturer OSes generally are made with the end user in mind, carrier-specific specializations (typically disabled features) are inserted after the fact.

    So yeah, get your service and phone separately, and it should be easier to install crypto thats opaque to the carrier.

    link to this | view in thread ]

  40. identicon
    Voter, 29 Mar 2017 @ 11:22am

    This is a full bodied litmus test of which Senators are serving their constituency and which their own financial interests. There's no possible defense for authorizing such an invasion of privacy. Their vote was purely in service of a corporate interest that is offering some form of compensation for the vote, as this has nothing but harm for the population they represent.
    Here's the hateful 32 states with at least one Senator that voted for this blatant money grab. They've declared their priorities, and should not see another term:

    Alabama: Shelby (R-AL), Yea Strange (R-AL), Yea
    Alaska: Murkowski (R-AK), Yea Sullivan (R-AK), Yea
    Arizona: Flake (R-AZ), Yea McCain (R-AZ), Yea
    Arkansas: Boozman (R-AR), Yea Cotton (R-AR), Yea
    Colorado: Gardner (R-CO), Yea
    Florida: Rubio (R-FL), Yea
    Georgia: Isakson (R-GA), Not Voting Perdue (R-GA), Yea
    Idaho: Crapo (R-ID), Yea Risch (R-ID), Yea
    Indiana: Young (R-IN), Yea
    Iowa: Ernst (R-IA), Yea Grassley (R-IA), Yea
    Kansas: Moran (R-KS), Yea Roberts (R-KS), Yea
    Kentucky: McConnell (R-KY), Yea Paul (R-KY), Not Voting
    Louisiana: Cassidy (R-LA), Yea Kennedy (R-LA), Yea
    Maine: Collins (R-ME), Yea
    Mississippi: Cochran (R-MS), Yea Wicker (R-MS), Yea
    Missouri: Blunt (R-MO), Yea
    Montana: Daines (R-MT), Yea
    Nebraska: Fischer (R-NE), Yea Sasse (R-NE), Yea
    Nevada: Heller (R-NV), Yea
    North Carolina: Burr (R-NC), Yea Tillis (R-NC), Yea
    North Dakota: Hoeven (R-ND), Yea
    Ohio: Portman (R-OH), Yea
    Oklahoma: Inhofe (R-OK), Yea Lankford (R-OK), Yea
    Pennsylvania: Toomey (R-PA), Yea
    South Carolina: Graham (R-SC), Yea Scott (R-SC), Yea
    South Dakota: Rounds (R-SD), Yea Thune (R-SD), Yea
    Tennessee: Alexander (R-TN), Yea Corker (R-TN), Yea
    Texas: Cornyn (R-TX), Yea Cruz (R-TX), Yea
    Utah: Hatch (R-UT), Yea Lee (R-UT), Yea
    West Virginia: Capito (R-WV), Yea
    Wisconsin: Johnson (R-WI), Yea
    Wyoming: Barrasso (R-WY), Yea Enzi (R-WY), Yea

    link to this | view in thread ]

  41. identicon
    Anonymous Coward, 29 Mar 2017 @ 11:55am

    Re:

    Actually, the best thing would be to purchase a dedicated server from a reputable company with large upstreams. Install a OpenVPN server on it, and setup your home router to directly connect to it. From the OpenVPN server, you could also tunnel through TOR on a socks proxy, but it's usually incredibly slow and many sites block TOR exit relays. I've got a VyOS router up in Canada and pre-setup with a MikroTik at home just in case... IoT still will go through the VPN, but might need to put some static routes for NetFlix, AmazonPrime, et al.

    link to this | view in thread ]

  42. identicon
    Anonymous Coward, 29 Mar 2017 @ 12:01pm

    Re: regarding clean phones

    There's no phone service I know of (certainly no major carrier) that requires proprietary software to use their service.

    It's difficult to find details but I thought Ting and Project Fi work this way.

    The phones themselves tend to require proprietary software: the huge baseband (but that could be on a separate processor unaffected by reflashing) and usually the GPU drivers. Sometimes other small bits. It's often difficult to boot a mainline Linux/Android kernel on a phone; the patches are around, but may only work with specific kernels etc., and this holds back software development. If not for these things we'd likely have Debian and Ubuntu images for phones.

    link to this | view in thread ]

  43. identicon
    Anonymous Coward, 29 Mar 2017 @ 12:04pm

    Re: Re: Re: Re:

    "Are you arguing that we shouldn't have laws because people are just going to break them anyway?"

    No.

    I am saying in the absence of real penalties and/or enforcement; I would rather no regulation at all as it provides the people with a false since of security.

    It takes years to catch, build a case, and successfully bring sanctions on a company. By then the damage is done. I believe that the only way to enforce real privacy is to remove the financial benefit by making it expensive and difficult, regardless of if it's legal or not, for these corporations, and for that matter the Gov, to break the law.

    When our politicians law making is driven by the money provided from the Corporations that they then pretend to regulate, how do we truly expect them to have the peoples best interest in mind when they write these laws?

    link to this | view in thread ]

  44. identicon
    Anonymous Coward, 29 Mar 2017 @ 12:04pm

    Re: Re: regarding clean phones

    proprietary software: the huge baseband (but that could be on a separate processor unaffected by reflashing)

    Phone architectures vary, but the processor running the baseband might have control over the application processor (where you'd be running a "clean" image). Carriers might be able to update that, either officially or via bugs/exploits. Few people have looked closely at baseband code, meaning it's probably full of bugs. Those who need strong crypto should make sure the baseband can be isolated.

    link to this | view in thread ]

  45. identicon
    Anonymous Coward, 29 Mar 2017 @ 12:21pm

    Re:

    Every single one of them == (R).

    link to this | view in thread ]

  46. identicon
    Anonymous Coward, 29 Mar 2017 @ 12:22pm

    Re:

    If they ban VPN, you just igonore the ban and use your VPN anway

    link to this | view in thread ]

  47. identicon
    Anonymous Coward, 29 Mar 2017 @ 12:29pm

    Re:

    everything is collected, the idea that because you are american it isnt is bullshit, in the usa everything is collected , search William Binney or Bill Binney

    link to this | view in thread ]

  48. identicon
    Anonymous Coward, 29 Mar 2017 @ 12:32pm

    Re: Meanwhile on the limbus of the darknet

    most of that is complete bullshit , the data collect has stop zero attacks , pedos are far and few , and can hide one way or another, believing these are there targets is delusional

    link to this | view in thread ]

  49. identicon
    Anonymous Coward, 29 Mar 2017 @ 12:44pm

    It's not perfect...

    But it's at least something. What's the alternative Karl? Give up and let the ISPs have open season on our data?

    Please, if you have any other ideas about how some of us can regain a modicum of privacy if VPNs aren't the answer I'd love to hear it.

    link to this | view in thread ]

  50. icon
    Alphonse Tomato (profile), 29 Mar 2017 @ 12:45pm

    Re: The title is misleading; it's not black or white

    There are vendors who will sell you a router preconfigured for your VPN service. (PIA's website has a link to this vendor.) And most VPN services will provide instructions on how to configure a router.

    link to this | view in thread ]

  51. identicon
    Anonymous Coward, 29 Mar 2017 @ 12:47pm

    Re: Re:

    That is a bad idea, because the traffic out of the VPN is identifiably yours, unless you allow other to also use the VPN. For there to be any use in a vpn, it has to be mixing traffic from multiple users, and in a way that they cannot easily tie input packets to output packets.

    Similarly, a home VPN hides your traffic from other on the public WiFi hot-spot, while also ensuring that your ISP gets a more complete history of your Internet usage.

    link to this | view in thread ]

  52. icon
    lgm (profile), 29 Mar 2017 @ 1:09pm

    Re: The title is misleading; it's not black or white

    Many VPN vendors do sell routers setup for their service.

    link to this | view in thread ]

  53. identicon
    Anonymous Coward, 29 Mar 2017 @ 1:27pm

    Re: Re:

    also a VPN ban would be hard to enforce and a lot of businesses use them

    link to this | view in thread ]

  54. identicon
    Anonymous Coward, 29 Mar 2017 @ 1:34pm

    Where was the outrage?

    Wireless providers have been doing the same thing for years, and with location data which is much more sensitive.

    link to this | view in thread ]

  55. icon
    Uriel-238 (profile), 29 Mar 2017 @ 1:59pm

    Re: Re: Meanwhile on the limbus of the darknet

    ...Believing these are their targets is delusional

    Not the targets of ISPs doing deep-packet scans, (or triangulating to link devices to a common identity or scanning for medical keywords or... or...) Rest assured they just want to assemble marketing profiles to sell. If those profiles are useful to law enforcement (and allow agents an end run around fourth-amendment protections well...)

    But I was commenting on how the narrative changes with the stakeholders.

    Not long ago agency officials and legislators alike were hewing and crying over the internet going dark thanks to a wider adoption of crypto.

    At the time the concern was phone encryption defaulting to on when a fresh phone was configured.

    Rumors of (exempli gratia) ISPs selling end-user cyber-data-based medical profiles to health insurance companies will motivate a wider adaption of encryption, such as that used to secure a VPN tunnel, which runs contrary to the OMG! Anarchists! Lunatics! Terrorists! rhetoric we've heard before regarding how we should mandate crypto hobbling. And discourage crypto implementation.

    It doesn't matter that terrorists don't seem to need crypto.

    It doesn't matter that web-traffic scanning doesn't catch very many bad guys.

    Our intelligence and law-enforcement agencies want to listen in.

    It used to be a non-partisan issue, in which those who opposed strong end-user security and privacy protections and those who endorsed them were not divided along party lines, but tech-savvy lines.

    But now it's different.

    link to this | view in thread ]

  56. identicon
    Thad, 29 Mar 2017 @ 4:27pm

    Re: Re: Re: Re: Re:

    When our politicians law making is driven by the money provided from the Corporations that they then pretend to regulate, how do we truly expect them to have the peoples best interest in mind when they write these laws?

    I absolutely agree on that, but I find your "no regulation at all is better than good regulations with insufficient enforcement" argument counterintuitive.

    I think the public is well aware that companies frequently violate regulations, and does not see "it's illegal for a company to do that" as a guarantee that companies won't do that. But a regulation -- a good one, at least -- is a recognition of a risk and an attempt to mitigate it.

    Certainly most of the public doesn't have a deep understanding of the issues here; most people are probably aware that Google and Facebook sell their data to advertisers, but don't know details (like Google Analytics code on third-party websites, Facebook tracking you even if you don't have an account, etc.). They may know how to install an adblocker, but probably don't take additional steps like Privacy Badger or HTTPS Everywhere, let alone more technical solutions like NoScript or a VPN.

    I'm seeing people in these conversations say "Take ownership; protect your privacy yourself." That's fine advice for people who read Techdirt. It's not good advice for most people. As I said in the other thread, you can't expect your grandparents to set up a VPN.

    My read is that that's more or less what Karl means in the headline: a VPN isn't a solution, it's treatment of one symptom, by a tiny minority of users who understand both the political and technical issues at play here.

    link to this | view in thread ]

  57. identicon
    Anonymous Coward, 29 Mar 2017 @ 4:59pm

    Re: Re: Re: Re: Re: Re:

    They say proof is in the pudding and Trump and the GOP are dealing up a massive helping right now.

    "no regulation at all is better than good regulations with insufficient enforcement" argument counterintuitive."

    I don't understand. Having regulation with insufficient enforcement by definition creates a false since of security. Right?

    Whatever privacy protections we thought we may have had are gone, or soon to be. Had we taken ownership before, and not relied on the government to do so, maybe it wouldn't matter as much as the private sector tools would be more main stream. If it were commonly known that your privacy were up for grabs, that the regulation really didn't have any teeth, it would create a demand among consumers. Would company's then not be competing for privacy market share? I could argue that this may/could be responsible for more advanced privacy tools. Perhaps what Trump is doing now would be inconsequential? My only point is; Reliance on the Government for privacy will be subject to the whims of whoever is running the Government. IMO Allowing the private sector to develop and deploy privacy offerings, historically speaking, has far outpaced any legislation or governmental regulations.

    link to this | view in thread ]

  58. identicon
    Anonymous Coward, 29 Mar 2017 @ 5:13pm

    Re: Re: Re:

    Also, there are Internet users near the Canadian border who do use wireless ISPs in Canada, because normal broadband is not available, and newer computers cannot do dial-up.

    There is no way the US can enforce a VPN ban on a Canadian ISP. Canadian wireless ISPs are not subject to American laws, even if any of their customers are Americans.

    link to this | view in thread ]

  59. identicon
    Thad, 29 Mar 2017 @ 5:37pm

    Re: Re: Re: Re: Re: Re: Re:

    I don't understand. Having regulation with insufficient enforcement by definition creates a false since of security. Right?

    Maybe, for some people who fall into a weird sort of informational middle-ground where they're informed enough to know that regulations exist but not enough to know how they're applied. I'm not sure how that segment of population would fare any better if there were no regulation.

    Besides which point, weak regulations and enforcement can pave the way for better ones. A step forward is a step forward, even if it's not as far a step as we'd like.

    Whatever privacy protections we thought we may have had are gone, or soon to be. Had we taken ownership before, and not relied on the government to do so, maybe it wouldn't matter as much as the private sector tools would be more main stream. If it were commonly known that your privacy were up for grabs, that the regulation really didn't have any teeth, it would create a demand among consumers. Would company's then not be competing for privacy market share? I could argue that this may/could be responsible for more advanced privacy tools.

    Then why didn't that happen before the regulations were passed?

    IMO Allowing the private sector to develop and deploy privacy offerings, historically speaking, has far outpaced any legislation or governmental regulations.

    How do you figure? US law has been protecting individual privacy for literally centuries, from the Fourth Amendment to HIPAA.

    link to this | view in thread ]

  60. identicon
    Anonymous Coward, 29 Mar 2017 @ 6:35pm

    Re: Re: Re: Re: Re: Re: Re: Re:

    "How do you figure? US law has been protecting individual privacy for literally centuries, from the Fourth Amendment to HIPAA."

    Successfully? I don't think so. Look at the ATT data hub located in plain site. Aside from that, there are plenty of examples of the Gov violating the very privacy they claim to be protecting, same with the corporations. Why then are the private sector tools so successful? Why do Corporations rely so heavily on VPN's? Government regulation is far behind, and a mediocre protection at best. Let see what the GOP does to these "Regulations" and then have this conversation again. That in itself is proof positive that privacy is at the whim of those in charge. The people that relied on the Government to protect their privacy are now what? Unprotected? Behind at best? If they would have owned their own privacy, would what the GOP is about o do did matter as much?

    I don't have to justify my position, the current administration is doing it for me. The GOP is about to sell out our privacy. Make all the arguments you want, the proof is right in front of you.

    link to this | view in thread ]

  61. identicon
    Spica, 29 Mar 2017 @ 6:59pm

    Re: Re:

    If they ban VPN, you just igonore the ban and use your VPN anway

    And lose your internet access. Good plan there.

    /s

    link to this | view in thread ]

  62. identicon
    Anonymous Coward, 29 Mar 2017 @ 7:01pm

    Re: Re: Re: Re:

    > There is no way the US can enforce a VPN ban on a Canadian ISP.

    Another "so just move to another country" type nut.

    link to this | view in thread ]

  63. identicon
    Anonymous Coward, 29 Mar 2017 @ 7:08pm

    Re: Re: Re:

    If the server is not in the United States, it is not subject to U.S. laws.

    link to this | view in thread ]

  64. identicon
    Anonymous Coward, 29 Mar 2017 @ 7:10pm

    Re: Re: Re: Re: Re:

    What I am talking about is being in northern parts of Idaho and Montana, and usoing a wireless ISP out of Canada, which some do, because it is the only Internet they can get.

    U.S. laws cannot be applied to Canadian ISP, even if some of their customers are Americans.

    link to this | view in thread ]

  65. identicon
    Anonymous Coward, 29 Mar 2017 @ 11:04pm

    Re: Re: Re: Re:

    Which gives you even less protection from US spying efforts.

    Also, unless the country the server is in has stronger privacy laws, the ISP who services that server will be able to gather your Internet history, and locate you as being in the US. So you need to check very carefully the laws of the country where the server is located, and also that countries relationship to the US with regards to the sharing of data gathered by the intelligence services. Oh, and make sure it is not the same company servicing the server as providing your home Internet connection.
    VPN's work well for what they are Intended for, to allow authorized access to a private network from outside that network, i.e. home working to a corporate network. They are also useful for road warriors who have to rely on public and hotel WiFi etc. TOR is the system designed to keep Internet use anonymous, which is a good way of gaining privacy; while a VPN is designed to keep private the use of a private network over a public network. These are two different solutions to two different problems.

    link to this | view in thread ]

  66. identicon
    Anonymous Coward, 30 Mar 2017 @ 12:07am

    one of the big things people need to do is make sure their vpn doesn't leak ip or dns. no one seems to be mentioning this.

    link to this | view in thread ]

  67. identicon
    Jon Doe, 30 Mar 2017 @ 1:30am

    Re: It's Not Easy, Nor The Default

    They have sold us down the river. And you are correct, I have no idea how to do a VPN, I have never doen one... the more I look the less I want to.... it is all mess.

    Who wants to live in a world where these are the rules? The Escalating whoring out everyone for a buck. And all the lies they tell saying how they would never do this, as they do this.

    At what point does all this tracking and target marketing change people? Change us for the worse. It is like setting up a camera taking video of everyone in the room at a wedding reception. Everyone knowing the camera is recording changes how everyone acts normally.... and it ruins it.

    All of this tracking and knowing we are tracked is going to end badly. fkthis I hate everyone and I hate everything.

    Time to log off and go away.

    link to this | view in thread ]

  68. icon
    Uriel-238 (profile), 30 Mar 2017 @ 6:45am

    Use a VPN anyway

    Some VPN software is set up to have features to allow dissidents in oppressive regimes to tunnel out of their zone without looking like they're tunneling out of their zone.

    VPN use slows reduces your bandwidth, and stealthing reduces it even further, but it's something, especially when you're trying to report about conditions behind great firewalls.

    And yeah, the US is really trying hard to become the next oppressive regime.

    link to this | view in thread ]

  69. This comment has been flagged by the community. Click here to show it
    identicon
    Sesli, 30 Mar 2017 @ 6:45am

    sesli chat

    Web üzerinde sesli chat sohbet etmenize ve görüntülü olarak konuşma yapmanıza olanak sağlar.

    link to this | view in thread ]

  70. identicon
    Anonymous Coward, 30 Mar 2017 @ 6:52am

    Re: Re: Re:

    If you have a privacy-mined VPN who refuses to comply with such a ban, that would work.

    link to this | view in thread ]

  71. identicon
    Anonymous Coward, 30 Mar 2017 @ 9:53am

    Another problem the US will have if it tried to ban VPNs is two nations that could come into being in the next few years. The Republic Of Pacifica (Washington, Oregon, Calfiornia) and an independent Baja California could make enforcement difficult. VPN providers could set up shop in either country and be beyond the reach of US authorities.

    link to this | view in thread ]

  72. identicon
    Thad, 30 Mar 2017 @ 10:47am

    Re: Re: Re: Re: Re: Re: Re: Re: Re:

    Successfully? I don't think so.

    Again, how do you figure? Because it's not 100% effective in 100% of all cases? Again, that's a standard that no law, ever has been able to meet.

    (Maybe the Third Amendment, I guess.)

    Do you have any doubt whatsoever that there would be more violations of privacy if we didn't have the Fourth Amendment? That our medical records would be for sale to absolutely everyone if it weren't for HIPAA?

    Let see what the GOP does to these "Regulations" and then have this conversation again. That in itself is proof positive that privacy is at the whim of those in charge. The people that relied on the Government to protect their privacy are now what? Unprotected? Behind at best? If they would have owned their own privacy, would what the GOP is about o do did matter as much?

    In other words, you're not arguing that we shouldn't have laws because people are just going to break them anyway, you're arguing that we shouldn't have laws because people are just going to repeal them anyway.

    link to this | view in thread ]

  73. identicon
    Rana, 30 Mar 2017 @ 11:39am

    Re:

    one of the big things people need to do is make sure their vpn doesn't leak ip or dns. no one seems to be mentioning this.

    A lot of people talk about that. You just aren't looking in the right places.

    link to this | view in thread ]

  74. icon
    Advocate (profile), 30 Mar 2017 @ 1:43pm

    Re:

    First you pay your taxes, then you pay to undo what your taxes have done.

    link to this | view in thread ]

  75. identicon
    Anonymous Coward, 30 Mar 2017 @ 3:02pm

    ISP 'safer' than VPN?

    "In general, US persons today on residential broadband are safest not using a VPN. This may be changing, hence the renewed interest. Still, this is the status quo."

    I don't understand the reasoning behind this statement on Riggle's post. I missed any points that supported this notion.

    I guess it probably comes down to what exactly 'safest' means (?). You could pick a bad/malicious VPN provider and you would have been better off not having a VPN...but if you're worried about privacy...and you choose a VPN that has a common end point, I don't see how that's not better than letting an ISP sift through your page requests/content.

    link to this | view in thread ]

  76. identicon
    Sualocin, 30 Mar 2017 @ 3:38pm

    Re: ISP 'safer' than VPN?

    I missed any points that supported this notion.

    That could be because there weren't any.

    link to this | view in thread ]

  77. identicon
    ToVPNorNotToVPN, 31 Mar 2017 @ 8:37am

    How to shop for a VPN

    Brian Kreb's has a write up on what to look for in searching for a VPN. Good reading for those going this route.

    https://krebsonsecurity.com/2017/03/post-fcc-privacy-rules-should-you-vpn/

    link to this | view in thread ]

  78. identicon
    Anonymous Coward, 31 Mar 2017 @ 11:52am

    Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

    I can see we will have to agree to disagree. You have it embedded in your mind that I"m some kind of anarchist or something. Your taking my opinion on a single issue, and spreading it across a massive generality. I believe the term is creating a "straw man" argument.

    In the case of privacy, where laws are somewhat behind even before they are implemented. I believe that a market brought solution will ALWAYS be better than a Government mandated one. The main reason is because of exactly what is happening right now. They CAN be repealed depending on the whim of whoever is in charge, and in this case, even before they are implemented. That doesn't mean I think we should resort to the wild west, or that it should be every person for themselves. But on this particular issue, the Government seems more in the way to me than helping... and for that matter a little behind.

    I read the write up's on the regulation, a few opinion pieces, and parts of the regulation itself. I agree with some of the opinions in so much that a user can achieve THE EXACT SAME THING, using market brought solutions. I think we should focus more on education and development of these market brought solutions not just to solve this issue, but the next and the next moral panic as well and not resort to relying on the Government, who in itself, has been proven untrustworthy.

    link to this | view in thread ]

  79. identicon
    Thad, 31 Mar 2017 @ 5:31pm

    Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re:

    Your taking my opinion on a single issue, and spreading it across a massive generality. I believe the term is creating a "straw man" argument.

    That's not what a strawman is at all, but you've ironically managed to make a strawman of me using a strawman, so nice job on that.

    I believe that a market brought solution will ALWAYS be better than a Government mandated one.

    Depending on market solutions is exactly why we're in this mess in the first damn place, anon. The market has created this problem, because there's a profit incentive for selling private data without users' permission. And, simultaneously, the free market has failed us, because there is no free market in broadband internet in the US.

    I read the write up's on the regulation, a few opinion pieces, and parts of the regulation itself. I agree with some of the opinions in so much that a user can achieve THE EXACT SAME THING, using market brought solutions.

    It doesn't matter how many capital letters you use, this article has already explained at length why using a VPN is not the same thing as protecting your data from sale.

    I think we should focus more on education and development of these market brought solutions not just to solve this issue, but the next and the next moral panic as well and not resort to relying on the Government, who in itself, has been proven untrustworthy.

    You know who else has been proven untrustworthy?

    THE PRIVATE COMPANIES THAT YOU KEEP INSISTING ARE GOING TO SAVE US.

    link to this | view in thread ]

  80. identicon
    Emily Jones, 1 Apr 2017 @ 1:20am

    Re:

    The internet has gone mad over this incident, where people are arguing about the consequences of this act by the Senate & House of Representative. In my view, this actually made them aware of what these ISPs & Carrier were doing since decade. Users were already been tracked and now they have just made it official. However, tech geeks like me already were under protection through VPN like PureVPN, Ivacy etc.

    link to this | view in thread ]

  81. identicon
    Anonymous Coward, 23 Apr 2017 @ 5:56pm

    Re:

    Capitalism is a cancer.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.