A question of security and privacy
As 2017 rolls in we are finding ourselves faced with some new risks as well as variants of old risks. We know all too well that hacking and security breaches are becoming more of a “when” rather than an “if” scenario. So, with that, we need to consider a more proactive approach to securing our Intellectual Property and privacy, more than ever before. This holds true for not only our professional activities but also in our private lives. On the professional side, our employers have a vested interest in helping make that happen, but that protection doesn’t extend to the activities in our private lives.
Until recently, Internet Service Providers (ISPs) in the United States were somewhat regulated with regard to the information they gather and share about our online activities. However, there have been changes to those regulations recently. Individuals can no longer count on even minimal regulations to work in our favor and protect the privacy of our online activities. Some ISPs have stated that they would not capitalize on this new revenue stream, but let’s be honest, when faced with millions or even billions in potential profit, will they really step back from the dollar signs?
Advantages and disadvantages
This article is not intended to argue the merit of the regulation changes. It instead will focus on how VPNs (Virtual Private Networks) can play a role in securing the privacy of our online activities. When discussing that, it’s also important to acknowledge the challenges VPNs could cause in keeping IT environments secure. As with most things, there are definite advantages and disadvantages.
First let’s review, at a high level, what VPNs are and what they offer us. A VPN is as it sounds, a “private” channel through which we can communicate and/or transmit data to another entity in the Internet. The idea is to make it as though both end points are within the same private and secured environment whereby nobody, in theory, can monitor the data/information exchange. This is especially the case when using public WiFi & networks at hotels, airports, restaurants, coffee shops etc. These are considered some of the most vulnerable networks to have information intercepted and/or your device compromised.
When communicating across public networks, like Wifi and Internet, it’s difficult to ensure any level of privacy or security without something like a VPN in place. The VPN can accomplish this through different technological methods. I won’t get into these methods, as the subject is too technical for this article. The main thing to understand about VPNs is that they enable secure and private communication that can’t be spied upon by outsiders. Of course there are always weaknesses and breaches, but let’s ignore that as well for the purpose of this article.
Where in the world are you?
A side note to the capability of VPNs is that you can spoof your physical location. By this I mean that depending on which VPN you use, you could “look like” you’re in a different state or country to the entity that you’re communicating with. Many people use VPNs for this reason so that they can access online media that is not allowed/permitted in their geographical location. For example, sporting events are often “blacked-out” in the region in which they are being played preventing regional viewers from viewing/streaming them. If your VPN has an “exit location” elsewhere in the world however, you might be able to stream the event even though you are right down the road. The broadcaster will think you are elsewhere in the world and hence permit it.
Now back to the objective, VPNs, I believe will become a standard component of our online life. It’s becoming more evident that we can’t expect for-profit organizations to resist monetizing our personal information more than they already do. Until now, the concern had been primarily with the end points, websites & the companies that operate them, to keep our information private and secure. That’s changing and so should your protection posture.
Who can see your information?
Setting up a VPN is fairly straight forward and they don’t really cost a lot. When you consider the alternative, public exposure of your online activities, they’re actually a very inexpensive option. The decision on which one to use is very important however, because like websites, they each have their own policies and practices with regard to how they handle your data. When choosing one, be sure to look at the practices and policies around each of the following three areas:
- Geographical Blocking
Prioritize which one of the three areas is most important to you and then do your research before picking one to use.
What is more important to you?
For privacy, you want to see how they share information with partners and whether or not they log your online traffic. Make sure you understand what their jurisdiction limitations are. For example, are they located in a country listed as one of the “14 Eyes” countries in a Global Mass Surveillance agreement? What personal information do they retain in regard to payment information (i.e. name, address etc) or will they accept BitCoin and gift cards? Of course, you must also know what technology protocols they use and whether or not they are reliable.
With regard to security, many of the same privacy focuses are applicable. In addition though, the types and strength of encryption are major components of your selection process. Security can become a more technical decision since you will see and need to understand how the VPN handles the details of Internet protocols and tunneling/blocking of them. You’re going to see descriptions including abbreviations like SSL, HTTPS, IPSec, L2TP, PPTP, SSH and others. You don’t need to know the comprehensive details of each, but you should, at minimum, understand what they are and what they do as a non-technologist in order to make an informed decision.
Lastly, if geo-blocking is your primary driver for a VPN, and security or privacy are not a significant concern, your decision is much simpler and straight forward. For this, you merely need to find a VPN provider who is outside your region/country and set up an account with them. The key term you’re looking for is “exit location” signifying where it will look like you are coming from/residing in. Note that, if you do decide to use a provider in a different country, you are permitting them to see and potentially disseminate information about your online behavior. I strongly suggest that even if this is your primary driver, you expend the energy to select a provider who also ensures a considerable amount of privacy and security. You may otherwise be exposing yourself to identity theft and breaches/hacks.
Simple research, but an important decision
As you can see, it’s a fairly straight forward research effort to determine what type of VPN capability is most important to you. The decision, however, is an important one that you need to invest time in making, which includes whether it covers all your devices or only certain operating systems.
Now imagine if you are a corporate risk manager, how do you ensure the individual communicating with you is who they claim to be and are where they claim to be? If you’re a cyber security specialist, how do you keep your employees or citizens safe if everyone online is exchanging information via VPN enabled communications? These are the challenges our security experts face every day and it will only get harder as more people shield their activity and identity from peering eyes. Sometimes ethically, sometimes unethically.
The divide between our online and offline existence is becoming virtually nonexistent. In the coming years with the continued expansion of IoT devices, there will be no descriptor distinguishing on vs off line activity. Every action we take will somehow interact or engage an entity elsewhere in the world that will ask for some aspects of personal information. We need to establish a more proactive posture in our personal lives. We need to take major steps forward with regard to how we share that information beyond simply asking who is requesting it. The exchange itself needs to be secured and VPNs are a mechanism for that, which we don’t utilize nearly enough today. That has to change and it will only change when we all acknowledge the dangers of not doing so.
VPN Informational Resources:
U.S. Senate Votes To Repeal Obama-Era Internet Privacy Rules: http://www.npr.org/sections/thetwo-way/2017/03/23/521253258/u-s-senate-votes-to-repeal-obama-era-internet-privacy-rules
How VPNs Work: http://computer.howstuffworks.com/vpn.htm
Is your VPN provider in a “14 Eyes” country? This is something you should know: https://www.my-private-network.co.uk/vpn-provider-14-eyes-country-something-know/
That One Privacy Site: https://thatoneprivacysite.net/vpn-section/
VPNs: What They Do, How They Work, and Why You’re Dumb for Not Using One: http://gizmodo.com/5990192/vpns-what-they-do-how-they-work-and-why-youre-dumb-for-not-using-one
VPNs for Beginners – What You Need to Know: https://www.bestvpn.com/blog/38176/vpns-beginners-need-know/