A question of security and privacy
As 2017 rolls in we are finding ourselves faced with some new risks as well as variants of old risks. We know all too well that hacking and security breaches are becoming more of a โwhenโ rather than an โifโ scenario. So, with that, we need to consider a more proactive approach to securing our Intellectual Property and privacy, more than ever before. This holds true for not only our professional activities but also in our private lives. On the professional side, our employers have a vested interest in helping make that happen, but that protection doesnโt extend to the activities in our private lives.
Until recently, Internet Service Providers (ISPs) in the United States were somewhat regulated with regard to the information they gather and share about our online activities. However, there have been changes to those regulations recently. Individuals can no longer count on even minimal regulations to work in our favor and protect the privacy of our online activities. Some ISPs have stated that they would not capitalize on this new revenue stream, but letโs be honest, when faced with millions or even billions in potential profit, will they really step back from the dollar signs?
Advantages and disadvantages
This article is not intended to argue the merit of the regulation changes. It instead will focus on how VPNs (Virtual Private Networks) can play a role in securing the privacy of our online activities. When discussing that, itโs also important to acknowledge the challenges VPNs could cause in keeping IT environments secure. As with most things, there are definite advantages and disadvantages.
First letโs review, at a high level, what VPNs are and what they offer us. A VPN is as it sounds, a โprivateโ channel through which we can communicate and/or transmit data to another entity in the Internet. The idea is to make it as though both end points are within the same private and secured environment whereby nobody, in theory, can monitor the data/information exchange. This is especially the case when using public WiFi & networks at hotels, airports, restaurants, coffee shops etc. These are considered some of the most vulnerable networks to have information intercepted and/or your device compromised.
When communicating across public networks, like Wifi and Internet, itโs difficult to ensure any level of privacy or security without something like a VPN in place. The VPN can accomplish this through different technological methods. I wonโt get into these methods, as the subject is too technical for this article. The main thing to understand about VPNs is that they enable secure and private communication that canโt be spied upon by outsiders. Of course there are always weaknesses and breaches, but letโs ignore that as well for the purpose of this article.
Where in the world are you?
A side note to the capability of VPNs is that you can spoof your physical location. By this I mean that depending on which VPN you use, you could โlook likeโ youโre in a different state or country to the entity that youโre communicating with. Many people use VPNs for this reason so that they can access online media that is not allowed/permitted in their geographical location. For example, sporting events are often โblacked-outโ in the region in which they are being played preventing regional viewers from viewing/streaming them. If your VPN has an โexit locationโ elsewhere in the world however, you might be able to stream the event even though you are right down the road. The broadcaster will think you are elsewhere in the world and hence permit it.
Now back to the objective, VPNs, I believe will become a standard component of our online life. Itโs becoming more evident that we canโt expect for-profit organizations to resist monetizing our personal information more than they already do. Until now, the concern had been primarily with the end points, websites & the companies that operate them, to keep our information private and secure. Thatโs changing and so should your protection posture.
Who can see your information?
We now have to worry about EVERY entity in the middle who handles our information or tries to intercept it. The major difference is that we canโt control this part of the exchange. We canโt control how itโs transmitted or through whom itโs transmitted. If we donโt want our activities on a questionable site to be exposed, we either avoid the site or find one that has an acceptable privacy policy. We canโt do that with ISPs, they route our traffic in the manner that they choose and we have to accept it, or stay offline which isnโt realistic.
Setting up a VPN is fairly straight forward and they donโt really cost a lot. When you consider the alternative, public exposure of your online activities, theyโre actually a very inexpensive option. The decision on which one to use is very important however, because like websites, they each have their own policies and practices with regard to how they handle your data. When choosing one, be sure to look at the practices and policies around each of the following three areas:
- Privacy
- Security
- Geographical Blocking
Prioritize which one of the three areas is most important to you and then do your research before picking one to use.
What is more important to you?
For privacy, you want to see how they share information with partners and whether or not they log your online traffic. Make sure you understand what their jurisdiction limitations are. For example, are they located in a country listed as one of the โ14 Eyesโ countries in a Global Mass Surveillance agreement? What personal information do they retain in regard to payment information (i.e. name, address etc) or will they accept BitCoin and gift cards? Of course, you must also know what technology protocols they use and whether or not they are reliable.
With regard to security, many of the same privacy focuses are applicable. In addition though, the types and strength of encryption are major components of your selection process. Security can become a more technical decision since you will see and need to understand how the VPN handles the details of Internet protocols and tunneling/blocking of them. Youโre going to see descriptions including abbreviations like SSL, HTTPS, IPSec, L2TP, PPTP, SSH and others. You donโt need to know the comprehensive details of each, but you should, at minimum, understand what they are and what they do as a non-technologist in order to make an informed decision.
Lastly, if geo-blocking is your primary driver for a VPN, and security or privacy are not a significant concern, your decision is much simpler and straight forward. For this, you merely need to find a VPN provider who is outside your region/country and set up an account with them. The key term youโre looking for is โexit locationโ signifying where it will look like you are coming from/residing in. Note that, if you do decide to use a provider in a different country, you are permitting them to see and potentially disseminate information about your online behavior. I strongly suggest that even if this is your primary driver, you expend the energy to select a provider who also ensures a considerable amount of privacy and security. You may otherwise be exposing yourself to identity theft and breaches/hacks.
Simple research, but an important decision
As you can see, itโs a fairly straight forward research effort to determine what type of VPN capability is most important to you. The decision, however, is an important one that you need to invest time in making, which includes whether it covers all your devices or only certain operating systems.
Now imagine if you are a corporate risk manager, how do you ensure the individual communicating with you is who they claim to be and are where they claim to be? If youโre a cyber security specialist, how do you keep your employees or citizens safe if everyone online is exchanging information via VPN enabled communications? These are the challenges our security experts face every day and it will only get harder as more people shield their activity and identity from peering eyes. Sometimes ethically, sometimes unethically.
The divide between our online and offline existence is becoming virtually nonexistent. In the coming years with the continued expansion of IoT devices, there will be no descriptor distinguishing on vs off line activity. Every action we take will somehow interact or engage an entity elsewhere in the world that will ask for some aspects of personal information. We need to establish a more proactive posture in our personal lives. We need to take major steps forward with regard to how we share that information beyond simply asking who is requesting it. The exchange itself needs to be secured and VPNs are a mechanism for that, which we donโt utilize nearly enough today. That has to change and it will only change when we all acknowledge the dangers of not doing so.
VPN Informational Resources:
U.S. Senate Votes To Repeal Obama-Era Internet Privacy Rules: www.npr.org/sections/thetwo-way/2017/03/23/521253258/u-s-senate-votes-to-repeal-obama-era-internet-privacy-rules
How VPNs Work: www.computer.howstuffworks.com/vpn.htm
Is your VPN provider in a โ14 Eyesโ country? This is something you should know: www.my-private-network.co.uk/vpn-provider-14-eyes-country-something-know
That One Privacy Site: www.thatoneprivacysite.net/vpn-section/
VPNs: What They Do, How They Work, and Why You’re Dumb for Not Using One: www.gizmodo.com/5990192/vpns-what-they-do-how-they-work-and-why-youre-dumb-for-not-using-one
VPNs for Beginners โ What You Need to Know: www.bestvpn.com/blog/38176/vpns-beginners-need-know
