In late March Congress repealed regulation that the FCC set up that prevented Internet service providers from collecting and selling information about their customers without their consent. Rightfully many people are pretty upset over this. Security blogger Brian Krebs points out that this repeal changes nothing day today. That is because as of right now the rules that were repealed never actually took effect yet. I would go a step further and say if someone is only now concerned about this issue they likely won’t take the right steps to protect themselves anyway.
I applaud people’s concerns. They should be concerned. That being said several people have recently asked me questions about VPN setups. That might solve issues regarding your ISP collecting data about you however it does not prevent all the other companies that are collecting data about you.
When I talk about this topic with anyone I always recommend that they watch the documentary Terms and Conditions May Apply. I’m not sure how many of my friends had actually seen the documentary. It’s a disturbingly fascinating view of how your information is being collected. Thanks to my friend Andrew who pointed his documentary out to me last year.
I just finished reading The Art of Invisibility by Kevin Mitnick. I previously wrote his book the art of deception and liked it a lot. In the art of invisibility Kevin goes over the details of what you would need to do to become invisible online. In the end there’s no way I’m going to take all the steps necessary to do that. It was disturbing just to read the extent of what you would have to do in order to become truly invisible. For me I outlined in a previous post some of the steps I do to minimize my exposure.
When people ask me about what VPN provider to get or some other way to secure themselves online the question I usually ask is what is their threat model? What’s the problem they’re trying to solve specifically? I have a few threat models depending on the situation for my online behaviors. I know that I am light years ahead of what most people do however I’m also aware there are several key improvements I need to make in how I use the Internet.
I use a VPN however I don’t use it as often as I would like to. When out of my apartment I try to use it all the time unless I’m at work on my work equipment. At home I have set up my router to tunnel everything through the VPN. The challenge is I don’t use it. I have a consumer router running an open source firmware. It suffers from the same problem all other consumer routers do, it has a relatively lightweight CPU. When I run a VPN client from a computer of mine I may get near line speed of what I would get without the VPN. When I run the VPN the my router I was getting 4-8 times slower connection. This is all due to CPU constraints on the router.
To solve this problem I need to either by a commercial grade router or build my own using a computer. I’m going opt to use a low-end Zotak fanless computer and build my own router. One of the guys at work pfsense. It looks pretty good and I’m going to give it a try. Now I need to just find the time to work on it.
My recommendation to my friends is yes get a VPN. Preferably one incorporated outside of the US. I personally have been using NordVPN for over a year and have been pretty happy with it. I have recently been trying out AirVPN.. They have less options for entry points in the US however they offer some unique features with their VPN client. I also like the history of the organization and why they became a VPN provider.
I also recommend if you’re serious about your privacy to read one of the books I suggested or just watch the movie. Most people understand that stuff they’re doing online is being tracked however I don’t feel like most of my friends or the general public truly understands the extent at which you are being tracked.