Take the VPN Route with Caution

We should have seen this coming.

That online scammers are now attempting to piggyback on the confusion caused by the Donald Trump and the Republican Party's wholesale selling out of your online privacy shouldn't be too surprising: in the days after Congress passed the legislation, numerous outlets, including Motherboard, published guides on how to select and properly configure a VPN to minimize the risk of your private data being sold to the highest bidder (even if they can sometimes be difficult to use).

Satnam Narang, the Norton by Symantec security response manager, told me that "users should be skeptical on social media and via email of scammers looking to capitalize on their interest in VPNs." For a list of VPNs trusted by Motherboard, you can check out our guide here.

Motherboard's guide is right here. Lots of sites are SEOing the shit out of VPN guide pages (good luck), so I encourage you to find a few trusted sources to guide your usage decisions. Just keep in mind that if you choose to use a VPN, the company that provides it to you can see your browsing data and other Internet activity that you're obfuscating from ISPs. FYI.

It'll be illuminating to see how the VPN business fares over the next year, as using one is still a mostly confusing series of steps and setups for most consumers to navigate. And at the end of the day, will it be worth it? Which data will be sold by ISPs, and to whom, exactly? Curious not a peep has been made about this from advertisers or ISPs (probably because selling this data for direct response TV has been going on for a while now), and no one has really noticed or cared up until this point.

New York Strikes Back Against ISP Data Law

According to the New York State Senate, there is new state legislation in motion that would combat the Internet Service Provider data privacy reversal that Trump just signed into law.

Senator Tim Kennedy (D-Buffalo) has introduced legislation that would ban this practice in New York State. The common-sense legislation would prohibit ISPs from selling customer browsing history and other personal information to third parties. As a public utility regulated by New York State, internet service providers must comply with state laws and regulations. This legislation would ensure that New Yorkers continue to benefit from the privacy laws that were implemented under President Obama’s administration.

If this goes through, it'll be great for New Yorkers. Perhaps other states will follow as well. But now, perhaps a larger question looms: if the Internet is classified as a public utility by the FCC, should the data be collected by ISPs in the first place? If they are the providers, sure, they probably have a right to collect the data, and yes, this New York legislation is a solid move on preventing them from selling your personal behavioral data for monetary/strategic gain. But someone, somewhere could argue this is akin to a shopping mall monitoring how many times you've taken a leak in their restroom, or how often you visit city parks and what you do there, or, perhaps, your electric company installing video cameras in your home to watch how you use their electricity.

Congress Moves Toward Eliminating Internet Privacy Rules

In another unsurprising feat by the Republican-led Congress, "lawmakers moved to dismantle landmark internet privacy protections for individuals". It's the first move against telecommunication, Internet, and technology regulations that were established during the Obama administration.

The move means a company like Verizon or Comcast can continue tracking and sharing people’s browsing and app activity without asking their permission. An individual’s data collected by these companies also does not need to be secured with “reasonable measures” against hackers. The privacy rules, which had sought to address these issues, were scheduled to go into effect at the end of this year.

Thursday’s vote begins a repeal of those regulations. Next week, the House is expected to mirror the Senate’s action through the same Congressional Review Act procedure that allows Congress to overturn new agency rules. The House is expected to pass the resolution, which would then move to President Trump to sign.

This move clearly comes as an alarm for anyone who gives a shit about their privacy online, specifically around the behaviors of visiting websites, sharing files, updating your status, etc. And it equally came as a slap to the face to consumer advocates and "other" partisan lawmakers. Why? Because this could mean, if it's set into motion as law (and why wouldn't it?), broadband providers like Comcast would soon have the broadest view into the online habits of Americans. Without previous rules in place, these mostly technical monopoly companies would more easily be able to collect data on their customers and sell varying levels of personal/sensitive information to advertisers, health care companies, financial institutes, and other bidders. And they'd be able to do this without asking permission.

For your own sanity, I'm in the midst of drafting a guide on using a VPN (virtual private network), which is really the only practical way to safeguard against this kind of abuse. VPNs and TOR-like browsing networks allow you to visit sites and skirt surveillance and subsequent data-selling from providers by masking DNS (domain name server) queries.

As redditor ijustdobooks notes, "Even if one sticks to purely HTTPS sites, without a VPN or TOR-alike, the ISP [like Comcast] will at least know what site they visit and when. Even just that info is of great value to advertisers." Trust me, it is. Upstream/downstream traffic (which site do you visit, which site afterwards/before?) is immensley helpful in advertising, and up to this point, advertisers have typically had to rely on opt-in panel solutions like Comscore, whereby a few million people willingly allow the tracking of their online behaviors as a sample set against which to weigh larger trends. Without the previous privacy provisions, the entire US population becomes inadvertent members of an ubiquitous study by marketers and advertisers (and healthcare companies and financial institutes and, let's not forget, the government), and negates the need for a sample set entirely.

MN Police Receive Search Warrant for Anyone Who Googled a Name

As a former Minnesotan, this story piqued my attention over the weekend. Police in Edina, which is one of the metropolitan suburbs of Minneapolis, were granted a warrant that permitted them to collect information on any of the city's residents who used specific search terms (on Google's search engine), all in the spirit of locating a thief who stole $28,500.

Why, exactly, did this happen? According to the Edina police:

The complicated investigation stems from the fact the Edina police believe someone used the victim's name, date of birth, social security number and a forged passport to illegally wire the money.

That fake passport included an incorrect photo only attainable by searching the victim's name in Google images. No other search engine allegedly reveals it.

Apart from this raising considerable concerns over privacy voilations for everyone who isn't the thief, Google is taking a stand as well. The broadness of probable cause definitions is at the heart of the controversy, as this kind of thing could set dangerous precedents moving forward. A lot of information is being demanded for residents associated with looking up the name:

In addition to basic contact information for people targeted by the warrant, Google is being asked to provide Edina police with their Social Security numbers, account and payment information, and IP (internet protocol) and MAC (media access control) addresses.

A spokesperson for Google, which received the warrant, said Friday: “We will continue to object to this overreaching request for user data, and if needed, will fight it in court. We always push back when we receive excessively broad requests for data about our users.”