Web users need to take the initiative and read the privacy policies of the privacy platforms they

As Online Privacy Becomes Commercialized, Consumers Need to Get Educated

Commercial Virtual Private Networks (VPNs) are playing an increasing role in the current battle between privacy-conscious web users and government agencies seeking to increase their surveillance reach. But as online privacy becomes yet another product, ready to be branded and packaged, the problem of dishonest vendors, and a lack of education amongst customers, threatens to undermine any real benefit the market can bring.

Since the PRISM revelations, VPN usage is on the increase. IVPN saw an increase in sign-ups of around 56% in the two months following Edward Snowden's revelations. Other VPNs also reported an increase in business (as did privacy-orientated search engine DuckDuckGo). On the face of it, this is great news. More web users are starting to take online privacy seriously and are aware their private data is no longer (or never was) secure. But it also highlights a lack of education amongst web users. Why? Because VPNs will do virtually nothing to protect your data from the kind of surveillance outlined in the leaked PRISM documents.

The whole point of PRISM was to create backdoors into the web's most popular services, such as Google, Yahoo and Facebook. These backdoors allowed the NSA to intercept user data and harvest their information. That information could then be linked to the user's account and identity. VPNs can prevent an eavesdropper knowing a user's location and IP address, and prevent an ISP from recording your internet activity, but once you've signed up for a Gmail account you're on your own––that data is stored on Google's servers and is accessible by anyone who may have a backdoor onto those servers.

Web users need to take the initiative and read the privacy policies of the privacy platforms they're signing up for.

So, there is evidently a danger of web users not being properly educated on how to protect their data and a risk that VPN companies will exploit the climate of fear generated by the PRISM revelations, offering a wrong solution to the problem. Indeed, some VPNs have been less than honest when it comes to promoting their services in other ways. For instance, one of the key reasons to use a VPN––as touched on above––is its ability to avoid the data retention practices of an ISP. Nearly all ISPs will retain user data for a set period of time in the United States, and every ISP in Europe is forced by law to retain data for the entirety of a users' subscription and up to two years after the subscription ends.

VPNs are able to get around the above by wiping their logs of user activity regularly and reducing the period of data retention to, in some cases, minutes. The problem is not all VPNs actually state how regularly they wipe user data, and when you look closely at their privacy policies, you'll find some of the most popular services retain data for just as long as a regular ISP. Some of the biggest VPNs on the market may retain user data for two years, whereas others may only retain information for a few months.

It's therefore very important for web users to understand what kind of online privacy they are getting for their money and whether or not that service is actually offering the kind of protection they expect. Organizations such as the Electronic Frontier Foundation do a great job at educating the public on these matters, but web users also need to take the initiative themselves and actually read the privacy policies of the privacy platforms they're signing up for. 

  • Ahead of Current Events Ahead of Current Events

    In this episode, Ralph C. Jensen chats with Dana Barnes, president of global government at Dataminr. We talk about the evolution of Dataminr and how data software benefits business and personnel alike. Dataminr delivers the earliest warnings on high impact events and critical information far in advance of other sources, enabling faster response, more effective risk mitigation for both public and private sector organizations. Barnes recites Dataminr history and how their platform works. With so much emphasis on cybersecurity, Barnes goes into detail about his cybersecurity background and the measures Dataminr takes to ensure safe and secure implementation.

Digital Edition

  • Security Today Magazine - November December 2022

    November / December 2022

    Featuring:

    • Key Tech Trend
    • Is Your Access Control System Cyber Secure?
    • Constantly Evolving
    • The Talent Shortage
    • Looking Forward to 2023

    View This Issue

  • Environmental Protection
  • Occupational Health & Safety
  • Spaces4Learning
  • Campus Security & Life Safety