Web users need to take the initiative and read the privacy policies of the privacy platforms they

As Online Privacy Becomes Commercialized, Consumers Need to Get Educated

Commercial Virtual Private Networks (VPNs) are playing an increasing role in the current battle between privacy-conscious web users and government agencies seeking to increase their surveillance reach. But as online privacy becomes yet another product, ready to be branded and packaged, the problem of dishonest vendors, and a lack of education amongst customers, threatens to undermine any real benefit the market can bring.

Since the PRISM revelations, VPN usage is on the increase. IVPN saw an increase in sign-ups of around 56% in the two months following Edward Snowden's revelations. Other VPNs also reported an increase in business (as did privacy-orientated search engine DuckDuckGo). On the face of it, this is great news. More web users are starting to take online privacy seriously and are aware their private data is no longer (or never was) secure. But it also highlights a lack of education amongst web users. Why? Because VPNs will do virtually nothing to protect your data from the kind of surveillance outlined in the leaked PRISM documents.

The whole point of PRISM was to create backdoors into the web's most popular services, such as Google, Yahoo and Facebook. These backdoors allowed the NSA to intercept user data and harvest their information. That information could then be linked to the user's account and identity. VPNs can prevent an eavesdropper knowing a user's location and IP address, and prevent an ISP from recording your internet activity, but once you've signed up for a Gmail account you're on your own––that data is stored on Google's servers and is accessible by anyone who may have a backdoor onto those servers.

Web users need to take the initiative and read the privacy policies of the privacy platforms they're signing up for.

So, there is evidently a danger of web users not being properly educated on how to protect their data and a risk that VPN companies will exploit the climate of fear generated by the PRISM revelations, offering a wrong solution to the problem. Indeed, some VPNs have been less than honest when it comes to promoting their services in other ways. For instance, one of the key reasons to use a VPN––as touched on above––is its ability to avoid the data retention practices of an ISP. Nearly all ISPs will retain user data for a set period of time in the United States, and every ISP in Europe is forced by law to retain data for the entirety of a users' subscription and up to two years after the subscription ends.

VPNs are able to get around the above by wiping their logs of user activity regularly and reducing the period of data retention to, in some cases, minutes. The problem is not all VPNs actually state how regularly they wipe user data, and when you look closely at their privacy policies, you'll find some of the most popular services retain data for just as long as a regular ISP. Some of the biggest VPNs on the market may retain user data for two years, whereas others may only retain information for a few months.

It's therefore very important for web users to understand what kind of online privacy they are getting for their money and whether or not that service is actually offering the kind of protection they expect. Organizations such as the Electronic Frontier Foundation do a great job at educating the public on these matters, but web users also need to take the initiative themselves and actually read the privacy policies of the privacy platforms they're signing up for. 

About the Author

Nick Pearson is CEO of IVPN.

Featured

  • Evolving Cybersecurity Strategies: Uniting Human Risk Management and Security Awareness Training

    Organizations are increasingly turning their attention to human-focused security approaches, as two out of three (68%) cybersecurity incidents involve people. Threat actors are shifting from targeting networks and systems to hacking humans via social engineering methods, living off human errors as their most prevalent attack vector. Whether manipulated or not, human cyber behavior is leveraged to gain backdoor access into systems. This mainly results from a lack of employee training and awareness about evolving attack techniques employed by malign actors. Read Now

  • Report: 1 in 3 Easily Exploitable Vulnerabilities Found on Cloud Assets

    CyCognito recently released new research highlighting critical security vulnerabilities across cloud-hosted assets, revealing that one in three easily exploitable vulnerabilities or misconfigurations are found on cloud assets. As organizations increasingly shift to multi-cloud strategies, the findings underscore significant security gaps that could provide attackers with potential footholds into networks. Read Now

  • Built for Today, Ready for Tomorrow

    Selecting the right VMS is critical for any organization that depends on video surveillance to ensure safety, security and operational efficiency. While many organizations focus on immediate needs such as budget and deployment size, let us review some of the long-term considerations that can significantly impact a VMS's utility and flexibility. Read Now

  • Paving the Way to Smart Buildings

    In today's rapidly evolving security landscape, the convergence of on-prem, edge and cloud technologies are critical. The physical security landscape is undergoing a profound transformation, driven by the rapid digitalization of buildings and the evolving needs of modern organizations. As the buildings sector pivots towards smart, AI and data-driven operations, the integration of both edge and cloud technology has become crucial. Read Now

  • The Cybersecurity Time Bomb

    If you work in physical security, you have probably seen it: a camera, access control system, or intrusion detection device installed years ago, humming along without a single update. It is a common scenario that security professionals have come to accept as "normal." But here is the reality: this mindset is actively putting organizations at risk. Read Now

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.