To VPN or Not to VPN

vpn-diagramTo VPN or Not to VPN, that is the question: a reader asks…

Quick question for you: Should I get VPN service for any/all my devices? I’ve seen a few offers online for lifetime VPN service for a one-time cost.

The short answer is that at this point, most US consumers shouldn’t switch to a VPN. Congress recently passed and the President signed a resolution to repeal Obama-era  FCC rules that were intended to protect consumers from privacy invasions. Specifically, the rule would have forced Internet service providers (ISPs) like Comcast, AT&T, Verizon, and Time Warner Cable to get your permission before selling or otherwise using private data on your use of their services, and would have forced the ISPs to protect your private data from hackers.

fcc-logoThat FCC rule was not yet in effect, it was due to go into effect later in 2017. Now it’s dead and gone, and ISPs are free (as they’ve always been) to do whatever they want with your private data, without even telling you much less asking your permission. Worse, the new resolution actually prevents the FCC from enacting any new privacy rules in the future. This essentially de-fangs the FCC from protecting your privacy now and in the years to come. And the truth is that your ISP has been collecting info on you for many years now, and selling the aggregate data.

It’s still unclear exactly what this FCC rule rollback means to you. The news has been afire with talk about everybody using VPNs, and there are several low-cost VPN deals being touted now, to hook consumers into spending a little cash for potentially nothing. There are a lot of VPN service providers out there, and many of them are going to be an even bigger privacy risk to you than your ISP. In the VPN world, you pretty much get what you pay for, with quality VPN service running tens of dollars monthly per user. Free VPN services are generally very slow, buggy, and their privacy is catch-as-catch-can.

vpn-office-diagramI can tell you that businesses use VPN a lot to support remote workers. It’s not a trivial undertaking to set it up, and it definitely has an impact on the speed of your internet connection. Having all your internet communication go through a VPN server somewhere is really overkill for the type of privacy that most consumers want. What you really want is to keep your website browsing private, but I have to tell you, if you use Google Chrome or search with the Google Search engine, Google already has and is using your browsing habits for advertising, but keeping your personal info private and safe (at least according to their EULA). Same for if you use Facebook, or most any social networking – they are collecting info about you and selling it to anyone willing to pay the price. Not your individual information, but information in aggregate without personally identifiable markers.

Advertisement

Already there are hopeful signs that your ISP might provide at least as much privacy protection for you as Google does. Verizon, Time Warner, Cox and Comcast have all come out with statements that sound reasonable. But I suspect in the legalese, your personal information is always going to be at risk. No more and no less than before the FCC rule rollback.

I’m seeing hopeful signs that software developers will come to the rescue here. Besides turning on security features in the mainstream web browsers, there are some new privacy developments. For example, developers are working on privacy-centered web browsers (see my recent article More Secure Surfing), and I’m seeing more along those lines coming down the pike, such as:

  1. brave-web-browser-logthe Opera web browser now has unlimited free VPN built-in, see https://www.opera.com/computer/features/free-vpn
  2. A new browser, Brave is being built with privacy first and foremost, see https://brave.com/

I’m betting that the next few months will reveal a lot of activity in this area, with even the established web browser developers (Google Chrome, Mozilla Firefox, perhaps even Apple Safari and Microsoft Edge) building more privacy-enhancing capability in their web browsers. While it may look attractive to buy a low-cost VPN license being advertised now, I think that will be for the most part, wasted money.

The performance hit for using a VPN is going to be especially critical to a consumer’s online experience. Your computer is constantly communicating with the operating system and installed software developer websites (for updates to the OS and apps), and communicating with your email service provider and more/most websites is now done using SSL (the ‘s’ in https://…), so an awful lot of daily internet use you really don’t want to run through a VPN. And much of your web browsing isn’t going to be of such a nature that you really care whether it’s tracked or not.

So here’s what I’d suggest. First, download and install the Opera web browser. Run it and Click Menu > Settings > Privacy & Security and check the Enable VPN box. Now, anytime you want to surf the internet privately, use the Opera web browser. Otherwise use your current web browser.

This website runs on a patronage model. If you find my answers of value, please consider supporting me by sending any dollar amount via:

Click or tap to open a new browser tab or your Venmo app and send money via Venmo to @positek
(@PosiTek)

Click or tap to open a new browser tab or your Paypal app to send money via your Paypal account to support@positek.net
(Support@PosiTek.net)

Click or tap to open a new browser tab or your Paypal app to send money using your credit card to support@positek.net (no Paypal account required)
(using any credit card)

or by mailing a check/cash to PosiTek.net LLC 1934 Old Gallows Road, Suite 350, Tysons Corner VA 22182. I am not a non-profit, but your support helps me to continue delivering advice and consumer technology support to the public. Thanks!

2 Comments

  1. Li Gardner

    What most people don’t realize is that the VPN is point-to-point. Meaning, it’s only in effect from your computer to the VPN location, after which your traffic (data) is again in the clear.

    VPN services are great for obfuscating your location, but it can’t encrypt your traffic all the way to your bank (unless your bank provides the VPN).

    So, if you do subscribe to a VPN service, be sure to keep using all the other safe computing practices. Make sure your final destination uses https, and that two-factor authentication (2FA) is required by your bank or health care provider, or other site that holds your private info.

    Even Google offers 2FA.

    p.s., Always use 2FA wherever it is offered, and especially if you use public internet access points (like your favorite coffee shop). And, pester your bank to make it available if they don’t already.

Leave a Comment

Your email address will not be published. Required fields are marked *

For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

This site uses Akismet to reduce spam. Learn how your comment data is processed.