my daughter sent me this in light of the recent internet privacy bill passed by congress:

https://medium.freecodecamp.com/how-to-set-up-a-vpn-in-5-minutes-for-free-and-why-you-urgently-need-one-d5cdba361907

is this something we should all be doing? beyond my pay grade at 69 years old.

Once privacy is lost, it's impossible to recapture.

I use a VPN when I travel for work.

It helps solve two problems:
1. I can't access Google, Facebook, IG, etc in China.
2. It's a little more secure when using wifi.

The app I use is plug 'n' play. Download. Install. Pay. Open. . . . . and WAH-LAH I have the protection of Muad'Dib!

Someone more smarterer than me can probably talk the talk about the tech and the walk but I get the feeling that my info isn't really that protected with a VPN's use. It just keeps the honest people honest.

Using a VPN would indeed shield you from your ISP trying to capture your data and sell it under our great new right wing law. It basically sets up an encrypted "tunnel" that everything goes through. To the ISP the only thing they're going to see is a connection to the VPN server.

Most workplaces are not going to look favorably on you running all your personal traffic through the company VPN. But there are services that offer VPN access.

I'm using the Tor network right now.

I've been using a VPN for a while now for when I torrent movies and such. I started using it full time the other day- the only problem is that forum gets blocked because of the certificate woes! You can usually choose where you want your traffic to be directed through, so you could get around country restrictions for streams.
FWIW I am using Private Internet Access, running it on an ubuntu server (with openvpn), a Macbook, and a windows computer. No issues so far.

I am really surprised that there wasn't more coverage in the media and that there is basically zero uproar.

From the article:

ISPs can now [...]:

Sell your browsing history to basically any corporation or government that wants to buy it
Hijack your searches and share them with third parties
Monitor all your traffic by injecting their own malware-filled ads into the websites you visit
Stuff undetectable, un-deletable tracking cookies into all of your non-encrypted traffic
Pre-install software on phones that will monitor all traffic — even HTTPS traffic — before it gets encrypted. AT&T, Sprint, and T-Mobile have already done this with some Android phones.

...
They can even sell your geolocation information. That’s right, ISPs can take your exact physical location from minute to minute and sell it to a third party.

The really outrageous part is that contrary to privacy concerns with websites like Facebook, Amazon or browsers where you have a choice to use them, there is no way out with the ISPs who own the pipe through which your data flows.

On top of it, with the government approved consolidation of ISPs over the years, a lot of consumers, including myself, have no choice but only one provider.

Thank your 50 senators!!!

Thank the Senators? Naw, they were just doing what they were getting paid to do. :)

All seriousness aside, though, I guess we should all be doing this... but I wonder, how long will the relative privacy a VPN offers last? Doubtless a way will be found to see through the encryption, is anybody estimating how soon that'll happen?

I've been using a VPN for a while now for when I torrent movies and such. I started using it full time the other day- the only problem is that forum gets blocked because of the certificate woes! You can usually choose where you want your traffic to be directed through, so you could get around country restrictions for streams.
FWIW I am using Private Internet Access, running it on an ubuntu server (with openvpn), a Macbook, and a windows computer. No issues so far.

Also running PIA on linux, windows and Macbook. I like it.

This (https://www.wired.com/2017/03/wanna-protect-online-privacy-open-tab-make-noise/) was an interesting solution I saw. Basically a program opening random pages and searches in the background of any browsing, so your actual browsing is obscured.

Check out Cloak (getcloak.com). It's super-simple and it doesn't go and sell your browsing data (there are a number of VPNs that do just that). You don't have to program anything and the customer service is superb.

If you want to be a little more involved in the technology, try Algo.

...sell your browsing data (there are a number of VPNs that do just that)...

This.

One trusted source that commented earlier this week on the congressional action flat-out stated that VPNs were not a better solution, you are just providing them with access to your data, rather than an internet provider. Six of one, half dozen...

do we know which VPN services sells data and which doesnt?

Also, is it better to tunnel to a foreign location with stronger privacy rights (e.g. continental Europe) vs tunneling locally? The former would work for most cases except when i need to log into my bank or credit card account

This.

One trusted source that commented earlier this week on the congressional action flat-out stated that VPNs were not a better solution, you are just providing them with access to your data, rather than an internet provider. Six of one, half dozen...
Unless you choose a VPN that doesn't log any info... If you willing chose to use a VPN that sold info then yes, it would be the same.

I use VPN Unlimited, which has servers in many countries. It comes in handy if you want to able to watch free Euro feeds. The cost is a very reasonable $29 a year and they don't log data.

From https://www.keepsolid.com/privacy :KeepSolid Inc. does NOT collect and log any user activities while using any of their VPN services, except the total amount of web traffic for each session and session dates, for displaying them in user’s web cabinet and within the VPN client apps. KeepSolid Inc. also stores the encrypted information about the amount of connected devices for each account, as the maximum permitted amount is limited. This information can be assessed in the User’s Office, where any user can delete their devices from their account

Can someone explain to this laymen why I should care in "this day and age"?
I don't get why we're so worried about privacy when it seems like everyone in the world is pushing themselves into the public forum with social media.

I can find out information about people who know nothing about me in a few simple clicks. Not just name and age, where they work, what their house looks like, when they typically ride their bike and for how long, etc. Shoot! Just a little while ago competitive cycles, or some online bike parts place, was offering to pay you per mile when you synced up to Strava. Folks where lining up to share their data.

I can't even recall a time when google, amazon and such didn't show me advertisements that weren't centered around my most recent search history.
I mean you think services like orbitz don't watch your ip and fluctuate pricing...rose colored lenses! What does the grocery store need a membership card for or their own credit card? I feel like privacy went out the window long, long, long ago!

Believe me, I understand masking your internet activity. No one wants to pay for music, movies, live streams and no one wants their internet turned off, so piracy makes ip masking make sense. But for the simple man who surfs the net, buys stuff and pays bills, why should I care?

Can someone explain to this laymen why I should care in "this day and age"?
I don't get why we're so worried about privacy when it seems like everyone in the world is pushing themselves into the public forum with social media.

I can find out information about people who know nothing about me in a few simple clicks. Not just name and age, where they work, what their house looks like, when they typically ride their bike and for how long, etc. Shoot! Just a little while ago competitive cycles, or some online bike parts place, was offering to pay you per mile when you synced up to Strava. Folks where lining up to share their data.

I can't even recall a time when google, amazon and such didn't show me advertisements that weren't centered around my most recent search history.
I mean you think services like orbitz don't watch your ip and fluctuate pricing...rose colored lenses! What does the grocery store need a membership card for or their own credit card? I feel like privacy went out the window long, long, long ago!

Believe me, I understand masking your internet activity. No one wants to pay for music, movies, live streams and no one wants their internet turned off, so piracy makes ip masking make sense. But for the simple man who surfs the net, buys stuff and pays bills, why should I care?

Politics aside...

"People get used to anything. The less you think about your oppression, the more your tolerance for it grows. After a while, people just think oppression is the normal state of things. But to become free, you have to be acutely aware of being a slave.”
― Assata Shakur

Substitute "privacy" for oppression...

Can someone explain to this laymen why I should care in "this day and age"?
I don't get why we're so worried about privacy when it seems like everyone in the world is pushing themselves into the public forum with social media.

I can find out information about people who know nothing about me in a few simple clicks. Not just name and age, where they work, what their house looks like, when they typically ride their bike and for how long, etc. Shoot! Just a little while ago competitive cycles, or some online bike parts place, was offering to pay you per mile when you synced up to Strava. Folks where lining up to share their data.

Like you said, all data we share on the internet is willingly shared. Data collected by Google? You authorized it by using their website. You can opt out of sharing data based on the services you choose to use. With this bill, you no longer have that option. Isps have it, whether you like it or not.

Like you said, all data we share on the internet is willingly shared. Data collected by Google? You authorized it by using their website. You can opt out of sharing data based on the services you choose to use. With this bill, you no longer have that option. Isps have it, whether you like it or not.

So then the bill makes it illegal for google to offer the opt out option?
Or the bill allows them to not have to offer it and we're assuming they won't?

So then the bill makes it illegal for google to offer the opt out option?
Or the bill allows them to not have to offer it and we're assuming they won't?
The bill allows data to be collected (and sold) by your ISP (Comcast, timewarner, Verizon). Google, Amazon, and everyone else can still do whatever they want with the data you choose to give them.

The bill allows data to be collected (and sold) by your ISP (Comcast, timewarner, Verizon). Google, Amazon, and everyone else can still do whatever they want with the data you choose to give them.

Alright same question, but for Comcast. They don't have to sell our data, right? They'll just be allowed to now.

Alright same question, but for Comcast. They don't have to sell our data, right? They'll just be allowed to now.
Yes.

Yes.

Got it. Sounds like the free market will have to come up with a solution. ISP providers who won't sell your data. Sort of like Netflix instead of a $100 cable bill.

Got it. Sounds like the free market will have to come up with a solution. ISP providers who won't sell your data. Sort of like Netflix instead of a $100 cable bill.

And you think Netflix isn't also collecting and analyzing your viewing behaviour?

From what I gather, while the news that a few more corporations can sell my info is irritating (my opinion) not much is really different than from before considering many were already doing so like Facebook and Google.

Regardless, I use PIA to torrent and stream from other countries. Been using it for over a year now.

I don't know if PIA sells my info, but perhaps should look into it. Maybe find a VPN in Switzerland?

And you think Netflix isn't also collecting and analyzing your viewing behaviour?

Oh I know they were! Not a customer of theirs since they started the auto preview feature. Customers want options. I voted with wallet!

From what I gather, while the news that a few more corporations can sell my info is irritating (my opinion) not much is really different than from before considering many were already doing so like Facebook and Google.

Regardless, I use PIA to torrent and stream from other countries. Been using it for over a year now.

I don't know if PIA sells my info, but perhaps should look into it. Maybe find a VPN in Switzerland?

One significant difference is Google and Facebook do that to monetize the service you enjoy for free. (PS: If something is free, you are the product.) With ISPs, you've already paid them, so this is their opportunity to make more money by selling your browsing info, location, etc. Are they offering you a discount?

Is this a big deal? Maybe not, but maybe your insurance company wants to know if people in your zip code are searching for info about cancer or hepatitis. If people are, maybe it's in their interest to reduce their potential risk by randomly raising your rates or ending your coverage. That actually makes a lot of financial sense.

Decide for yourselves.

If you're really concerned about it, i think buying a vpn service is the best way to go, and they're really not that expensive.

Politics aside...

"People get used to anything. The less you think about your oppression, the more your tolerance for it grows. After a while, people just think oppression is the normal state of things. But to become free, you have to be acutely aware of being a slave.”
― Assata Shakur

Substitute "privacy" for oppression...

As much as i agree with your sentiment, couldnt you have quoted someone else? I'' sure there are famous non-felons who said something similar.

As much as i agree with your sentiment, couldnt you have quoted someone else? I'' sure there are famous non-felons who said something similar.



"I see no changes...and that's just the way it is." -- Tupac Shakur

Better?


Sent from my iPhone using Tapatalk

So, how does someone with little tech knowledge navigate this territory? I'd like to go Ubuntu, but I'm afraid I'd just hurt myself... This is No Country For Old Men. And I'm 37.


Sent from my iPhone using Tapatalk

So, how does someone with little tech knowledge navigate this territory? I'd like to go Ubuntu, but I'm afraid I'd just hurt myself... This is No Country For Old Men. And I'm 37.


Sent from my iPhone using Tapatalk
Looking for help in this as well, been trying to read up on VPNs the last couple of days.

Is there a good easy to use VPN that you can use across all devices, for the whole family?


I also can get behind this effort: https://www.cnet.com/news/you-could-soon-access-congress-browsing-history-for-free/

Like lots of others on this thread, I like and use Private Internet Access.

Looking for help in this as well, been trying to read up on VPNs the last couple of days.

Is there a good easy to use VPN that you can use across all devices, for the whole family?


I also can get behind this effort: https://www.cnet.com/news/you-could-soon-access-congress-browsing-history-for-free/

Pia is easy to use on windows, Mac, and iOS devices. Never tried it on anything else. On the computers if you have it set to auto connect you'll forget it is even there.

Can someone explain to this laymen why I should care in "this day and age"?
I don't get why we're so worried about privacy when it seems like everyone in the world is pushing themselves into the public forum with social media.

I can find out information about people who know nothing about me in a few simple clicks. Not just name and age, where they work, what their house looks like, when they typically ride their bike and for how long, etc. Shoot! Just a little while ago competitive cycles, or some online bike parts place, was offering to pay you per mile when you synced up to Strava. Folks where lining up to share their data.

I can't even recall a time when google, amazon and such didn't show me advertisements that weren't centered around my most recent search history.
I mean you think services like orbitz don't watch your ip and fluctuate pricing...rose colored lenses! What does the grocery store need a membership card for or their own credit card? I feel like privacy went out the window long, long, long ago!

Believe me, I understand masking your internet activity. No one wants to pay for music, movies, live streams and no one wants their internet turned off, so piracy makes ip masking make sense. But for the simple man who surfs the net, buys stuff and pays bills, why should I care?
You should care because if you start searching for "symptoms of cancer" your insurance rates could go up or at least now your health insurance company could know about it.

You should care because if you start searching for "symptoms of cancer" your insurance rates could go up or at least now your health insurance company could know about it.

When has insurance rates ever gone down?

When has insurance rates ever gone down?

True dat. But we have expended a huge amount of effort in this country to preserve and maintain medical privacy--all those consent forms, and it seems lke a complete waste if your ISP can simply siphon up your site visits. Right now I'm logging into three or four medical sites while I deal with the aftermath of my problems from this winter--do I want someone else logging and selling that information?

Not to mention the long-standing legal traditions such as preservation of privacy for library records (for similar reasons)--that this seems to fly in the face of.

Don't even get me started on the false analogy used to bargain for this. For starters--browsers free/ISP paid; browsers have privacy settings/no privacy if all browsing history is vacuumed up; we can stop using Facebook and other intrusive social media platforms/most of us have no choice for ISP provider etc etc

In a previous conversation (somewhere), this site got posted. It really does seem to the best comparison of the various VPN services, rated.

https://thatoneprivacysite.net/simple-vpn-comparison-chart/

Will law enforcement get direct access to the info?

Will law enforcement get direct access to the info?
I don't know where the case law is going on this.

The NSA has run warrantless domestic programs with the cooperation of ISPs that have vacuumed up ALL data, in their terrorism surveillance search--and the consequences are still being fought in court:
https://www.eff.org/nsa-spying

Recently (2016) the FBI asked for similar warrantless access in cases of suspected terrorism, but I don't know what happened to that request.
https://www.washingtonpost.com/world/national-security/fbi-wants-access-to-internet-browser-history-without-a-warrant-in-terrorism-and-spy-cases/2016/06/06/2d257328-2c0d-11e6-9de3-6e6e7a14000c_story.html?utm_term=.37d110cf814f

In a way, that horse has already left the barn, or certainly in the post 9-11 world we have a different standard being applied to privacy concerns.

What this is about I think is whether private companies who are providing an essential service for which you are paying, should also be able to collect, analyze and then "sell" your personal data or target advertising based on that data. So it is about a profit opportunity for those providers.

By report, next on the chopping block is 'Net Neutrality'--the doctrine that all data on the internet is passed freely, with no special treatment for any class of data. Private companies have wanted for some time to overturn those provisions and meter other providers data, or prioritize their own data streams and charge premium prices for doing so. Again--a profit making opportunity.
https://www.nytimes.com/2017/03/30/technology/net-neutrality.html

It seems like there is a bit of confusion on what it means that the ISPs can sell your data. It's not selling an individual person's data in that you can't target a single person and see their browsing history. This is why all of the attempts to buy congress's data are pretty ludicrous. So could they make your health insurance go up? Absolutely not, the data isn't being associated with your name. But they could absolutely serve up a bunch of ads for cancer centers to you. They could track browsing habits and sell that info to advertisers so that they can more effectively give ads to you.

That being said, if someone were to comb through the data (and that data included packets sent/received, which is conceivably could) they may be able to find private information.

I haven't read the statute on this so the details, which matter, are unknown to me. The crux is that the service provider is allowed to monetize data flow incidental to their normal operations.

I think it is an issue of granularity that will impact how intrusive the service provider is against privacy. Meaning if data on usage is sold in some form of aggregate or is data sold specific to a particular user account. I would guess the form permitted in this passage concerns the form of aggregate which diffuses identity rather than individual which should require some form of warrant. I dunno.

My immediate reaction is simply: oh great, another layer of cost to surf the web.

^ Yeah, somebody typed faster.

Looking for help in this as well, been trying to read up on VPNs the last couple of days.

Is there a good easy to use VPN that you can use across all devices, for the whole family?



If you are using a Mac, I am with 11.4's recommendation to get Cloak (getcloak.com).
I used PIA before but the simplicity of Cloak and the outstanding support made me switch.

It seems like there is a bit of confusion on what it means that the ISPs can sell your data. It's not selling an individual person's data in that you can't target a single person and see their browsing history. This is why all of the attempts to buy congress's data are pretty ludicrous. So could they make your health insurance go up? Absolutely not, the data isn't being associated with your name. But they could absolutely serve up a bunch of ads for cancer centers to you. They could track browsing habits and sell that info to advertisers so that they can more effectively give ads to you.

That being said, if someone were to comb through the data (and that data included packets sent/received, which is conceivably could) they may be able to find private information.

Do you have something to back this up?

It seems like there is a bit of confusion on what it means that the ISPs can sell your data. It's not selling an individual person's data in that you can't target a single person and see their browsing history. This is why all of the attempts to buy congress's data are pretty ludicrous. So could they make your health insurance go up? Absolutely not, the data isn't being associated with your name. But they could absolutely serve up a bunch of ads for cancer centers to you. They could track browsing habits and sell that info to advertisers so that they can more effectively give ads to you.

That being said, if someone were to comb through the data (and that data included packets sent/received, which is conceivably could) they may be able to find private information.
I'm not sure that they will not be tracking "you" as a named individual, and associating specific data with "you" (or at least computers on your ISP connection)--but the potential is clearly there. They already have your account data, and if you read the Verizon "Privacy Policy" for example, they can pretty much do what they like with that account data.

All they need to do is join that data set with what they learn from your browsing history, and bingo--they have you pegged (in my case, over-60 white male with Democratic leanings) and that "enhanced data set" is at the very least worth a great deal of money for micro-targeted ads (which is what is happening more and more based on browsing history). They can easily track times when you are online, duration, etc.

Does it go beyond this? It is safe to say that no one knows, because there is no requirement for them to have a privacy policy in place, or opt-out provisions. And IMO, it is a bad idea to trust private companies to respect privacy concerns at all, unless they are forced to do so under conditions set by clear regulations.

For an idea of the value of this data, AT&T had a short-lived program that started in 2013 where they charged you $29/month MORE if you chose to opt out of their data collection program...

Example and an intelligent discussion here on Ars Technica:
https://arstechnica.com/information-technology/2017/03/how-isps-can-sell-your-web-history-and-how-to-stop-them/

I'm not sure that they will not be tracking "you" as a named individual, and associating specific data with "you" (or at least computers on your ISP connection)--but the potential is clearly there. They already have your account data, and if you read the Verizon "Privacy Policy" for example, they can pretty much do what they like with that account data.

All they need to do is join that data set with what they learn from your browsing history, and bingo--they have you pegged (in my case, over-60 white male with Democratic leanings) and that "enhanced data set" is worth a great deal of money for micro-targeted ads (which is what is happening more and more based on browsing history).

Does it go beyond this? It is safe to say that no one knows, because there is no requirement for them to have a privacy policy in place, or opt-out provisions. And IMO, it is a bad idea to trust private companies to respect privacy concerns at all, unless they are forced to do so.

For an idea of the value of this data, AT&T had a short-lived program that started in 2013 where they charged you $29/month MORE if you chose to opt out of their data collection program...

Example and an intelligent discussion here on Ars Technica:
https://arstechnica.com/information-technology/2017/03/how-isps-can-sell-your-web-history-and-how-to-stop-them/
I was actually just reading that article, good read.

I thought I had read that they couldn't sell your name with the data, not from a technical but from a legal perspective. But I guess if they don't have any privacy policies or any regulation, they can do whatever they damn well please. To be VERY clear, my previous comment in no way meant to imply that I think companies will protect your data. The value of the data is obvious, Google isn't one of the biggest companies in the world from selling Pixel phones...

I was actually just reading that article, good read.

I thought I had read that they couldn't sell your name with the data, not from a technical but from a legal perspective. But I guess if they don't have any privacy policies or any regulation, they can do whatever they damn well please. To be VERY clear, my previous comment in no way meant to imply that I think companies will protect your data. The value of the data is obvious, Google isn't one of the biggest companies in the world from selling Pixel phones...

Probably need a lawyer to understand it--I read the Verizon pages late last night and can't say that I really assimilated what was there...:crap:

Looks like not, with some loophole--now to see what the exclusions are:
Except as explained in our Privacy Policy, in privacy policies for specific services, or in agreements with our customers, Verizon does not sell, license or share information that individually identifies our customers with others outside of Verizon who are not doing work on Verizon‘s behalf without your consent.

Will law enforcement get direct access to the info?

I suspect that they can get access today with a subpoena, and I doubt any of the ISPs (or websites) want to fight a subpoena on your behalf.

So, how does someone with little tech knowledge navigate this territory? I'd like to go Ubuntu, but I'm afraid I'd just hurt myself... This is No Country For Old Men. And I'm 37.


Sent from my iPhone using Tapatalk

Two options come to mind:

Like Stephen Colbert says, there is not one citizen in the USA that asked for this.

I suspect that they can get access today with a subpoena, and I doubt any of the ISPs (or websites) want to fight a subpoena on your behalf.

What I refer to is without a subpoena. say joe is browsing the web researching the best way to cook meth at home. ISP sees this, or the enforcement agencies have a nice filter to comb for such info, and sends it to the police...

I am really surprised that there wasn't more coverage in the media and that there is basically zero uproar.

From the article:

ISPs can now [...]:

Sell your browsing history to basically any corporation or government that wants to buy it
Hijack your searches and share them with third parties
Monitor all your traffic by injecting their own malware-filled ads into the websites you visit
Stuff undetectable, un-deletable tracking cookies into all of your non-encrypted traffic
Pre-install software on phones that will monitor all traffic — even HTTPS traffic — before it gets encrypted. AT&T, Sprint, and T-Mobile have already done this with some Android phones.

...
They can even sell your geolocation information. That’s right, ISPs can take your exact physical location from minute to minute and sell it to a third party.

The really outrageous part is that contrary to privacy concerns with websites like Facebook, Amazon or browsers where you have a choice to use them, there is no way out with the ISPs who own the pipe through which your data flows.

On top of it, with the government approved consolidation of ISPs over the years, a lot of consumers, including myself, have no choice but only one provider.

Thank your 50 senators!!!

i agree. was so surprised that this did not cause more of a social uproar!

The trouble with VPNs for the casual home internet user is you gotta terminate that tunnel somewhere. trusted VPN? It's just another entity with the ability to log your data, on the other side of the planet none the less? Anonymizers? Again, another entity.

I'd be more worried about pre-installed, undetectable SW that monitors sessions pre SSL.

This whole thing is pretty troublesome. But I'm not surprised it hasn't gotten much push back. I know intelligent tech savvy folks with an Echo in their living room...

One significant difference is Google and Facebook do that to monetize the service you enjoy for free. (PS: If something is free, you are the product.) With ISPs, you've already paid them, so this is their opportunity to make more money by selling your browsing info, location, etc. Are they offering you a discount?

Is this a big deal? Maybe not, but maybe your insurance company wants to know if people in your zip code are searching for info about cancer or hepatitis. If people are, maybe it's in their interest to reduce their potential risk by randomly raising your rates or ending your coverage. That actually makes a lot of financial sense.

Decide for yourselves.

Exactly!!!!

And so it begins: https://www.eff.org/deeplinks/2017/03/first-horseman-privacy-apocalypse-has-already-arrived-verizon-announces-plans

Two options come to mind:



Lols. Not smart enough for the second - and my wife won't go for the first...I've tried...


Sent from my iPhone using Tapatalk

A good article from a reliable source:

https://krebsonsecurity.com/2017/03/post-fcc-privacy-rules-should-you-vpn/

My attitude is that all hope and expectation of privacy was lost long ago. Just look at all the data your smartphone is sharing. Just for instance, if you want to use navigation then your location at every second during your trip has to be shared. It's intrinsic and it's more pervasive by far than any data we "give up" when we browse the web.

From lifehacker:

http://lifehacker.com/why-is-everyone-talking-about-vpns-1793768312

One item yet to really be discussed is lower prices. Seems like the major companies are already overcharging for services. If they are going to sell your information they should at the least lower the price. I imagine this is a sacrifice a lot of folks would choose to make.