Last week, the House repealed internet privacy rules requiring broadband companies to ask for your consent before sharing or selling your information, like browsing history, location data, app usage data, and content communications. If Donald Trump signs the legislation into law, all of your unencrypted online activity – essentially everything you do on websites without a padlock in the URL bar – is up for grabs by advertisers.
Without these privacy protections, your porn viewing, shopping, and search habits could be made public. There is, however, one very easy way to maintain your privacy: using a virtual private network, or a VPN, which is like an invisibility cloak for your browsing history.
Who does the repeal affect?
Anyone reading this article in the US is subject to having their browsing history sold to the highest bidder. That is, unless you subscribe to Sonic or Monkeybrains, two California-based providers that have pledged to not sell browsing history.
What can my internet company actually do under the repeal?
As my colleague Hamza Shaban pointed out, your internet service provider can not only sell your browsing history, but also compile web profiles, inject targeted ads, and deploy hidden tracking cookies on your phone.
Some companies (including Charter, Cogent, and DirecPC) have also been known to hijack searches through a service called Paxfire, and send you to brands that paid for more traffic.
What the heck is a VPN?
A VPN, or virtual private network, is a service that will privatize everything you do on the internet through encryption. In other words, it will hide your IP address (which reveals your physical location) and the pages you’re visiting. A VPN is like a secret tunnel that turns all of the data running through internet cables into gibberish, so your internet service provider (AT&T, Comcast, Charter, etc.) can’t see what you’re up to and, therefore, can’t sell that information to marketers.
It’s safer, too. Most VPNs have servers that scan data in real time for websites with hidden malicious software.
This “VPN” thing sounds really complicated. How hard is it to set up?
Not hard at all! Using a VPN usually means downloading software or a mobile app and logging onto a website, signing in, clicking connect, and then…that’s it. For some services, you’ll be automatically logged into the VPN every time you use your home internet. You may, however, need to select a VPN server location before you can connect to the internet. You can use a VPN anywhere you are: on your phone, on home Wi-Fi, on plane Wi-Fi, etc.
How do I choose what VPN service to use?
Picking the right VPN is actually a little complicated, but hopefully this guide will make it less so.
Security expert Francis Dinha, CEO of Private Tunnel, offered a few of his best tips:
– “Stay away from free services, because you’ll go back to the same problem. Some VPNs are going to collect your information to push advertisements to monetize,” said Dinha. Hola VPN was caught violating user privacy in 2015. Just remember: There’s no such thing as a free lunch!
– Dinha also advised staying away from providers that use weak protocols. If you’re not sure what makes a protocol strong, VPN University has a great chart comparing different methods. It shows that OpenVPN is the strongest protocol, followed by L2TP (Layer 2 Tunnel Protocol) and the Windows PC-only SSTP (Secure Socket Tunneling Protocol), which all use 256-bit level encryption. On the product site you’re looking at, look for those bolded words and you should be safe.
– Avoid PPTP (point-to-point tunneling protocol) at all costs. Vulnerabilities in the protocol were exposed in 2012, when Moxie Marlinspike (the founder of Open Whisper Systems, which is what the encryption for WhatsApp, Signal, and other apps is based on) created software called CloudCracker that could crack any PPTP connection.
– When looking for tools to protect your privacy, the Electronic Frontier Foundation’s Noah Swartz said, look for a product using an open-source technology (like OpenVPN) that would allow other engineers to verify that its code retains strong encryption and best practices.
– Also, make sure the provider doesn’t log any user activity (some VPNs keep extensive logs of users’ IP addresses) and has a strong commitment to privacy.
So, what apps meet those requirements?
A 2015 study compared 14 popular VPN service providers and found that the only services that did not suffer from “IPv6 traffic leakage,” which is when your VPN fails to hide your unique IP address, were TorGuard, Private Internet Access, VyprVPN, and Mullvad. Astrill was not secure against IPv6 leaks, but was safe against DNS hacking, which is when a third party (like a hacker or an internet service provider) redirects queries to a different site.
For those more technically proficient, you can try running your own DIY VPN, using Streisand or OpenVPN Install on GitHub.
What are the downsides I should know about?
If you really want to stay anonymous, you should use Tor, which scrambles your activity through a network of servers so it’s virtually undetectable. It will, however, affect browsing speeds.
If you’re concerned about government surveillance, you should know that a VPN doesn’t completely anonymize you, especially if you’re using an account tied to your real name.
Using a VPN can also mean random connection hiccups. Usually the ol’ turn-it-off-then-turn-it-on-again method does the trick.
When using a VPN, your internet connection is routed through a server that may be in a different state or country, which means the content you look at may reflect that VPN location.
VPN’s don’t protect you from phishing (those sketchy emails that look like password reset forms), so make sure you’re protecting your privacy in other ways, too (like using two-factor verification).
Lastly, if you're worried about your online activity getting into the hands of marketers, it's likely that advertisers already have that data, through cookies and trackers (like the Facebook Pixel) in your browser. If, after reading this guide, you decide VPNs aren't right for you, consider installing an adblocker like Ghostery, Noscript, Disconnectme, Privacy Badger, or Indie.