When you send data across the Internet, in order to get where it needs to go, that data will likely pass through a dozen or more other computers before it gets to the proper destination. These computers belong to various telecoms, Internet Service Providers, and corporate routers, and any one of those computers can read everything you’re sending. Additionally, if you’re connected to the Internet using a wireless network, anyone within a few hundred feet of you can also read everything you’re sending. If the government wanted to snoop on you, all they need is to compel one of the many device owners to save a copy of your data, or, easier yet, sit outside your home and collect the data that you’re sending through the air. Many sources suggest that the U.S. government collects the Internet traffic of ordinary Americans en masse by putting data collection devices at telecoms.
A “Virtual Private Network” (VPN) is a way of securely getting information from one point to another across the Internet. All data between the two points is securely encrypted, so no one other than the end point can understand your data even if they have access to it. Those computers between you and the endpoint will only see scrambled data, and unscrambling it is roughly impossible (if the government were able to unscramble it, they would never admit to it or waste such a valuable secret to spy on random citizens). When the other end of the VPN connection receives your data, it decrypts it and forwards it on to wherever it needs to go — your mail server, your favorite porn site, etc. The whole process is transparent and incredibly easy to use.
Companies implement VPNs all the time to ensure that their employees can access file servers, e-mail, and the like from home without eavesdropping. But, there are plenty of VPN services available for personal use at low (~$10/month) or no cost. This protects all of your wireless traffic from eavesdropping, and it protects you from en mass data collection by governments with “black boxes” sitting at your local Verizon office. It also makes it significantly harder to spy even with a warrant. Without a VPN, the government can simply serve a warrant on your ISP to demand that they capture your data. With a VPN, they’d have to serve the warrant on the VPN provider, and if your VPN provider is half way around the world in a country that looks down on compliance with warrants issued by foriegn countries, this becomes infeasible. [Edit: VPNs are also great for stoping those pesky copyright trolls, who sue people for file sharing, so long as your VPN provider is in a foreign country.]
A few VPN providers that offer reasonable prices and have reasonable reviews (and for which I have no association and get no commission):
- VPNReactor (free basic account, $9.99/mo. pro account)
- Hide My Ass ($11.52/mo., cheaper annually)
- IPVanish ($10/mo., cheaper annually)
While VPNs provide protection against “local” threats, be aware that you still shouldn’t do things like send credit card or social security numbers without using additional protection. This is because once your data reaches the other end of the VPN, it is decrypted and sent on to its final destination without protection. This also means you must trust your VPN provider, since they will be handling your data. For how to protect credit card info, against the potential for VPN providers to eavesdrop, and other spying that is still possible (although made greatly difficult — remember the goal isn’t necessarily to make the spying “impossible,” but simply “difficult,” to encourage the government to utilize its power only when it actually has reason to do so) with VPNs, come back tomorrow. 🙂
This is one of a 30-part series, “No Surveillance State Month,” where daily for the month of June I’ll be posting ways to avoid invasion of your privacy in the digital age. The intent of these posts is not to enable one to escape detection while engaging in criminal activity — there’s still the old-fashioned “send a detective to watch you” for which these posts will not help. Rather, this series will help you to opt-out of the en masse collection of data by the government and large corporations that places Americans in databases without their knowing and freely-given consent for indefinite time periods. We all have the right to privacy, and I hope you demand it.
Great article! I’m looking forward to reading the remaining 29 in the series.
AirVPN and Private Internet Access are the best VPN providers, bar none.
I meant 28. Oops 😛
These are actually what are called Virtual Private Services, not Virtual Private Networks. A true VPN is in control of the user or organization from client to endpoint. One word of caution is that as a service you are susceptible to their encryption and policy which is not a secure solution and while the traffic within the tunnel is encrypted it does nothing to obfuscate the destination endpoint making that traffic able to be followed further down the pipe. A VPN is only secure when traffic terminates at a location you control.
Outside of that, the overall intent of the article is a thoughtful essay on what most users fail to do, put any actual thought into trying to protect themselves.
It’s a solution to secure your traffic from “local” interception, which is a large part of the battle when it comes to government spying, WiFi hackers, copyright trolls, and similar. If your VPN endpoint is in a locale that is not subject to such spying, attacks such as correlating incoming encrypted packets to outgoing plaintext packets are somewhat mitigated. But fear not, complete mitigation is coming within this series. 😉
Reblogged this on Johnsono ne'Blog'as.