Earlier this month, the lead consumer technology reporter for The New York Times wrote that casual internet users might not need to use a VPN and that those who still want to use one could opt for a free service hosted on Amazon Web Services. The reporter claimed that the web is a much safer environment today than it was ten years ago, making the added protection of a VPN superfluous, and suggested that perhaps we need to be protected from the rapidly-consolidating VPN companies themselves. Having worked in internet security for two decades, I’ll try to explain why I believe that for those interested in maintaining their privacy and internet security, VPNs remain a crucial tool.
VPNs still necessary in today’s world
While the security protocol HTTPS has indeed encrypted the communication that passes between an internet user and a third-party web presence, there are certain caveats to consider:
1. The metadata of the communication that passes between you and a website you are visiting is still visible on Wi-Fi, especially open Wi-Fi sessions. Metadata is the identification data used by the systems to track communications. This data includes your origin and destination IP addresses and data transmission protocol, and system information.
2. While HTTPS may protect your communication channel to that website, that doesn’t say that the websites themselves are secure and haven’t already been compromised. If the website you are visiting is compromised or managed by a malicious entity, they can use this information to identify your location and associate it with other information they’ve been collecting.
3. The source IP address of your connection, if residential, can be tracked to identify your current location. If you are behind a less-than-secure WiFi router or perhaps have some vulnerable devices, your home network could be compromised. If you are confident that all of your home devices that constantly communicate with the internet are 100% secured… well, then congratulations, you are the first to have achieved this feat!
Around ten years ago, your privacy concerns weren’t focused on the main tech brands but rather on the malicious bad actors, like the unemployed guy living in his mother’s basement looking for a quick buck. Nowadays, thanks to the immense computing powers and immense reach of Big Tech, your concern should shift to the megacorps that are trying to commercialize every single bit of information they can gather about you. Unfortunately, due to the immense load of information they have already collected on the public, it’s getting harder to disrupt these systems, but utilizing a VPN is a part of any strategy to decrease this data collections. Remember, Google, Facebook, and their ilk are not providing you free services because they like you. Rather they are doing their best to collect as much data as possible and hone their marketing tools for a more successful method of monetization. You, in fact, are the product.
The ISP Monopoly
If you are one of the 90% of the US population that is stuck with only one feasible ISP option (please don’t interject with DSL and Wireless, one is obsolete while the other, to this day, is not a reliable alternative), you are cornered. Having done away with net neutrality, there’s a lack of meaningful privacy or service regulations on the internet services that the ISPs provide. Meanwhile, losses from their TV services market mean ISPs are looking for alternative revenue streams. They are looking to analyze your internet access utilization to get granular on the types of services and companies you use. An ISP could potentially throttle traffic heading to and from a company offering a similar service as they do (media streaming platform, VoIP service provider, etc.) or coerce the company to pay more to reach you. Almost all haven’t gone far enough on this route to raise an eyebrow, but it is definitely possible and, sadly, legal. While in a normal environment, this could be something easily remedied by canceling your service with this ISP and signing up for another, most of us do not have this luxury. The only way to operate with any anonymity is to use a VPN service.
Now while some of the major VPN providers are becoming consolidated under one company, there is still a plethora of VPN service providers out there competing for your business. If, at the end of the day, you continue to feel paranoid, you can build your own VPN using any cloud or hosting provider out there, but one recommendation is to use a provider with the least possible financial interest in trying to decode your data. For example, if a cloud provider also is looking to sell you shoes, you probably should keep that in mind.
At the end of the day, to me personally, I think VPN services are now far more relevant and essential to our day-to-day life than they have ever been, and remember that on the Internet, trust no one, especially not a Nigerian prince!