More of my thoughts about the legal aspect of things

Time for a lengthier and less knee-jerky reaction to the Internet privacy legislation stuff that I wrote about last week.

First and foremost, this is legislation that is pro-corporate profits and anti-private citizen privacy. That hasn’t changed.

But, let’s talk about hyperbole and what is real.

Bruce Schneier, IT security celeb (is that an actual title) writes on the issue:

What can telecom companies do with this newly granted power to spy on everything you’re doing? Of course they can sell your data to marketers – and the inevitable criminals and foreign governments who also line up to buy it. But they can do more creepy things as well.
They can snoop through your traffic and insert their own ads. They can deploy systems that remove encryption so they can better eavesdrop. They can redirect your searches to other sites. They can install surveillance software on your computers and phones. None of these are hypothetical.

Well, they are not hypothetical in the sense that these things can be done, but not that they will be done. I really do not want to be an apologist against corporate machinery that profits from undermining digital civil liberties, but … Look, the strong press for HTTPS makes all of those things a lot harder. If Comcast decides that they’re going to purchase or build the infrastructure that it’ll take to perform man-in-the-middle attacks on all of its customer’s HTTPS traffic just so that it can analyze their Internet usage at a granular level to bundle and sell to advertisers, well, I’ve grossly underpriced the value of my browsing habits. I can’t cite hard numbers, but the cost of doing that sort of work cannot possibly profitable. You need a state actor with the resources of a national government to achieve that sort of stuff. Look at the U S of A, for example.

However, Mr. Schneier is correct to talk about this as a possibility, because it is a possibility. It is and it has been and it will again.

One of the things that I wanted to know before I wrote my angry letter to my House Representative who voted in favor of H.J.Res. 86, I wanted to know why anyone would vote in favor of undermining American’s rights to privacy online. The answer are these two things:

  • The rule that H.J.Res. 86 moves to undo is seen as executive overreach by former president Obama.
  • ISPs cannot compete with companies that do harvest user data like Facebook.

To the first item, I can understand that. I think that the executive branch of the government is and has been far too powerful. Say what you will about Congress, but it’s closer to the ideals of the Republic than the executive branch which tastes of monarchy to me. You and me may differ on this, but it’s not really what I’m trying to talk about at this point. The two problems with this action that is argued as defending against executive over reach is that it was done without putting any action in place that continues the protections and it was a Republican majority acting against a Democratic executive action. Had the order been put in place by one of the Bushes and then been undone by the Republicans, I’m not so sure we’d have achieved the same degree of anger of this.

And the second item about ISPs not being able to be competitive? What do I have to say about that?

Sucks to be you.

I wish that their claims were heard and legislation was put forward to restrict any companies from wide scale harvesting of user data. That’s not going to happen, but you can’t blame a boy for dreaming.

If you want to know more about the H.J.Res. 86, take a look at GovTrack’s summary. It’s a easy and quick read.

What you can do now

I have advocated for people to be more knowledgeable and mindful of their Internet usage for years now. This should be the catalyst for you to do so now, if you haven’t already.

If you have no other take away about what I’m preaching right now, make it this:

Get access to a reputable, paid VPN.

privacytools.io has a terrific list of different VPNs. If you feel intimidated by setting up a VPN, don’t be. Most of them have a program that you run on your program, sign in with your username and password, and that’s that.

Privacytools.io only lists VPNs outside of the USA because those companies are subject to this country’s laws, which can be invasive. If you’re going full tinfoil hat, you’ll want a VPN out of Iceland like Cryptostorm (which has an irritating web design for some browsers). Iceland has some of the best laws in regards to personal and digital privacy.

However, all of your Internet traffic has to leave from where ever you live to go to Iceland and then on it’s way to the rest of the world. For browsing the web, you’ll see no real difference in speed. E-mail? No big deal. Videos might take a bit longer to get started. Online gaming? Latency is going to take a non-trivial hit.

United States based VPN providers are going to be sufficient for concealing Internet traffic from your ISP and, frankly, a great idea if you’re ever using a mobile device (this means your iPhone) away from your home network. Private Internet Access and Hide My Ass! are well known, rather well considered, and have pretty decent customer service. This is worth your money.

What I’ve Done

I did purchase a new router that sends all of my home network traffic through a VPN. It didn’t come preconfigured, but there were very simple guides online to follow. I’ll admit, however, that if I were to drop the same router straight out of the box and the instructions I used in front of either of my parents, I’d give either of them a fifty-fifty chance of getting it done correctly over the course of an afternoon. It’s not user friendly.

I had previously linked to FlashRouters which sells these things preconfigured, so you just have to buy one, pay the supported VPN provider of your choice, and then put your username and password into that router. They cost more, but they come with support, so maybe its worth it to you.

As a strong footnote here, I may have to keep my original wireless base station in place for my AppleTV and Kerry’s PlayStation 3 specifically for Netflix and Hulu. Both block connections originating from known VPNs. It’s either that, or connect to my router, turn off VPN services, watch my TV show, and then put things back where I found them. Or figure out how to get the undocumented features of the device to route some traffic through the VPN and other stuff not. Or maybe set up my own VPN server and hope that works. It’s been the least convenient part of the whole thing.

And finally, community

In the last post I had encouraged everyone to “figure it out”, in regards to this stuff. If you are interested in doing a better job of securing yourself online, email me and we’ll talk.