web analytics

A virtual private network has its uses. But only in limited and narrow cases.

Most people don’t need a VPN. That won’t stop advertisers barraging you with scare stories.

The Electronic Frontier Foundation points out in Why public Wi-fi is a lot safer than you think. It says widespread use of HTTPS encryption means a virtual private network is often overkill.

“In general, using public Wi-Fi is a lot safer than it was in the early days of the Internet. With the widespread adoption of HTTPS, most major websites will be protected by the same encryption regardless of how you connect to them.”

If you are still scared of public Wi-fi, use a mobile data connection. They are far more secure and it works out far cheaper in the long term.

Digital snake oil

VPNs are often sold to people who don’t need them. For most users they are digital snake oil. You might as well buy a charm to ward off evil spirits.

Companies selling virtual private network services charge a lot for not much. They are cheap to set up. Which means VPN margins are high. It’s a lucrative business.

If you are tech savvy you could build your own. It isn’t hard.

Although most people don’t need VPNs most of the time, a minority do.

Helpful when government is repressive

Say you live in or travel to a place where the government restricts internet activity. A VPN can help. In effect it digs a tunnel for your data to pass through firewalls and other digital obstacles.

At least, they do that until the government concerned cracks down on VPNs.

On my first visit to China a VPN helped me get around internet restrictions.

With a VPN I could use Gmail and Outlook.com to send mail. It let me connect to Google and popular social networks. I used it to connect to my WordPress account. There was no problem using iCloud or OneDrive with the VPN switched on.

None of this worked if I switched off my VPN.

What happens in China stays in China

By the time I returned two years later, China was better at frustrating the VPN.

My VPN’s activity was erratic. It disconnected again and again. Some of the time it didn’t work at all. It’s reasonable to assume governments have now figured out their VPN workarounds.

That’s not to say a VPN isn’t useful in these circumstances. Governments tend to be more concerned about restricting their citizens. Overseas visitor are not the main target, the governments may tolerate some use.

Although I couldn’t use my VPN on public networks on my last China trip, I could use it from my hotel room.

Big end of town

You may also need a VPN if you work for a large corporation. They may insist you use a VPN when connecting to the digital mothership. Corporations can be targets for online criminals. Insisting on a VPN may reduce the threat.

HTTPS encrypts data end-to-end. People watching don’t know what’s going on in your messages, but they can view your metadata.

In other words, they know which sites you visit, but not the pages on a site. Metadata may be all a criminal need to find vulnerabilities if they have other parts of the jigsaw.

This argument doesn’t apply when you use your device to check your bank balance or read Gmail. Knowing you’ve connected to Westpac or Gmail isn’t that helpful to a criminal.

Geo-blocking

A second practical VPN application is bypassing geo-blocking.

Bypassing a block doesn’t have to be illegal. There are legitimate reasons to do this. And there are activities that are, well, let’s say ambiguous.

Services like Netflix negotiate content rights on a territory by territory basis.

Say your favourite TV show to is available to US Netflix customers but not New Zealand.

A VPN can make your connection appear to be coming from wherever you choose. To Netflix, a New Zealand customer may appear to be in the US.

Using a VPN terminating in the US makes it look as though you live there. Some streaming services don’t ask questions if you use a New Zealand credit card to subscribe. Others do. There’s a wealth of expertise around the subject of getting past geo blocks1.

Pirates, criminals, persons of interest

Pirates use VPNs to hide their illegal activities from authorities. There is no grey area here, piracy is illegal. By using a VPN their ISP has no idea what is going on, nor do the authorities.

There are worse criminal online acts where a VPN can cover the tracks, up to a point. One thing to keep in mind is that anyone looking hard enough can tell a VPN is being used.

Not all VPNs are create equal. Some are trustworthy even if the sales pitch might be a touch insincere. Take extra care with free VPNs. They are often data gathering exercises. It may hide your information from your ISP and the authorities but it is being stored elsewhere. These ratbags then share your data with other companies.

Some free VPNs are criminal in intent. As is often the case, the worst examples are in the Android world. Some Android VPNs push malware on to your computer. .

“In 2017, researchers from Australia, the UK, and the US studied 234 VPN applications available on the Google Play Store. They discovered that more than a third of these apps used malware to track users’ online behaviour.”

Ciso Magazine.

See also 29 VPN Services Owned by Six China-Based Organizations.

Virtual private network overview

At this point there’s little practical advice to offer readers other than “be wary of free VPNs”. If you are squeaky clean, don’t deal in secrets and don’t travel to locked down countries you don’t need a VPN. If you think you do need one, take care. It’s a minefield out there.

 


  1. Go and look elsewhere. It’s not hard to find ↩︎

At the Guardian, Douglas Rushkoff says our technology is now an entire environment. We live there. We’ve spent the decade letting our tech define us. It’s out of control

He says:

“We may come to remember this decade as the one when human beings finally realized we are up against something. We’re just not quite sure what it is.

“More of us have come to understand that our digital technologies are not always bringing out our best natures. People woke up to the fact that our digital platforms are being coded by people who don’t have our best interests at heart. This is the decade when, finally, the “tech backlash” began.

But it’s a little late.”

It is a long essay and not easy reading, especially at a time of year when most New Zealanders and Australians have switched off their work brains.

Yet, if you have the time, it is worth reading it all.

Rushkoff knows his stuff and offers some powerful insights. In the essay he runs through the key issues.

Issues are not new

To cut it short, he starts out by saying surveillance capitalism and manipulation are not new. They have long been part our online activity and in our apps for ages. It’s being going on for 20 years now.

He says while these ideas are getting all the attention today, things have moved on. Surveillance capitalism and manipulation may no longer be relevant concerns.

Rushkoff argues we now spend most of how waking hours bathing in the waters of Facebook, Twitter, Apple and Google. In other words: “We have been shaped into who the data says we are”.

Join the party

Until now, the common response has been about joining in. There is pressure for young people to learn to code. I’m all for motivated, interested youngsters learning to code, it remains a good career choice.

We don’t have enough people tackling these issues from a social science or art point of view. (Rushkoff talks about liberal arts).

Writers, journalists, movie makers, artists and others have an important role to play. We can communicate and understanding what is going on from a non-engineering or financial perspective.

It’s a complex, deep essay. You may find it too much to absorb in a single reading. I’ve come back to it a few times.

A disappointing omission is that Rushkoff fails to make a connection between this and evidence that our digital lives make us less happy.

Take back control

One thing we can do to mitigate the problems is to take back control of our online experience. If you like to spend less time bathing in what is, if not a toxic soup, certainly something less than ideal.

How to fight back? First, do all the obvious hygiene things. Quit Facebook, choose apps and operating systems where there is room for privacy. Use alternatives to Google.

Embrace openness in all its aspects, not only Open Source software. Be wary of products like Android which are surveillance tools with a little usefulness thrown in.

Be especially wary of ‘free’ services. The price you pay may be far higher than you think.

You don’t have to learn to code. Indeed, unless you have an aptitude or an urge to do so, I recommend you don’t. People like you can read more printed books instead. But when you do, write and talk about your experiences and ideas.

Declare independence

Try to develop an independent online presence. One that isn’t part of a commercial data collection operation.

Learn how to use WordPress. Write a blog instead of posting articles on Facebook or Linkedin. Share things. Investigated ideas like the IndieWeb or Microblogging, both are refreshing. Build links with humans, not corporations or bots.

Rushkoff’s optimistic finishing points echo those broad ideas, even he dresses them in different language. The key here is to seize back as much control as you can.

You’ll be happier.

For the last month Duck Duck Go has been my default search engine on my computers, tablets and phone. It’s not the first time I’ve tried this experiment.

Unlike other search engines Duck Duck Go doesn’t track your searches. You’ll see advertising based on your search terms, but they don’t relate back to earlier searches. Nor are they based on your recent web activity elsewhere.

This is a different business model to Google which attempts to build profiles based on your activity. Google doesn’t just track your searches; its tentacles are everywhere. By some estimates three-quarters of all websites report your habits back to Google.

Stalker

This explains why some advertisements stalk you as you navigate the web. In my case it can be surreal. I write about technology, so let’s say I research a story about software defined networking. If I do a lot of researching advertisements for SDNs can dog me for days after. They may drop off, then return later.

While a lot of people don’t care about privacy in this way, others are concerned.

The vast amounts of data Google collects are enough to identify an individual. Thanks to the ability to read most emails, Google knows where you live, what you do and can make assumptions about how much money you earn, what you spend and who you vote for.

Google reckons

Away from privacy, the Duck Duck Go approach has another advantage. Because Google thinks it knows about you and what you want, it uses your profile to send customised search results your way.

This can be useful. It can also be a problem. It means Google searches are not neutral. If I search for a certain term, I may not get the same answers as you.

This isn’t always helpful in my work as a journalist. If I’m doing background research I want the best quality information. There’s no way of knowing that Google’s filters give me that. With Duck Duck Go I would see the same result as you.

Duck Duck Go tricks

Duck Duck Go has a couple of tricks up its sleeve which I find helpful. Let’s say you want to know more about someone you meet on Twitter. Type their address into the search bar and you get a result like this:

Duck Duck Go social media search

The last time I tried Duck Duck Go, I found there wasn’t enough depth of coverage. In particular, it didn’t do a great job of finding New Zealand-specific material.

This hasn’t changed, or if it has changed, it hasn’t changed enough. It can still be frustrating to use at times. During the last month there have been few working days where I didn’t need to switch back to Google to handle a specific search.

Away from New Zealand searches, Duck Duck Go does well enough. It is better than before. One Google feature I miss is the ability to restrict the search to Google News. This is useful for getting straight to publications avoiding sites that are trying to sell things like, say, software defined networks.

Google often seems to be more interested in delivering me to sales outlets than information services. Duck Duck Go doesn’t have a news filter, so a search for SDNs means I have to wade through lots of sales sites to find more independent information. It would be great if a news search was an option.

Bang Bing

What the search engine does have is something called bangs. This is a shorthand way of restricting a search to a single site or organisation. So, if I want to look on Bloomberg for information about SDNs, I type:

!blmb software defined networks 

This doesn’t always work. My search shown here drew a blank. When I tried the same search using The Economist bang, the browser couldn’t open anything, not even a 404 page.

When I last wrote about Duck Duck Go, I mentioned that I returned to Google because… well it looked as if it was more efficient and finding what I need.

It often still is. Not all the time, but a lot of the time. It depends on what I’m searching for. At other times Duck Duck Go does a better job. The site uses data from Microsoft’s Bing search engine, which, can be just as disappointing.

Duck Duck Go still isn’t the best choice for most searches, but it is a more private choice.

New Zealand Public’s Support for Data Analytics

New Zealanders don’t like welfare agencies using personal spending data from credit card or insurance to verify benefit claims.

The 2017 Unisys New Zealand Security Index found only 42 percent agree with welfare agencies accessing this kind of information.

It’s not just welfare. Even fewer New Zealanders support the tax office collecting similar data to verify income tax returns. Just 21 percent think this is OK.

Researchers found the most positive government use of analytics is with border security. Allowing border security officers to analyse the travel history of passengers and their fellow travellers to decide if they are eligible for fast-track border clearance gets a tick from 57 percent of New Zealanders.

Sharp insights or nosy parkers?

Business use modern analytics and big data. They see it as a way to pluck customer insights from masses of messy-looking scraps of information. It gives them a short cut to the consumers most likely to buy their products.

Governments use big data and analytics for social policy and security reasons. Marketers also love the technologies. Used well they can boost sales and reduce marketing waste.

It turns out New Zealand consumers are, at best, luke-warm, about that idea. We don’t like marketing department computers sifting out personal data. Most of the time we are not at all happy with sharing information.

Unisys found a majority, almost two-thirds, of New Zealanders do not like data analytics being used to sell goods and services to them.

Lack of trust with banks

Researchers found 64 percent don’t want their bank to monitor their spending habits to offer related products such as insurance for items they have purchased.Shop workers using face recognition glasses to identify loyalty programme members gets a thumbs down from 62 percent of New Zealanders.

Richard Parker, Unisys Asia-Pacific vice president financial services says: “While they may be trying to improve the customer experience, if businesses cross the line and appear to invade customers’ privacy by revealing that they know more about them than what the customer has knowingly shared, it just turns the customer off.

“Technology alone is not enough. It must be used in the context of understanding human nature and cultural norms.”

This is part of a series of sponsored posts about the 2017 Unisys Security Index New Zealand.