VPNs: What They Are, and Why You Need One

Are you concerned about your online privacy and security? The first thing you should do is use a VPN service. They’re effective, affordable, and easy to use. There are plenty of effective options that cost between $3 and $10 per month.

If you’ve been thinking about using one, now’s the time. Privacy is an important issue that we become more aware of as it’s taken away. You’re losing more of it day by day, and today you can do something to take it back.

In this article, I want to let you know how precarious your online privacy has become, outline how a VPN can help, and examine how well popular VPN services are doing with the issue.

Let’s get started by looking at the fundamental concepts of VPNs.

What Is a VPN?

When you use the Internet, you are identified by your IP address. It’s assigned to you by your internet service provider (ISP) and used by them to send back the information you request, such as web pages. They can also use it to make a record of every website you visit.

As you surf the Web, each packet you send contains your IP address. When you realize how much about you can be learned from that simple piece of information, it’s scary!

An IP address can reveal your location and ISP. It’s logged by most of the websites you visit, and over time, they can associate it with other personal information you supply, such as your name, phone number, and address.

When you type in the address of a website, a DNS server is queried so that you can be directed to the IP address of that website. By default, that DNS server belongs to your ISP. They create a log of all of your DNS queries to create a complete history of your web activity.

As you can see, the Internet is not a very private place.

A virtual private network, or VPN, protects your privacy by routing your traffic through a third-party server. Everything still goes through your ISP, of course, but it’s encrypted.

That means they can see that you’re connected to a VPN, but that’s all. Even your DNS queries go through the VPN server so they don’t know which sites you visit.

On the other side of the connection, all traffic is associated with the VPN server’s IP address, not your own, and that address is likely to change on a regular basis. Your web activity is visible, but your identity isn’t. There’s no way to trace that activity back to you.

Privacy Is the Primary Reason to Use a VPN

Maybe you feel like you have nothing to hide, but that doesn’t mean that others should be able to create a complete log of everything you do. You wouldn’t be comfortable if I followed you around recording everything you say and taking photos of everything you do. You’d find that creepy.

The same goes for our online activity. We shouldn’t feel that Big Brother from George Orwell’s Nineteen Eighty-Four is looking over our shoulder.

The way most of the Internet works today would be considered intolerable if translated into comprehensible real-world analogs, but it endures because it is invisible. — Signal.org

But that sort of tracking has become pervasive. In fact, in some parts of the world it’s a legal requirement. Some governments require ISPs to log your entire web history and provide government agencies and other authorities controlled access to it.

What’s the situation where you live? Let’s look at the mandatory data retention laws in four parts of the world.

The UK

The Investigatory Powers Act was passed by the UK government in 2016 and requires web and phone companies to store the browsing histories of all of their customers for 12 months. They are required by law to share these records with the police, security services, and government agencies.

Chris Yiu, who leads the Technology & Public Policy program for the Tony Blair Institute, compiled a complete list of who can see where British web surfers have been. I counted 48 different agencies. Since this information is stored online, Chris also wonders how many malicious actors have also got their hands on the information.

Can things get any worse? Unfortunately, yes.

The Register reports that the list is set to expand considerably. They reference a 2020 government memorandum (PDF here) that recommends adding even more agencies.

They feel that the environmental agency, department of health, pensions regulator and others deserve to see which websites Brits are accessing. It’s comical and ridiculous that the UK National Authority for Counter Eavesdropping is included on the list.

The European Union

Browser history tracking is less of a concern in the EU. The Data Retention Directive of 2006, which allowed police and security agencies to access users’ IP addresses, email metadata, phone calls, and text messages, has been annulled.

After a landmark court case in 2014, it was found to violate human rights. “The blanket retention of data of unsuspicious persons generally violates the EU Charter of Fundamental Rights” (a legal opinion quoted by Wikipedia). The Data protection and online privacy page on Europa.eu outlines new rules that protect your personal data, and you can learn more from the Blueprint for Free Speech’s “EU Court Rules Users’ Data Can’t Be Collected by ISPs for Surveillance”.

While that’s encouraging, it’s not all good news. There are major concerns on another front: censorship.

The EU is planning to launch a content filter in 2022 with the goal of protecting press publications. We don’t yet know how it will be implemented, but it has the potential to break the Internet. In recent news, an upload filter passed into German law (details here in German). Fortunately, VPNs are also an effective way to bypass censorship.

Australia

The Australian Department of Home Affairs summarizes the data retention obligations Aussie ISPs are under, and Aussie Broadband and Comparitech spell it out a bit more clearly. Here’s what they need to retain for two years:

  • Who you called, texted, and emailed
  • When you made those calls, texts, and emails
  • Your location
  • The volume of data exchanged
  • Information about the device you use
  • Your email address
  • Your IP address

One thing’s clear: ISPs aren’t required to log our browsing history. That government web page states that “Internet service providers are not required to retain a person’s web-browsing history or any data that would amount to web-browsing history.”

But before you breathe a sigh of relief, The Guardian reports that they’re doing it anyway, quoting Michael Manthorpe, the Commonwealth Ombudsman. He warns that some telecommunication companies are logging our web browsing histories and handing it over to law enforcement when their customers are under investigation. ITNews confirms this.

Continue reading
VPNs: What They Are, and Why You Need One
on SitePoint.