
VPNs Are Absolutely a Solution to a Policy Problem - mobitar
https://journal.standardnotes.org/vpns-are-absolutely-a-solution-to-a-policy-problem-3b88af699bcd
======
mundo
Well allow me to retort.

This article is saying, basically, that the tendency of ISPs to try to
monetize user data is a natural consequence of capitalism, and trying to curb
that tendency with legislation is ineffectual compared to the _real_ solutions
(fight monopolies, and everyone use a VPN).

I don't buy it. Roughly the same argument could be made about virtually any
regulation. "Corporations are incentivized to pollute, so there's no point
trying to stop them. Buy a water filter." "People will always try to get
heroin, so there's no point in restricting it. Get some naloxone." Damn near
_every_ regulation is an attempt to counteract some profit-motivated tendency
which is the unfortunate consequence of capitalism. And as regulations go,
user data is a lot easier to regulate than drugs or pollution.

"Just get a VPN" might be good advice for individuals, but it is emphatically
not the society-wide solution to data privacy. We can and should continue to
fight for good legislation that protects us.

~~~
dkhenry
I think you missed the authors real point. The selling of data isn't the
policy you need to fight. The monopoly power of ISP's is the problem you must
push back on. The author has rightly pointed out that regulating your way to
your goal is not a solution. He is advocating for a free market solution which
is much more robust then one that hinges on the right people being in power
for all eternity.

~~~
dreamcompiler
Completely agree. Monopolies are the problem. Capitalism is a delicate system
and, unregulated, it leads to monopolies. That's why capitalism _needs_
regulation -- not to pick winners, but to ensure healthy competition. This is
something Republicans seem to be willfully obtuse about. Capitalism without
regulation is like a football game without referees.

~~~
hackeraccount
Regulations destroy competition. Sometimes that's a sacrifice you want to make
- do you want an unregulated drug market or would you reduce the number
participants with burdensome regulations? - but I don't think you can regulate
your way to competition. Or to lower prices.

~~~
droopyEyelids
US history is rife with examples that contradict you. (anti-trust regulation)

Regulation is a tool, and it does more or less what the tool user intends it
to.

~~~
mtanski
I'm going to object to the "more or less what the tool user intends it to".
Our economy and political system is chockfull with examples of unintended
consequences. Both majority parties are guilting of this.

------
wavefunction
The only thing is, I shouldn't have to pay for a VPN to continue enjoying some
measure of privacy when I'm paying for the ISP's service. This is just some
MBA's "great idea" to "leverage previously untapped revenue sources" rather
than a real need by struggling firms grasping at any life-line.

It's disgusting, and I'm disgusted (_yet again_) by the mercenary Republican
Party. They are declaring war on me and my loved ones and the vast majority of
our fellow Americans and anyone else unfortunate to have to use an internet
connection in the US (and live under the rest of their insane policies).

For the record, I signed up for a personal VPN two weeks ago because this
anti-consumer outcome was assured with the current party in power in the US.

~~~
wonder_er
it's not a republican/democratic split. Both parties are working together to
screw over you and your loved ones.

Its a "has power" vs "doesn't have power" split.

The Democrats are just as culpable as Republicans. Don't give either party a
pass.

~~~
arca_vorago
Yet people will cry "whataboutism" while ignoring the fact that just because
no D's voted for this, it's just one of many pendulums in which they both take
fucking turns doing the same thing. On that next peice of legislation, all D's
vote yay and no R's, so it's obviously the D's fault!

Congress is completely corrupt. They don't write legislation, k-street does.
They don't read legislation they pass. When confronted, they waffle about
benefits to corporations being beneficial to their constituents. Almost all
are in violation of their oath.

After much deliberation I think reprent.us has it right, the only way for us
to take of this issue is for a new rallying cry to elect third-parties and
indepedents to take away the majorities of both parties. (which is also how we
get an independent or third-party elected president by taking the 270 votes
away from both parties and the vote goes to the house).

We need to stop letting people push the farcicle duverger's law as if it's
irrefutable fact, because it's not.

~~~
matt_kantor
I think you meant [https://represent.us](https://represent.us).

------
eterm
I'm not sure how VPNs are a solution.

Politically, it means that people who should be getting angry about reduced
privacy are "comfortable" with the fact they can work around it, while a new
generation grows up with fewer and fewer expectations of what privacy means.
It's short term protection in return for normalization of anti-private
behaviours and long term damage.

But I also have a problem with it technically:

Issue: You don't trust ISPs to not sell browsing history.

Solution? Provision a virtual server, set-up a VPN and tunnel.

But your server still has a service provider. It might not be literally tied
to your billing information but that was never going to be anyway.

You've shifted which ISP gets to sell the data from "home provider" to
"virtual server provider", but there is still browsing data isn't there and
it's just as valuable from a private single-use VPN as it is from your home
connection.

~~~
xraystyle
> But your server still has a service provider. It might not be literally tied
> to your billing information but that was never going to be anyway.

The idea is to use a VPN provider that keeps no logs and runs many concurrent
connections NAT'd behind the same public IP address. That way your traffic is
mixed in with everyone else's who's using the service and provides you with an
additional layer of anonymity.

~~~
subway
You might not realize just how easy it is to track users behind NAT.

You might also not realize just how shady and willing to sell you out many of
these VPN services are. They tend to be un-audited, un-regulated.

~~~
drakenot
I don't realize it. I'm genuinely asking, how are users behind a NAT tracked?
Browser fingerprinting?

~~~
swinglock
That would be one way. In the VPN provider scenario if the ISP can snoop on
both the incoming and outgoing traffic that can correlate the two by analyzing
the timing and packet sizes. This is how Tor can be defeated as well but it's
much simpler to do to a VPN service since they prioritize speed over privacy
more than Tor.

------
alistproducer2
So I was a call-in on NPR today
([http://www.wbur.org/onpoint/2017/03/29/internet-privacy-
cong...](http://www.wbur.org/onpoint/2017/03/29/internet-privacy-congress))
that discussed the ISP privacy issue. I brought up the crowd funding
initiatives to buy Republican's info as well as the Democrat's unwillingness
to make use of this issue. The call-ins were unanimously against what the
congress did.

edit: Here's the GofundMe trying to raise money to buy their Internet history.
Something tells me this dude is going to run off with the money though

[http://resistancereport.com/resistance/crowdfunding-
lawmaker...](http://resistancereport.com/resistance/crowdfunding-lawmakers-
internet/)

~~~
bluetidepro
These "jokes" are already getting incredibly stale and silly. I don't get it
at all. A provider is not just going to let you come in, even with say a
billion USD, and buy X individual's data. That's not how it would work at all,
this is not just like some sort of self-checkout to get someone's data.

And even if it was remotely like that, I can guarantee you that the providers
will go to lengths to make sure they didn't just lobby millions (speculating,
of course) to get this through and then throw the same congress members under
the bus that they lobbied to and then hand out their data to get them in
trouble with the public.

~~~
cortesoft
No, they can't buy X individual's personal data.

However, they can do what everyone else does; buy anonymized data for the area
person X lives in. They can then use countless techniques (that have been
demonstrated repeatedly) to de-anonymize the data and find out about person X.

~~~
bluetidepro
What I'm getting at is even if they did try to use the method you described, I
highly doubt they would even include that data of those congress members. I
bet they blacklist users in situations like this. They are not just going to
give that sort of thing out via a sell. Even if they law ALLOWS them, doesn't
mean they sell to anyone with money.

This is what UK members of parliament did with a very similar bill, where they
exempted themselves from the law itself: [https://www.independent.co.uk/life-
style/gadgets-and-tech/ne...](https://www.independent.co.uk/life-
style/gadgets-and-tech/news/investigatory-powers-bill-a7447781.html)

All-in-all, I think if you donate any money towards these crowdfunding
initiatives, you might as well burn that money because it's not going to get
people the info they think they are going to get. ¯\\_(ツ)_/¯

~~~
Zigurd
Now you are being over-optimistic about ISPs' sophistication. If I wanted data
to target white renters, I can get it as long as I don't do it wearing a klan
hood. A data set encompassing legislators is for the most part a data set of
lawyers with some special characteristics. It could be a subset of data you
can buy, or it could be assembled as a mosaic.

------
slg
>Other articles have argued that VPNs are not a solution to a policy problem,
because you can’t necessarily trust a VPN provider, or some VPN providers
don’t encrypt your data properly. That may be the case, but that’s an easily
solvable problem. And there are no monopolies on VPNs. This is something that
a market economy can solve in a year.

It has been a few years since my Econ 101 class, but I suggest the author
Google "market for lemons". Users have no way to verify the intentions of VPN
providers as there is natural information asymmetry. Trust is not an issue
that market economies have come up with a good solution to fix. The solution
we often use ironically enough happens to be policy and regulation. So maybe
this is a policy problem.

~~~
wonder_er
The market has come up with a great solution to some trust problems, like
Underwriter's Laboratory. A group of experts certify any device that will have
their stamp of approval.

[https://en.wikipedia.org/wiki/UL_(safety_organization)](https://en.wikipedia.org/wiki/UL_\(safety_organization\))

There could be an identical service for privacy/internet tech. There isn't,
but I'd trust an "Internet Underwriter Laboratory" group way, WAY more than a
group of politicians.

~~~
slg
Which is a regulatory solution. I don't know the specific history of UL, but
the most common way these type of agencies are created is by the government or
from within the industry out of fear of government regulation.

~~~
wonder_er
Read over UL's history [0]. It was started by a private individual, and is a
for-profit company with huge reach and sets safety standards for devices in
many, many industries.

So, while I can't speak to how these things _normally_ come about, this is a
compelling example of self-regulation entirely outside of the scope of the
government.

[0]
[https://en.wikipedia.org/wiki/UL_(safety_organization)#Histo...](https://en.wikipedia.org/wiki/UL_\(safety_organization\)#History)

------
loteck
Everybody is right. It doesn't have to be either-or.

You can select a paid VPN service that helps protect you from specific
adversaries. You can roll your own VPN on your own VPS that helps protect you
in some use cases.

You can, and should, advocate for good privacy policy.

------
nawitus
"That may be the case, but that’s an easily solvable problem."

So, how is that problem solved? I can't see what VPN companies are really
doing inside their stack. They might very well be logging everything and I
have no way to find out other than to "trust them" \- so there's no real
market mechanism to choose a VPN provider which doesn't log anything.

I suppose it could be in the contract.. so does VPN contracts have a clause
like that, and how is it enforced?

~~~
M_Grey
The counter-arguments:

A VPN that sells your information and eventually, inevitably is caught, will
lose their entire business. Meanwhile they can make a perfectly good profit
just... providing the desired service. There are also people who take the time
to investigate these various services, and you can do some work to find one
that meets standards you deem to be acceptable.

There isn't going to be a perfect solution here, but the issues with VPN's are
really not the issues you raise. My concerns are: Google and other major sites
endlessly pestering VPN users with CAPTCHA requests, or the government
actually making them illegal. Your concerns are largely answered by
researching which product you're willing to buy, not unlike all other similar
decisions in life.

~~~
and0
This argument, applied to any industry, is so tired by now.

Yes, a VPN company caught selling info would crash and burn. The invisible
hand would ensure this, etc etc. But only if they got caught, and even then
it's not like there would be any actual legal punishment (outside of a lawsuit
if they were contractually obligated to not sell the info, I guess). And if
selling that info meant double the profits, I doubt the owners who were
willing to lie to their customers would feel all that bad or embarrassed.
They'd probably also be shameless enough to re-brand.

And all that is ignoring the fact that with VPNs privacy becomes a privilege
only to people who can a.) afford it and b.) understand how to use it. And
finding a VPN that won't sell your info on the side requires the time and
know-how to research it, not to mention even considering that a VPN might sell
your info requires interacting with news orgs or people who might bring this
concept up.

Chalk this up as another "HN readers don't realize most people don't read HN",
color me surprised.

~~~
M_Grey
Except that those "most people" are the ones who are directly responsible for
electing the current crop of leaders who have put us in this position, so I'm
running a bit low on universal love and compassion, sue me. Moreover this is,
as others have pointed out, not a new loss of privacy, just a new monetization
of the existing loss of privacy.

So yes, there are better solutions involving the law, but unfortunately the
innocent lambs you're defending are the ones calling us nerds and buying IoT
junk!

~~~
and0
Those "most people" also elected the bunch that put the law there in the first
place. But it wasn't a campaign issue for either side, so it seems silly to
bring up. This is a consumer protection / rights issue and the best way to
handle it is clearly through policy, the free market won't do well for the
vast majority of people _especially_ in the ISP industry.

------
danellis
"Companies selling your data is nothing new—Facebook and Google have been
doing it for decades."

Is there any evidence for this? I'm pretty sure that in the case of Google, at
least, it's a flat-out lie. In fact, they state in massive letters: "We do not
sell your personal information to anyone." ([https://privacy.google.com/how-
ads-work.html](https://privacy.google.com/how-ads-work.html)) Who would they
even sell it to? They're at an advantage having that data themselves.

~~~
ballenf
You're right: selling the data would be selling the golden goose. Instead the
data is milked for all it's worth by pimping it out to advertisers.

~~~
danellis
I'm not sure what "pimping out" means if not "selling".

Google runs the ad network, so they don't have to sell or "pimp out" personal
data to advertisers. They use it themselves to make sure the ads are being
seen by the people the advertisers want them to be seen by.

~~~
ballenf
Google doesn't sell an indexed list of users and their interests: you can't
buy the data and then use it how you want.

But, yes, pimping it out was just hyperbole for renting it for particular,
well-defined purposes. But even that doesn't convey the fact that advertisers
never have full access to the underlying data itself. They can specify the
market demographics desired and google or any other ad network delivers the
matching eyeballs.

------
int_19h
Allow me to rephrase this entire debate in terms that might sound more
familiar.

Point: Locked doors and a shotgun under the bed is not a solution to the
violent crime problem. We also need laws, and police to enforce them.

Counterpoint: Locked doors and a shotgun under the bed is absolutely a
solution to the violent crime problem. You can't rely on laws, because they
can easily go away with a stroke of the pen.

~~~
M_Grey
Most of us: I lock my doors and might have a gun just in case, but I recognize
the value and role of laws. In the real world we have to accept that we need
to defend ourselves, and also act collectively through politics and law to
protect each other.

~~~
rhino369
Actual most of us: I let Google and Facebook rummage through my underwear and
dick pics in exchange for 50 cents worth of free server usage a month. I also
stare at hours of advertising a week to get free TV.

~~~
M_Grey
I won't deny that FB has a huge userbase, but no, that's still not _most_ of
us. In addition, broadcast tv isn't shitting the bed because people aren't
tired of the deal you've described; they're just cutting the cord.

------
jkern
Instead of using a VPN I think I'm just going to create a script that randomly
requests various websites 24/7\. So don't cut off the signal to your ISP just
drown it in a lot of meaningless noise

------
Nightshaxx
As great as this is, it brings up two problems:

1\. VPNs are slow: They will never get widespread adoption because people pay
for internet speeds and want them. Not to mention many people use internet
that is so slow that VPNs are just not viable. I try to use a VPN at least
when I go on public WiFi, but I've been to hotels were the service was so slow
that the internet would just not work while using a VPN.

2\. The article encourages ad blocking. The problem is that a lot of the web
relies on ad revenue. Content doesn't just produce itself without funding.
Yes, most content creators are finding alternate means of getting money, but
we still need to keep in mind that this is an issue.

Therefore, while VPNs and Adblockers can help, I just don't see them as viable
enough strategy to take down the ISPs. You are both slowing the user's ability
to get content and the creator's ability to make it. Yes, the privacy focused
community can use these tools, but everyone knew we liked privacy already. It
isn't until the mainstream users speak up or do something that we can get
stuff done.

------
ebbv
This article is really bad. On the one hand it says government is unreliable
and therefore it's hopeless to regulate. Then it immediately argues we need to
break the ISP monopolies (which is true.) But why are there monopolies? It is
because the ISPs collude not because there is regulation stopping new ISPs.
Google and Verizon both dipped their toes in and gave up on providing wired
access to the home.

The only way to break the monopolies is with government regulation forcing
them to share the lines, because running the lines is the very costly part
that stops new ISPs from competing.

~~~
and0
I see this doublethink all the time. The government is both all-powerful and
cunning, but also inefficient and inept.

------
silveira
Please, at least give credit the artist creator of the illustration, Josan
Gonzalez.

[http://f1x-2.deviantart.com/art/Robo-President-K3n3-DY-
IV-62...](http://f1x-2.deviantart.com/art/Robo-President-K3n3-DY-IV-628607986)

------
Lagged2Death
_And it’s so damn lucrative that ISPs are crying, No fair! I want a piece of
that too! Are they not entitled to pursue such an opportunity?_

If they give me the broadband access _for free_ then I might feel some
sympathy for this line of argument. At 97% profit margins, not so much.

Funny how "entitlement" can be a positive thing when it describes a rich,
powerful entity but a negative thing when it describes someone or something
more ordinary.

------
manor
Classic libertarian fallacy: “every resource should be managed by markets and
every problem solved by the marketplace”. Except, the Internet is not a
commodity, it’s infrastructure: it’s not a car, it’s the road. For consumer
fluff — sure, go the libertarian route (“shop around”), but for things that
really matter, like infrastructure and healthcare, don’t look for trivial
market-based solutions…

------
pkulak
Does anyone know of some kind of appliance I can sit in front of my router
that will put all the traffic in my house through a VPN? I run OpenWRT, so I
think it's possible to do it there, but I think it would be easier to make it
it's own thing.

Whitelisting would be nice too. Netflix video traffic, for example, would be
nice to not put through another hop.

~~~
teknologist
You could grab a Raspberry Pi and set up a PiVPN.

[http://www.pivpn.io/](http://www.pivpn.io/)

~~~
pkulak
Thanks!

------
Overtonwindow
Just getting a VPN is like a teacher telling a bullied student to "just ignore
and move away". Sounds great in theory, but really doesn't work for everyone
in the real world. Some day, when wireless solutions get really good, or the
cable monopolies are broken, pro-privacy will be a selling point.

------
hluska
I enjoyed this article until I came to this paragraph:

> Other articles have argued that VPNs are not a solution to a policy problem,
> because you can’t necessarily trust a VPN provider, or some VPN providers
> don’t encrypt your data properly. That may be the case, but that’s an easily
> solvable problem. And there are no monopolies on VPNs. This is something
> that a market economy can solve in a year.

That's where the author lost me. Building a secure VPN is different than your
run of the mill SAAS - it's a difficult security problem, and an incredibly
complicated user problem.

On the security side, it isn't hard to make a mistake that will give motivated
parties the hole they need to crack the VPN. On a business side, it's hard to
know which companies have received lucrative deals (or national security
letters) from three letter agencies. And from a communications side, it's
damned near impossible to let the whole world know that VPN Provider A
collects data for a three letter agency.

Sorry to say it folks, but this is an area where we either need wholesale
political change, or technological change. I'm Canadian, so I can't help you
with the first one and I'm not even remotely qualified to help with the
second.

------
haddr
Couldn't disagree more with this article. VPN is a solution to a policy
problem until policy makers forbid VPN to enforce their core idea in the first
place. (e.g. see United Arab Emirates for some restrictions of VPN use)

~~~
aseipp
Didn't you read the "Big Book of Internet Rules"? All you have to do is say
the words "Virtual Private Network" 3-times-fast in the bathroom mirror of The
Courthouse, with the lights off. The judge is then required to let you go and
drop any pending charges. Those are the rules!

That's right folks: the overwhelming power of the state to enact actual policy
that can impact millions of lives? It crumbles before the power of my 1ghz
Atom router. It has AES-NI, after all. That's, like, impossible to beat.

------
Exuma
In my home, Comcast business uses IPv6. So far, no VPN supports this, and I
haven't found proper answers on how to handle this?

I've heard I can just "disable IPv6" on my Mac, but I don't know the full
implications of this. If anyone has any input I'd appreciate this, because
then I would use a VPN all the time.

 __EDIT __Sorry I meant to type VPN not VPS, stupid typo.

~~~
jstanley
I'll provide you with a VPN that supports IPv6. Email address in my profile.

EDIT: And the full implications of disabling IPv6 are approximately nothing.

~~~
geofft
Who are you? How do I know you're not logging my traffic and selling it?

It sounds like you're in the UK - I'm a US person, if I give you my traffic,
what will courts say about my expectation of privacy?

~~~
ryanswapp
According to the Supreme Court you don't have any expectation of privacy in
information given to a third party so whether the VPN is in the US or not does
not matter.

~~~
tptacek
That's an oversimplification of the Third-Party Doctrine, particularly as
applied today.

------
mtgx
At least until they overturn the net neutrality rules, too, and then the ISPs
will be able to throttle VPN services to make them unusable. Or perhaps
they'll ask them to pay more for the "fast line", and VPNs may get too
expensive for most people.

How do you solve the problem without policy then?

~~~
dublinben
Mesh networks? Really all these technical workarounds are just band-aids on
the problem that is hostile, anticompetitive networks.

------
norea-armozel
In regards to the question of ISPs selling browsing history, how much of that
data outside of law enforcement has ever led to profitable sales from
consumers? Like honestly, I've never ever been swayed by a web advert. If
anything, they've made me disgusted with the advertiser and made me delay any
purchases. Plus, most of the web ads as they are now are just boring repeats
of the same product I've searched on Amazon or Google. No related products, no
accessories (I bought a telescope recently so I find it odd that no one is
trying to hawk eye pieces or filters for the coming solar eclipse). Just the
same dumb product I've ALREADY BOUGHT! Like I can't imagine the profit margins
on data mining are all that significant if my intuition holds true.

~~~
lancesells
How much is that data worth? Combine Google and Facebook's market cap and then
maybe multiply by 2 or 3?

We're talking about EVERYTHING you do online on your devices. It's no longer
limited to what you're doing on Google or Facebook or any other place who's
primary product is your data.

~~~
norea-armozel
Yeah so you know that I like telescopes, talking smack on Twitter, and
watching Let's Plays of Dwarf Fortress. Now, how do you monetize that? What
meaningful marketing information does that give you? You see where I'm going
with my skepticism? I'm skeptical that the data itself is useful by any
measure because in itself it does not give a marketer nor a business an
insight that they couldn't infer by more low tech means (my age, income
bracket, how often I buy things, etc all which is already in their records in
the majority of cases). None of this "big data" stuff is really that novel and
it's an attempt at modern alchemy of turning crap data into "valuable
information." Knowing the minutia of your customers or users in general won't
help you serve them nor will it help you get more of them. At some point the
supposed tacit information of the market devolves into the random noise of the
universe.

------
logicallee
I advocated for Google to please do this here:
[https://news.ycombinator.com/item?id=13983468](https://news.ycombinator.com/item?id=13983468)

I'll quote it in full:

>Hey Google, when all email providers sucked you fixed it with Gmail, you run
a DNS at 8.8.8.8, and now -- now, I think you know what you need to do now :)

>(I personally recommend you also do a web-based proxy, because who is going
to filter [https://www.google.com](https://www.google.com) now or in the
future?)

>I believe in you. You can do it!

>Counter this chilling effect today - and show more adwords as a result.
(There is no irony in this statement. I mean from web sites that opt into
adwords, not from selling VPN traffic logs.)

\----

Google, pay attention: step up to the plate. Please!

~~~
scriptkiddie95
I'm sorry but google really is not on our side. They collect just as much data
as any other silicon valley giant.

~~~
logicallee
This is simply false. Facebook collects more data, for example, and shares it
more freely with advertisers.

------
JoshMnem
> "You own the computer from which all your valuable data is generated."

That might be true at the moment, if you're using a good computer, but many
computers do not provide full access to the system, including: Android, iOS,
Windows 10. (Almost all mobile devices block root access as much as they can.)

Watch out for attempts to appify the WWW and reduce the ability of consumers
to block ads and tracking: AMP, FB Instant Articles, etc.

One of the most dangerous threats to privacy is the increasing restriction on
access to devices' hardware and software. If it isn't stopped, there won't be
any way to block tracking.

------
lexicality
I like that they say "Don’t use sites that force you to disable your ad
blocker" and then link to a Wired article.

~~~
rev_null
I'm able to read the wired article with javascript disabled. I'm not sure what
your adblocker is doing that prevents you from reading it.

~~~
lexicality
Wired became infamous for their "Here's the thing with Ad Blockers" modal:

[https://pbs.twimg.com/media/CeqLfB5WIAAPZZh.jpg](https://pbs.twimg.com/media/CeqLfB5WIAAPZZh.jpg)
[https://www.wired.com/how-wired-is-going-to-handle-ad-
blocki...](https://www.wired.com/how-wired-is-going-to-handle-ad-blocking/)

However, either they've removed it or uBlock is currently winning the blocker
blocker fight since I actually can read that article (I hadn't tried.)

~~~
JoshMnem
Try blocking more scripts (something like umatrix) and it will appear.

------
TheRealPomax
Correct me if I'm wrong, but aren't ISP already monetizing on my data by the
fact that I _literally pay them for their data services_? So no: an ISP going
"I want a piece of that behavioural profiling ads money" is most absolutely
not reasonable.

If you want to be in the ad business, stop being an ISP and go into the ad
business, but if you're providing a service and that service is internet-for-
pay, and we pay you the money you have said it costs to use your service, then
it is not reasonable for you to complain that there is more money to be had,
and you want all of it.

------
biafra
Are telephone providers in the US allowed to sell the data about who you
called when, how often and how long? If not, why not? Should be possible to
monetize that.

------
shmerl
Not a solution, rather a workaround. VPNs reduce performance, and they aren't
free either. The idea of privacy abusers is to to tax those who value it.

------
nickpsecurity
The author screws up big on the VPN vs government issue. Let me illustrate the
points made.

1\. The government's laws/policies are a threat to users' privacy.

2\. You can currently use VPN's to protect your privacy.

3\. People point out that the VPN's might lie to you willingly or under
compulsion by LEO's w/ existing surveillance legislation. The same LEO's that
Snowden leaks say compelled secret backdoors in all kinds of products and
services.

4\. "That may be the case, but it's an easily solvable problem."

Lol. If it was so easy, we wouldn't have a surveillance state or it would be
well-regulated based on GAO's reports. Instead, we do have one, VPN providers
might be compelled by it, market choice doesn't change that, and you're still
essentially hoping via a numbers game that you don't pick a bad one. This
isn't even considering the fact that ISP's beholden to US TLA's might ban
VPN's or require their assistance for decryption/tracking.

The VPN's could be a decent solution if a very popular one was a non-profit in
a non-surveillance state with protections for consumers built into its
charter, contract, whatever. People who were previously shown trustworthy
[enough] would have to operate it. The endpoints and monitoring would have to
be strong. It would need enough traffic from each country to obscure the
users. If it wasn't getting enough, they could pull trick from high-
assurance's book to do fixed-rate, fixed-sized transmission constantly from
the apps. That would get expensive on bandwidth side, though.

So, it's doable to make VPN's useful until law or ISP policies start killing
them. Just hard to evaluate who if any are doing all the above to be
trustworthy enough. For now, you're throwing dice for a probabilistic level of
protection that's hard to quantify.

------
blitmap
I think I might be a little outdated on my knowledge of VPNs, but wouldn't
they throw inefficiency into how your traffic is routed around the internet?
It's not like you're going for the most efficient exit out of the VPN closest
to your intended target, simply the one advertised as a gateway.

VPNs may be a solution to privacy issues, but the whole Internet will be worse
for it if everyone were to use one.

I wish we could quantify how much electricity is wasted just routing things
around inefficiently from VPNs. How much infrastructure must be upgraded
because of the growing use of them. Maybe this would incent ISPs to avoid
selling analytic data on its customers?

------
twhb
ISPs should calculate how much this will make them then charge us that much to
opt out. Wins all around - the ISP makes every dime they can, privacy-
conscious customers aren't abused, unconscious customers don't need to pay
more.

Hell, take it a step farther - sell VPN-like anonymization. Think about it,
your ISP is technically able to do it far better than any VPN: no impact on
speed, no impact on latency, no software required, wouldn't miss any types of
traffic, and increases anonymity just by having more customers.

If ISPs don't realize that they can make money selling privacy then they're
just bad businesses.

------
thrillgore
No, they're not. They're a temporary hack.

I really believe that engineers live with the belief that "We can work around
politics or route around corruption" that only makes us better off. There are
many more people who don't have the knowledge to work around it. No amount of
engineering is going to educate or move a change in policy. You're essentially
saying "I've got mine, so fuck you."

With that being said, given that VPNs are the only practical chance until the
software developers of the world start running for Congress, I have gone ahead
and paid ipredator for the next two years.

------
joshuas
Is there a reason that instead of using a VPN to hide our traffic we don't
just have an app that surfs randomly around the net in the background ruining
the usefulness of the data collected in the first place?

~~~
ball_of_lint
I feel like it would be very difficult to make a bot that produces history
that is indistinguishable from a human user.

------
Joeri
VPN's are a way for you to choose which provider's or country's policies you
want to be under. Obviously this can only happen as long as the powers that be
allow it. It is trivial to forbid or block all non-backdoored vpn's for
example.

A question which I find interesting is why we can't make these policy choices
in the real world. For example, choose which country's social safety net you
want and be taxed accordingly. It may be impractical, but are rivers and
mountain slopes (aka borders) really the best way to draw a line between two
different policies?

~~~
evilduck
Sounds like an indirect way to say you want to privatize social services. If a
country is "selling" you a social safety net, you're essentially just paying a
company for insurance coverage and/or a retirement savings plan.

~~~
Joeri
Well, I don't want anyone to turn a profit on it, so not particularly. The
downfall of letting people choose is that the rich end up opting out, which
undermines the system. Maybe I'm arguing the opposite, that there should be a
single global system. Or maybe I don't quite know what the right policy is,
just that the current system is nonsensical.

------
peeters
I use a VPN and agree it's a solution, but imagine this same line of thinking
were applied to telephone lines. What if tomorrow, we removed all regulation
preventing telephone providers from scraping your conversations or selling
them to the highest bidder.

How fast would the market be able to respond, and what kind of damage would be
done in the meantime?

We regulate based on the public interest. It was in the public interest to
place limits on telecom. I don't see any reason to treat the Internet
differently.

------
Glyptodon
How do I do know what VPN to trust? I guess getting my own server and
provisioning everything myself is the answer? I'm sure that'll work fine for
average Joe.

------
tomjen3
VPNs are one solution, it may even be the only possible solution, but I really
can't see it as a good solution.

It is super important to keep in mind of course that there may indeed be no
good solution, or it may be that the good solution is politically,
economically or otherwise unfeasible. In this case a good solution is
technically very feasible, but that may often not be the case.

------
myrandomcomment
I am just going to write an app to pull random (safe) items every few minutes
and poison all the data. Even better, I will have it hit news sites all over
the world in different languages and load Amazon and eBay from other countries
also. Hum, why I am at it I will have it swap the web browser agent IDs. Hey
this could be a fun project.

------
dreamcompiler
Completely agree. All we need now is for a major player to step up and say
"here's our VPN cloud and it's free to use and we guarantee it's encrypted and
won't keep logs. From now on, all our devices will use it by default unless
you opt out." I imagine meetings are already being held at Apple to discuss
this.

------
codezero
My vpn doesn't prevent my cell provider from selling my location info.

~~~
asimpletune
Does your cell provider have monitoring software installed at the OS level?

~~~
codezero
Uh. No but cell tower negotiation over LTE isn't using TCP/IP which is all the
VPN has power over. Or am I really confused? The LTE radio is totally
independent of internet protocols and can be tracked by cell providers since I
must connect to their tower.

And maybe. I don't control the carrier firmware.

------
nu2ycombinator
I am trying to understand here, what more information ISPs can get other than
they have access now? Does this policy let them do man middle attack? Can they
access my SSL internet data too?

------
peteyPete
Federal statute known as 18 USC Section 1702 makes it illegal to open
correspondence addressed to someone else. I don't know that the mail services
keep statistics of where mail comes from and to, although they likely do, but
regardless, they don't get to know what the content is. They don't get to know
what I buy from Amazon.. But they do know I shop at Amazon because they see
the boxes. ISPs might be able to know you hit these servers but they shouldn't
be profiling you based on all your browsing data.

If another person can't open your mail, then why is it so hard for lawmakers
to understand that this adds up to the same? You route my mail/traffic,
doesn't give you the right to spy into the contents of it, to know what I buy,
what media I consume, what my hobbies are, how often I check my bank balances,
whether or not I'm left or right leaning based on the news I consume, whether
or not I'm shopping for internet at competing ISPs... List goes on. Imagine
the depth of the information an ISP can build on you if they have all your
browsing information.

The lack of respect shown towards the people who have made these companies
possible by buying their services is appalling. And the fact that they keep
competition away is even worse.

Provide your services and stop trying to suck in every penny from every
potential revenue stream possible.

To make a comparison, just because my car has GPS, doesn't mean the
manufacturer should track and sell my location and build a megacorp ads
company to interrupt my radio and force me to listen to ads for businesses in
my direct vicinity.

Just because you make shoes, and you could integrate piezoelectric energy
capture devices, doesn't mean you should integrate tracking devices into
people's shoes so you can sell the data to who ever wants it.

Just because you provide a service and because you've squashed competition by
lobbying for everything which gives you monopoly, doesn't mean you should drop
all sense of right and wrong.

There's countless business models which could abuse data collection and make a
few extra bucks, but they don't. Because you don't always have to be a dick.
Because at the end of the day, a businesses image should still be important
because it is USUALLY what decides if consumers will keep on buying from them
or not.. Unless there's no competition....

This by itself is big enough although some will argue its not a big deal. But
once you remove all protections, you have no clue how far they'll go and once
they go there, its harder to backtrack.

~~~
dragonwriter
> If another person can't open your mail, then why is it so hard for lawmakers
> to understand that this adds up to the same?

They understand, they just are rewarded by those with a financial interest for
treating the cases differently.

------
matt_wulfeck
It's not a solution for one simple reason: policymakers can create a "policy"
that simply makes them illegal. They don't have to defeat them on
technological grounds.

------
doggydogs94
I just wish that my bandwidth did not drop so bad when I use a VPN.

------
Stephen-E
Any recommendations for a secure, fast and reliable VPN service? I'm in the
US. Use would be for privacy, especially in the face of yesterday's vote.

------
innocentoldguy
I prefer to tunnel my traffic through an SSH tunnel. VPNs are OK too, but SSH
does what I want, and I can control it.

~~~
gricardo99
Could you provide a few more details on how your setup works? You SSH tunnel
to where? Your own cloud instance?

~~~
innocentoldguy
Sure.

Basically, I set up SSH on a server somewhere (I actually have many), and a
local SSH key (I don't use passwords with SSH). The SSH server can be a cloud
server or a physical one; it doesn't matter. Then, I create an alias in my
.zshrc or .bashrc configuration file to easily create a tunnel to that server,
like this:

alias <alias_name>="ssh -D 8080 -f -C -q -N <username>@<host>"

Then, I go into my network settings and create a local SOCKS 5 proxy that
points to the port I'm tunneling through (8080 in this case). Once I've done
this, everything between me and the remote server is encrypted, and it appears
that I'm browsing from the remote location. This works well for services that
are not available in my country, as long as I can set up a server in the
country I want to appear to be coming from.

If you want to keep the SSH tunnel open all the time, you can use autossh,
like this:

autossh -M 20000 -p <port> -D 8088 -f -C -q -N <username>@<host>

------
spangry
While using VPNs might protect your privacy in the short-run, it's just a
continuation of the privacy-invasion arms race. And it's kinda hard to win a
tit-for-tat war when your opponent has an unlimited supply of 'tat', and a
whole bunch of armed, well-trained dudes they can send round to your house
when you don't comply with their newest rule.

\- The US government tries to restrict 'strong' crypto --> people print PGP
source code on t-shirts and the government eventually has to accept SSL/TLS.

\- The government starts capturing information directly off devices (using
regular search warrants etc. --> people start using encryption (e.g.
truecrypt, veracrypt) and large device makers respond to consumer concerns by
encrypting by default.

\- The government starts MiTM'ing everyone's traffic at the ISP and online
service provider (e.g. google, microsoft) level, using their newly created
pseudo-court, secret warrant process (FISA) --> people start using VPNs.

\- The government starts talking about key escrow, banning encryption.....

You can't eradicate a disease by just treating the symptoms as they pop up (in
ever increasing severity). If you do this, you'll die. You have to attack the
disease directly (and, in many cases, first convince people that they really
are ill). So far, we've made one attempt at the direct approach by 'engaging
in public discourse'. It's clear this is not effective in this case.

I doubt protesting in the streets would make much of a difference either, if
the lead up to the Iraq war is anything to go by. Consider these two quotes
from the previous thread (the second is mine), as just one example of the many
possible actions that could be taken:

 _" The Video Privacy Protection Act was passed after Supreme Court nominee
Robert Bork's rental history was leaked to a newspaper."_

and

 _" I've always liked the idea of using the copious public video of these
politicians to train voice and face recognition NNs, specifically targeting
anti-privacy politicians. Maybe even sell pre-made raspberry pis with all of
this stuff preloaded for journalists to scatter around places that politicians
congregate.

I think it's only fair that these folks get to be the first ones to live in
the kind of world they are creating. And none of them should have a problem
with any of this, because I'm certain none of them ever do anything wrong and
therefore have nothing to hide."_

Although one always tends to like one's own ideas, I think this idea has
merit, because:

\- It's low effort compared to organising protests and then getting everyone
to take to the streets

\- It directly attacks the source and (assuming you aren't sent to a Federally
funded leisure resort for your efforts), creates a 'heads I win, tails you
lose' situation: they either pass laws to stop this kind of privacy invasion,
or we end up with a long-term selective pressure against anti-privacy
politicians. Everyone has secrets...

\- It directly educates the public about their "illness" (through example). It
shows them exactly how their life could be in the near future if they don't
start paying serious attention to privacy issues. If a bunch of angry nerds
can pull it off, imagine what the NSA and CIA are capable of...

The time for 'reasoned public discourse' and 'teching around the problem' is
well and truly over. It doesn't hurt to do these things, but it does no good
in the long-run either. More drastic measures are required.

~~~
scriptkiddie95
Somebody needs to put on a black hat and target the congressmen/women and the
senators that passed these bills. Release all their internet history, indexed
and everything. Put it on some platform like wikileaks.

Crowdfunding some guy to do it is not the answer. We can not trust him.

------
XnoiVeX
How many of you actually read the original FCC document? :-)

------
893helios
Technology is rarely a solution for a socio-ecnomic issue.

------
clvx
Ok, can you route every connection(besides the vpn one) from an iphone to a
vpn gateway?

If it isn't possible, anyone can explain why?

~~~
SCHiM
Seems very easy: [https://www.howtogeek.com/215730/how-to-connect-to-a-vpn-
fro...](https://www.howtogeek.com/215730/how-to-connect-to-a-vpn-from-your-
iphone-or-ipad/)

I don't have and iDevice so I don't know for sure, why do you think this'd be
a problem? Or am I misunderstanding your question?

~~~
clvx
Yeah..thanks for the info. I got it wrong. There's no built-in support for
openvpn in iOS.

~~~
eligundry
There sorta is. Install the OpenVPN app, load your ovpn config, and connect.
After you do that, there will be a VPN option on the homepage of your settings
that will use the connection automatically and will keep you connected when
switching networks.

Source: Figured it out over the weekend and have been pleased by it for the
past few days.

