PRISM is driving the uptake of privacy services, but there’s no simple solution to beating the NSA

This article was written by IVPN’s Nick Pearson. IVPN is an online privacy platform, and Electronic Frontier Foundation member, dedicated to protecting online freedoms and online privacy.

While Edward Snowden’s PRISM revelations failed to spark much widespread outrage among the general public, an apparent spike in the uptake of Virtual Private Networks suggests the online privacy market could be entering a golden period. But when commerce is driven by fear there is plenty of opportunity for exploitation and many privacy-concerned citizens may be lulled into a false sense of security over services that won’t protect their data.

In the two months after the NSA’s spying programme was uncovered by the Guardian, IVPN – the Virtual Private Network platform I work for – saw a 56% increase in sign-ups to our platform. Following this spike we decided to run a survey, asking our subscribers what motivated them to sign-up to a VPN. Out of the eight anti-online privacy programmes we listed (ranging from SOPA to the Patriot Act) PRISM came top by a clear margin, with a 28% share of the vote. These findings were backed-up from a number of other VPNs, who said they’ve also seen an increase in interest since the revelations. Not to mention the much publicized numbers released by privacy-orientated search engine DuckDuckGo, which reported a 50% traffic increase in the wake of PRISM.

The fact internet users are becoming more privacy-conscious is certainly encouraging, but readers who are technically minded may have already spotted a slight problem with the above findings: VPNs won’t protect you from the type of surveillance detailed in Snowden’s leaked documents.

PRISM involved creating backdoors into major online services, allowing the NSA to monitor the content of emails and other communications. VPNs will prevent evesdroppers from knowing where you’re located and the contents of your traffic. But they won’t prevent someone accessing Google’s or Facebook’s servers, where your personal information is stored.

But the problem goes deeper than this. Some VPNs have been disingenuously cashing in on privacy fears before the emergence of PRISM – and are continuing to do so. To understand how, you need to understand how VPNs protect your privacy beyond that of an ISP. The vast majority of ISPs operate a data retention policy of some kind. This means they store information on users, such as your IP address (which uniquely identifies you) and web logs (which record every website you’ve visited). In Europe data retention is mandated and there are some in Washington who want to take the same route. But even though it’s not written into law, we know US ISPs retain data anyway, in order to cooperate with law enforcement investigations.

VPN privacy-services supposedly offer protection from this data retention, by keeping logs for no more than a few days (or in some cases a few minutes). If there’s no data stored then it’s impossible for a VPN to cooperate with law enforcement requests to access it. Many VPN customers sign-up because they assume this is the case. But it’s frequently not. In fact, some VPNs have even worse data retention policies than ISPs. For instance HideMyAss, which is perhaps the most popular VPN on the market, retains data for two years, and this was only acknowledged after the company handed a hacker over to the FBI.

Despite PRISM being met with some cynicism by the population, the rising interest in privacy tools suggests the wider community is not quite as apathetic toward privacy as we may think. But at the same time we should not fall into the trap of believing there is a magic bullet to solve the problem of overzealous government surveillance. Even widely used, open source, tools such as TOR have their vulnerabilities. The best tools in the fight to reclaim our online freedoms are education and the support of activist organisations – such as the Electronic Frontier Foundation – in order to continue to pressure our political system and keep the issue on its agenda.

Facebooktwittergoogle_plusredditpinterestlinkedinmail
This entry was posted in Politics / World News, Science / Technology. Bookmark the permalink.
  • gozounlimited

    Cashing In On The Global Warming Scam…..When commerce is driven by fear there is plenty of opportunity for exploitation and many GW ignorant citizens may be lulled into a false sense of security over Carbon Neutral Investments that do not protect their right to emit one tonne of carbon dioxide (CO2) or financial investment…… because investors are not able to sell or trade the carbon credits they have already purchased.

    Find out how carbon credit trading works, why we think you should avoid investing in carbon credits and related markets, and how to protect yourself from what is most likely a scam…… http://www.nakedcapitalism.com/2013/11/mclaren-f1-jenson-button-one-minute-boiler-room-scams-the-next-the-remarkable-double-life-of-carbon-neutral-investments-limited-cni.html

    • gozounlimited

      Senator Barbara Boxer’s Own Experts Contradict Obama On Global Warming …. Experts called by Sen. Barbara Boxer to testify during Senate Environment and Public Works hearings yesterday contradicted President Barack Obama on climate change.

      Boxer may have envisioned her high-profile global warming hearings as an opportunity to build momentum for congressional or EPA action to restrict CO2 emissions. Instead, the very global warming activists she called to serve as expert witnesses delivered a crushing blow to President Obama’s new restrictions on CO2 emissions……. http://www.abovetopsecret.com/forum/thread960196/pg1

      U.S. justices to hear challenge to Obama on climate change ….The U.S. Supreme Court on Tuesday dealt a blow to the Obama administration when it agreed to hear a challenge to part of the U.S. Environmental Protection Agency’s first wave of regulations aimed at tackling climate change, thus setting up one of its biggest environmental cases in years….. http://www.globalclimatescam.com/2013/10/u-s-justices-to-hear-challenge-to-obama-on-climate-change/

  • gozounlimited

    Cashing In On The Global Warming Scam…..When commerce is driven by fear there is plenty of opportunity for exploitation and many GW ignorant citizens may be lulled into a false sense of security over Carbon Neutral Investments that do not protect their right to emit one tonne of carbon dioxide (CO2) or financial investment…… because investors are not able to sell or trade the carbon credits they have already purchased.

    Find out how carbon credit trading works, why we think you should avoid investing in carbon credits and related markets, and how to protect yourself from what is most likely a scam…… http://www.nakedcapitalism.com/2013/11/mclaren-f1-jenson-button-one-minute-boiler-room-scams-the-next-the-remarkable-double-life-of-carbon-neutral-investments-limited-cni.html

  • Guest

    You don’t own your own data. Isn’t this the crux of the matter? This was the statement made at that talk w/Binney and ACLU attorney at MIT that WB put up the other day (if you watched the whole talk.) Nobody seems to be analyzing/critiquing that critical piece of breach of privacy (your snail mail can’t be read, legally, but your online data is not yours to begin with.) Listen to the talk w/Binney @ MIT in full, http://www.youtube.com/watch?v=qB3KR8fWNh0#t=727 (ACLU attorney @ 45:22 talks about your data and local police issues.)

    In fact, Facebook’s entire revenue model is COMPLETELY predicated on that fact, using all of your data, as a product to sell, to anyone who wants to use it, however they choose to use it. They can sell it to a “bona fide marketer” who happens to sell it to your local police or a local drug kingpin or a foreign entity, etc. It’s not yours once you go online. (That’s what makes Zuckerberg’s insistence that “the NSA blew it” a lot of categorical chutzpah, since his lobbyists have lobbied to make sure your data is NEVER yours, and forever his to sell, making it a “product” that is tradable to anybody, NSA or otherwise.)

    Yes, the NSA is a menace, but the story is so much larger than a big black glass building in faraway, upper-class enclave of VA. The entire privacy architecture of the internet is NOT private, no matter what private enterprisers CLAIM they can do to protect your data. They can’t because the LEGAL architecture states it’s not yours to protect. (ACLU attorney at end of MIT talk gives a pitch about Twitter. Twitter is “going public” soon with the assistance of Goldman Sachs, who in and of themselves is implicated/documented in vast widespread fraud/criminal schemes, worldwide. Twitter, belongs to the same lobbyist groups as Facebook, eBay, PayPal, Google, etc. Twitter NEEDS your data to be NOT yours for their revenue streams to “marketers” to thrive, and their “public offering” to be even possible. How can an attorney not know this?)

    How is “your data not your own” problematic? Say someone runs a “theft ring” that travels from neighborhood to neighborhood, looking for targets. So, they buy datasets that are itemized by location, using software that organizes the info to determine who is the best target to rob given a range of locations (online activity log patterns, personal/location profile, work schedules, etc.) They can get that.

    I remember reading about an app that utilized as much readily personal profile information available about women to GPS their locations at any given time, using their online “profiles” to target them for assault/robbery in any given location their cell phones were indicating where they were at any given time.

    “Marketers” for mortgaging firms would want this kind of app to target people who are having difficulty paying their bills and mortgage, funneling them into “fake mortgage refinancing products,” that instead facilitate a forced foreclosure. “Marketers” for boards for neighborhood assoc would want to profile their neighbors to see who doesn’t “fit” their political voting blocks, their personal statistics that they determine inhibits/prevents their housing price targets (everyone to be white, Christian, particular income level, health statistics, heterosexual/# children,) to whatever metrics are demanded by those in power to oversee them, using the info to inform neighbors about the most “effective” methods for bullying/harassment (yes, I’ve experienced it, and I know others who have to. ACLU attorney in video @ 1:08 cites “localization of counterinsurgency tactics by local police.”) “Marketers” for the private prison lobby who want to profile datasets of those who are “best suited” to be scooped up into the prison industrial complex (to meet their “contractual fill rates” and political metrics for AG career advancement.) “Marketers” target elderly, disabled, poor…the disadvantaged and powerless from those who are already in power and seek more of it through the front auspices of “marketing” means, but really are using the datasets to target you for whatever power/money grabs they desire.

    All these things are happening, nationwide, because the “NSA data” isn’t just housed, tucked away safely in VA (or Utah, etc.) It’s everywhere and being used for whatever anyone wants to use it for, legal or not–how are you going to “have standing” in a system so egregiously flawed AGAINST the Bill of Rights that you CAN’T possibly “protect” yourself from it? And worse, in the process of trying to protect yourself, you trample on others privacy just to protect your own skin?

    The possibilities are endless. This is the big story, because it affects LARGE numbers of ordinary, but vulnerable, Americans who are being targeted for ECONOMIC ESPIONAGE (power grabs against “undesirables,” “powerless,” etc, not just from private enterprises, but individuals and groups of individuals) at home and on a scale and scope that rivals the history of the beginnings of the power/lure of the Nazi party in Germany:

    http://www.truthdig.com/avbooth/item/chris_hedges_on_christian_heretics_20131101

    http://neweconomicperspectives.org/2013/11/inside-red-pickup-truck.html

    (Yes, I know this comment is not private. It’s quite risky to speak up about this, given what’s actually happening to people as a result of their doing so. Sometimes, just stating the obvious criminalities happening all around you can make you a target.)

  • Michael McNew

    For the Life of me I do not understand why more people are not up in arms over this domestic spying. One would not be willing to let someone come into their home and record their every action, but for some reason many appear okay with every intimate detail of their lives in regards to conversations, web visits and the like being recorded. The only thing I can say is that all of this is pornographic, just as the video here dealing with NSA spying points to: http://www.youtube.com/watch?v=rAyRi4tqsUo&feature=youtube_gdata

  • Eric Kronthal

    It is true that there is no simple solution to all of this, but there
    are tools (such as anonymizing services, encryption and file
    cryptography) you can use to avoid some scrutiny. It is also quite
    interesting to look at this issue form the perspective of people residing
    outside of the US. A large percentage of the world’s voice, email and
    chat flows through the US, as the path for these communications is not
    always direct. Australia’s TechLife recently published a article about
    this http://www.koolspan.com/blog/techlife/

  • I think the things you covered through the post are quiet impressive,