Private Internet Access, because the Internet is dirty

I was going to title this post “Private Internet Access: It’s like a condom for the internet” but the resulting image was a bit too graphic even for me. I must be getting old.

A few months ago, I started using BTGuard. It’s a proxy server that can be used for BitTorrent to route your traffic through their server so as far as your ISP sees, it just looks like random traffic, and they can’t see specifically what you are actually doing. BTGuard also offers a VPN, and I thought, after signing up for just the proxy, that I might switch to that at the end of my 3 month subscription period.

Then I came across Private Internet Access which was endorsed by the Electronic Frontier Foundation and the Internet Defense League. Private Internet Access is a full VPN and it’s actually cheaper than BTGuard’s proxy-only service (if you sign up for a full year, it’s half the cost of a year’s worth of BTGuard proxy or equivalent to 6 months with BTGuard). Taking a look at their site, it really looks like they have their act together and, in a recent survey and review of VPN services by TorrentFreak, they mentioned a team of lawyers. Team of lawyers? You mean they aren’t just some schmucks in Canada with an encrypted server?

Why do I care?

Privacy is more than just hiding your torrenting habits. Current US legislation is being proposed that would essentially allow websites to hand over information about you and your location without a warrant and grants them immunity from being sued if you ever find out that they used that information illegally (source: cispaisback.org. The issue of internet security has come up time and time again. We fight it, but it keeps coming back and it all comes down to removing our ownership over our own data, whether that be what I’m downloading, what I’m watching on Netflix, or what websites I’m going to.

I’ve been on the internet a long time. And back in the day, it really was like the wild west. No one (of import) really knew anything about what was going on and we liked it that way.

That was a long time ago, and the internet has since jumped the shark. Now we have businesses fighting for as much of your personal information as possible, and cybercriminals trying to steal that information (or use what they can find publicly on Facebook and Google) so they can use it to hack into your bank account and credit cards and steal your identity. And we have politicians trying to jump on the bandwagon as well, but a lot of them are still in the “that internet thing” stage (also known as “the internet is a series of tubes” phase) and really have no idea (see previous link) about how these laws they are proposing will affect normal people (and whether it will actually hinder or, in fact, help cybercriminals — be them identity thieves or your own ISP — do nasty stuff with your information).

There’s a reason curtains were invented…

I like the old days a lot better, when no one could peek at my traffic and be able to report back to some higher authority exactly what I was doing. It’s not about doing anything illegal, it’s about closing the blinds. You don’t get undressed with the window open and you take it for granted that no one should be peeking in on what websites you visit, what you type into Google, but you’re wrong. They are. And this is why people get upset about services like Facebook, Instagram and Google storing your personal information. It’s not about that data, it’s about having that data stored somewhere — what happens when someone thinks or has a reasonable suspicion that you are doing something you aren’t? You’ve heard of racial profiling? How long until there’s internet traffic profiling? Where you are suspected of a crime just by how much data you’re passing back and forth across the internet. Not very long, especially when these laws come to pass.

A VPN is basically like the old days of the internet, when you had a modem that wasn’t connected to the internet all day long (remember those?). You’re already connected to the internet via your broadband connection, but with a VPN you connect to a second server — your VPN server. The VPN (at least the VPNs provided by Private Internet Access) then encrypts your information and connection before sending you back off to the internet. And, as a side-effect, you look like you’re connecting from Arizona, or London, or Russia instead of from wherever in the world you are (based on which VPN you connect to). The upshot of this is, like connecting through a proxy server, your traffic — to your ISP — just looks like traffic to that server, they can’t see what you’re actually downloading because you are no longer running your internet connection through your ISPs servers, you’re running it through your VPN server. Which means your ISP can’t hand over data to whomever about what movie you were watching last night.

I’m not the biggest privacy buff out there. In fact, in most cases, I don’t care about what Google or Facebook do with my information because these days they are necessary evils I have to deal with to be able to communicate with friends and family I don’t see otherwise. That is a choice I’m making. Having my ISP packet-sniff my data and keep records of that is not. I don’t have a choice (not much of one, anyway) of ISPs, and I can’t say that any of the available options would be any better than any of the others in terms of not kowtowing to some organization’s whim to take a look at all my information because they think something fishy is happening within this particular range of IP addresses.

It’s sad and unfortunate that privacy services like these are necessary to just do normal things on the internet and not be afraid of someone looking up your skirt. And it’s possible someday that these things will be outlawed and you will have no choice but to hand over all your data to the government. But that’s why I’m backing the guys that have “a team of lawyers”.

Going Google-less

So, I’m still bothered by the Google thing.  I’m bothered by how reliant I am on Google’s products the same way I was bothered by how reliant I was on Microsoft’s products.  It happened so subtly that there was never a conscious decision to use Google products and services exclusively.  It wasn’t something where there was a “well, I can’t get this anywhere else” conversation or a “well it works better with this or that feature” conversation with myself.  Google just quietly (or not-so-quietly) put out their products, and we downloaded them and incorporated them into our lives.

The sheer amount of data that Google has of ours is staggering.  And that’s just the data we know about.  Seeing as how they “accidentally” picked up some private data from wifi networks on their Maps expeditions, it’s not out of the realm of possibility that they’ve got more on us than we know about.  And then there’s the stuff they have that we do know about, but don’t think about.  In The Big Switch, Nicholas Carr points out just how easy it is to identify people — and glean information about them that they would otherwise keep private — just from the types of searches we do, the city we live in, and our date of birth.  Besides being able to positively identify anyone with that information, think for a second about how much information a stranger would have about you if they knew every search query you ever typed into Google, whether it was for personal, academic, or business reasons.

So I’m going Google-less for a week, starting next Monday.  I want to see how easy or hard it is to weed Google out of my life as much as possible.  We got pissed off when Facebook started passing around our personal information but Google has now threatened to take on the FCC, a government agency, telling them “you have no jurisdiction over how we do things here” at the cost of small businesses and individuals worldwide.

Now, some things will be more difficult than others, for example, we use Google Checkout in our business (which came from boycotting PayPal), so there’s that.  And internally, we use the Google Talk protocol to send messages across the room (although I don’t actually use the client because I use Digsby, and other than that it’s just another Jabber server).  YouTube is so ubiquitous it would be somewhat difficult to avoid it entirely (though I’ll try) and this blog uses FeedBurner to handle the RSS feeds.  But in every other way I can think of I will try to avoid using Google at all costs and we’ll see where it takes me in a week.

I encourage anyone who reads this blog to do the same and to pass this message on.  It’s good to put things into perspective once in a while and find out just how dependent you are on certain services.  If Google went bankrupt tomorrow, what would you do?  And, possibly more importantly, what would happen with all your data?  What would happen if you went Google-less for a week?

facebook privacy: why the new policy kind of sucks

image source: Gizmodo

don’t get me wrong: facebook is — despite everything…or, at least, despite most things — an incredibly useful app and is — right this very second — changing the web.  where, once upon a time, we found links that were designed to be useful to us based on a highly complex algorithm, facebook wants to show us links (and other stuff) based on our interpersonal relationships (specifically, stuff our friends like).  and that’s a good thing; in many ways, it humanizes our experience of the web that would otherwise isolate us from human interaction.  no, clicking on a link some friend of a friend posted to facebook doesn’t replace a conversation, but it’s a lot more natural than clicking a link a computer generated based on popular references to that particular combination of words and (possibly) previous searches  you’ve done.

but i noticed something the last couple of days: random friend requests.

i claim to be a fairly socially networked person.  i mean, i’ve got a profile on a million different networks (those on my about page are only the more popular ones that i don’t just use to syndicate or point to other profiles elsewhere), and — as co-founder of a design studio i am trying to advertise for and author of a blog i’m trying to generate traffic to — i’m not terribly concerned about who’s looking for me or what they find when they find me (assuming what they see is what i want them to see).  i’m also aware of the concept that anything you put on the web, anywhere, can and will be used everywhere it can be found on the web.  which is to say i realize that the information you put out there, no matter where it is and how “private” it claims to be, is out there for anyone to see, and someone will see it and find it and use it for something.  it’s a little like your miranda rights, actually: anything you post can and will be used against you on the internet.  this is (and has always been) especially true for facebook.  my point is that i’m not altogether put off by random people wanting to friend me on facebook.  i mean, i put my facebook profile on my blog, i have to expect that some people are going to click it and maybe a few people will want to add me to their network.

i admit, i don’t go to the actual facebook site very often.  i use nutshell mail to send recent updates from various social networks, so i get daily activity summaries and notification of people posting on my wall or whatever.  i don’t hang out on facebook playing mafia wars or trolling other peoples’ profiles.  i’ve got some stuff pumped into facebook automatically and i pretty much leave it unless i’m really bored and have some time to kill.  so i didn’t notice when, suddenly, in my suggested friends box, there was a shift from just friends of friends or people i may actually have known (due to a shared acquaintance) to just random people i’ve never met or seen or share any mutual friends with whatsoever.  after checking out a few of them, it occurred to me that this was where the couple random friend invites i had been getting were coming from; they had found me in the same “recommended users” screen.  even if i wasn’t able to see their actual list of interests, it was fairly obvious that these new suggested friends probably shared some interest that facebook had made public when it converted my list of stuff i do and like into like likes — links to public pages on those topics.

ah, there’s the rub.  the current usage of your “like” information now connects you to other individuals on facebook who also like the same thing, regardless of whether you share any sort of pre-existing social connection with that person.

sure, it’s still consensual — i have to respond to the friend request, so there’s still an extra layer of privacy than someone following me on twitter.  and most things on facebook you can opt out of (if you dig hard enough in your privacy settings).  on the other hand, unlike twitter, i have to allow the friend request for them to passively read my posts, which then is equivalent to following them on twitter — and i tend to try to keep the people i’m following to a small(ish) number to protect me from information overload.  i can be a dick and ignore or deny the request, or i can accept it (and then be a dick — albeit a fairly anonymous one — by hiding their posts from my news feed). the thing is, the whole theory of facebook is (or was, anyway) that it works better when you are creating links between products and websites and activities that are based out of some sort of social circle — because even if you don’t hang out with those second and third degree friends from high school anymore, it’s still fairly probable that — since you ran in the same circles at some point in time — you share some common interests, and maybe they have some unique interests that are separate from your current social circle that would be interesting and new to you.  allowing random people into that equation just doesn’t work.  it’s like mixing oil and water.

the new “suggested friends” based on common interests makes it much less socially awkward (and therefore it will be much more common) to “friend” people you don’t know on facebook because now facebook is recommending you do just that.  whereas before, you typically had a sort of uncomfortable conversation with the person, now said conversation is completely unnecessary; you can just friend someone and be artificially plugged into their network (or not). this policy will make much larger networks between users possible, but i don’t know if that will be entirely beneficial.  the cool thing about facebook was that the traditional usage was that it was people you actually knew in real life, making it like any other IRL social network, bringing families and long lost high school buds together in the glorious way that only the internet can (by pumping up a false sense of intimacy and removing the wall of inhibitions by substituting in-face conversation with the conversely less intimate text conversation).

networking people based on a common interest as opposed to a real-life connection is great for the people who are paying facebook money (i.e. advertisers and investors).  but allowing random people who may (or may not) share your interests takes away from the intimacy of what facebook used to be. there’s no real unique value to the actual users to have a sprawling network of “social” connections on par with @aplusk‘s follower list…