In a time when privacy scares and security breaches are rampant, it’s not hard to desire a secure connection to the internet that can be detached from your real-life identity. The problem is when most people have that desire, but don’t think every thing through. Here’s a few things that many VPN services haven’t thought to mention to their users.
When browsing the internet without a VPN, people will use the same IP to access their Facebook profile, their online banking, and even that seedy website that promised you a $75 Costco gift card. Already, this is an issue. When you use the same IP, it’s like screaming out where you’ve been today and every other day. This might seem innocuous, but because the people who are paying attention to your screaming don’t have to be physically close to you, you can’t decide who you scream this information to.
My bank is Bank of America! My real name is Joseph Harmik! I shop at Costco and want free money!
Imprudent Internet Surfer
Without a VPN, you have a single IP address for all your browsing needs. With a VPN, you have a choice. It’s not foolproof, but using different IPs (or locations, depending on your VPN provider) will allow you to more anonymously browse the internet, but it’s not enough. Not only does your IP have to change based on your browsing activity, but your stored data available to a given website should as well.
When you browse to Facebook, there’s a cookie that is stored in your browser. If that cookie is accessed from any other website (say through a Like button on a piece of third-party content) then Facebook knows where you’ve been. Imagine the same when you visit seedywebpage.com and that site tries to access the Facebook cookie previously stored. Now that website knows who you are in accordance to your Facebook profile. It’s a little more complicated than that and there are checks put in place to prevent such a thing from happening today, but it’s not impossible for that to happen.
To prevent such a thing from happening, you’d have to also make sure your tabs are either contained or that you’re using a separate incognito or private browsing session. What these will do is either ensure that cookies are not available to other browsing contexts (containers) or that no cookies are kept at all after the browsing session. Combine both methods of cookie containment for even better privacy insurance.
Your Facebook profile isn’t the only thing you have to worry about, and this is specifically true for those who like to post stuff on social media left right and center (throwback Thursday is especially worrisome).
When you signed up for your VPN service (if you have one), did you provide your real name? No? That’s good, but that’s not good enough.
Did you use your home IP? That’s tied to your name through your ISP. Say you signed up using a public WiFi. Well that’s even worse: traffic sniffers on the network, rogue WiFi hotspots with the same SSID performing MITM attacks, and the like, now have even more data than if you would have done it at home.
Let’s say somehow you managed to set up a private internet connection without using your real identity (in North America that’s highly unlikely). Let’s say you even somehow managed to score a home without using your real identity. If you’re not paying attention to that browsing habits section up there, you’re shit out of luck. Your identity will still be compromised.
The truth of it all is that it’s almost impossible today to be completely private, it’s near impossible to be completely secure. No one person can manage every aspect of their identity and privacy without it becoming a 24-hour a day job. Yes, you can be pedantic and say “it can be done” and provide some insane setup that involves crazy levels of paranoid but in reality, that type of insurance is too much to ask of a single person today. It would drive you up a wall and back down again after just a week of it.
Unfortunately, privacy and security are a tradeoff for convenience and vice-versa. In order to live a life of comfort, you have to give up something. The difference between privacy/security and convenience is a spectrum and a balancing act. You have to decide what’s more important to you and most people choose convenience and will continue to do so. We’re a species focused on efficiency with decreasing ability to plan for the long term and with that, lots of sacrificed in the name of comfort are made and will continue to be made. The only thing left is to do your best to cope with the travesties that befall around you.
My blog is self-hosted on a VPS (not a VPN 😉 ) running Ubuntu nested in Digital Ocean’s VPS service. If you want to get a VPS from Digital Ocean, I’d like to ask you to graciously use this referral link: https://m.do.co/c/fa082b6466bf. You’ll get $10 in free credit (2 months worth of the lowest tier VPS) and once you’ve spent $25 of your own money, I’ll receive $25 myself, meaning that you’ll be indirectly supporting my blog.