Feeling insecure about security
Internet security is on our minds more than ever, and one common piece of advice is ‘use a VPN.’ Virtual private networks encrypt your data so the ISP you’re connecting through can’t see it. This is useful if you’re connecting to an access point you can’t 100% trust, such as in a coffee shop. But is a VPN really much of a better option than just trusting the coffee shop?
A piece on Slate last week highlighted the problems with VPNs
. They get all your data, tied to your account details and thus have a very good idea what you do online (they don’t get sensitive stuff sent through secure connections like HTTPS, for example, but just having the metadata about the sites you access can be valuable enough). And often you don’t know who really owns a VPN service, or what they really do with your data.
My to-do list has for a long time had an entry called 'Roll my own VPN.’ This is easier than it used to be and means you’re in control of your own data in a way that you’re not with a normal VPN. This TechCrunch article
explains the process of setting up a remote VPN (you can also host one at home using a dirt-cheap Raspberry Pi computer, but this might not be a good option for everyone).
Rolling your own VPN isn’t 'click a button and you’re done’ simple though, so it’s not for everyone. And even if you get it up and running, you have to rely on third parties to an extent when it comes to ensuring your data doesn’t somehow get hacked at some point.
Personally I use TunnelBear
as my VPN, as it’s simple to use (featuring a fun cartoon bear), is owned by McAfee – a company trusted by many and at least a well-known name – and it makes a big deal of the audit
it undertakes each year. That’s still not a guarantee of 100% privacy, but at least it’s a start.
There are no certainties in internet security, but there’s definitely more room for transparency when it comes to VPN providers. Who is going to come along and establish itself as a trusted VPN for the masses? Maybe Apple, with its reputation for security and desire for more services revenue, could launch a VPN service tightly integrated with its own hardware?
For now, I’ll keep trusting the cartoon bear while meaning to sorted out my own personal solution some time soon – and thinking that really this should all be a lot simpler.