Dad’s Privacy Question

My father (a retired attorney) received a promotion from Norton for a new VPN product. It hinged on the changes proposed for new FCC regulations and consumer fear. Was this offer worthwhile? Off hand, I can’t say. Instead of writing from ignorance, I offered this advice:

Advice for My Dad and for You

This is a complex and nuanced question, which I have been wondering about personally. It breaks down like this:

No ISP has said they are going to start selling browsing histories and most have publicly said they have no plans to sell those histories.

Could the government subponea that information with or without a change in FCC policy? One can only assume that the computing power at the NSA probably combs through most unencrypted and encrypted communication looking for patterns and key phrases related to security at this time. Law enforcement can request IP assignments for geo-location (where in the physical world was this IP assigned when it connected to this illegal activity? i.e. which cable subscriber address).

What is Norton’s privacy policy? Will they keep or turn over user logs to legal authorities or decide to sell them at a later time for commercial or research use? How secure will the second hand owners of the data keep those logs? What legal or contractual requirements does Norton have to keep their privacy policy unaltered or to notify users if a change is made?

How much of the current coverage on this topic is just hype? After all, much of this information is already logged and sold or used by Amazon and Google as content providers. So, in practice how is this different in practice from the current Internet?

Is there another party who can provide an easy to use VPN at a reasonable cost who will dump logs to assure anonymity? To that end, I already located open source VPN software that I could deploy and erase my own logs assuring my own security. I haven’t deployed it yet for testing.

Finally, what can you do today that is the least intrusive privacy solution. In reality, none of this technology is new. It’s just more work than the average user is willing to pursue. So the offer from Norton will generate revenue for Norton based on fear. Without doing a lot of homework, I can’t tell you if it’s as good as running your own VPN or if provides any real protection at all.

In spite of my large social media footprint, there’s a lot that I don’t share. That includes my online activity. I use multiple browsers, including browsers that refuse advertising networks (where most of the data gathering happens). I use anonymous/private browsing for sensitive topics. I have a plug-in for Firefox which lets me assign tabs separate identities (work, personal, scouting, etc…) which means that even when I use the same browser, it doesn’t look like the same user visiting these websites.

I can’t answer your question directly with a simple yes or no. I advise a wait and see position. Look at the fine details of the offer. If they make assurances of privacy, examine the terms and limits.

Leave a comment

Leave a Reply