Verizon Launched A VPN Without Bothering To Write A Real Privacy Policy

from the whoops-a-daisy dept

As we’ve noted for a while, a VPN isn’t some kind of magic bullet. While it might help you hide some of your online activity from snoopy governments, nosy ISPs, or a packet sniffing dudebro at the coffee shop, it’s not some mystical panacea. Unfortunately, in the wake of seemingly endless privacy scandals and a federal apathy to any meaningful privacy rules of the road, many people have been flocking to VPNs without understanding that many VPNs are scams, poorly configured (making you less secure, not more), and that promises made about data retention are often hollow.

Ironically, many of the companies most responsible for our privacy problems have now jumped into the VPN business to capitalize on consumer worries they themselves helped create. Like Facebook, which, in the shadow of the Cambridge Analytica scandal, thought it might be a good idea to launch a VPN that pretends to protect consumers from online harm, but actually exists solely to track your behavior online when you’re not visiting Facebook.

Verizon, fresh off of its successful efforts to kill net neutrality and FCC broadband privacy protections, also recently launched a new VPN service dubbed Safe WiFi. Safe WiFi, you’ll be happy to learn, “protects your privacy and blocks ad-tracking.” But when I began digging into Verizon’s VPN for Motherboard, I found that the company had rushed the service to market so quickly, it failed to even write an actual privacy policy for the service. Instead, the company informed me it had simply copied a placeholder privacy policy lifted from McAfee, the company that actually built its VPN. According to this privacy policy, Verizon’s VPN collects, well, pretty much everything:

“Details about your computers, devices, applications, and networks, including internet protocol (IP) address, cookie identifiers, mobile carrier, Bluetooth device IDs, mobile device ID, mobile advertising identifiers, MAC address, IMEI, Advertiser IDs, and other device identifiers that are automatically assigned to your computer or device when you access the Internet, browser type and language, language preferences, battery level, on/off status, geo-location information, hardware type, operating system, Internet service provider, pages that you visit before and after using the Services, the date and time of your visit, the amount of time you spend on each page, information about the links you click and pages you view within the Services, and other actions taken through use of the Services such as preferences.”

When I pressed Verizon on how it could sell a “privacy and security” product that actively makes its users less private and secure, the company acknowledged that employees had simply copied the McAfee privacy policy and didn’t bother to write one of its own for the product, something the company wasn’t aware of until I brought it to their attention. That means that when you use Verizon’s VPN, you have zero real assurance that they won’t collect your data. Verizon, for its part, was quick to inform me that once it finishes actually writing a privacy policy, it will assure users that no private data is collected:

“We’re working with McAfee to post their privacy policy specific to Safe WiFi and will send you a link as soon as it posts,? Verizon said, acknowledging that it wasn’t aware of the problem until Motherboard ?alerted us to this discrepancy.” Whenever the actual privacy policy is posted, it will ?reflect that fact that neither Verizon nor McAfee collects any personal data regarding users or use of the Safe WiFi VPN,? the company promises.”

In the interim, you just apparently have to trust Verizon that it’s not using the VPN to snoop on you. A sizable ask since, you’ll recall, Verizon was busted in 2016 modifying wireless packets to track users around the internet without providing opt out tools or even informing anybody. The same company that just got done gutting FCC broadband privacy protections and is part of an industry that’s the poster child for nontransparent and anti-consumer privacy practices.

There’s a certain irony in Verizon trying to cash in on privacy worries it itself caused by rushing a VPN product to market so quickly — it couldn’t be bothered to include a real privacy policy for it. There might be a lesson in there somewhere. Meanwhile, if you do need a VPN, you’re probably better off picking one of numerous options that don’t have a several-decade history actively trying to undermine consumer privacy and real privacy guidelines.

Filed Under: , ,
Companies: verizon

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Verizon Launched A VPN Without Bothering To Write A Real Privacy Policy”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Re: Re:

I can see the techdirt article a year from now:

"Verizon admits to a security breach of their "VPN" servers. It appears that, contrary to executive promises, Verizon was keeping records of all user activity in personally identifiable plain text files. Hackers were able to copy the entire database for all users over the course of three months without Verizon learning of the intrusion. It appears that Verizon also used internal software to search field entries and browser history to create database tables of addresses, SSN, credit cards, and passwords, making it very easy for the hackers to steal the personal information.

"A Verizon spokesman responded: ‘Verizon apologizes for this preach or privacy and promises to investigate thoroughly.’

"In the meantime, Verizon has promised to provide three months of identity protection for free through its recently launched identity protection services. "

Anonymous Coward says:

Just never buy anything "privacy" from a major ISP/Telco

I would never get any ISP or telco with a "security" software or hardware and actually think they would do anything but immediately turn around and monetize my data.

"Neither Verizon nor McAfee collects any personal data regarding users or use of the Safe WiFi VPN,” the company promises."

Verizon has plans to make money by the truckloads off of this. More than their monthly fee would get them. Otherwise, they would not offer it. So expect them to sell every single piece of data they can. They may make handwaves at making the data anonymous. But that will be it. They will still use you to sell advertisements. Especially if their VPN blocks all advertisements except for the ones they sell.

Anonymous Coward says:

Re: Just never buy anything "privacy" from a major ISP/Telco

I doubt if your connected to them, you’ll have the option of “buying” anything else.

This problem only gets fixed at OSI layer 4 or below. Even fancy overlay networks still have exposure due to data correlation.

Some marketing guy said, “Hey people are buying VPN, why aren’t we a VPN?” And so the engineers got an order “Make us a VPN!”. Of course the who reason people are using these services is because of perpetual felony wiretapping of consumer traffic by carriers. The engineers know that. But buerocracies don’t grow by becoming more efficient.

And maybe they can stir up some confusion if they end up in court (where they should have been years ago), by saying: “look, they wanted X, we built x! What more do you want from us?” To which the answer is: “Stay the fuck out of my interpersonal communications”.

The set a fire, and are now selling water. How nice of them.

Sayonara Felicia-San (profile) says:

Re: Re: Re:2 List of good VPNs over at Torrentfreak

This is blatantly untrue. I’m really sorry you are gullible.

The company is run by, among other people, the former executive of Mt. Gox (biggest bitcoin heist/hack/theft in history)

Not to mention that on NOW NUMEROUS DOCUMENTED occasions the company has openly cooperated with the FBI in investigating some silly bullshit.

Sayonara Felicia-San (profile) says:

Re: Re: Re:2 List of good VPNs over at Torrentfreak

I nominate this for the asinine comment of the week.

Many years before Snowden leaked his earth-shattering NSA revelations, and shitty Booz-Allen PowerPoint slides, WIRED did a very thorough piece on the brand new NSA Data Center in Utah.

Everything could be easily inferred from the WIRED article, but because of our failed education system, logical inference always lost to that one lone bubble head asking for “proof”

Pvt. Virtual says:

My VPN Policy

Never, EVER trust your data to a VPN you didn’t create, don’t maintain, and can’t control. And for Goat’s sake, ENCRYPT YOUR DNS LOOKUPS! It’s the 21st Century and DNS is still out in the open for almost everyone, and ISPs gobble it up. For $5 a month you can spin up a droplet at digital ocean running Ubuntu Server 18.x and add OpenVPN and a few little gizmos and tweak it a bit and you’ve got your very own hardened VPN that you control.

Alice Metcalf says:

Re: My VPN Policy

Yes, I do agree with your suggestion. One can not rely on these free VPN’s that are very common in the market. But, instead one should go for a dedicated DigitalOcean server. However, managing the VPS can be a very tricky and time taking job to avoid this hassle you can directly go for the managed DigitalOcean
and enjoy the ultimate hosting server experience

Sugarface says:

Why would anyone go for this shady ass vpn? There’s so many good providers out there who already proven that they keep no logs. Not to sound like a shill but I personally use Nord vpn and I know my data is safe, even if I wouldn’t say I’m a very trustful person. I’ve done my research and that’s the provider I went for considering quality/price. You might wanna go for Express or PIA too, but just don’t be so stupid to go for something no-one ever tested. Learn from other peoples mistakes, not from your own.

Vicci4 says:

Techcrunch just went too far… they found one non namable researcher who was full of "could have been" ideas to cast doubt on everything… and actually nobody cares enough to read about what happened. Don’t forget that Techcrunch is owned by the company who has a Vpn service, so they just want to take their competitor down. Read the full Nordvpn blog post – they gave the proper response and put protections in place to make sure it won’t happen again.

Valentine Mitchell (profile) says:

Newly launched VPN is very helpful for people as I have personally experienced it after installing it in my laptop. It is very easy to use and doesn’t require private information’s access so I really like it. Developers have done a splendid job to create this VPN to help people. I prefer to visit website for protecting my privacy over internet.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...