Privacy

by Karl Bode


Filed Under:
privacy, trust, vpn

Companies:
verizon



Verizon Launched A VPN Without Bothering To Write A Real Privacy Policy

from the whoops-a-daisy dept

As we've noted for a while, a VPN isn't some kind of magic bullet. While it might help you hide some of your online activity from snoopy governments, nosy ISPs, or a packet sniffing dudebro at the coffee shop, it's not some mystical panacea. Unfortunately, in the wake of seemingly endless privacy scandals and a federal apathy to any meaningful privacy rules of the road, many people have been flocking to VPNs without understanding that many VPNs are scams, poorly configured (making you less secure, not more), and that promises made about data retention are often hollow.

Ironically, many of the companies most responsible for our privacy problems have now jumped into the VPN business to capitalize on consumer worries they themselves helped create. Like Facebook, which, in the shadow of the Cambridge Analytica scandal, thought it might be a good idea to launch a VPN that pretends to protect consumers from online harm, but actually exists solely to track your behavior online when you're not visiting Facebook.

Verizon, fresh off of its successful efforts to kill net neutrality and FCC broadband privacy protections, also recently launched a new VPN service dubbed Safe WiFi. Safe WiFi, you'll be happy to learn, "protects your privacy and blocks ad-tracking." But when I began digging into Verizon's VPN for Motherboard, I found that the company had rushed the service to market so quickly, it failed to even write an actual privacy policy for the service. Instead, the company informed me it had simply copied a placeholder privacy policy lifted from McAfee, the company that actually built its VPN. According to this privacy policy, Verizon's VPN collects, well, pretty much everything:

"Details about your computers, devices, applications, and networks, including internet protocol (IP) address, cookie identifiers, mobile carrier, Bluetooth device IDs, mobile device ID, mobile advertising identifiers, MAC address, IMEI, Advertiser IDs, and other device identifiers that are automatically assigned to your computer or device when you access the Internet, browser type and language, language preferences, battery level, on/off status, geo-location information, hardware type, operating system, Internet service provider, pages that you visit before and after using the Services, the date and time of your visit, the amount of time you spend on each page, information about the links you click and pages you view within the Services, and other actions taken through use of the Services such as preferences."

When I pressed Verizon on how it could sell a "privacy and security" product that actively makes its users less private and secure, the company acknowledged that employees had simply copied the McAfee privacy policy and didn't bother to write one of its own for the product, something the company wasn't aware of until I brought it to their attention. That means that when you use Verizon's VPN, you have zero real assurance that they won't collect your data. Verizon, for its part, was quick to inform me that once it finishes actually writing a privacy policy, it will assure users that no private data is collected:

"We're working with McAfee to post their privacy policy specific to Safe WiFi and will send you a link as soon as it posts,” Verizon said, acknowledging that it wasn't aware of the problem until Motherboard “alerted us to this discrepancy." Whenever the actual privacy policy is posted, it will “reflect that fact that neither Verizon nor McAfee collects any personal data regarding users or use of the Safe WiFi VPN,” the company promises."

In the interim, you just apparently have to trust Verizon that it's not using the VPN to snoop on you. A sizable ask since, you'll recall, Verizon was busted in 2016 modifying wireless packets to track users around the internet without providing opt out tools or even informing anybody. The same company that just got done gutting FCC broadband privacy protections and is part of an industry that's the poster child for nontransparent and anti-consumer privacy practices.

There's a certain irony in Verizon trying to cash in on privacy worries it itself caused by rushing a VPN product to market so quickly -- it couldn't be bothered to include a real privacy policy for it. There might be a lesson in there somewhere. Meanwhile, if you do need a VPN, you're probably better off picking one of numerous options that don't have a several-decade history actively trying to undermine consumer privacy and real privacy guidelines.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Ninja (profile), 9 Aug 2018 @ 6:31am

    If you are going to use a Verizon VPN then you might as well as make your whole traffic visible to anyone. It's probably safer and more private.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Aug 2018 @ 11:59am

      Re:

      I can see the techdirt article a year from now:

      "Verizon admits to a security breach of their "VPN" servers. It appears that, contrary to executive promises, Verizon was keeping records of all user activity in personally identifiable plain text files. Hackers were able to copy the entire database for all users over the course of three months without Verizon learning of the intrusion. It appears that Verizon also used internal software to search field entries and browser history to create database tables of addresses, SSN, credit cards, and passwords, making it very easy for the hackers to steal the personal information.

      "A Verizon spokesman responded: 'Verizon apologizes for this preach or privacy and promises to investigate thoroughly.'

      "In the meantime, Verizon has promised to provide three months of identity protection for free through its recently launched identity protection services. "

      reply to this | link to this | view in chronology ]

    • icon
      Sayonara Felicia-San (profile), 10 Aug 2018 @ 5:59pm

      Re:

      I can't blame Verizon for wanting to get in on the VPN scam.

      Call me crazy, but I would trust the corporate stooges at Verizon, privacy policy or not, than I would a company called "Private Internet Access" or "Hide My Ass"

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Aug 2018 @ 6:49am

    Just never buy anything "privacy" from a major ISP/Telco

    I would never get any ISP or telco with a "security" software or hardware and actually think they would do anything but immediately turn around and monetize my data.

    "Neither Verizon nor McAfee collects any personal data regarding users or use of the Safe WiFi VPN,” the company promises."

    Verizon has plans to make money by the truckloads off of this. More than their monthly fee would get them. Otherwise, they would not offer it. So expect them to sell every single piece of data they can. They may make handwaves at making the data anonymous. But that will be it. They will still use you to sell advertisements. Especially if their VPN blocks all advertisements except for the ones they sell.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 9 Aug 2018 @ 7:57am

      Re: Just never buy anything "privacy" from a major ISP/Telco

      I doubt if your connected to them, you'll have the option of "buying" anything else.

      This problem only gets fixed at OSI layer 4 or below. Even fancy overlay networks still have exposure due to data correlation.

      Some marketing guy said, "Hey people are buying VPN, why aren't we a VPN?" And so the engineers got an order "Make us a VPN!". Of course the who reason people are using these services is because of perpetual felony wiretapping of consumer traffic by carriers. The engineers know that. But buerocracies don't grow by becoming more efficient.

      And maybe they can stir up some confusion if they end up in court (where they should have been years ago), by saying: "look, they wanted X, we built x! What more do you want from us?" To which the answer is: "Stay the fuck out of my interpersonal communications".

      The set a fire, and are now selling water. How nice of them.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Aug 2018 @ 7:02am

    List of good VPNs over at Torrentfreak

    Torrentfreak keeps a yearly survey to check which of the main VPNs really keep you anonymous.

    This year's edition: https://torrentfreak.com/vpn-services-keep-anonymous-2018/

    reply to this | link to this | view in chronology ]

    • icon
      Anonymous Anonymous Coward (profile), 9 Aug 2018 @ 8:53am

      Re: List of good VPNs over at Torrentfreak

      That is how I found out PIA doesn't keep logs, and why I use them. I have it installed on my router so that all my outgoing and incoming are via the VPN. This Techdirt offer wasn't available then.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 9 Aug 2018 @ 9:50am

        Re: Re: List of good VPNs over at Torrentfreak

        That is how I found out PIA doesn't keep logs...

        How do you know? Because they said so?

        reply to this | link to this | view in chronology ]

        • icon
          Anonymous Anonymous Coward (profile), 9 Aug 2018 @ 11:54am

          Re: Re: Re: List of good VPNs over at Torrentfreak

          Well yes, but since then they have been hauled into court and had nothing to disclose. They provably (apparently) had nothing to disclose. Try these search terms: "Private Internet Access court", there are too many links to list here.

          reply to this | link to this | view in chronology ]

          • icon
            Sayonara Felicia-San (profile), 10 Aug 2018 @ 6:02pm

            Re: Re: Re: Re: List of good VPNs over at Torrentfreak

            This is blatantly untrue. I'm really sorry you are gullible.

            The company is run by, among other people, the former executive of Mt. Gox (biggest bitcoin heist/hack/theft in history)

            Not to mention that on NOW NUMEROUS DOCUMENTED occasions the company has openly cooperated with the FBI in investigating some silly bullshit.

            reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 10 Aug 2018 @ 2:56am

        Re: Re: List of good VPNs over at Torrentfreak

        PIA is based in the US and is therefore subject the the Patriot Act.

        If the company is not strait government then it is most certainly compromised by them.

        Try one of the ones in Europe where human rights is still a thing.

        reply to this | link to this | view in chronology ]

        • icon
          Anonymous Anonymous Coward (profile), 10 Aug 2018 @ 3:47pm

          Re: Re: Re: List of good VPNs over at Torrentfreak

          That not only sounds like an assumption (ass u me) but what the hell does it have to do with the Patriot Act?

          It could be that the government has compromised every tech related company in the US, but there is no proof of that, yet. Got some?

          reply to this | link to this | view in chronology ]

          • icon
            Sayonara Felicia-San (profile), 10 Aug 2018 @ 6:38pm

            Re: Re: Re: Re: List of good VPNs over at Torrentfreak

            I nominate this for the asinine comment of the week.

            Many years before Snowden leaked his earth-shattering NSA revelations, and shitty Booz-Allen PowerPoint slides, WIRED did a very thorough piece on the brand new NSA Data Center in Utah.

            Everything could be easily inferred from the WIRED article, but because of our failed education system, logical inference always lost to that one lone bubble head asking for "proof"

            reply to this | link to this | view in chronology ]

  • icon
    Berenerd (profile), 9 Aug 2018 @ 7:15am

    Lets be honest here, if Verizon actually wrote something, who would trust them enough to believe them?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Aug 2018 @ 7:50am

    Hello, Wolf.

    You say you want to guard my sheep? Yeah, I don't think so.

    reply to this | link to this | view in chronology ]

  • icon
    Gary (profile), 9 Aug 2018 @ 8:18am

    Bad Idea of the Week

    Ooooh close tie with West Virginia for cellphone voting!

    reply to this | link to this | view in chronology ]

  • identicon
    I.T. Guy, 9 Aug 2018 @ 8:30am

    Virtual Private Network.
    Verizon.

    Privacy. Verizon.

    Oxymoron of the century.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 9 Aug 2018 @ 8:42am

    Simple misunderstanding

    This isn't a Virtual Private Network. This is a Verizon Prying Network. It's right there in the initials: VPN.

    reply to this | link to this | view in chronology ]

  • icon
    TheResidentSkeptic (profile), 9 Aug 2018 @ 8:52am

    Wrong. It is the MOST secure

    after all, the traffic is routed through the NSA datacenter...

    reply to this | link to this | view in chronology ]

  • identicon
    DOlz, 9 Aug 2018 @ 1:59pm

    Instead of using Verizon’s VPN to keep my data safe I just have a ticker running around my house displaying it.

    reply to this | link to this | view in chronology ]

  • identicon
    Jessie, 9 Aug 2018 @ 7:03pm

    I mean is anyone really surprised? Ppl are much better off using a secure VPN. Off the top of my head, ExpressVPN, Nord and PIA are all solid alternatives.

    reply to this | link to this | view in chronology ]

  • identicon
    Pvt. Virtual, 10 Aug 2018 @ 5:25pm

    My VPN Policy

    Never, EVER trust your data to a VPN you didn't create, don't maintain, and can't control. And for Goat's sake, ENCRYPT YOUR DNS LOOKUPS! It's the 21st Century and DNS is still out in the open for almost everyone, and ISPs gobble it up. For $5 a month you can spin up a droplet at digital ocean running Ubuntu Server 18.x and add OpenVPN and a few little gizmos and tweak it a bit and you've got your very own hardened VPN that you control.

    reply to this | link to this | view in chronology ]

  • identicon
    Sugarface, 14 Aug 2018 @ 4:19am

    Why would anyone go for this shady ass vpn? There’s so many good providers out there who already proven that they keep no logs. Not to sound like a shill but I personally use Nord vpn and I know my data is safe, even if I wouldn’t say I’m a very trustful person. I’ve done my research and that’s the provider I went for considering quality/price. You might wanna go for Express or PIA too, but just don’t be so stupid to go for something no-one ever tested. Learn from other peoples mistakes, not from your own.

    reply to this | link to this | view in chronology ]

  • identicon
    ChillFriday, 14 Aug 2018 @ 4:33am

    I don't know, am I the only one who can't trust this s***? Especially, when there are better alternatives, that are secure, cheap and offer a high-quality service. Choose providers like NordVPN, PIA or smth else (I use Nord because it works with Netflix).

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.