Online trust, or How to figure out your biggest threats online


Greetings from Seattle, Washington! Actually, hello from Charlotte, North Carolina! On second thought, salutations from somewhere in Azerbaijan!

It’s fun to be anywhere at the click of a button. By this I mean, anywhere as far as my computer traffic is concerned.

Yes, I’ve finally signed up for a VPN (Virtual Private Networking) service, which means that I can now connect to the internet with total privacy. Or at least, as much privacy as can be reasonably guaranteed by a service that I have decided to trust.

Let’s talk about trust

Trust is an interesting word in the digital domain. Everyone makes implicit trust assumptions every day when using the internet. We trust Google to not shut down our Gmail account. We trust that when we go to our favorite news site that it will take us to the actual site and not a fraud set up by some one else.

Sometimes our trust is a little bit unfounded. Presumably you trust Facebook to safeguard all that personal data that they are harvesting from you (it is their business model, after all). But given the uproar over the whole Cambridge Analytica scandal, this trust probably needs to be reevaluated.

(As I understand it, you’re okay with Facebook knowing everything about you and storing it to make money, but you’re horrified when some other company gains access to that data? What am I missing?)

Point being, trust is something worth thinking about. With all of your online transactions, you would be wise to ask yourself “do I trust this service?” Or, in the case of two choices, “which service do I trust more?

And that is how I came to pay for my VPN using a typical, non-anonymous payment method.

No one needs to know

I start from a simple premise, that no one needs to know anything about us or anything we do unless there is a valid pretext for it. These pretexts can be legal (I don’t mind the government  or certain related private companies knowing basic info about me) or situational (if I go somewhere in public, I don’t mind it being known that I was there; I don’t live in a bubble).

But my point is that the default should be “informational opt-in”. I control my information, not you.

Unfortunately, that is not how the Internet works. Hell, it’s not how our society works.

From security cameras in public places to bank records to your cell phone signal, so much of your life is tracked and recorded already. Look at this map of what it takes to just walk from Portland State University to Union Station, the main train station in town, without being tracked by a security camera:

How to evade the downtown security cameras. From the book Portlandness. Source: YouTube

There are some battles worth fighting and some that are not, and everyone needs to decide that for oneself. The surveillance camera thing is not a battle that I fight.

My online activity, on the other hand, is very much is a battle worth fighting.

But the crucial question: from what am I protecting myself?

What is the greater danger?

Jokes aside, I’m at a coffee shop in town right now. But recently, I was working from a few different airports. Also, I have an office with shared internet.

In short, there are lots of times when I just click “Connect” and log on, without any thought to how I’m connecting.

There have been numerous reports of how a bad actor can infiltrate and record web traffic, including passwords and other personal information, just from being on the same network as you. It is very difficult to stay safe when browsing publicly. (Anyone remember Firesheep?)

I want to protect against that.

Beyond the wireless networks, the company that runs the network that I’m on (the ISP) logs everything that happens on their networks, and ties it to a computer’s address. So the company that provides your internet can potentially harvest your personal and sensitive information.

I want to protect against that.

But if I were to contract with a company whose entire aim was to protect against the threats above, by encrypting all internet traffic from me to the world, storing no logs, and they required that I tied my payment to my identity?

That seems like no big deal, considering the alternative.

And so I decided to abandon my fascinating but ultimately fruitless attempt to purchase VPN service without any ties to my identity. To me, it’s a much bigger risk that someone will try to hack my computer in a public place than that the government will snoop through NSA-level encryption, a log-free service in a country that doesn’t hand over information to the U.S., and then connect the dots between that internet traffic and a payment service…all to find me.

I mean, I’m just trying to protect myself, not perform espionage!


The takeaway here isn’t that you need to sign up for VPN service (though I would recommend it), nor is it that you need to find a map of all the surveillance cameras in your city so you can avoid them (though that’s kind of cool).

No, the takeaway here is that there are decisions you make every day of a technical nature that affect your safety and well-being. Every day. Someone who steals your Gmail password and/or bank account information will ruin your personal and financial life for potentially quite a while. By browsing unprotected in a public space, I’ve decided that I would be leaning toward encouraging this.

And that is not okay.

Ultimately though, I just want your choices to be the product of actual thought. I don’t care what you do as long as you do.

But enough about me. Do you ever think about privacy in your technology? What are you doing about it?

Comments are closed.