select all

Dear Select All: Should I Get a VPN?

This is what data actually looks like. You just can’t see it because you don’t have a VPN. Photo: Nicholas Eveleigh/Getty Images

Dear Select All,

Apparently, my ISP can now sell my web-browsing history like its a used Crate and Barrel couch on Craigslist, which makes me a little uneasy. I’ve heard about virtual private networks (VPNs) for years, but now I’ve heard from multiple people that you can use them to block your ISP from seeing what sites you visit. This seems like the time to actually get one. Should I pay the extra cash for the extra security? Is there a gold-standard VPN I should be signing up for?

Leery in Lenox Hill

Hiya Leery,

Man, the FCC has really turned into a piece of a work, huh? If it’s not rolling back net neutrality, or making it harder for low-income Americans to get access to broadband internet, it’s standing aside as Congress rolls back protections that would have stopped our ISPs from selling our web-browsing history to advertisers.

A couple of quick caveats: One, ISPs have had the ability to do this for years; Congress just decided to not enact a rule the FCC made in December that would have stopped them. Two, the information they’re selling is a lot like the info Google or Facebook sells about you — it’s anonymized data, which means that while advertisers can get a vague idea of your demographic information (location, age, sex, income, education, etc.), it’s not like some Don Draper–wannabe can call up Spectrum and say, “Hey, give me everything you’ve got on Jane Doe in Lenox Hill. Oh, yeah, I want it all.”

The big difference, of course, is that Google can only track you when you’re on a website using Google software (which, to be fair, is a lot of them nowadays!). Your ISP can track you anywhere, whether that’s an innocuous visit to Pinterest or an incognito visit to PornHub. Quite simply, your ISP, by default, has a complete record of everything you do online.

So, what would a VPN do for me?

Think of a VPN as essentially providing an online tunnel entrance. You sign up for a VPN service (we’ll get into how to pick one in a second), perhaps download some software, log into your VPN, and from that point forward, all your ISP will see is that you have logged into a VPN.

Will this really mean my ISP can’t see anything I do?

Yes, even if your tastes happen to run to the … unusual, all your ISP will see is that you’re connected to a VPN access point. Everything beyond that is masked from your ISP.

So this means I’m totally anonymous?

Oh, my good Lord, no. You’re simply trading your anonymity. Now, your VPN can see everything you do online (unless you want to get really hard core about online security, which, again, more on that later). And even while using a VPN, you’ll still be tracked by the sites you’re visiting, just like any other schmuck browsing the web on his cable modem. You can use things like ad blockers, Ghostery, and turning on “do no track” in your browser to keep it to a minimum, but the simple fact is that it’s nearly impossible to move around the modern internet without leaving some fingerprints.

So, if it’s not perfect anonymity, should I bother getting a VPN?

Don’t get a VPN just because your ISP may be able to sell information about what you do online. The toothpaste was squeezed out of that tube a long time ago, and even if an entirely new administration sweeps into office in the next four years and new ISP privacy laws are put into place, your day-to-day online privacy has been compromised for years. The only thing that’ll change that? Online users themselves banding together to say they won’t stand for it. Google, Facebook, and ISPs aren’t going to change — so the change will have to come from us.

Do get a VPN if you care at all about internet privacy and security. It’s one of the easiest and cheapest ways to add a significant amount of security to your web browsing — particularly if you find yourself using open Wi-Fi connections at places like your local coffee shop (or the subway).

The trick is to find a VPN that you can trust. And “trust” is going to mean different things, depending on who you are. Ars Technica tried to best the “best” VPN last year, and found it so immensely hard that it eventually gave up. That said, any of the services listed by CNET can generally be trusted. NordVPN, Private Internet Access, and Buffered VPN have all gotten consistently high marks, and NordVPN and Private Internet Access have a decade-plus of service, so they’d be my choices for where to start. If you really want to get into it, you can look at this list that compares nearly every VPN currently operating across many, many different variables.

Is there a free way to protect my privacy?

If you’re not keen on paying a subscription fee for a VPN, you can get some of the same protections by using HTTPS Everywhere, a plug-in from the Electronic Frontier Foundation. HTTPS Everywhere forces many major sites to use SSL, essentially creating two-way encryption between the site you’re viewing and your own browser.

The big difference between HTTPS Everywhere and using a VPN is that, even with HTTPS Eveywhere, your ISP will still be able to tell you’re visiting — it just won’t be able to see that you’re also looking at at 3:37 a.m. But, since HTTPS Everywhere is free and a cinch to install, you should go ahead and do it now.

I watch Mr. Robot. One time, I torrented The Parallax View. I know it’s just a matter of time before they burst through the windows and take me to internet jail. What if I want to get super hard core about my security?

So first off, unless you’ve decided to set up a server farm seeding torrents of top-grossing movies and HBO shows, you’re probably safe. (That said, the official view at Select All and New York Magazine is to pay for your movies and TV shows. Media allows you to escape the hellscape of your own mind for a few minutes. We think that’s worth a few dollars.)

But if you want to be extra secure, there are routers sold with VPN preinstalled. They’re more of a pain in the ass to set up than your standard router, but they’ll also make using VPN across all your devices a lot easier. I’ve never actually bought or used one, but I’ve read and heard good things about this one. This will mean, you’ll be able to use your VPN even while playing Battlefield 1 on your PS4, without needing to jump through some pretty extensive hoops to set up your standard VPN on your PS4.

Finally, if you want to take yet another step in making sure nobody can see what you’re looking at, there’s the Tor Browser, which essentially takes your web traffic and bounces it around the globe, making it incredibly hard to crack. While Tor has been exploited in the past, for the most part, using Tor in combination with a VPN is about as secure as any civilian needs to get.

For those that truly, truly want to stay off the grid, there’s Tails, or the Amnesic Incognito Live System, a Linux-based OS that you load onto a bootable USB stick. Head off to your local library, insert the USB stick, and live out your Tinker Tailor Soldier Spy fantasies. All outgoing information is forced to be routed through Tor, and anything deemed “insecure” simply isn’t allowed in. Even then, you’re not 100 percent protected — a zero-day exploit in Tor, or a JavaScript exploit on a compromised site, could still get you. But at this point, you’re not worried about Spectrum or Comcast or Verizon peeking at what you look at — you’re worried about national-security officials trying to get a glimpse of whatever you’re up to.

Have a question for Select All? Probably! Email

Dear Select All: Should I Get a VPN?