Why Don’t VPN Providers Get Caught Out By User’s Activities?

While there is a lot of legitimate reasons to use a VPN, they also have illegal uses – like piracy and hacking.

VPNs help to hide your identity online. They hide your IP address so that people on the other end don’t know where you’re really connection from and also encrypt your data, so that anyone listening or snooping on your connection won’t know what your doing.

The one person or company that does know your true IP address though, is your VPN provider.

The question is: if someone is doing illegal things like downloading movie torrents using a VPN, then how come the VPN providers, who are facilitating this, don’t get into trouble?

The primary reason is that VPN providers fall under the DMCA “safe harbor” rules, so provided that they have a DMCA process process properly setup and functioning, they should be fine. We won’t go into the DMCA in this article, but a quick Google search should explain everything to you.

It’s also important that VPN providers work with data centers that understand the DMCA process and won’t kill their connections whenever a notice is received. See most VPN providers rent servers and internet capacity in data centers across the world. Data centers are usually massive specially made buildings that look like warehouses. However instead of stock inside they have rows and rows of computer servers, all hooked up to a VERY fast internet connection.

Data centers are where generally all of the world’s websites are hosted, along with other internet connected services like the Facebook App on your phone, or WhatsApp.

So if the user of a VPN is doing something illegal and that person’s VPN provider has a proper DMCA process in place, provided they follow the steps it should be OK. Data centers and other parties involved in the provisioning of the VPN service (like the providers domain registrar) might also get notices saying that “X VPN Provider” is doing illegal things. This is why it’s important that those data centers and other related businesses under the DMCA and the protections it affords to the VPN provider.

As long as the VPN provider acts in accordance with the DMCA, then it should be fine.

It’s also important that VPN providers apply some basic scans to try and prevent their VPN users from using some of the more well-known illegal hacking and scanning methods that they might try to employ. This is because while DMCA protects them from a user downloading copyrighted content, it wouldn’t protect them from a user who is using their services to hack a website. So those are the kind of acts that they need to proactively monitor and stop.

While basic hacking methods can be fairly easy for a VPN provider to detect, there are of course some that aren’t. And they are also dealing with what is a fairly sophisticated computer expert, which can make their detection and blocking job harder. That’s one of the obligations of being a VPN provider though – they must be prepared to police their users somehow.

VPNs Can Speed Up Your Internet Connection

If you’ve got slow internet speeds, then a VPN might just be the fix.

Slow internet can of course be due to a number of reasons: poor equipment (like you modem), you being too far from the exchange, too many people trying to use your connection, the state of the websites/services you are trying to use, malware slowing you down, and many, many others.

Slow internet can also be due to your ISP. Your ISP could be doing something called “traffic shaping” or “packet analysis”. This is essentially when they take a look at the data you are transferring over your connection and then adjust the maximum speed or latency of your connection.

For example, if they look at your data and see they you’re doing a lot of torrenting, then they might dial down your internet speed to a crawl, because you’re not meant to be doing that! Or, in peak usage times when everyone is logging into their emails at home after work or just browsing before bed time, if your ISP has limited overall capacity they might decide to dial down the speed of all services except for emails and general web browsing.

It’s in cases like these when a VPN might just help you out. When you use a VPN your connection is encrypted, meaning that even your ISP can’t even see what you are transferring. For example, they won’t know if you are browsing Reddit, doing searches on Google, playing an online video game or torrenting a movie. All they will see is encrypted data going across your connection.

This way, your ISP can’t identify what you’re doing as it can’t do it’s usual packet analysis. And if it can’t do it’s packet analysis then it is less able to shape your traffic, or you might be skipped over. Speed problems solved!

Bear in mind though that this might not work all the time and as we mentioned at the very start of this article, there is a large number of reasons why your internet connection might be going exceptionally slow. It’s also important to note that while a VPN might speed up an unusually slow internet connection, it might slow down a normally functioning connection.

Ensure you check out our VPN reviews to work out which VPN providers might suit you best if you decide to give this a shot.

Old Emails, Social Media Posts & Files To Receive Additional Protection

The 31 year old Electronic Communications Privacy Act (ECPA) could soon be updated, an event well overdue given the extent to which the electronic communications have changed over its lifetime.

Under the ECPA, as it currently stands, there are there two possible outcomes when determining whether law enforcement agencies require a warrant to search data (such as emails or social media posts) stored on a third parties’ servers or in the cloud:

  1. If the data has been stored for less than 180 days, then a probable cause criminal warrant is required.
  2. If the data has been stored for longer than 180 days then only a subpoena is required. Subpoenas are usually issued by a Court clerk or sometimes even lawyers, and are not something that a Judge needs to approve in advance.

In the evening on Monday February 6, the US House of Representatives unanimously approved the Email Privacy Act (EPA). The Act will amend the ECPA and require that law enforcement agencies get a court ordered warrant to search data that has been stored for more than 180 days, bringing “old” and “new” data into line with one another.

Given Trump’s nominees… the stakes for privacy have never been higher. It’s crucial Congress act on ECPA reform so that Americans can feel safe in their 4th amendment rights.

Robyn Greene, policy counsel at the New America Foundation’s Open Technology Institute

One of the key motivations for the change is due to the fact that the costs of computer storage space have dropped drastically since 1986. At the same time, storage capacity has increased exponentially. This means that while in 1986 service providers were not expected to keep electronic data for extended periods of time (due to the cost) the norm nowadays is for such data to be kept indefinitely.

For example, services such as Dropbox and Gmail allow a large amount of data (a lifetime of emails, for example) to be stored online either at no cost to the user, or for a very low monthly fee. Facebook and Youtube allow users to upload essentially unlimited amounts of high definition video, all of which must be stored on servers somewhere and does not get deleted.

The amount of data and information that members of the public are now making available online, whether by their posts to internet forums like Reddit, via email, or on Facebook or Instagram, has never been greater or more personal. And with that, concerns about who has access to that information and how are paramount.

If the government wants to read your emails, then they should be required to obtain a warrant just like they would need in order to read your letters, search your hard drive or listen in on your phone calls. Technology has made incredible advances over the years, but the privacy laws for digital communications just haven’t kept pace. Right now, the rules governing how and when the government can access a person’s emails, photos, documents and other online communications are outdated and do not provide for the same Fourth Amendment protections given to on-paper or in-person communications.

Representative Darrell Issa (R-Calif.)

Critics of the change, on the other hand, say that it will become tougher for law enforcement agencies to swiftly and efficiently carry out their investigations. However given that this change simply aligns to two types of data (either older than 180 days or not) we think that’s a pretty weak argument.

Ensure you stay tuned to SafeMonk for further updates on the progress of the EPA as it now heads to the Senate.

Evernote Reverses Policy On Reading User Notes

Here’s an example of how not to handle privacy policy changes.

On December 14 Evernote announced that it would be updating its Privacy Policy with details around new machine learning tools that were to be implemented. As part of said update and in order for the machine learning to function properly, we also learned that a human review of your notes could be required along with several other reasons why employees at Evernote might need to read your notes.

According to the post, which you can read here, in order to help Evernote verify that the machine reading is functioning as expected, it would sometimes be necessary for employees to manually check the machine output versus the contents of your notes.

Employees could also read your notes for a host of other reasons and while some are perfectly valid and acceptable (like as a result of Evernote being served with a valid Court order or warrant), others are pretty loose, like if they need to “maintain and improve the service”.

Of course not every employee would have the ability to read notes though, and while you could also opt-out of the “reading for machine learning purposes” part that didn’t exclude your notes being read for the other, aforementioned reasons.

As you might have expected, there has been an outcry and Evernote has been forced to back-track and post the following:

After receiving a lot of customer feedback expressing concerns about our upcoming Privacy Policy changes over the past few days, Evernote is reaffirming its commitment to keep privacy at the center of what we do. As a result, we will not implement the previously announced Privacy Policy changes that were scheduled to go into effect January 23, 2017.

Instead, in the coming months we will be revising our existing Privacy Policy to address our customers’ concerns, reinforce that their data remains private by default, and confirm the trust they have placed in Evernote is well founded. In addition, we will make machine learning technologies available to our users, but no employees will be reading note content as part of this process unless users opt in. We will invite Evernote customers to help us build a better product by joining the program.

Great, they admitted they screwed up and said they won’t do it again, but their choice of words is amusing. Instead of Evernote “reaffirming its commitment to keep privacy at the center of what we do”, given that they broke that commitment in the first place, shouldn’t Evernote be “re-committing” instead?

The thing is, once a company has actually said that they could/would invade your privacy for the reasons given, saying that “of course we’d never do it without your express permission” doesn’t carry all that much weight. And it’s not like there isn’t a plethora of note-taking alternatives to choose from. That said, you may want to take a look at the alternatives’ privacy policies also!