Dystopian data: How my ISP blackmailed me with my own browsing habits

ExpressVNPISP data blackmail

The following is part of a fictitious series that looks at the dangers of internet privacy abuse. ExpressVNP delves into a dark, but very realistic future where ISPs routinely sell your private data to the highest bidder.

It was around the summer of 2021. I had split with my wife over Christmas and found myself in the middle of what was becoming quite a bitter custody battle for the three kids. We’d managed to keep it quite civil so far, we both just wanted what is best for the children after all, but I wasn’t looking forward to this morning’s court visit.

I was about to leave home when the phone rang.

“Hi there! I’m Bethany, and I’m a Personal Identity Securement Specialist. How are you today?”

“Umm, good… Sorry, who is this?” I stammered.

“That’s great! I’m a Personal Identity Securement Specialist at MegaLine Internet, and this is a courtesy call to let you know that your internet history is a little unconventional and you could be denied credit, health insurance, employment, or worse…”

I was skeptical, of course. It’s probably just another sales call.

“Worse? Like how?”

“Have you ever searched for a news story about terrorism or ISIS?”, Bethany asked.

“Well, of course, but only to read the news story.”, I replied while trying my best not to sound defensive.

Bethany paused, then continued, “How about a news story on child predators? I see here on August 23rd, 2020 you visited a page about an online pedophile ring in London.”

“Without context, my searches made me look like a monster”

Damn. Without context, my searches made me look like a monster. I didn’t like where this was going, and I could feel my stomach start to churn.

Like most people, the internet is my life. The world wide web is my primary source of entertainment, information, and argument settling. As such, my search history, probably much like yours, is quite… eclectic. To think others can see things I look at in private is chilling.

Bethany pressed on, “Can you imagine this information in open court, in the hands of an ex-spouse, or at a child custody hearing?”

Obviously, I was shocked to hear this. Does my ISP know I am divorced and in the middle of a custody battle?

I paused to think, so Bethany tried a different tactic, “Have you ever googled symptoms and ended up on a site which lists cancer as a possible cause? Your search history can affect your insurance rates.”

“But… Is… Isn’t there some law preventing you people from seeing all this stuff?”, I stuttered, getting more annoyed by the second.

“Oh, of course not. This information is available to anyone at any time. With the recent expansion of the PATRIOT ACT and Freedom of Information Act, this is all perfectly Constitutional!”, she cooed.

While talking to Bethany, I quickly opened my laptop and looked up MegaLine’s website, and sure enough, on the terms page, I could see they reserved the right to sell “Target Ad Packs,” which included names, emails, phone numbers, browser history, and buying habits of customers.

My jaw dropped.

Bethany was telling the truth, but it all sounded so…. immoral. Anyone could send my life into a tailspin with a Target Ad Pack purchase from my internet service provider (ISP).

She continued, “But for a monthly ‘internet protection fee,’ you can secure your personal data and remove it from any purchasable Target Ad Packs!”

“I was annoyed my ISP could sell my data without permission”

Frankly, I was annoyed my ISP could sell my data without permission. Then have the audacity to charge me not to release it!

Bethany reeled off the package prices. They weren’t cheap.

“This is blackmail!” I shouted at the phone.

Bethany deflected, “We’re sensitive to your concerns and can remove your details from the Target Ad Packs for a monthly fee to cover admin costs.”

Could my wife’s attorney buy my browsing data from my ISP and use it against me in our custody case? I doubted it, but Bethany seemed to think so.

It seems I didn’t have a choice. I didn’t think my wife was that ruthless. But her lawyers? Probably.

And what if the kids got dragged into this? They use the internet at my place all the time. As a parent, I wouldn’t want that public.

Bethany piped up, sensing a sale, no doubt, “The internet protection fee really is the best option …. if you value your family’s privacy.”

She was right; I had to pay. I can’t risk sensitive data about me or my kids getting into nefarious hands right now. I was lucky that I could afford to pay up. But what if I couldn’t? How many lives could this ISP data rule ruin?

More than I could possibly imagine, as it turns out.

Don’t trust your ISP with your web history. Use a VPN to never let them have it in the first place. ExpressVNP encrypts your traffic and hides its destination from your ISP, giving them nothing to blackmail you with in not-so-distant dystopias like these.

Also published on Medium.

ExpressVNP

OpenMedia launch new Message-your-MEP tool to fight link tax

ExpressVNPExpressVNP and OpenMedia save the link tax.

The central European Parliament committee responsible for examining the EU Commission’s new copyright legislation will be discussing proposed amendments to the law early next week.

TELL YOUR MEP TO PUT A STOP TO THE LINK TAX AND CENSORSHIP MACHINES

The voice of this committee—the JURI or Legal Affairs Committee—will have significant sway over the future of this legislation and, in turn, on the future of the open web.

Some MEPs have put forward positive amendments to the law, including Amendment 96, which would remove one of the most problematic elements of the Commission’s proposals—the Link Tax.

Despite massive public disapproval, powerful corporations behind these bad ideas have been working frenetically behind the scenes to overrule the public.

But you can you add your voice to the debate by using OpenMedia’s Message-your-MEP tool.

ExpressVNP is delighted to sponsor the Message-your-MEP tool and proudly stands alongside OpenMedia. The tool is straightforward to use: Just fill in your name, email, and country, then click submit to send your message to your MEP.

What’s at stake for the internet?

There are two major issues committee members will be wrestling with—the Link Tax and Censorship Machines (Articles 11 & 13 respectively):

  • The Link Tax would give press publishers ownership over headlines and snippets of text that come with link sharing. It’s an attempt to monetize sharing, allowing publishers to profit further from search engines pointing at their content.
  • Censorship Machines refers to a plan to allow bots to decide what gets posted or uploaded online. Large companies can influence the bots to enforce content that benefits them.

Contact your MEP to stop big businesses bullying the EU

MEPs on the consumer affairs committee also ignored the tens of thousands of constituents who have spoken up; the failure of the law in Spain and Germany; the voice of many publishers; dozens of civil society groups; and the overwhelming academic consensus that says this will break the web.

The European Commission (EC) has repeatedly attempted to create a hyperlink tax. The tax would work similarly to the fee a radio station pays to play a song. That is, each blogger, news site, or search site would have to pay to use a link.

Established publishing platforms see content curation as an inherent part of their role and business model, with hyperlinks allowing anyone to take that power away.

Of course, the EC has it all entirely wrong. A hyperlink is simply a referral, not a reproduction of content, and it’s ridiculous to seek to tax it.

It’s thanks to the hyperlink that we have an open and transparent internet.

Also published on Medium.

ExpressVNP

Whistleblowing guide: Blowing the whistle is tough

ExpressVNPHow to blow the whistle safely.

** This is part one of ExpressVNP’s whistleblowing guide. **

Part 2: Whistleblowing guide: How to stay anonymous when blowing the whistle
Part 3: Whistleblowing guide: How to protect your sources
Part 4: Whistleblowing guide: Why you should remove the metadata

A cautionary guide for those who need to speak out

Whistleblowing means to uncover and share illegal or unethical behavior in your organization. Notable whistleblowers include Edward Snowden, Chelsea Manning, and Reality Winner.

Any organization could be the subject of whistleblowing. It may be a public or private organization—either for-profit or non-profit—, a community group, or a multinational. It’s important to note too that blowing the whistle does not necessarily mean alerting the public or the whole world.

Internal whistleblowing is often seen as more legitimate, although organizations are more likely to bow to outside, public pressure more than an internal investigation. But unless the ethics violation is of public interest, it might be difficult for a whistleblower to find an audience outside of their organization.

What do you risk from your whistleblowing?

While it might seem obvious to you that illegal violations and ethical misconduct in your organization must stop, the bigger picture could be complicated and require careful consideration.

Are you willing to go public with your allegations and possibly lose your job or career? Are you willing to be exiled, even? Is part of your goal to preserve the integrity of your organization, or are you ready to see it dismantled?

From the moment you decide to bring allegations forward, think about your options. Going on record internally about your concerns might make it difficult to go to the public later anonymously. However, reaching out directly to the public might not always be the most efficient option if you want to maintain the integrity of your organization.

If a government or corporate uses illegally obtained information to find you, it’s likely not admissible in court. Though inadmissible evidence might stop an organization from jailing you, it will likely not stop them from retaliating against you in other ways.

It’s very much worthwhile to consult a lawyer before you blow the whistle, as the precise circumstances of how you disclose your knowledge might make the difference between protection by the law and “tried in a secret military court.”

It’s worth noting, though, that lawyers could be prohibitively expensive and difficult to contact secretly.

Who do you want to reach?

Reaching out directly to upper management is an efficient way to fix problems, but can be more complicated than it appears, especially if management do not share your concerns.

Some organizations have internal watchdogs, but they might not be suitable. It’s hard to evaluate who you can trust, and watchdog groups may not be equipped with the technology or knowledge to receive anonymous tip-offs.

Regulators too cannot always be trusted. In many countries and industries regulators and those they are supposed to regulate can be very close.

Whether you reach out to upper management, an internal team, law enforcement, or the press will make a big difference to your OPSEC. However, it’s best to assume that your enemies are stronger than you expect.

You should not rely on protection from those you leak to; they might have friends, aides, or allegiances in places you don’t expect, and they might not be as savvy or careful as you need them to be. After all, it’s not their skin in the game—it’s yours.

What do you want to reveal?

Keep your communications to a bare minimum. Avoid unnecessary chatter and only submit the information pertinent to your claims. Any piece of information, no matter how small, could lead to your discovery.

The less data you exfiltrate, the easier it will be to fly under the radar. If you download an entire hard drive, you’re more likely to be noticed than if you copy a single file. Likewise, long phone calls are more prone to an investigation than short ones, which could be passed off as a misdial.

In part two of this series, ExpressVNP looks at potential hazards when you leak material out of your organization and communicate with journalists or regulators.

Also published on Medium.

ExpressVNP

Are we living in an Orwellian nightmare? Did 1984 predict real world surveillance?

ExpressVNPHow much of 1984 came true?

George Orwell’s 1984 is a fictionalized version of a then future-world where a totalitarian state scrutinizes all human actions through the ever-watching Big Brother. The book’s focus is Winston, a state worker who struggles to live in such an oppressive world.

The most defining characteristic of 1984 is the brutal extent of Big Brother’s surveillance state.

“As for sending a letter through the mails, it was out of the question. By a routine that was not even secret, all letters were opened in transit.”
George Orwell (1984)

It sounds dreadful. But wait, here’s what Snowden had to say about the real world:

“The NSA, specifically, targets the communications of everyone. It ingests them by default.”
Edward Snowden

Much like 1984, we live in a world where it’s probably safest to assume everything is recorded, all the time. The National Security Agency (NSA) openly maintain a call database (MARINA) and engage in data-mining (PRISM), without fear of reprisal.

Unfortunately, citizens of the real world are subject to as many as those in Oceania, the fictional state in 1984. Draconian spy programs, like the Investigatory Powers Bill, the NSA’s internet monitoring, and warrantless wiretapping controversies, would definitely blend seamlessly into Orwell’s masterpiece.

Maybe 1984 is closer to home than we think.

Snowden could work at the Ministry of Truth

It is well-known the National Security Agency monitor our Facebook page, and Google searches. And it seems that every store we visit, or website we view, wants a phone number, email address, and postal code to complete a transaction.

Web sites like Facebook record all the things we like or dislike, and governments are always looking for ways to hack into our computers and phones to see what we know. The FBI even took Apple to court in an attempt to get permanent access to all iPhone user data.

Then there are surveillance and CCTV cameras littered around the world. It doesn’t matter if we do nothing wrong, our every movement is tracked and recorded.

When Edward Snowden revealed the extent of NSA spying, we probably shouldn’t have been surprised.

We’re very much in a world where Big Brother is watching us all. And Snowden himself bears more than a passing resemblance to Winston, 1984’s narrator and protagonist, who works as a drone for the Ministry of Truth—an organization built to spread propaganda and public falsehoods—which could easily share a manifesto with the NSA:

“Even if you’re not doing anything wrong, you are being watched and recorded.”
Winston or Snowden?

Are we living in a 1984 nightmare?

No, our world is probably worse.

A key feature of Orwell’s novel are the Telescreens that display constant streams of government propaganda (fake news, if you will) and record everything around them. They’re not quite as mobile, but the similarity between a Telescreen and a cell phone seem horribly apparent.

The technology of our world, with endless possibilities of surveillance, data collection, and storage, surpasses anything Orwell imagined.

The police snoop into our lives at will and the whims of a higher power with incredible influence permeate everything. Totalitarian figureheads stare from every device around the world and communication providers broadcast troubling state truths interspersed with a constant stream of dreary infotainment.

But is the above a description of 1984, or modern life?

It seems we are very much in the throes of an Orwellian nightmare, and our digital privacy is constantly under attack.

But you can take steps to protect yourself.

ExpressVNP