Verizon Didn't Bother To Write a Privacy Policy For Its 'Privacy Protecting' VPN

Jason Koebler writes: Verizon is rolling out a new Virtual Private Network service called Safe Wi-Fi it developed in conjunction with McAfee. According to Verizon, the $4 per month service "protects your privacy and blocks ad tracking, creating a secure Wi-Fi connection anywhere in the world." But the company didn't even write a privacy policy for the product: Verizon's terms of service directs all of its VPN users to the general McAfee privacy policy governing all of its products. That policy, in turn, states that McAfee and Verizon have the right to collect an ocean of data on the end user, including carrier data, Bluetooth device IDs, mobile device ID, mobile advertising identifiers, MAC address, IMEI data, and more. The policy explicitly says that browsing history can be used to help target ads at you.

so whatb

most VPN services omit the fact that you are not doing a goddamn thing but masking your IP

Re:so whatb

[DaMattster]

most VPN services omit the fact that you are not doing a goddamn thing but masking your IP

No, your data is encrypted in transit until it exits the VPN. Then it's fair game unless browsing to an https-enabled website.

Re:so whatb

most VPN services omit the fact that you are not doing a goddamn thing but masking your IP

While it's true that some VPN providers do offer that type of service, it's typically not the default and honestly you'd be crazy to configure it that way. The main point of a VPN is to encrypt your traffic, at least until it exits their network and onto the public Internet. If that's not happening then all you really have is an insecure proxy server.

Sneaky sneaky

[TimothyHollins]

So it protects the user from anyone other than Verizon and McAfee from collecting data?

Smart. Dick move, but smart. It's like a C-level Dracula type evil.

Re:Sneaky sneaky

[zlives]

but does not prevent them from selling your data.

Re:Sneaky sneaky

Yes, you get to pay $4 for the privilege of giving Verizon a monopoly on your personal data. Its like giving your lunch money to the bully who promises that she will be the only one who beats you up.

Re:Sneaky sneaky

but does not prevent them from selling your data.

How so? When has a privacy policy ever prevented a company from pimping customer data? And when has there ever been a business being held accountable to doing so?

Seriously, user data is a valuable commodity. Even if current management is all nice and everything, the next management team may think different.

Look at Amazon. Bezos guards Amazon's customers' data like his own gold pile; which it is - for now.

But one day, Amazon won't be so dominate. Bezos will be gone and whoever is in charge may want to do whatever he can to make money.

I've seen it time and time again - even among successful companies.

We consumers are just cannon fodder to be abused and used and we just have to suck it up.

Re:Sneaky sneaky

[DarkOx]

That's only if it works and it probably doesn't. It takes a lot more than just VPN to provide any reasonable level of privacy or defense against ad tracking these days.

So basically its sounds like a way for VZ to charge you an extra $4/mo to do something that costs them darn near nothing but provides users with a false sense of security. I'd not be surprised if in a week or two we will learn they used a null cipher for 'performance' as well .

Re:Sneaky sneaky

[omnichad]

There are some public wifi hotspots that I wouldn't use without a VPN just to encrypt my traffic from casual sniffing. Then again, my Android handset does that automatically. For Free. The question is whether Verizon blocks this functionality just to sell this crippled $4/mo. service.

Re:Sneaky sneaky

[DaMattster]

There are some public wifi hotspots that I wouldn't use without a VPN just to encrypt my traffic from casual sniffing. Then again, my Android handset does that automatically. For Free. The question is whether Verizon blocks this functionality just to sell this crippled $4/mo. service.

With a little know-how, it's trivial to do this yourself. I set up my own OpenVPN server and loaded the OpenVPN client on my phone and laptop. I don't have to pay no stinkin' 4.00 per month fee.

Re:Sneaky sneaky

Do "privacy polices" actually prevent this? Call me a skeptic but there are enough dollar signs involved to motivate the telecom industry and silicon valley to invent whatever workarounds they need to defeat their own "policy." Privacy policies should be treated with exactly the same contempt as EULAs; inscrutable legal bullshit authored by exactly the same bunch of foxes that guard the hen house.

Re:Sneaky sneaky

[Zmobie]

You raise a very important point and distinction many don't consider. Privacy policies are just that, policies. This effectively means the company doesn't intend to engage in this behavior right that second and that it is self-enforced. Nothing actually prevents them from collecting troves of information over time, changing the policy one day and then selling it off to the highest bidder. One might be able to initiate some type of civil suit, but the burden of proof to get over the preponderance of evidence is going to be a bit rough. If you can't prove that was their intent from the start, they get off without so much as a slap on the wrist.

Personally this is why I get so sideways with people insisting there doesn't need to be regulations against this type of behavior. Typically they hide behind the old chestnut, "regulations put undue hardship on the companies" but given how easily they can ruin hundreds of thousands if not millions of people's lives (hello Equifax) it seems insane to not put the weight of real legal threats on them for doing so. Financial incentive only goes so far in my opinion. They have some financial incentive to protect information to a point, but eventually investing beyond a particular level cuts into their outrageous margins too much. Then, when they do something stupid or a big buyer comes along and wants that information about their customers, it is the people they duped into handing it over that pay the price. Hell, some of these services you can't even avoid using with becoming a fucking hermit/mountain man. Again with Equifax, how exactly did I opt into them running the credit services and collecting massive volumes of information on me just because I was born into the damn world?.

Re: Sneaky sneaky

So, you are a chick?

Re:Sneaky sneaky

a privacy policy, or any corporate "policy" doesn't "prevent" the company from doing anything. it would be difficult to prove (for a customer) a violation of it, and so very hard to get a court judgement out of a case, and the company can change the fucking document whenever they want (and you can't negotiate its 'terms').

Re: Sneaky sneaky

There's no silicon in the valley anymore - shipped it all to China. Now there's just mass surveillance. That's why we call it Surveillance Valley.

Re: Sneaky sneaky

#NewspeakRealityFail

Re:Sneaky sneaky

[farble1670]

When has a privacy policy ever prevented a company from pimping customer data?

In fact, all privacy policies I've ever read exist to inform the user they are going to harvest and sell your data. There's some generic template of a privacy policy everyone uses that essentially (attempts) to give the company the rights to do whatever the hell they want.

Re: Sneaky sneaky

Haha, triggered the red pillar.

"protects your privacy and blocks ad tracking"

[thomn8r]

...from non VZW advertisers

Does it matter?

These polices are ignored by everyone. Businesses change them on a whim. And even if they are saints, one day they will sell out or new management will come in and all bets are off.

I just go under the assumption that my data will be abused and pimped out.

Hence why I never give accurate data when I can.

Stop, Just Stop

That should be the name of an act of congress to get everyone to stop doing this. We're paying for our cellphone, ISPs, etc., but the greedy bastards still want to monetize us as much as they can. Stop, just stop!

Re: Stop, Just Stop

It's free speech. Nothing short of a Constitutional amendment can change that. We're totally fucked.

Re: Stop, Just Stop

[Zmobie]

This is not protected as free speech. Not at all. If that were the case there could be no law against clandestine spying in general as long as it is not for a foreign entity. And hello corporate espionage laws! They are somewhat narrow in scope, but they still protect companies from unscrupulous information gathering methods being used against them.

Re:Stop, Just Stop

And then, when people get fed up and demand a GDPR-like law, the tech bros will scream bloody murder and accuse us all of being Communists.

Fuck 'em. They'll learn.

Fair enough

[Hognoxious]

At the very least it seems more efficient than writing one and then ignoring it.

Preemtive

The idea is to keep people from using someone another vendors VPN. Want a VPN, we got you covered.

Re:Preemtive

[Sarten-X]

...and it's just as effective, too.

Sure, that VPN provider says it's in $COUNTRY, and your exit IP address might be from that location... but what about their billing servers, company headquarters, or any other records they feel like keeping on you? If they break their own privacy policy, in whose jurisdiction can you file a lawsuit?

Using a VPN for "privacy" is just giving your data to someone else instead of your local ISP. Do you really trust that provider more, enough to hand them control of your network traffic?

There are a few reasonable uses for a VPN (besides remote network access, as the technology was made for). It's critical for activists in locations where they are directly targeted. It's a vital tool for testing access and routing issues. I'll even say that avoiding region limits is a reasonable (if not always legal) use... but it's not really an effective privacy tool in any way, and certainly not necessary for day-to-day browsing by the vast majority of average users.

Re:Preemtive

[pnutjam]

I can see an argument for day to day browsing from your home ISP, although I disagree and trust them little. Anywhere else you hop on a wireless network, it should make alot of sense to anyone.

Devil is in the marketing

[DaMattster]

A VPN only really keeps you (somewhat) safe when you're on a public hotspot. At some point your data will need to exit the VPN and on to the regular internet. Any privacy or security vanishes once your data exits the VPN and enters the regular internet with the exception of https browsing. Educated consumers would probably not fall for this 4.00 "value-added" service. Really Verizon just uses fear of identity and/or data theft to scare you into buying this product.

Re:Devil is in the marketing

This is essentially the same privacy raping as using your home's ISP. So indeed it is for public wifi, or maybe using a friend's LTE/Wifi mobile hotspot and keeping your same "identity".
One good thing might be about the problem of failbook, webmail user account "security" measures? When you log in from another network and they think you're a criminal attempting to break into your own account. Would a privacy-rapist, paid for Verizon VPN be well regarded?

This is one reason I don't have a gmail - I would try to use it from desktop only, without giving them phone number etc. (I don't know if that's even possible these days) but I don't trust it not to put me in danger of losing access to my account and thus *everything*.
I had another point about something but I forgot about it. Ah yes, I find surprising that you think there's privacy or security with https. Don't they know every site you visit anyway with date/time? Then unrelated the https web sites are full of trackers or mere requests to google servers etc. and much of the data is for sale so Verizon could still be spying data about you if they wanted.

Re:Devil is in the marketing

Right about gmail I had been using it from a client for a long time when recently my client stopped working and the logs demanded I log in from the web. Don't know how long it will last, but when I Logged in it demanded a cell phone number and somehow I managed to re enable the client. Whether it stored the landline number I gave it is something I don't know.

Smart phones & privacy?

[DogDude]

If you're using a smart phone, chances are, you already don't care about privacy.

Re:Smart phones & privacy?

If you're using a smart phone, chances are, you already don't care about privacy.

If you're using a credit/debit card, chances are you already don't care about privacy.

Re:Smart phones & privacy?

[fish_sauce]

There exist custom ROMs that are secure. Wish it was easier to install without the chance of bricking your phone.
EU is looking into getting a single charger for everything perhaps EU can also look into making it a right to allow users to install a custom ROM which the companies must follow if they want to sell in EU.

Re:Smart phones & privacy?

[DogDude]

Absolutely. I use cash.

Re:Smart phones & privacy?

Single charger is already there from 2009 or 2011 or so (with flexibility such that Apple dock and Lightning, and USB-C aren't illegal. They're legal because they can charge from USB and you can use an adapter to micro-USB on the device side)

Requiring the ability to install a custom ROM would be nice but it would make iPhones illegal. I don't think they would do that.

Re:Smart phones & privacy?

[fedos]

If you haven't sealed yourself in an opaque airtight bubble, chances are you already don't care about privacy.

Time for the gallows

[Impy+the+Impiuos+Imp]

"You are now completely private, and no one will know what you visit except us, everyone we sell ads to, all of Google amd Amazon advertising, and anyone who wanta to pay for any of that including governments.

"In short, if this were a paid protection of your genetalia, everyone who wants to pay us may fondle you at any time."

Thought it was a joke

[EndlessNameless]

Verizon and privacy are polar opposites. Their attitude toward consumers is worse than Google or Facebook, but they're pretty terrible at actually doing anything with the data they collect.

Verizon customers, you are spared not by benevolence, but by incompetence on the part of those who would abuse you.

When you let lawyers run your business.

[hey!]

I have nothing against lawyers, but their job is to keep you out of future trouble, and the easy way of doing that is to make agreements as one-sided as possible. But you can't always do business that way. You should listen to your lawyers but be prepared to overrule them.

Who cares?

[Waccoon]

I honestly feel more comfortable when a company doesn't have a privacy policy.

Try reading any privacy policy some time. All they do is itemize corporate exemptions so you know what privacy you don't have.

If Your VPN Provider Knows Who You Are

Then you're doing it wrong.

My program does from BOTH & more

APK Hosts File Engine 2.0++ 64-bit for Linux h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r L i n u x . z i p (remove spaces between characters & download).

Yields more security/speed/reliability/anonymity vs. any SINGLE solution (99% of threats use hostnames vs. IP addresses most firewalls use) more efficiently/FASTER + NATIVELY 4 less!

(Vs. "Bolt on 'MoAr' illogic-logic" competitors slowing you, hosts speed you up 2 ways (adblocks + hardcodes u spend most time @) vs. competition loaded w/ security bugs (DNS/AntiVir) + overheads (messagepass ('souled-out' to advertiser addons) + filtering drivers) & their complexity leads to exploitation).

* ONLY 1 of its kind in GUI on Linux!

Better vs. Windows model in speed/efficiency/merge.

APK

P.S.=> See subject: It protects vs. script trackers & ads + DNS requestlog tracking too... apk

Re:My program does from BOTH & more

[InfiniteBlaze]

Wait, wait, wait...is this "someonewhocares"? I started using that hosts list YEARS ago! Easily one of the most comprehensive lists of advertising URLs I've ever found. I wouldn't be surprised if others built their lists off of that one.

Registered /.ers review of the Win64 model

Your software is just fine - well written, functional... I'm going to continue using the Host File Engine by mmell February 17, 2017

Your premise that hostfiles are a good way to deal with advertising and malvertising is quite valid - by JazzLad April 20, 2016

his hosts program is actually pretty good by xenotransplant August 10 2015

his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg September 25 2015

I like your host file system by Karmashock September 09 2015

that APK guy, I use his host file by rogoshen1 Tuesday March 03, 2015

I personally use a HOSTS file blocker produced from a genius called APK by 110010001000 October 27 2017

Linux model = faster/more efficient

APK

P.S.=> APK Hosts File Engine 9.0++ SR-1 32/64-bit for Windows https://www.google.com/search?...

Add Verizon to the scum that is Microsoft

Windows 10 in another form. Wonderful. The 2010s will be known as the decade where humans forcibly use technology for evil.

I am APK the LORD of HOSTS

I am APK the great "LORD of HOSTS", a.k.a. AlecStaar or Alexander Peter Kowalski.

See subject & APK Hosts File Engine 2.0++ 64-bit for Linux h t t p : / / I . a m . a . f u c k i n g / a s s h o l e . r e t a r d . z i p (remove spaces between characters & download).

I am the godlike creator of various GUI front-ends for other people's configuration files.

One person stalks me as I shitpost and I dusted them on another site but in reality I am widely hated.

When people state the truth about me I get really mad and accuse them of projecting which is something I do all the time.

Don't call me out on anything as I will state that you are a webmaster and that I cut off your revenue stream.

You must be conspiring with the Jews and Soros if you disagree with me.

Mistaking mockery and parody for impersonation is how I think people flatter me because I can't possibly understand that they detest me.

See me lash out at one person for 2 weeks straight and claim everyone who mocks my retarded ass is actually them.

Bask in my greatness as I post my advertisements in discussions where they don't belong, by the way this is every discussion I post in.

I demand your age sex and location so that I can threaten to show up and kick your ass and will call you a pussycake but am actually too scared to actually do anything but be a keyboard warrior.

Watch as I claim I am world class and a winner but in reality I am a fucking loser.

Witness my descent into madness

APK

Why do you speak as me & you're not I?

See my subject & answer that: & Why do you also STALK me by UNIDENTIFIABLE anonymous posts as well? AFRAID to stand behind your lies??

* THIS I have to hear, lol - it WILL truly be a classic I'm sure!

(CAT GOT YOUR TONGUE SUDDENLY? You wouldn't answer LAST TIME I ASKED IT + YOU DOWNMOD "HID" IT (the sure sign of YOUR total SELF-defeat) https://it.slashdot.org/commen... )

Plus, since you say I'm the "Lord of Hosts"? My "portrait & themesong" https://www.youtube.com/watch?... so SATAN, get thee behind me.

APK

P.S.=> Grow up you obsessed loon who not only IMPERSONATES me but also STALKS me by UNIDENTIFIABLE anonymous posts constantly... apk

It's 7 others hosts sources + them (& more)

See subject: CONSOLIDATED into 1 hosts file & it also allows you to merge more data than that from sites in the security community that do NOT put their lists of known bad sites/script sources/ads/botnets/malware/email bad attachment sources & links etc. into a "std. hosts file format"

In fact, BECAUSE someonewhocares just went over to TLS from std. http download I had to issue a patch today for that as I wasn't doing HTTPS for them! They didn't really tell anyone they were switching that I saw @ least.

* Patched model should be up on Malwarebytes' hpHosts servers in a day or so.

APK

P.S.=> It provides a GOOD solid "starting point" but if you really want to build a NICE hosts file? PAY ATTENTION to the sites out there that say, Bleeping Computer points to everyday that TRACK MALWARE/BOTNETS etc. - for a REALLY complete hosts file that is (my program lets you MERGE those in too, albeit manually vs. its automated 8 sites already in std. hosts format))... apk