This is a political problem. Technology like a VPN or alternative DNS is little more than a placebo. With the ISP as a permanent MitM, modern deep-packet inspection, etc, you are probably still leaking a lot of information.
Worse, you're only moving the problem to a different location. Even if you were able to hide your traffic from your local ISP, your VPN host or DNS service becomes your ISP de facto. Also, if any of your online accounts can be tied back to you on their own, you might not get a choice in the matter; the server's ISP can also sell information. What about TLS? Unfortunately far too many websites are only encrypted to CloudFlare.
However, the real reason that VPNs/etc are not a solution is that privacy shouldn't be limited to people with a technical background. Those of us that do understand the technology have a duty to help the people without that knowledge and experience.
> Worse, you're only moving the problem to a different location
I agree that's true from a technical perspective. However, the VPN provider has an economic incentive to compete on privacy. I would much rather just trust my local ISP, but at least I have a choice in VPN providers.
> privacy shouldn't be limited to people with a technical background
Absolutely. That's why I want this as a product that Just Works instead of my own hacked-up implementation.
Excellent point. In the US you likely only have a small number of ISPs you can choose from, but there are huge number of VPN/PaaS/HaaS providers out there that you can route your traffic through. Surely some will compete on privacy.
> Those of us that do understand the technology have a duty to help the people without that knowledge and experience.
No, we don't. The fact that the "common people" don't value privacy enough led to this whole situation. Those that do value privacy, can pay for it with their money (or their time to learn).
I agree with this! I think, should people value their privacy and want to use VPNs then we can teach them about such matters but merely us trying to convince them should not be our problem.
I think the problem is not that most people don't value privacy, it's that most are unaware of the privacy issues that affect them, or have been misled to believe that the cost of having the websites and services that they rely on (facebook, gmail, etc.) is necessarily tied to giving up privacy.
This isn't a new problem. We "know" the common people don't care because all attempts at scandalizing this in the media, for years, have not found much resonance.
If people didn't care about privacy, companies wouldn't be so opposed to regulations requiring them to get consent before selling personal information. Advertisers wouldn't disguise targeting to avoid creeping people out. Uber wouldn't have deleted a blog post mapping one-night stands. Republicans wouldn't have had any reason to spin this bill as being about which agency should have authority.
People do more to protect their privacy when they know it's being violated, understand the impact, and believe they can do something about it.
Some people care about privacy. Most probably may even care about it to some degree, but not to the degree where they sacrifice their convenience for it.
Again, the media has done its best to scandalize the very real privacy concerns with companies like Google and Facebook. Did it hurt their success with the unwashed masses?
If privacy was really such a big deal, why would Uber write that blog post in the first place? Sure, enough people complained online to get it pulled, but that's not representative.
To wake people up, we'd need a real "story" here, like somebody getting fired over googling something relatively innocent.
Finally, if advertisers really try to disguise targeting, they're doing a terrible job at it. Just try turning adblock off for a moment to see for yourself. Yes, even the common folk thinks targeting is creepy, but at the end of the day they don't care that much.
I disagree that the media has done anywhere near its best to bring privacy issues to people's attention. At the same time, many stories that do get published offer lots of vague scares and no practical suggestions, which fuels people's sense that there's nothing they can do.
I don't know many people who have stopped using Facebook. I do know a lot of people who don't post things they would've 5 years ago.
Uber miscalculated, simple as that.
For targeting, I'm talking more about direct advertising. I think most people know by now that the sites they visit don't directly control the ads they see. Seeing the same ads everywhere is annoying but doesn't prove anything. A company you've never given your email address sending you offers for only items you looked at is creepy.
This is a political problem. Technology like a VPN or alternative DNS is little more than a placebo. With the ISP as a permanent MitM, modern deep-packet inspection, etc, you are probably still leaking a lot of information.
Worse, you're only moving the problem to a different location. Even if you were able to hide your traffic from your local ISP, your VPN host or DNS service becomes your ISP de facto. Also, if any of your online accounts can be tied back to you on their own, you might not get a choice in the matter; the server's ISP can also sell information. What about TLS? Unfortunately far too many websites are only encrypted to CloudFlare.
However, the real reason that VPNs/etc are not a solution is that privacy shouldn't be limited to people with a technical background. Those of us that do understand the technology have a duty to help the people without that knowledge and experience.