How to set up a VPN in 10 minutes for free (and why you urgently need one)
“A computer lets you make more mistakes faster than any other invention with the possible exceptions of handguns and Tequila.” — Mitch Ratcliffe
Soon every mistake you’ve ever made online will not only be available to your internet service provider (ISP) — it will be available to any corporation or foreign government who wants to see those mistakes.
Thanks to a decision by Congress, ISPs can sell your entire web browsing history to literally anyone without your permission. The only rules that prevented this are all being repealed, and won’t be reinstated any time soon (it would take an act of congress).
ISPs can also sell any information they want from your online activity and mobile app usage — financial information, medical information, your children’s information, your social security number — even the contents of your emails.
They can even sell your geolocation information. That’s right, ISPs can take your exact physical location from minute to minute and sell it to a third party.
You might be wondering: who benefits from repealing these protections? Other than those four monopoly ISPs that control America’s “last mile” of internet cables and cell towers?
No one. No one else benefits in any way. Our privacy — and our nation’s security — have been diminished, just so a few mega-corporations can make a little extra cash.
In other words, these politicians — who have received millions of dollars in campaign contributions from the ISPs for decades — have sold us out.
How did this happen?
The Congressional Review Act (CRA) was passed in 1996 to allow Congress to overrule regulations created by government agencies.
Prior to 2017, congress had only successfully used the CRA once. But since the new administration took over in January, it’s been successfully used 3 times — for things like overturning pesky environmental regulations.
Senator Jeff Flake — a Republican representing Arizona — led the effort to overturn the FCC’s privacy rules. He was already the most unpopular senator in the US. Now he may become the most unpopular senator in US history.
Instead of just blaming Flake, though, let’s remember that every single senator who voted in favor of overturning these privacy rules was a Republican. Every single Democrat and Independent senator voted against this CRA resolution. The final vote was 50–48, with two Republicans abstaining.
You would think that the Senate would heavily discuss such the consequences of such an historic decision. Actually, they only spent 10 minutes debating it.
“Relying on the government to protect your privacy is like asking a peeping tom to install your window blinds.” — John Perry Barlow
The CRA resolution also passed in the House of Representatives, where 231 Republicans voted in favor of removing privacy protections against 189 Democrats who voted against it. (Again, not a single non-Republican voted to remove these privacy protections.)
All that’s left is for the Republican president to sign the resolution, which he has said he plans to do.
So what kind of messed-up things can ISPs now legally do with our data?
According to the Electronic Frontier Foundation, there are at least five creepy things the FCC regulations would have made illegal. But thanks to the Senate, ISPs can now continue doing these things as much as they want, and it will probably be years before we can do anything to stop them.
- Sell your browsing history to basically any corporation or government that wants to buy it
- Hijack your searches and share them with third parties
- Monitor all your traffic by injecting their own malware-filled ads into the websites you visit
- Stuff undetectable, un-deletable tracking cookies into all of your non-encrypted traffic
- Pre-install software on phones that will monitor all traffic — even HTTPS traffic — before it gets encrypted. AT&T, Sprint, and T-Mobile have already done this with some Android phones.
So how do we have any hope of protecting our privacy now?
According to a study by the Pew Research Center, 91% of adults agree or strongly agree that “consumers have lost control of how personal information is collected and used by companies.”
But we shouldn’t despair. But as the same British Prime Minister who cautioned us to “hope for the best and prepare for the worst” also said:
“Despair is the conclusion of fools.” — Benjamin Disraeli in 1883
Well we are not fools. We’re going to take the actions necessary to secure our family’s privacy against the acts of reckless monopolies and their political puppets.
And we’re going to do this using the most effective tools for securing online communication: encryption and VPNs.
Step 1: enable HTTPS Everywhere
As I mentioned, ISPs can work around HTTPS if they are able to factory-install spyware on your phone’s operating system. As long as you can avoid buying those models of phones, HTTPS will give you a huge amount of additional protection.
HTTPS works by encrypting traffic between destination websites and your device by using the secure TLS protocol.
The problem is that, as of 2017, only about 10% of websites have enabled HTTPS, and even many of those websites haven’t properly configured their systems to disallow insecure non-HTTPS traffic (even though it’s free and easy to do using LetsEncrypt).
This is where the EFF’s HTTPS Everywhere extension comes in handy. It will make these websites default to HTTPS, and will alert you if you try and access a site that isn’t HTTPS. It’s free and you can install it here.
One thing we know for sure — thanks to the recent WikiLeaks release of the CIA’s hacking arsenal — is that encryption still works. As long as you’re using secure forms of encryption that haven’t yet been cracked — and as far as we know, HTTPS’s TLS encryption hasn’t been — your data will remain private.
“The average busy professional in this country wakes up in the morning, goes to work, comes home, takes care of personal and family obligations, and then goes to sleep, unaware that he or she likely committed several federal crimes that day.” — Harvey Silverglate
By the way, if you haven’t already, I strongly recommend you read my article on how to encrypt your entire life in less than an hour.
But even with HTTPS enabled, ISPs will still know — thanks to their role in actually connecting you to websites themselves — what websites you’re visiting, even if they don’t know what you’re doing there.
And just knowing where you’re going — the “metadata” of your web activity — gives ISPs a lot of information they can sell.
For example, someone visiting Cars.com may be in the market for a new car, and someone visiting BabyCenter.com may be pregnant.
That’s where using a VPN comes in.
How VPNs can protect you
VPN stands for Virtual Private Network.
- Virtual because you’re not creating a new physical connection with your destination — your data is just traveling through existing wires between you and your destination.
- Private because it encrypts your activity before sending it, then decrypts it at the destination.
People have traditionally used VPNs as a way to get around websites that are blocked in their country (for example, Medium is blocked in Malaysia) or to watch movies that aren’t available in certain countries. But VPNs are extremely useful for privacy, too.
There are several types of VPN options, with varying degrees of convenience and security.
Experts estimate that as many as 90% of VPNs are “hopelessly insecure” and this changes from time to time. So even if you use the tools I recommend here, I recommend you take the time to do your homework.
Most VPNs are services that cost money. But the first VPN option I’m going to tell you about is convenient and completely free.
Opera is a popular web browser that comes with some excellent privacy features, like a free built-in VPN and a free ad blocker (and as you may know, ads can spy on you).
If you just want a secure way to browse the web without ISPs being able to easily snoop on you and sell your data, Opera is a great start. Let’s install and configure it real quick. This takes less than 5 minutes.
Before you get started, note that this will only anonymize the things you do within the Opera browser. Also, I’m obligated to point out that even though Opera’s parent company is European, it was recently purchased by a consortium of Chinese tech companies, and there is a non-zero risk that it could be compromised by the Chinese government.
Having said that, here’s how to browse securely with Opera:
Step #1: Download the Opera browser
Step #2: Turn on its ad blocker
Step #3: Turn on its VPN
Step #4: Install HTTPS Everywhere
When you’re done, Opera should look like this: