Question for the technically minded - VPN and data protection

johnny

I'll tells ya!
Staff member
I tend to avoid almost anything that needlessly requires log in - SBS on demand is the perfect example. But now ABC iView is preparing to force log ins as well. There is a single reason for this, the collection of data. I don't think that I need to preach to anyone here about how important protection of privacy is.

The question is, how much does the use of a VPN protect your privacy when using log ins on websites such as iView and SBS OnDemand?
 

Litenbror

Eats Squid
I tend to avoid almost anything that needlessly requires log in - SBS on demand is the perfect example. But now ABC iView is preparing to force log ins as well. There is a single reason for this, the collection of data. I don't think that I need to preach to anyone here about how important protection of privacy is.

The question is, how much does the use of a VPN protect your privacy when using log ins on websites such as iView and SBS OnDemand?
It's a really good question as the VPN companies will tell you it's 100% but they are also selling their products.

We use Express VPN and find it works for all the major steaming services in the States and they have very good algorithms for identifying OS traffic so I figure it's pretty good. One of the key elements is having the VPN on when you are online and accepting the slower speed and increased data usage. Again Express VPN makes it pretty easy but you pay for the privilege, it's worth looking for one that can be installed on your router if you want to go full time foil hat.

Doesn't really need to be said but avoid the free VPNs as you are just giving your data to someone else to sell.

Edit: I'm not specifically endorsing Express VPN it's just the one I'm currently using. I've been using a VPN service for quite a while now and from the research I've done it is one of the best for compromise of privacy and ease of use.
 
Last edited:

Scotty T

Walks the walk
The question is, how much does the use of a VPN protect your privacy when using log ins on websites such as iView and SBS OnDemand?
As far as I understand it, being a technical person but not specifically around VPN, they don't protect you, at all, because you are logged in. Using a fake name and setting up a specific email address for these services (johnnywatchestv@gmail.com) is the best protection if you are worried that the commies at the ABC will use your data to indoctrinate you. VPN protects third parties from obtaining access to anything you send or recieve but upon logging into a service, that service knows everything you do within it.

Even when I am on VPN Rotorburn can still tell that it's me shitposting and still has all the activity data proving that I am a left wing greenie who follows the climate change and electric vehicle threads, and yes I have even told it my first name, last initial and where I work! But I trust you all!

If Rotorburn was breached VPN wouldn't make a difference to the data obtained other than a different IP address to the one I am actually connected with. It is near impossible except for a criminal investigation of a pretty high order to obtain any details about me from my ISP IP address as compared to one on a VPN, however if I was a criminal an overseas VPN could at least make it harder for authorities to find out my real identity is.
 

Litenbror

Eats Squid
As far as I understand it, being a technical person but not specifically around VPN, they don't protect you, at all, because you are logged in. Using a fake name and setting up a specific email address for these services (johnnywatchestv@gmail.com) is the best protection if you are worried that the commies at the ABC will use your data to indoctrinate you. VPN protects third parties from obtaining access to anything you send or recieve but upon logging into a service, that service knows everything you do within it.

Even when I am on VPN Rotorburn can still tell that it's me shitposting and still has all the activity data proving that I am a left wing greenie who follows the climate change and electric vehicle threads, and yes I have even told it my first name, last initial and where I work! But I trust you all!

If Rotorburn was breached VPN wouldn't make a difference to the data obtained other than a different IP address to the one I am actually connected with. It is near impossible except for a criminal investigation of a pretty high order to obtain any details about me from my ISP IP address as compared to one on a VPN, however if I was a criminal an overseas VPN could at least make it harder for authorities to find out my real identity is.
That's all good info @Scotty T we have to remember that protecting your IP address with a VPN is only a small part of the data collected with most of it happening through cookies.
 

LQQK

Likes Bikes
Looks like they have delayed to whole log-on thing.

We had initially intended to roll out mandatory log-ins across July and August but have decided to slow things down …
It is our intention to introduce mandatory logins for ABC iview by the end of the year.


https://www.abcfriends.org.au/iview_log_in
 

johnny

I'll tells ya!
Staff member
As far as I understand it, being a technical person but not specifically around VPN, they don't protect you, at all, because you are logged in. Using a fake name and setting up a specific email address for these services (johnnywatchestv@gmail.com) is the best protection if you are worried that the commies at the ABC will use your data to indoctrinate you. VPN protects third parties from obtaining access to anything you send or recieve but upon logging into a service, that service knows everything you do within it.

Even when I am on VPN Rotorburn can still tell that it's me shitposting and still has all the activity data proving that I am a left wing greenie who follows the climate change and electric vehicle threads, and yes I have even told it my first name, last initial and where I work! But I trust you all!

If Rotorburn was breached VPN wouldn't make a difference to the data obtained other than a different IP address to the one I am actually connected with. It is near impossible except for a criminal investigation of a pretty high order to obtain any details about me from my ISP IP address as compared to one on a VPN, however if I was a criminal an overseas VPN could at least make it harder for authorities to find out my real identity is.
Yes, using an email set up for registrations and using a VPN (standard Nortons or the ANU VPN for me) is standard practice. You leave a data trail wherever you go, but breaking it up and spoofing the content seems to be the goal, as far as my small amount of research suggests. That means using a couple of different email addresses for regos, not linking a mobile number, using a VPN, or a couple if you can and deliberately doing searches and going to websites that go against normal habits. (all the standard stuff applies, such as not using google where you can help it, not FBing, paying close attention to privacy settings, using browsers like Brave, if you can.)

The goal is not leaving a huge chunk of data that can easily be aggregated to provide a clear profile. There are many reasons for this; making yourself a hard target for cyber crime, etc., but also working under the assumption that once your data is out there you have no control over it and we cannot imagine how it might be used in the future, likely against our interests.

I know SFA about data security and protecting privacy, but the people I come across who do know have a pretty bleak view of things.
 

Litenbror

Eats Squid
Yes, using an email set up for registrations and using a VPN (standard Nortons or the ANU VPN for me) is standard practice. You leave a data trail wherever you go, but breaking it up and spoofing the content seems to be the goal, as far as my small amount of research suggests. That means using a couple of different email addresses for regos, not linking a mobile number, using a VPN, or a couple if you can and deliberately doing searches and going to websites that go against normal habits. (all the standard stuff applies, such as not using google where you can help it, not FBing, paying close attention to privacy settings, using browsers like Brave, if you can.)

The goal is not leaving a huge chunk of data that can easily be aggregated to provide a clear profile. There are many reasons for this; making yourself a hard target for cyber crime, etc., but also working under the assumption that once your data is out there you have no control over it and we cannot imagine how it might be used in the future, likely against our interests.

I know SFA about data security and protecting privacy, but the people I come across who do know have a pretty bleak view of things.
Honestly I think the battle is already lost with data and privacy. The tools we have such as duck duck go, Brave, VPNs etc are sticks and rocks against the serious weapons companies (FB, Google etc) and government's (pretend friendly and openly hostile) have at their disposal. We carry tracking beacons in our pockets all day giving of huge amounts of data and so far only the EU has any real laws to protect people, and that's only recently come in. I think the best anyone who still wants the convenience of the modern internet and phones can do is slow the data collection and data aggregation down a bit but there is no way to stop the development of a profile anymore.

End rant I'm going to go back to feeding my data profile with my tracking beacon, where did I put my tin foil hat??
 

wornoutwords

Likes Dirt
The ABC forced login definitely smells like a info grab so they can track your viewing habits

they already geoblock foreigners so they cant steal bluey episodes

I've been working in data analytics/architecture for about 15-20 yrs now and its become so weaponised its scary. (imho because of cloud providers like amazon, which allow anyone to drop a few K on compute to try out some evil idea & really lowered the bar of entry, but thats my own rant)

personally i think the best way to fight back is to poison the well - the more unreliable the data is (eg i'm a 15yo retired female with testicular cancer that worked for telecom for 23 years and graduated high school in 2015), the less its worth.. but it's a losing battle


oh and for me the biggest benefit of a vpn for data privacy is that your ISP doesn't have a log of everything you do and everywhere you go - they just have you hitting the same VPN IP over and over. The only way to get that info is to have logs from every site you go to along with some consistent unique id to tie it all together (eg what facebook/google etc have)
 

ozzybmx

taking a shit with my boobs out
If there's one thing I've learned from my SAS training it's that children's lunch boxes make ideal caches for contraband IT equipment.
The bag I "invested in" for work... its the perfect length for...


Pain in the ass for getting through the turnstile though.
 

kbekus

Likes Dirt
Much of what has been said above is good. Also consider using a browser that has a solid incognito mode, most of the data harvesting is via cookies to track your browsing habits. Breaking this chain, whilst also using burner email addresses makes it quite hard to link you to your activities. If you have a dynamic IP address (most people will) this adds complexity - reset your modem from time to time, this might provoke a change of IP address.

VPNs do help masquerade your activity on the web but they're not infallible... even supposedly very anonymous activity anonymisers like TOR have been broken.
 

teK--

Eats Squid
A VPN only prevents interception of data between you and the server. Whatever info you voluntarily give to the server, they can use or be misused as the case might be..

Short of wearing a tin foil hat I am very careful about data security:

- Never, ever use "Use my facebook login" when subscribing to new services. It may be convenient but you are just opening yourself for a world of pain in the event of a data breach. Have a specific login/account for every website and service.

- Never use the same password for more than one service.

- If you have so many passwords you cannot remember them all, then consider using a password manager program. However, don't store the true passwords in that program (maybe think of a simple and universal prefix that can be added to every password, but isn't stored in the app). Again this is in case the program gets breached.

- Never state true date of birth except for any services which legally need to complete Know Your Customer (such as banking, government and health services etc)

- If you must use question/answer type prompts for a password recovery, instead of using simple guessable answers such as your Mum's maiden name, consider using responses that consist of numbers.

- Encrypt the hard drives on your computers at home. Encrypt your backups and store them in separate locations to the computers.

- Use 2 Factor Authentication whenever it is available, but do NOT use your own mobile phone # for SMS option, in case your phone account is hijacked. Google Authenticator is very good.

- If you must use SMS/phone authentication option for any accounts, consider using your work mobile # if you have one, or your partner/spouse's phone.

- If you have a second mobile phone, set up Google Authenticator on that phone as well (so you have a backup in case your primary phone goes missing). Trying to recover Google Authenticator without the primary device is a PITA.

- Set up 2 Factor authentication for your internet banking, for any requests to transfer money to third party accounts.

- If travelling, always get your own SIM card or data service. If you must use a free wifi access point anywhere, ALWAYS use a VPN. If you are in a sketchy country, use a VPN anyway even if you get your own SIM card.

- On your phone, all apps which you might not want someone who takes your phone to access, should be hidden behind a password protected folder/app. This is even if you use a screen lock. Norton App Lock is a good free one.

- Get all your bills emailed to you. Consider a PO Box for other mail.

- Register for: https://haveibeenpwned.com

Stay safe everyone!
 

ualf

Likes Dirt
I tend to avoid almost anything that needlessly requires log in - SBS on demand is the perfect example. But now ABC iView is preparing to force log ins as well. There is a single reason for this, the collection of data. I don't think that I need to preach to anyone here about how important protection of privacy is.

The question is, how much does the use of a VPN protect your privacy when using log ins on websites such as iView and SBS OnDemand?
What you can do is check how unique your browser finger print is when using a VPN and when not.

A site like --> https://www.amiunique.org/fp will give you an indication of how much privacy you stand a chance of preserving. Expect to be unhappy with the results.
 
Top