In an Internet world dominated by Facebook and Google, most people understand the phrase “If you aren’t paying for it, you are the product.” What people don’t understand is that this concept has also landed on the shores of the privacy industry. History has proven that as any industry becomes “hot,” marketers will inevitably enter it. Companies that have demonstrated little regard for privacy are now using misleading marketing messages to tout their free privacy services, all the while supporting themselves through advertising and selling user data. This leads to important questions, such as why did Facebook pay $120 million to buy a free VPN app? Why did a popular free browser proxy turn its free users into a botnet for hire? And, what’s next?

To stay protected users must give access to more information, resulting in a privacy paradox. Tweet This

The Privacy Paradox The arrival of marketers in the privacy industry is especially disturbing, since privacy products require a more intimate relationship with users than other free products. Users must relinquish control in order for providers to protect them against external threats. To stay protected users must give access to more information, resulting in a “privacy paradox.” Think of it this way: You hire a house sitter. In order for them to protect your home, you must give them extra access to it (keys, alarm codes, valuable items in the house). There is a level of trust involved, as you expect they will not steal your things or throw a party. VPNs are a great example of the privacy paradox. VPN users must send all their network traffic through the VPN provider in order to be protected from malicious third parties. But as a result, VPN providers can see a great deal of information about you, including: Every website you visit

Unencrypted email content

Who you are emailing

What applications you are using

When you are online

How long you are online

Who talks to you

Your location

Is Your Privacy Provider Trustworthy? There are a few things you can do to avoid becoming the product, the most important being to determine if your provider is trustworthy. Just like you wouldn’t hire a stranger off the street to watch your house, you shouldn’t hire an unknown or shady privacy company. Getting to know your company means doing some research, and asking the following: If it’s free, what’s the business model? Investigate how the company makes money to support itself, especially if they offer free products. If their business model isn’t clear then its likely “you” they’re selling.

Who is the company? It’s important to know who you’re doing business with, so you can assess their privacy policy and trustworthiness. Is it clear who you’re doing business with, or is the company actually owned by someone else? Is that fact common knowledge or hidden? If the company is dodgy about their ownership or keeps it hidden, there may be a reason they don’t want you to know.

Is their privacy policy understandable? Beware of policies that are vague or convoluted, or where you cannot understand clearly what information they are collecting from you.

Do their marketing messages contradict their privacy policy and business model? Do the marketing claims line up with the text in the company’s privacy policy? Oftentimes, the shiny marketing messages do not accurately reflect the company’s practices.

Do they allow you to opt-out of their data collection? Or are you automatically opt-ed in (a practice called implicit opt-in)? It’s important to understand how the company will use your data from the moment you sign up – and what control, if any, you have over this data collection.