Verizon Launched A VPN Without Bothering To Write A Real Privacy Policy

from the whoops-a-daisy dept

As we've noted for a while, a VPN isn't some kind of magic bullet. While it might help you hide some of your online activity from snoopy governments, nosy ISPs, or a packet sniffing dudebro at the coffee shop, it's not some mystical panacea. Unfortunately, in the wake of seemingly endless privacy scandals and a federal apathy to any meaningful privacy rules of the road, many people have been flocking to VPNs without understanding that many VPNs are scams, poorly configured (making you less secure, not more), and that promises made about data retention are often hollow.

Ironically, many of the companies most responsible for our privacy problems have now jumped into the VPN business to capitalize on consumer worries they themselves helped create. Like Facebook, which, in the shadow of the Cambridge Analytica scandal, thought it might be a good idea to launch a VPN that pretends to protect consumers from online harm, but actually exists solely to track your behavior online when you're not visiting Facebook.

Verizon, fresh off of its successful efforts to kill net neutrality and FCC broadband privacy protections, also recently launched a new VPN service dubbed Safe WiFi. Safe WiFi, you'll be happy to learn, "protects your privacy and blocks ad-tracking." But when I began digging into Verizon's VPN for Motherboard, I found that the company had rushed the service to market so quickly, it failed to even write an actual privacy policy for the service. Instead, the company informed me it had simply copied a placeholder privacy policy lifted from McAfee, the company that actually built its VPN. According to this privacy policy, Verizon's VPN collects, well, pretty much everything:

"Details about your computers, devices, applications, and networks, including internet protocol (IP) address, cookie identifiers, mobile carrier, Bluetooth device IDs, mobile device ID, mobile advertising identifiers, MAC address, IMEI, Advertiser IDs, and other device identifiers that are automatically assigned to your computer or device when you access the Internet, browser type and language, language preferences, battery level, on/off status, geo-location information, hardware type, operating system, Internet service provider, pages that you visit before and after using the Services, the date and time of your visit, the amount of time you spend on each page, information about the links you click and pages you view within the Services, and other actions taken through use of the Services such as preferences."

When I pressed Verizon on how it could sell a "privacy and security" product that actively makes its users less private and secure, the company acknowledged that employees had simply copied the McAfee privacy policy and didn't bother to write one of its own for the product, something the company wasn't aware of until I brought it to their attention. That means that when you use Verizon's VPN, you have zero real assurance that they won't collect your data. Verizon, for its part, was quick to inform me that once it finishes actually writing a privacy policy, it will assure users that no private data is collected:

"We're working with McAfee to post their privacy policy specific to Safe WiFi and will send you a link as soon as it posts,” Verizon said, acknowledging that it wasn't aware of the problem until Motherboard “alerted us to this discrepancy." Whenever the actual privacy policy is posted, it will “reflect that fact that neither Verizon nor McAfee collects any personal data regarding users or use of the Safe WiFi VPN,” the company promises."

In the interim, you just apparently have to trust Verizon that it's not using the VPN to snoop on you. A sizable ask since, you'll recall, Verizon was busted in 2016 modifying wireless packets to track users around the internet without providing opt out tools or even informing anybody. The same company that just got done gutting FCC broadband privacy protections and is part of an industry that's the poster child for nontransparent and anti-consumer privacy practices.

There's a certain irony in Verizon trying to cash in on privacy worries it itself caused by rushing a VPN product to market so quickly -- it couldn't be bothered to include a real privacy policy for it. There might be a lesson in there somewhere. Meanwhile, if you do need a VPN, you're probably better off picking one of numerous options that don't have a several-decade history actively trying to undermine consumer privacy and real privacy guidelines.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: privacy, trust, vpn

Companies: verizon