When Your Data is the Product: the Dangers of So-Called Free Internet
There ain’t no such thing as a free lunch. Right? This idiom originated in the 19th century when saloons would offer free lunch to all customers who bought at least one drink. What’s the catch? Well, the food that patrons got was so salty that it called for quite a few extra beers.
While some bars might still offer free salted peanuts, it is currently much more common to see “free” things online. Let’s take it up another notch: what about Wi-Fi that you don’t have to pay for?
If it sounds a little too good to be true, that’s because it is. However, this can raise a couple of very legitimate questions. Just how vary of it should you be? If you do use it, can you protect yourself — and if so, to what degree? Let’s start at the beginning.
Is This the Real Life, or Free Internet Providers
Ditching your pricy data plans can sound tempting, to say the least, especially if your Internet Service Provider indulges in fun practices like bandwidth throttling. Then you have the issue of the laughable lack of any real market competition in a lot of countries, which allows prices to skyrocket right through the roof.
I could go on, but you get my point. In this light, free Internet providers might look like they’re offering a pretty sweet deal. Sure, you might get a couple more ads than you normally would. At least they don’t bill you enough for you to start Googling kidney prices on the Dark Web (you only need one to stay alive, right?).
There are quite a few providers who offer free Internet access — such as FreedomPop, NetZero, and Juno. They all offer their free services in the USA, however, to see if your particular area is covered, you do need to use their maps or call their customer support. They do not provide any information on whether free Internet access is available to international clients.
At FreedomPop, you can get up to 500MB of free data per month. On mobile, that might be enough for some people — plus, you do also get 500 texts and 200 minutes in that plan for free, too.
This provider, however, has pretty slow LTE speeds. There’s also a catch — the free 500MB comes with a FreedomPop phone, which is, as you can probably imagine, not free.
NetZero is probably the oldest ISP of the bunch. Their brand definitely reflects that fact. Although they have a bunch of premium plans, their dial-up plan is free for 10 hours per month.
And yes, I said “dial-up”. That’s still alive and kicking. Oh, and you can also get charged for long distance or toll charges as you do use your house phone (!!!) to connect. So, this can end up costing you more than a regular plan. And doesn’t dial-up belong in a museum by now?
Juno (not to be confused with the movie) also offers free dial-up. What times we live in. Just like with NetZero, you might get charged for long distance calls; and they also limit you to up to 10 hours of online a month.
While 10 hours may work if it was a “per day” limit, these offers don’t quite meet the lifestyle of modern society. But let’s move to another elephant in the room: the apps that offer free Internet, typically in low-income markets.
Zero-Rated Data: Free Internet in Low Income Markets
The best known is Internet.org, created by yours truly Facebook. It is currently available in a lot of Asian, African, and Latin American countries. Of course, their website is littered with uplifting phrases such as “connecting the world”.
But it isn’t as good as it sounds. The key issue with it — asides from their business model that has the local ISP eating up all the data costs — is that they route all traffic through a Facebook proxy, that doesn’t allow SSL or HTTPS encryption.
India already banned it in 2016 for violating net neutrality by prioritizing Facebook services, while Egypt did the same because of privacy concerns. Basically, it pushes certain apps and websites to the users and collects their data.
And while this is just one example of “zero-rated” data services, there are many others. Big brands are eager to promote their services and collect data. However, in some countries, it’s recognized for what it is: a violation to net neutrality.
User data has been gaining more and more value, especially with the rise of Artificial Intelligence that needs huge data sets to work. The ever-prevalent digital marketing is getting creepier by the day, and that’s because they know a lot about you.[1]
That’s what you pay with for your “free” Internet service — and most “free” products, by the way. Now I’m not saying that these free ISPs are devious, but they do rely on the fact that many average users are not fully aware of how to protect themselves online.
Their data can be sold for marketing purposes, for big data sets, and much more, and even though new regulations are trying to put a harness on it, it’s still kind of a Wild West out there. Since you’re not paying for any services, you can hardly rely on your ISP to offer sufficient protection.
Even if you get your free fix at your local library or if you’re more of a latte and three hours of free Wi-Fi person, you should be paying attention to your security and privacy online.
The Woes of Unencrypted Traffic: What Your ISP Knows About You
There are a few key issues that should make you steer away from ever using free Wi-Fi in any shape or form. If you connect to a public hotspot, your network can be taken over ridiculously easily, and even a newbie hacker could steal your sensitive information.
But when it comes to free connectivity that is supplied by a provider, you’re kind of in a pickle. Your ISP typically knows quite a lot about you. And by a lot, I mean nearly everything that you do online. If your traffic is unencrypted — and it probably isn’t — your provider can see each packet that gets sent.
All information online travels in packets, and in order to ensure security, service providers perform Deep Packet Inspection. Without getting into it too much, let’s just say it’s pretty much equivalent to a postman opening and reading each letter you sent before they deliver it.
And that’s not really all of it. Even if your traffic is encrypted (again, it most likely isn’t), your ISP can see your DNS queries. Simply put, they can see the URLs of the websites you visit — even if the content is encrypted — and the time and date of that visit.
But let’s just say all your traffic is encrypted. Well, encryption isn’t the be-all, end-all either. There is a technique called website fingerprinting that allows detecting and matching encrypted content to websites to sniff out what the user is doing.
There are a few reasons why all of it seems so shady. First, these are legacy techniques. When the Internet was created, nobody knew a thing about it; and those who learned first made the rules. Regulations are just kind of starting to catch up — but they are lagging behind.
Then there are cases where this all is exactly what it looks like censorship. China has probably the heaviest regulated Internet out of all developed countries, and it blocks something new seemingly every day.
On the other hand, in the Western world, we see more things like money and greed. There is little concern for the well-being of an average person. This is a huge market we’re talking about that’s worth billions of dollars. If you want to improve your security and privacy, the first step is educating yourself and taking matters into your own hands — as much as you can.
Protect Yourself Online: What Can You Do
First of all, there’s no need to panic. Even if your ISP can see everything that you do, it does not necessarily mean that they will use it. On the other hand, that mostly applies if you’re a paying customer.
If you’re using free Internet providers, you have more reason to be concerned. You’re paying for their service with your data which they then use to show you targeted ads, things like that — and know you know exactly how much these ISPs are able to see.
“A few ads” sounds much better than “a few ads shown to you based on every little thing you do online”, doesn’t it? The good news is that there are ways for you to protect yourself in this dog-eat-dog world. The bad news is that ain’t no such thing as a free lunch.
One of the most reliable ways to mask your online activity is using a VPN. It creates a virtual private network (hence the name!) for you, hides your IP, encrypts your traffic, and it can even filter malware, hide ads, and much more.
The trouble is that only a good VPN can do that. If you opt to use a free one, you’re at risk once again: if you’re not a paying client, your data is the price. So the most important step is to do your research and select a reliable VPN provider, preferably one that enforces a strict no-logs policy.
If a VPN provider doesn’t keep logs, nobody can monitor your online activity and nobody can request access to it — because quite literally, there is nothing to see. One provider that does offer this is Surfshark. While it’s a paid service you’re getting good value, especially if you do have to use public Wi-Fi often, or if you are concerned about your privacy.
Only using a VPN will not save you, though. If you post something under your real name while using a VPN… well, you just posted something under your real name, and the Internet is forever.
It might seem obvious, but you should always keep that in mind before you do anything. Being paranoid is not the answer, but treating the online as a physical world with consequences is a good start. The Internet is one of the greatest advancements of our era — but it does ask for a little bit of cautiousness if you want to stay safe.
You can do that by investing in decent security tools, and keeping yourself up to date (at least somewhat) with the ever-evolving threat landscape. While you don’t need to dive right into being a security operations officer, subscribe to a few good sites that talk about the latest news in tech. After all, if there’s no escaping the digital reality, you might as well get acquainted with it better.