FYI.

This story is over 5 years old.

Tech

Verizon Didn’t Bother to Write a Privacy Policy for its ‘Privacy Protecting’ VPN

Verizon's 'Safe Wi-Fi' says it "protects your privacy and blocks ad-tracking," but its current privacy policy is a placeholder that says the exact opposite.

Verizon is rolling out a new Virtual Private Network service called Safe Wi-Fi it developed in conjunction with McAfee. According to Verizon, the $4 per month service “protects your privacy and blocks ad tracking, creating a secure Wi-Fi connection anywhere in the world.” Besides Verizon’s long history of allowing third parties to monetize its customers’ web-browsing habits, there’s another reason you probably shouldn’t trust this product to “protect your privacy:” Verizon didn’t bother to write a privacy policy for it before releasing it to the public.

Advertisement

Verizon's Terms of Service just redirects to McAfee's website. Image: Verizon

The company’s terms of service directs all of its VPN users to the general McAfee privacy policy governing all of McAfee’s products. That policy, in turn, states that McAfee and Verizon have the right to collect an ocean of data on the end user, including carrier data, Bluetooth device IDs, mobile device ID, mobile advertising identifiers, MAC address, IMEI data, and more. The policy explicitly says that browsing history can be used to help target ads at you:

"We may use information collected through [our services], such as what websites you visit or the mobile applications you use, to allow McAfee and others to show you ads that are targeted to your interests," the policy states. When pressed as to why consumers would pay for a “security and privacy” tool that seems to encroach on consumer privacy, the company told Motherboard that the current privacy policy doesn’t accurately reflect what’s being collected. “Please know that neither Verizon nor McAfee collect any personal data regarding its users or use of the Safe WiFi VPN,” a Verizon spokesman stated.

Of course that’s not what the current privacy policy states:

From the current McAfee privacy policy

From the current McAfee privacy policy

And if the current privacy policy is little more than an incorrect placeholder, how exactly is an end user supposed to know what data actually is being collected?

“We're working with McAfee to post their privacy policy specific to Safe WiFi and will send you a link as soon as it posts,” Verizon said, acknowledging that it wasn't aware of the problem until Motherboard “alerted us to this discrepancy.”

Advertisement

Whenever the actual privacy policy is posted, it will “reflect that fact that neither Verizon nor McAfee collects any personal data regarding users or use of the Safe WiFi VPN,” the company promises. Until then, you’ll just have to trust Verizon. But Verizon’s track record suggests it’s the last company you’d want watching your back.

In 2016 the company was forced to pay the FCC $1.35 million for modifying wireless packets to track users around the internet. Verizon not only initially refused to offer users any way to opt-out of this covert tracking, it spent more than two years doing so before even bothering to inform the public it was happening.

For years, Verizon allowed a third party to use undeletable cookies to track its customers’ web-browsing habits. It also helped dismantle state and federal consumer privacy protections, ensuring that government can’t hold companies accountable for flimsy privacy standards and empty promises.

And that’s where much of the problem really originates. Thanks to barely meaningful U.S. privacy rules, your ISP already has an absolute ocean of data on you, much of it collected whether you utilize a VPN or not. And thanks to cash-compromised lawmakers and terrible tech policy (from neutering said privacy rules to killing net neutrality), companies like Verizon are helping to effectively break the internet, placing the onus on consumers to somehow navigate a minefield of apathy and rampant data collection.

It’s now seemingly impossible to go more than a week without seeing another major privacy scandal, whether it’s a company like LocationSmart leaking the private wireless location data of a massive chunk of North America, or a political data firm like Deep Root Analytics leaving the voting data of millions of Americans openly accessible on a public-facing server. In many instances, government appears less interested than ever in actually protecting consumers and holding companies accountable for such violations, as last year’s government assault on FCC broadband privacy protections should make abundantly clear.

In response, worried consumers are increasingly flocking to VPNs in a bid to protect their private data while browsing online. Said fear has provided a wonderful marketing opportunity for VPN providers, some of which, like Private Internet Access, bought full page ads last year naming and shaming senators that sold you out on privacy. But a VPN isn’t some kind of magic bullet, and our collective privacy woes go far deeper than such tools can address. Sure, a VPN may help you dodge the watchful eye of nosy governments or a coffee shop packet sniffer, but you’re still leaving a data trail on the servers of the VPN itself. Often VPN provider claims that they won’t retain user logs are proven to be false, and ferreting out which company is actually protecting your data can often border on the impossible. Quite often, a VPN provider may turn out to be little more than a scam. Other times they’re so poorly configured and run you would have been more secure not using the service at all. We’ve noted repeatedly how rising privacy worries have resulted in a notable rise in this kind of fraud as scammers try to cash in on consumer concern, creating an ouroboros of dysfunction. The fear has also resulted in a rise in VPN offerings from more mainstream names that similarly shouldn’t be inherently trusted. And ironically, many of these offerings are coming from companies that helped build our long, dark privacy nightmare in the first place.

Facebook’s VPN Onavo, for example, has been widely and correctly ridiculed as a data-hoovering application dressed up as a security tool. Giant ISPs are also trying to jump into the VPN game despite several decades’ worth of bad behavior on the privacy front, ironically cashing in on the rising interest in VPNs their own bad behavior helped create. There’s a certain irony in users running to the same ISPs for protection that helped build our current privacy mess in the first place. And while VPNs can provide adequate privacy while at your favorite coffee shop, they’re not a magic bullet for a deeper dysfunction companies like Verizon helped cement.