Founder of BringYour. Building a global privacy, identity and security network with a focus on ease of use via mobile.
If the public IPv4 internet today is a city the size of Manhattan, private IPv6 networks are an area about the size of North America.
There is a vast frontier of private networks to reimagine new ways to build safer and more beneficial methods for people and services to communicate. I think of the sci-fi series The Expanse as another way to understand this. Much like the show’s between-world known as the “slow zone” where safety is built into the fabric of spacetime, there may be many private networks each with their own rules that people can opt their devices to live in.
In this article, I explore three areas where private networks can add new rules to address rising challenges and how users can best approach these networks. In the age of AI, the need to access unbiased information, the value of user data and the potential expansion of fraud create a new set of growing concerns. It may be that joining your devices into a new private network with new rules may be easier to address these challenges than rebuilding services on the existing internet.
Private And Anonymous Internet
The internet is designed to be borderless, private and anonymous. However, internet service providers (ISPs), as they exist today, are not. The foundational technologies of IP addresses and DNS can live anywhere in the world and change without oversight. For example, the internet does not require that a service use a specific set of IP addresses forever or register differently with different DNS servers.
ISPs today allow people to be tracked on the internet. Every interaction between a user and a service has an IP address that identifies a route back to a person. The IP address can be used by third-party services to accurately map the physical location of the user and can be used as a good proxy for an individual to correlate with other data sources.
The ISP itself can also harvest and provide (as a service to third parties) data about sites the user visits and time spent on each site. In the U.S. there has been a push to allow more non-net neutrality and data harvesting from users by ISPs. As AI improves to summarize data across these sources at massive scale joined together by individuals, the ability to use your behavior on the internet in new and unexpected ways will increase.
The tracking enabled by an ISP also allows geographical borders to be drawn on the internet. Services can restrict users from a certain region. ISPs may restrict or filter traffic to certain regions. While this may be a feature in some cases like regional personalization, it may also be used to prevent or degrade access to unbiased information.
You can get started with the public VPNs, do-it-yourself VPNs or enterprise VPNs. In app stores’ utilities and productivity categories, you can find many public VPNs in the top apps. A concern of public VPNs is that they just transfer trust from your ISP to the VPN provider, and some providers may not be any more trustworthy than your ISP.
Thinking about a VPN as a new kind of ISP is a good frame to evaluate the VPN. It should be more trustworthy and transparent, which you can get a sense of by reading the privacy policy. Do-it-yourself open-source VPNs like OpenVPN and WireGuard can be installed on many devices and servers. Most simply, one can set up a server in the cloud and install the VPN server to route their traffic through any cloud. Many people may already have a VPN installed on their devices for work-from-home or bring-your-own-device purposes. There may be an option to enable this all the time, but some people want to separate their personal and work traffic.
Identity
Phishing, fraud and misinformation are some of the fastest-rising security issues. Fundamentally, the internet has no way to verify whether someone is who they say when on the other end of an email, text message or phone call. AI that fluently speaks languages, creates images and mimics voices increases the risk of more personalized and sophisticated ways to compromise security.
Stay better protected by updating your address book with all your known contacts and adopt a practice to keep your address book up to date. You can change your phone settings to send calls not in your address book to voicemail. When receiving an email in your mail app, you can tap the email and look it up in your address book to see if it is the contact you think. When you have a contact you’re not sure about, use a second factor like the domain and TLS information on the domain in the lock icon, a public search of the contact or send a message via a second channel to verify the contact. On this separate channel, you can just ask “Is this you?” and then update your address book.
Cryptographic TLS and verified certificates are the approaches the internet uses for this type of identity verification between two people. But TLS cannot easily be transmitted between intermediary hops common to communication platforms. Identifying the sender and receiver on the network itself would make it easier and more usable in existing systems since the sender and receiver could directly communicate to confirm identity.
Control Of Your Data Footprint
There has been a push for greater transparency of privacy and control for people with the GDPR and CCPA/CPRA. These laws require companies to disclose the use cases of user data, third-party access and retention policy in a public document called a privacy policy. As service providers want to collect more data to power AI, a growing risk to users is that a company’s practices do not follow what the privacy policy says. To understand the risk, we need to look at the flow of user data.
User data ultimately starts at the user device. User data leaves the user device in a region to service providers for the region and then can be transmitted between a service provider’s regions and use cases or their sub-service providers (third parties). Once user data is in a service provider, company oversight, whistleblowers and monitoring of inter-use-case and inter-region transfers can enforce the use cases and sharing of the data. However, the internet and devices provide no way to monitor and enforce the connection between the user and service providers.
You can get home routers and work routers that do deep packet inspection (DPI) to generate a list of sites used on your network as well as how much and when they are used. For example, the Unifi products are popular to do this for a single physical site. You can also visit those sites and manually review the privacy policies which must legally be posted. Private networks overlay the internet with additional encryption and logic that can inspect all traffic. There are many questions about whether the privacy policy as described in the language is correctly followed in the service. Are the service providers receiving data disclosed correctly? If the user opts out, is data sharing stopped? Is the type of data shared with service providers correctly described in the privacy policy?
As service providers want to collect more data to power AI, enforcement of whether the language of a privacy policy matches reality will be more important. The next generation of VPNs will aim to make this easy and transparent to give end users more control of their digital footprint.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Read the full article here
