As the Motion Picture Association’s site-blocking drive lands back on home turf, countries that have already implemented their own site-blocking programs are evaluating their effectiveness. A new survey carried out by French anti-piracy agency Arcom reveals how internet users circumvent blocking and their preferred tools. More importantly from a piracy mitigation perspective, the survey reveals why users feel the need to circumvent blocking in the first place.
This particular motivation is extremely confusing for me. Who do they worry will get breached, and what data are they worried about protecting?
If they’re worried about the ISP getting breached and their browsing history being leaked (via ISP DNS logs), I guess I understand it although displays a very low risk tolerance in my opinion. Not only would the ISP have to be compromised, but the attacker would need to dump both DNS logs and a database(s) to correlate the assigned public IP (or RFC 1918 address depending on ISP topology) to the customer. This is all predicated on the customer actually using the ISP DNS servers, which you don’t even need a VPN to do. The actual data you send to a website would be unaffected in this situation.
If they’re worried about a website they use being breached and their data compromised that way, how do they think a VPN will help? If they’re sending data to a website it doesn’t matter whether it’s over the ISP lines or tunneled to a VPN through the ISP then sent to the website, the website still receives the data. If I have friends coming to stay the night it doesn’t matter if they walk, bike, drive, train, fly, or launch themselves by trebuchet over to my house, I’ll still need a bed made up with fresh sheets for them.
I’m all for more people using VPNs, I’m a huge proponent of piracy, and I’m a huge proponent of personal data sovereignty, but I just don’t understand this particular reason for using a VPN at all. It’s kind of disconcerting to see it as the second highest reason given for using a VPN, setting as a VPN doesn’t really solve that issue. Either VPN providers are lying to their customers or the users fundamentally misunderstand what the product they’re buying can and cannot do.
While France/the EU has passed data privacy and data sovereignty laws, the EU is also the leading source of pressure on tech companies to remove or backdoor end-to-end encryption of user data and communications. The EU doesn’t want companies tracking EU citizens, which is good, but also wants to preserve their ability to track EU citizens, which is bad. If data privacy means privacy from ISPs and not being tracked by the authorities within the EU, then the conclusion makes sense when looking at it through their eyes.
I used to be hopeful that as legislator demographics shifted to be more digitally savvy they would pass legislation that encouraged a free, open, secure, and decentralized Internet. I’m starting to think that was naive as fuck, and that the Internet as we knew it, with that original ethos, will get forcefully snuffed out and people 200-300 years from now will read about and romanticize the Golden Age of Digital Piracy in the same way we look at the Golden Age of Piracy today.