Businesses and consumers alike have grown increasingly concerned with protecting their privacy online. Whether it’s avoiding falling victim to a data breach or even a ransomware attack, the tactics used by cybercriminals have become quite sophisticated. However, while we’ve been busy protecting our privacy from hackers, many of us have forgotten about how ISPs, governments and even businesses track our activities online by following the websites we visit and the apps we use.
To help protect consumers from unwanted tracking online, Winston Privacy has launched a new device that sits between a home modem and a wireless router to block users from ads and hackers as well. TechRadar Pro sat down with the company’s CEO Richard Stokes to learn more about its product and how consumers can protect their privacy online.
Where do traditional security solutions fall short when it comes to protecting user privacy?
The usual security solution offers well known benefits, such as firewall, antivirus and even occasionally a VPN. However, none of these products or software do anything to protect user privacy. For instance, VPNs are often cited as a privacy solution when in fact all they do is encrypt internet activity and cloak the internet end point. Modern user tracking technologies are much more sophisticated than that, and generally rely little on static IP addresses. Moreover, VPNs are notorious for logging and selling user data, even Facebook has a VPN, while antivirus companies crawl the pages that users are viewing and sell that data to advertisers.
How aware are consumers that ISPs and corporations are keeping tabs on their activities online?
Consumer awareness of lack of data privacy exploded in 2018 with the Cambridge Analytica revelations. Our internal data shows that VPN usage in the US increased by 400% between October 2017 and May 2018. The current challenge is that consumers aren’t aware of all the other products that are tracking them outside of the internet, like apps and connected products.
Have users become more reluctant when it comes to sharing their personal data with businesses?
Anecdotally, there is still a great sense of resignation. Our data indicates that most consumers know there is a problem but lack any real solutions. While privacy software has been around for about 20 years, it generally is beyond the technical capabilities of the average consumer. With the easiest, most widely used solutions, browser-based ad blockers, known to collect and sell user data or offer backdoors for partners. They’re continuing to prove that if the product is free, you're the product. There needs to be an increased awareness on how current ad blockers work and what consumers can do to truly protect their privacy.
You describe your company’s product as a hardware filter for the internet. Can you elaborate on how it filters internet traffic and the kind of traffic it protects consumers from? How does your product differ from a VPN and what makes it more secure?
Winston is designed to be a comprehensive privacy defense for the non-technical home user, so we've tightly integrated a number of technologies, some proprietary, to defeat user tracking. Through Winston, internet activity is encrypted and scrambled through a distributed peer-to-peer (P2P) privacy mesh network, making it impossible to correlate requests with individual users or devices. A beneficial side effect of this is that the user's physical location is hidden, preventing hackers from determine the locale (or even exact location) of a hacked Nest or other device.
At its core, Winston monitors all internet traffic occurring on the home network and assigns every website a privacy risk score (ie: 1-10 where 1 indicates little risk of data collection and 10 a high risk). Based on this risk assessment, dynamic security policies are set which impact how data is exchanged with that site. A few examples on how it blocks ads and hackers is:
Within Winston, cookie policies are set based on privacy risk, origin, destination and likelihood of breaking a site. For instance, third-party tracking cookies are typically blocked completely as are most disguised first-party tracking cookies. However, a cookie required to play a YouTube video on another site may be allowed, but on Winston it will have its expiration time set to 30 minutes from now while a Twitter cookie may be rewritten with false data.
Browser fingerprinting - a technique which can even deanonymize users in incognito mode - is deactivated within Winston as well.
User agent strings are rotated on a regular basis and shared between all compatible devices in the home, further obscuring the true origin of a particular request.
Domain Name System (DNS) queries are intercepted, encrypted and resolved via Cloudflare or IBM X-Force (Quad 9) services. This includes DNS activity for all devices on the network, which makes Winston an effective defense against DNS rebinding attacks.
What do you think the future holds for the online advertising industry and will we see a noticeable shift in the types and frequency of ads we see online?
It used to be that we traded 30 minutes of our time and attention to advertisers in exchange for a show, like Friends or Seinfeld. It was a fair trade, but today, we give up every personal detail about ourselves in exchange for spam and clickbait. It follows us around incessantly, and who pays when those massive databases get hacked? We do.
As a former insider in the advertising and marketing industry, it appears likely to me that the demand for programmatic (micro-targeted) advertising will decline as users push back on the invasive tracking that these methods require, which is a good thing.
That said, advertising is not going anywhere. Both brands and consumers want to connect, but not in the outdated way that the Silicon Valley powers have decided we should. My hope is that well-executed creative will again come to the forefront of the industry. After all, it's not that consumers hate advertising per se, rather; they hate being spammed and harassed by bad advertising.
Richard Stokes, CEO of Winston Privacy
- We've also highlighted the best internet security suites