Google is getting a lot of publicity for a business venture called Project Fi.
Dubbed rather grandly as “a new way to say hello,” the service seems to be a joint project with US mobile providers Sprint and T-Mobile.
You’ll need a Nexus 6 phone and an invitation to get on board at the moment, but fi, ah, if you do, your mobile data experience will leap automatically between cellular and Wi-Fi networks, depending on what’s available.
The idea is that you’ll save money, because when you’re not using 3G or 4G, you’ll be on an unmetered wireless connection that’s part of your $20/month flagfall fee.
When you do wander onto 3G or LTE (4G), you’ll pay the low, low price of just $10/GB for your data.
To a non-American like me, in a part of the world where internet access is readily available, but at a price, and who looks at US fixed-line data speeds and costs with some envy…
…that doesn’t seem super-cheap.
I can pay $4/GB for 3G/LTE data access, no contract or flagfall, pay-as-you-go, with free Wi-Fi whenever I’m in range of the provider’s wireless networks.
Actually, it’s as low as $2/GB if I do half of my work in the small hours of the morning.
Where Google’s plan differs in an added-value way is this:
- There are two providers in the game, meaning more LTE and more Wi-Fi access points to choose from.
- Handover between Wi-Fi and the cellular network is automatic, just as it is on the cellular network alone.
- The service runs through a Google VPN, at least when you are on the Wi-Fi network.
VPN to the rescue
The VPN, short for virtual private network, is a good idea to cushion the problem of using open Wi-Fi access points.
If the access point has been hacked, or there are wireless sniffers (eavesdroppers) in the vicinity – and you may as well assume both – then an open access point means your data can be recorded, and your network traffic easily diverted or modified along the way.
Indeed, that’s the reason we recommend using your own VPN when you are on the road and connecting via it’s-safer-to-assume-they’re-dodgy networks.
VPNs encrypt all your network traffic, even innocent-looking packets like pings, between your device and your home, head office or service provider.
Only once the traffic has made it safely home is it decrypted it for transmission onto the open internet.
Sure, it can be sniffed from then on, but at least you are no less secure than if you were sitting at home, or in the office.
You’ve removed the uncertainty of the eavesdroppable and possibly-tainted path through the free-for-all of open Wi-Fi.
But, as numerous Naked Security readers have pointed out in comments and tips, setting up a VPN is as easy on your mobile device as it is difficult on your own server at home.
True, a VPN server is not terribly hard if you use the free Sophos UTM Home Edition, but you do have to configure and connect a spare computer (or virtual machine), and then install and configure the UTM firmware first.
It’s fairly easy, and excellent value at $0, but it isn’t just a simple button-click.
If you haven’t done anything like it before, you will probably need to ask an IT-savvy friend to help.
Google, by providing the VPN in the cloud, will bypass the need to ask your chums for favours.
For many people, that alone, and the simple (if surprisingly uninexpensive, at least to me) pricing plan, will probably be very attractive.
The real cost of
The real question is, “Do you want your VPN to terminate inside Google’s infrastructure?”
As we mentioned above, once your mobile traffic exits the other end of your VPN, it’s back to normal, and subject to the same sniffability, hackability and monitoring for targeted advertising as usual.
And if you run a VPN via your home ISP, there’s certainly a risk of trouble, whether it’s hackers inside your ISP, dud security on your home router, or lawful interception deeper in the network.
Google has a pretty good record of not getting hacked, even if it rather dodged a bullet with some of its Android vulnerabilities. (The crooks seem to have ignored them so far because they’re still finding they can simply invite users to install malware, instead of using subterfuge and exploits.)
Google will bypass your home router for your mobile device VPN, because the VPN terminates in Google’s network, not yours.
And lawful interception regulations apply to all ISPs, not just Google.
Yes or no?
Even with all of the above plus points, however, some people will have a short answer to, “Do you want your VPN to terminate inside Google’s infrastructure?”
Project Fi will give Google access to yet more information and metadata about your online habits, in addition to what it gets from search, ads, YouTube, Gmail and more.
So those people will answer, “No.”
At $20/month plus $10/GB, will you really gain on the roundabout what you’ll lose on the swings?
Sophos UTM Home Edition
Prefer to run your own VPN at home for your laptops and mobile devices?
Try our award winning UTM.
The Home Edition includes all the Sophos UTM features: a VPN, email scanning, web filtering, web application security, and everything you need to keep up to 50 devices on your home network secure, 100% free for home use.
In you live in a shared house, or you have children to look out for online, this could be just the product you need.
Better yet, you get 12 free licences for Sophos Anti-Virus for Windows that you can install and manage throughout your household, right from the UTM web console.
Understanding firewalls and secure gateways
Listen to our Sophos Techknow podcast, Firewalls Demystified
(Audio player above not working? Download, or listen on Soundcloud.)
4 comments on “Fee-fi-fo-fum, do I want Google to sniff my network traffic, all of it?”
You mean you’d prefer that Sprint sniff your traffic? Or maybe Verizon? Because that’s the choice you’re making. Your provider sees your traffic, no way around that. So all that’s left for you is to pick who you want that to be.
When your alternative is a company that actually makes you PAY MORE to have them not sell your identity to advertisers, no amount of privacy fud would convince me to choose Verizon or AT&T over Google.
Except, as I understand it, the mobile providers’ regular 3G/4G service offerings [a] don’t automatically suck you through a VPN with a backend inside their networks and [b] aren’t predicated upon leaving your Wi-Fi connection turned on on all the time as part of the service.
(If you prefer to keep Wi-Fi off unless you are actually using it, then Project Fi just becomes a $10-per-GB mobile data plan, but with Google in the networking equation as well. I’ve already got a $4-per-GB mobile plan where I can do the VPN thing myself, and get free, unmetered Wi-Fi when I want to do an OS X update 🙂
Whether or not Project Fi is a good deal for you will be very situational. Obviously, you’ve found a good deal on mobile data where you live. Where I live, the options for Sprint, T-mobile, Verizon, AT&T, or US Cellular come out to roughly $10 or more per gigabyte for the amount of data I normally use, so Project Fi is either as good or better than their price. However, where Project Fi edges them out, in my case, is that the other providers make you pay for the data whether you use it or not, whereas Project Fi only makes you pay for the data you use. If I only use 1.5 GB in a month, I only pay $15 for that month. That same amount of data through another provider would be that same flat $30 or $40 for that data range (>1 GB to 3 GB) each month. Currently, this saves me at least $15 a month.
Even if I sign up for a 10 GB plan (much higher than what I normally use with readily available wifi in my area), if I happen to only use 5 GB in a month, Project Fi would give me back $50 on my next bill because I didn’t use the full 10 GB. Through AT&T, I’d be charged the full $80 no matter what. Now, 10 GB for $80 bucks seems like a better deal initially, since it is $8/GB, but that’s only if you use the full amount. If you don’t use the full amount each month, Project Fi could come out less expensive in the long run.
And that is also where Project Fi can help you. Since it does connect to wifi when it is available instead of cellular data, you may find you are using much less cellular data if you live in an area where wifi is readily available as the phone is connected to the wifi more than it is to cellular. So lets take that same 10 GB situation into account here. Lets say Project Fi’s wifi priority saves 25% of your data usage. Then, you’d only be using 7.5 GB of data every month instead of your full 10 GB. Through AT&T, that would be $80 each month where I live. Under Project Fi, you’re only paying $75 a month now. Project Fi has saved you $5 a month. If the wifi priority cuts your cellular usage even more, the savings would only go up from there. If you live in a more rural area where the wifi priority of Project Fi doesn’t help much, this may not be a benefit.
I trust you have done the research for you own circumstances, so I’m not going to say you are wrong on your assessment. I’m just saying not everyone has your certain set of circumstances, so Project Fi could be a good deal to them. For me personally, it saves me at least $15 each month. And for me, sending my data through Google’s VPN is just fine.
The provider I was using back when I wrote the earlier comment (I have switched countries since then 🙂 charged me about $30 for 10GB a month. If if used only, say, 8BG a month (at the time, that was about what I was using, with the rest over free Wi-fi services), then 2GB was indeed wasted, but that’s still around $4/GB. If I went over, I just started the next month sooner by buying another 10GB. As you say, your mileage may vary – but your calculation is greatly simplified because you assessed the implicit cost of trusting Google’s VPN at zero…and the article was sort of about that very assumption. To make it, or not to make it.