Computer Science · 10th Grade · Cybersecurity and Digital Defense · Weeks 28-36

Privacy Enhancing Technologies

Students explore technologies and practices designed to protect user privacy online, such as VPNs and anonymizers.

Common Core State StandardsCSTA: 3A-IC-26

About This Topic

Privacy-enhancing technologies (PETs) are tools and practices that help individuals limit the personal data they expose during digital activity. In a US 10th-grade computer science course, this topic gives students technical vocabulary for choices they already make, like using a private browsing window, and introduces more robust tools they may not have considered. A Virtual Private Network (VPN) encrypts traffic between a user's device and a VPN server, masking the user's IP address from websites and hiding traffic content from local network observers like an ISP or a public Wi-Fi operator.

Other PETs include the Tor network (which routes traffic through multiple relays to provide stronger anonymity), end-to-end encrypted messaging apps, privacy-focused search engines that do not log queries, and browser extensions that block tracking scripts. Each tool involves trade-offs: VPNs shift trust from the ISP to the VPN provider, Tor provides stronger anonymity but significantly reduces speed, and blocking tracking scripts can break some website functionality.

Aligned to CSTA standard 3A-IC-26, this topic connects to ongoing public debates about data collection, algorithmic profiling, and consent. Comparative analysis activities work well because students can evaluate real tools against defined criteria rather than relying on marketing claims.

Key Questions

  1. Explain how a Virtual Private Network (VPN) enhances online privacy.
  2. Compare different privacy-enhancing technologies and their effectiveness.
  3. Analyze the trade-offs between privacy and convenience in digital services.

Learning Objectives

  • Explain how a Virtual Private Network (VPN) encrypts data and masks a user's IP address to enhance online privacy.
  • Compare the anonymity levels and performance trade-offs of different privacy-enhancing technologies like VPNs, Tor, and privacy-focused search engines.
  • Analyze the ethical considerations and potential vulnerabilities associated with using privacy-enhancing technologies.
  • Evaluate the effectiveness of various privacy-enhancing technologies in protecting against specific online threats, such as ISP tracking or public Wi-Fi snooping.

Before You Start

Introduction to Internet Protocols

Why: Students need a basic understanding of how data travels across the internet, including the concept of IP addresses, to grasp how VPNs and anonymizers modify this process.

Network Security Fundamentals

Why: Knowledge of basic network security threats, such as man-in-the-middle attacks on public Wi-Fi, provides context for why privacy-enhancing technologies are necessary.

Key Vocabulary

Virtual Private Network (VPN)A service that creates a secure, encrypted connection over a public network, like the internet, to protect a user's online activity and identity.
AnonymizerA tool or service that attempts to make a user's online actions anonymous by obscuring their identity and location.
IP Address MaskingThe process of hiding a user's original Internet Protocol address and replacing it with one from the VPN or anonymizer server.
End-to-End EncryptionA communication method where only the communicating users can read the messages, preventing third parties, including the service provider, from accessing them.
Data LoggingThe practice of recording user activity, such as websites visited or search queries, by online services or network providers.

Watch Out for These Misconceptions

Common MisconceptionUsing a VPN makes you completely anonymous online.

What to Teach Instead

A VPN hides your traffic from your ISP and masks your IP from websites, but the VPN provider can see your traffic if it is not end-to-end encrypted. Accounts you are logged into identify you regardless of VPN use. Browser fingerprinting can also identify users across sessions. Complete anonymity online is extremely difficult to achieve.

Common MisconceptionPrivate browsing mode keeps your activity private from everyone.

What to Teach Instead

Private or incognito mode prevents the browser from storing history, cookies, and form data on your device. It does not hide your activity from your ISP, employer network, or the websites you visit. Students who believe private mode provides stronger protection than it does are more exposed than they realize.

Active Learning Ideas

See all activities

Comparative Analysis: PET Trade-off Chart

Provide small groups with a description of five PETs (VPN, Tor, Signal, privacy search engine, ad blocker) and four evaluation criteria (anonymity strength, speed impact, ease of use, trust model). Groups complete the chart and then recommend the right tool for three user scenarios: a journalist in a repressive country, a student using school Wi-Fi, a person avoiding targeted ads.

40 min·Small Groups

Think-Pair-Share: What Does a VPN Actually Hide?

Present a diagram showing what a VPN hides from different observers (your ISP, the website you visit, someone on your local network, the VPN provider itself). Students individually annotate what each party can and cannot see, pair to reconcile differences, then share the most surprising finding with the class.

25 min·Pairs

Formal Debate: Privacy vs. Convenience Trade-offs

Present a series of real product design decisions: a map app that requires location data at all times vs. only while in use, a smart speaker that processes voice locally vs. in the cloud, a browser that blocks all tracking vs. allows it for free services. Small groups argue for one side, then the class votes and discusses where the line should be drawn.

40 min·Small Groups

Real-World Connections

  • Journalists working in restrictive countries use VPNs to securely communicate with sources and access blocked information, protecting their identities from government surveillance.
  • Individuals using public Wi-Fi at coffee shops or airports can employ VPNs to encrypt their internet traffic, preventing malicious actors on the same network from intercepting sensitive data like passwords or credit card numbers.
  • Companies like DuckDuckGo offer privacy-focused search engines that do not track user queries, providing an alternative to services that build user profiles for targeted advertising.

Assessment Ideas

Discussion Prompt

Pose the following to students: 'Imagine you are choosing between a free VPN service and a paid one. What are the potential privacy risks of the free service? What trade-offs might you accept with the paid service?' Guide students to discuss data logging policies and trust in service providers.

Quick Check

Present students with three scenarios: 1) accessing a bank account on public Wi-Fi, 2) researching a sensitive health topic, 3) streaming geo-restricted content. Ask them to identify which privacy-enhancing technology (VPN, Tor, privacy search engine) would be most appropriate for each scenario and briefly explain why.

Exit Ticket

On an index card, ask students to write: 'One way a VPN protects my privacy is...' and 'One potential downside of using a privacy-enhancing technology is...'. Collect these to gauge understanding of core concepts and trade-offs.

Frequently Asked Questions

How does a VPN protect your privacy when using public Wi-Fi?
A VPN encrypts all traffic between your device and the VPN server, so anyone monitoring the public Wi-Fi network sees only encrypted data going to the VPN server, not your actual destinations or content. This prevents eavesdropping and man-in-the-middle attacks on untrusted networks, though it does not protect against the VPN provider itself logging your activity.
What is the difference between a VPN and the Tor network?
A VPN routes your traffic through a single provider's server, replacing your IP with theirs. Tor routes your traffic through three volunteer-operated relays, with each relay knowing only the previous and next hop, not the full path. Tor provides stronger anonymity but is significantly slower and is designed for high-risk use cases rather than general browsing.
Are privacy-enhancing technologies legal in the United States?
VPNs, Tor, encrypted messaging, and most other PETs are legal in the US. Some have been misused for illegal activity, but the tools themselves are lawful. Using a VPN to access content that violates a platform's terms of service is a separate question governed by contract law, not criminal law.
How does active learning help students think critically about privacy tools?
Privacy tool marketing often overstates protection. When students evaluate tools against technical criteria in structured activities, they develop habits of critical evaluation rather than trusting claims at face value. Comparing what different parties can observe with and without a VPN, for example, builds the analytical framework students need to make informed privacy decisions.

More in Cybersecurity and Digital Defense

Introduction to Cybersecurity Threats

Students identify common cybersecurity threats such as malware, phishing, and denial-of-service attacks.

2 methodologies

Social Engineering Tactics

Students learn about social engineering techniques and how human psychology is exploited in cyberattacks.

2 methodologies

Common Software Security Flaws

Students identify common software security flaws and understand how they can be exploited, focusing on prevention.

2 methodologies

Introduction to Cryptography

Students learn the basic principles of cryptography, including symmetric and asymmetric encryption.

2 methodologies

Digital Signatures and Certificates

Students learn how digital signatures verify authenticity and integrity, and the basic role of digital certificates in trust.

2 methodologies

Authentication and Authorization

Students learn about different authentication methods (passwords, biometrics, MFA) and authorization principles.

2 methodologies