Connect with us

Business

VPN TUNNEL : WHAT IS IT, HOW CAN IT KEEP YOUR INTERNET DATA SECURE

Published

on

With growing censorship and regulations threatening global internet freedom and security, in turn, we’ve seen an increasing number of services become available to protect your online web browsing.

Virtual Private Networks (or VPNs) have become increasingly popular in recent years for their ability to bypass government censorship and geo-blocked websites and services, and do so without giving away who is doing the bypassing.

For a VPN to do this, it creates what is known as a tunnel between you and the internet, encrypting your internet connection and stopping ISPs, hackers, and even the government from nosing through your browsing activity.

We explain the basics of what a VPN is here
What is a VPN Tunnel?
When you connect to the internet with a VPN, the VPN creates a connection between you and the internet that surrounds your internet data like a tunnel, encrypting the data packets your device sends.

While technically created by a VPN, the tunnel on its own can’t be considered private unless it’s accompanied with encryption strong enough to prevent governments or ISPs from intercepting and reading your internet activity.

The level of encryption the VPN tunnel has depends on the type of tunneling protocol used to encapsulate and encrypt the data going to and from your device and the internet.

Types of VPN tunneling protocols
There are many types of VPN tunneling protocols that offer varying levels of security and other features. The most commonly used tunneling protocols in the VPN industry are PPTP, L2TP/IPSec, SSTP, and OpenVPN. Let’s take a closer look at them.

1. PPTP
Point to Point Tunneling Protocol (PPTP) is one of the oldest protocols still being used by VPNs today. Developed by Microsoft and released with Windows 95, PPTP encrypts your data in packets and sends them through a tunnel it creates over your network connection.

PPTP is one of the easiest protocols to configure, requiring only a username, password, and server address to connect to the server. It’s one of the fastest VPN protocols because of its low encryption level.

While it boasts fast connection speeds, the low level of encryption makes PPTP one of the least secure protocols you can use to protect your data. With known vulnerabilities dating as far back as 1998, and the absence of strong encryption, you’ll want to avoid using this protocol if you need solid online security and anonymity – government agencies and authorities like the NSA have been able to compromise the protocol’s encryption.

2. L2TP/IPSec
Layer 2 Tunneling Protocol (L2TP) is used in conjunction with Internet Protocol Security (IPSec) to create a more secure tunneling protocol than PPTP. L2TP encapsulates the data, but isn’t adequately encrypted until IPSec wraps the data again with its own encryption to create two layers of encryption, securing the confidentiality of the data packets going through the tunnel.

L2TP/IPSec provides AES-256 bit encryption, one of the most advanced encryption standards that can be implemented. This double encapsulation does, however, make it a little slower than PPTP. It can also struggle with bypassing restrictive firewalls because it uses fixed ports, making VPN connections with L2TP easier to block. L2TP/IPSec is nonetheless a very popular protocol given the high level of security it provides.

3. SSTP
Secure Socket Tunneling Protocol, named for its ability to transport internet data through the Secure Sockets Layer or SSL, is supported natively on Windows, making it easy for Windows users to set up this particular protocol. SSL makes internet data going through SSTP very secure, and because the port it uses isn’t fixed, it is less likely to struggle with firewalls than L2TP.

SSL is also used in conjunction with Transport Layer Security (TLS) on your web browsers to add a layer to the site you’re visiting to create a secure connection with your device. You can see this implemented whenever the website you visit starts with ‘https’ instead of ‘http’.

As a Windows-based tunneling protocol, SSTP is not available on any other operating system, and hasn’t been independently audited for potential backdoors built into the protocol.

4. OpenVPN
Saving the best for last, we have OpenVPN, a relatively recent open source tunneling protocol that uses AES 256-bit encryption to protect data packets. Because the protocol is open source, the code is vetted thoroughly and regularly by the security community, who are constantly looking for potential security flaws.

The protocol is configurable on Windows, Mac, Android, and iOS, although third-party software is required to set up the protocol, and the protocol can be hard to configure. After configuration, however, OpenVPN provides a strong and wide range of cryptographic algorithms that will allow users to keep their internet data secure and to even bypass firewalls at fast connection speeds.

Which tunneling protocol should I use?
Advertisement

Even though it’s the fastest, you should steer clear of PPTP if you want to keep your internet data secure. L2TP/IPSec provides 256-bit encryption but is slower and struggles with firewalls given its fixed ports. SSTP, while very secure, is only available on Windows, and closed off from security checks for built-in backdoors.

OpenVPN, with its open source code, strong encryption, and ability to bypass firewalls, is the best tunneling protocol to keep your internet data secure. While it requires third-party software that isn’t available on all operating systems, for the most secure VPN connection to the internet, you’ll want to use the OpenVPN protocol.

A good VPN service should offer you the choice of at least these four types of tunneling protocols when going online. We’ve compiled a list of the best VPNs in the industry for you to get started on protecting your internet data.

 

 

 

Source: Tech Radar

 

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Business

PICHAI PUTS KIBOSH ON GOOGLE SEARCH ENGINE FOR CHINA

Published

on

Google is not working on a bespoke search engine that caters to China’s totalitarian tastes, and it has no plans to develop one, CEO Sundar Pichai told lawmakers on Capitol Hill Tuesday.

“Right now, we have no plans to launch in China,” he told members of the U.S. House Judiciary Committee at a public hearing on Google’s data collection, use and filtering practices.

“We don’t have a search product there,” he said. “Our core mission is to provide users access to information, and getting access to information is an important human right.”

Pichai acknowledged that the company had assigned some 100 workers to develop a search engine for totalitarian countries, however.

“We explored what search would look like if it were to be launched in a country like China,” he revealed.

A report about a Google search engine for China appeared in The Intercept this summer.

The project, code-named “Dragonfly,” had been under way since the spring of 2017, according to the report, but development picked up after Pichai met with Chinese government officials about a year ago.

Special Android apps also had been developed for the Chinese market, The Intercept stated, and had been demonstrated to the Chinese government for a possible rollout this year.

“We certainly hope they abandoned those plans,” said Chris Calabrese, vice president for policy for the Center for Democracy & Technology, an individual rights advocacy group in Washington, D.C.

“We didn’t think it was a good idea to build a search engine that would censor speech in order to go into the Chinese market,” he told the E-Commerce Times.

Google may have been testing the waters with its Chinese browser, maintained Russell Newman, assistant professor for the Institute for Liberal Arts & Interdisciplinary Studies at Emerson College in Boston.

“It’s an example of a firm seeing how far down the road it can go before it receives pushback,” he told the E-Commerce Times. “It discovers a limit, then pushes that limit a little more. I’d be surprised if they wholly gave up on the search engine for China.”

Mission: Protecting Privacy

In his opening remarks to the committee, Pichai declared that protecting the privacy and security of its users was an essential part of Google’s mission.

“We have invested an enormous amount of work over the years to bring choice, transparency and control to our users. These values are built into every product we make,” he said.

“We recognize the important role of governments, including this committee, in setting rules for the development and use of technology,” Pichai added. “To that end, we support federal privacy legislation and proposed a legislative framework for privacy earlier this year.”

Pichai also addressed a burning issue for Republican members of the panel.

“I lead this company without political bias and work to ensure that our products continue to operate that way,” he said. “To do otherwise would go against our core principles and our business interests.”

‘Bias Running Amok’

Among the Republicans on the committee who raised the issue of unfairness with respect to the way Google’s search algorithm treats conservative views was Mike Johnson, R-La.

“My conservative colleagues and I are fierce advocates of limited government, and we’re also committed guardians of free speech and the free marketplace of ideas,” he told Pichai.

“We do not want to impose burdensome government regulations on your industry,” Johnson continued. “However, we do believe we have an affirmative duty to ensure that the engine that processes as much as … 90 percent of all Internet searches, is never unfairly used to unfairly censor conservative viewpoints or suppress political views.”

Political bias is running amok at Google, charged committee member Louie Gohmert, R-Texas.

“You’re so surrounded by liberality that hates conservatism, hates people that really love our Constitution and the freedoms that it’s afforded people like you, that you don’t even recognize it,” he told Pichai, who was born in India.

“It’s like a blind man not even knowing what light looks like because you’re surrounded by darkness,” Gohmert added.

Despite Republican claims of liberal bias in Google’s algorithm, “there isn’t any evidence to back that up empirically,” Calabrese said.

Market Dominance

Committee members also were concerned about Google’s market dominance.

“I’m deeply concerned by reports of Google’s discriminatory conduct in the market for Internet search,” said David Cicilline, D-R.I.

Google has harmed competition in Europe by favoring its own products and services over rivals, and by deprioritizing or delisting its competitors’ content, he noted citing European Commission findings.

“It is important for the U.S. government to follow the lead of other countries and closely examine the market dominance of Google and Facebook, including their impact on industries such as news media,” observed David Chavern, CEO of the News Media Alliance in Arlington, Va., a trade association representing some 2,000 newspapers in the United States and Canada.

“We will continue to urge for more hearings to examine ways in which the duopoly impacts the business of journalism, which is essential to democracy and civic society,” he told the E-Commerce Times.

Prelude to Privacy Law

House and Senate hearings in recent months are just the prelude to data privacy legislation that could be introduced next year.

“We’re certainly going to see a wide variety of comprehensive privacy bills filed, and I think we’ll make some progress,” Calabrese said.

“Advocates have seen the need for privacy legislation for a long time,” he said, “and now that we have privacy legislation set to kick in in California in 2020, there’s a lot of companies who would rather be governed by a federal law than they would a bunch of different state laws.”

If a general privacy law is enacted, it shouldn’t use Europe’s General Data Protection Regulation as a model, maintained Alan McQuinn, senior policy analyst for the Information Technology and Innovation Foundation, a public policy and technology innovation organization in Washington, D.C.

“We don’t want to see the GDPR enacted here in the states,” he told the E-Commerce Times.

“It is highly likely to create a drag on the European economy and hurt innovation and businesses,” McQuinn explained.

Privacy rules should be styled to fit industries, such as healthcare, finance and commerce, he suggested.

“The sector-specific approach that the U.S. has taken toward privacy has allowed for more innovation,” McQuinn noted, “and created the powerhouse of the digital economy that we have here.”

Continue Reading

Business

LOCATION DATA SELLING THREATENS CONSUMER PRIVACY

Published

on

Selling location data collected by mobile phones has become a lucrative business, The New York Times reported Monday.

Location advertising sales are expected to reach US$21 billion this year, according to the article. At least 75 companies receive anonymous, precise location data from applications with the location services feature activated.

Several of those outfits claim to track 200 million mobile devices in the United States — about half of all devices in the country, the Times reported.

The data is very accurate, coming within a few yards of a person’s whereabouts at a point in time, and is updated often — as frequently as 14,000 times a day, the paper noted.

With that kind of accuracy and frequency, calling the data “anonymous” is a bit misleading.

“If you are collecting a person’s location over time, and it’s tied to a unique identifier, it’s disingenuous to call that anonymous,” said Natasha Duarte, a policy analyst with the Center for Democracy & Technology in Washington, D.C.

“If you have information about where people are going and where people live, you can build the story of who that location data belongs to,” she told TechNewsWorld.

Someone can learn a lot about you from your location, said French Caldwell, CFO of The Analyst Syndicate, an IT research and analysis group.

“They can tell what your interests are and who you’re meeting with,” he told TechNewsWorld. “Your location data tells more about you than your Social Security number.”

Businesses that collect consumer data typically say they’re not interested in individuals but in patterns. Data collected on individuals is “anonymized” by attaching it to an ID number. However, that ID doesn’t even have the cover of a fig leaf for anyone with access to raw location data.

Those people, who include employees or customers of the data collector, still could identify individuals without their consent, as the Times did in compiling its report.

Not surprisingly, the leaders in location-based advertising are Google and Facebook. Both companies offer mobile apps that they use to collect location data. They say they don’t sell it but use it only internally, to personalize services, sell targeted ads online, and determine if the ads lead to sales in the physical world.

Google did not respond to a request for comment for this story. Facebook, through spokesperson Jay Nancarrow, declined to comment.

Some large companies have started to get in front of the location data issue before it becomes a problem for them. For example, Verizon and AT&T announced during the summer that they would stop selling their customers’ location data to data brokers.

Deceptive Omissions

Most mobile apps request permission to use a device’s location services before accessing them, but the Times found that process could be misleading. An app might ask for location services access for one purpose but use the information for multiple purposes.

“Not all app notices are perfectly clear as to what location data is being used for,” CDT’s Duarte said.

“Often the app will ask, ‘Do you want us to use your location to provide you with local weather information, or personalize your experience, or improve the accuracy of the maps that you’re using?’ They don’t list all the other purposes the data will be used for — like advertising and sales to third parties,” she pointed out.

Some 1,400 popular applications contain code to share location information, the Times reported. About 1,200 were written for Android phones and 200 for Apple models.

In a sample of 17 apps sending precise location data, three Apple iOS programs and one Android offering mentioned that location data could be used for advertising while seeking permission to access the service, the Times found.

Creepiness Factor

Understanding what’s done with location data can be an onerous task for a consumer. It requires reading user agreements and privacy policies, and changing settings for all the apps on a phone.

“That can be incredibly time-consuming,” Duarte said. “No individual has the capacity to do that properly, and it’s not a burden we should be placing on individuals to depend on location-based services.”

How concerned are consumers about possible abuse of their location information?

“Most consumers don’t care, but there’s a creepiness factor that bothers them a little bit,” said The Analyst Syndicate’s Caldwell.

“We’ve all been on the Web and looked at a new pair of shoes or something, and all of sudden all you see in your browser for hours are ads for those things,” he continued.

“The same kind of thing is happening with your physical location,” Caldwell pointed out. “Stores are tracking your location and will start pushing suggestions to you based on where you went in that store. There’s a creepiness factor there.”

Legislation Needed

Consumers are very concerned about what’s being done with their location data, maintained Duarte.

“The problem isn’t that consumers are not concerned,” she said.

“It’s that even if you’re very concerned, it’s impossible for anyone to have the capacity and time to understand all the things companies are doing with your data, and then go into your settings and make the choices that align perfectly with your personal privacy interests,” Duarte explained.

“What really needs to happen is for our laws to recognize that location privacy in a commercial context has to be built into any service,” she suggested.

Congress should pass a commercial privacy law, “which would include limits on how companies can collect and use location information,” Duarte said.

Such a law might include provisions already adopted in Europe’s General Data Protection Regulation, which allow people to access information companies have collected about them, correct information if it’s used to make important decisions about them, and delete information.

One area where U.S. lawmakers may want to depart from the GDPR is in consent. The European rule allows data to be collected if consent is given by the owner of the data.

“Some uses of information shouldn’t be allowed even with consent,” Duarte said. “One of those uses might be repurposing of location information — collecting the information for a location-based service, then reusing it for something completely unrelated — like location-based advertising — or selling it to a data broker.”

Continue Reading

Business

TODAY’S TOP TECH NEWS, NOV 29: EX-LAZADA EXECUTIVES’ STARTUP EASYSHIP RAISES US$4M

Published

on

Easyship’s platform plugin and integrations enable stores to print labels, automate international paperwork, and display real-time courier rates

Hong Kong-based Easyship raises US$4M Series A [press release]

Easyship, a shipping platform for active SMBs to simplify and automate logistics, announced today it has raised a US$4 million in Series A round of funding from a slew of investors, including Maximilian Bittner, ex-CEO & Founder of Lazada and Senior Advisor of Alibaba Group; and Richard Lepeu, ex-CEO of global luxury giant Richemont and board member of Yoox Net-A-Porter Group.

Existing investors Lamivoie Capital Partners and Richard Lepeu, as well as Rubicon Venture Capital, One Way Ventures, Kima Ventures and Picus Capital, have also co-invested.

The startup was founded in 2015 by Tommaso Tamburnotti and Augustin Ceyrac (both formerly worked at Lazada), and Paul Lugagne Delpon. Easyship’s cloud-based platform helps e-commerce merchants ship worldwide. Its platform plugin and integrations enable stores to print labels, automate international paperwork, display real-time courier rates, and offer their customers dynamic tax and duties at checkout.

The startup has offices in New York, Singapore, Netherlands, Australia, and Hong Kong.

Singapore’s GIC backs EV charging network ChargePoint’s US$240M funding [DealStreetAsia]

Singapore’s sovereign wealth fund GIC has joined a group of investors backing the US$240 million Series H funding in ChargePoint, a California-headquartered electric vehicle charging network, according to an announcement.

ChargePoint claims to have more than 57,000 independently owned public and semi-public charging spots and thousands of customers.

Other investors in the round include American Electric Power, Canada Pension Plan Investment Board, Chevron Technology Ventures, Clearvision and Daimler Truck & Buses. Quantum Energy Partners was the lead investor.

Korea’s blockchain casino project MECA Casino raises investment from ICON [press release]

South Korea-based blockchain project ICON has made a strategic investment in MECA Casino, a blockchain casino project.

MECA Casino is a DApp (Decentralised Application) of ICON and it is a reverse ICO project by Crypto Meca. MECA Casino has been developing casino games for more than three years and is ready to launch blackjack and baccarat table games. MECA Casino plans to open ‘the largest decentralised casino platform’ including sports betting solution by Q4 of 2019.

‘Master System’ of MECA Casino enables users to become ‘master’ who is an operator of casinos to be profitable from casino operation. ‘Masters’ can upgrade their casinos to attract more players, gain higher profits, and trade casinos with other potential Masters. Players can exchange MECA Coin (MCA) with MECA Chip (MCC) to play games in MECA Casino or trade casinos.

Revolut is ready to launch in Singapore and Japan [TechCrunch]

Fintech startup Revolut has been teasing Asian market expansions for more than a year, but it sounds like it might finally happen. The company has secured licenses to operate in Singapore and Japan. It now expects to launch its service in Q1 2019.

In Singapore, the company was granted a Remittance License by the Monetary Authority and a Stored Value Facility approval — these two things combined let Revolut users hold money as well as send and spend money. In Japan, the company has been authorised to operate by Japan’s Finance Service Agency. __ yahoo news

Continue Reading
Advertisement

Trending