Whether you are a tin foil hat wearing cyber security aficionado or not, it’s a sad but true fact that our privacy is in danger. Even when surfing the web, data is collected in droves by big brands people used to trust. Add to this the internet blocks being introduced even in western nations, and people are realizing the need to actively protect their own privacy.
Last week, when the UK government announced porn users would have to enter their details to be age verified from 15 July this year – signalling a potential privacy disaster – people all over the nation started showing more interest in virtual private networks (VPNs).
A VPN works by allowing you to browse privately and securely, encrypting your data and hiding your location. But not all VPNs are built the same. You need, for example, to be wary when a service is free and of course a VPN that logs your data is a definite no.
Set against a backdrop of increasing internet surveillance, data breaches and insecure public Wi-Fi, VPNs are an essential tool. Here is a useful guide including what to look out for and what to avoid when choosing a VPN, with some options to consider.
Some VPNs log data
VPNs that log data defeat the point of having one at all.
“One of the most important aspects to consider when choosing a VPN is security,” Ariel Hochstadt, co-founder of vpnMentor tells me. “A VPN that logs your data is not safe to use. You need to ensure you’re picking a reliable no-log VPN so that your data won’t be susceptible to leaks and attacks.”
And most of the data logged is totally uncalled for: Free VPNs such as Hola know the websites you visit; how much time you spend on those pages; and timestamps. Meanwhile, they might sell your data to their partners.
Trust and security
Trust is important. “Generally, you have to trust your VPN provider with your traffic more than you trust your network,” says Jerry Gamblin, principal security engineer at Kenna Security.
He thinks large commercial VPN providers, such as NordVPN or Private Internet Access (PIA), are best, because they are “invested in making sure that your traffic is delivered safely and quickly”.
“I have used PIA in the past, but due to some sites filtering those IP addresses, I have moved to building my own VPN server.”
Can VPNs be hacked? Yes, but it’s not easy: VPN Base says it’s best to avoid PPTP or L2TP/IPSec protocols; instead use only the latest versions of the OpenVPN protocol, which is considered to be extremely secure. “In terms of encryption, make sure your VPN provider offers 2048-bit or 256-bit encryption as they are harder to crack,” the site reads. “Rest assured, if anyone ever tries to hack you, these protocols and encryptions will be a real nightmare.”
VPNs by their nature can be slow, because they work by encrypting your data and sending it to another server. To avoid this, Hochstadt recommends choosing a server in your own country: of course, the further your data has to travel, the slower the connection will be. Other features such as server network size, encryption, censorship, and torrenting should also be taken into account, he says.
The fastest VPNs are ExpressVPN, Surfshark, NordVPN and CyberGhost, according Hochstadt, who has tested 300 VPNs.
Some VPNs will be located in countries with governments that allow their surveillance agencies to spy. For the highest level of anonymity, it’s a good idea to use a provider located outside of the “14-eyes” jurisdiction.
14-eyes is a list of countries that allow surveillance agencies to spy on people. Members include the UK, US, Australia, Canada and New Zealand.
Where you can use them
Some people find their VPN is blocked in airports or hotels. At the same time, nations such as China ban or control VPN use. However, VPNs are made to bypass restrictions and make your connection anonymousis, so a good product should work anywhere.
Five VPNs to consider
Here are five highly rated VPNs that don’t log your data:
ExpressVPN, which comes highly rated by users and reviewers, works on devices including Windows, Android, iOS, Linux and routers. Based in the British Virgin Islands, it costs around $6.67 a month if you take out a 12-month plan. With a network of more than 2,000 servers in 94 countries, Express offers top notch coverage in Europe and the US. It also works pretty well in Asia, South America, the Middle East and Africa. It uses its own DNS servers and employs high end encryption tech to ensure your security and privacy.
ProtonVPN offers a truly free VPN but there are sacrifices to make if you don’t want to pay: The free version only allows you to connect one device at a time and speeds are slower. But there are paid for versions starting at $4 per month going up to $24 for 10 connected devices. Proton is also a trustworthy brand: most of you will be familiar with the highly-secure ProtonMail used by journalists and activists. Developed by CERN and MIT scientists, Proton doesn’t log your data so it’s never revealed to third parties.
A newcomer to the VPN market, Surfshark is quickly gaining popularity. It’s easy to see why. With over 500 servers in 50 countries, the VPN claims it is fast; it doesn’t collect logs and it allows you to connect as many devices as you like. Costing $11.95 a month and with discounts for multiple months, Surfshark offers Windows, Mac, iOS and Android apps and there’s 24/7 support if things go wrong.
Private Internet Access (PIA)
With over 3,300 servers in 32 countries PIA offers apps for Mac, Android, Windows, iOS and Linux, and browser extensions for Firefox, Opera and Chrome. Costing $9.95 a month, PIA blocks ads, trackers and malicious websites. It uses OpenVPN on desktop and mobile devices, making it a highly secure and trustworthy option whatever you want it for.
Like ExpressVPN, NordVPN is a big provider. Available on Windows, MacOS and Linux – and with apps for iOS, Android, and Android TV and encrypted proxy extensions for Chrome and Firefox – NordVPN allows you to connect up to six devices. It’s also fast, with 5,100 servers in 60 countries and a one month plan for around $12.
Three more to consider
The following come highly rated by users:
Which one should you choose?
Making a final decision will depend on your technical expertise, what you want to use a VPN for and where you want to use it. Personally, I use ExpressVPN but that doesn’t mean it’s right for you. Proton is super-trustworthy and PIA also comes very highly-regarded. There are of course, VPNs to avoid, but hopefully by using this article plus a little research, you will feel confident in making the decision.
Warning Issued For Millions Of New iPhone Users
Despite some display concerns, early reports suggest Apple’s new iPhone 12 mini, iPhone 12, iPhone 12 Pro and iPhone 12 Pro Max are breaking sales records. But potential upgraders might now want to wait because serious cellular problems are now being reported by thousands of owners.
First spotted by 9to5Mac, over 500 iPhone 12 owners have posted to Apple’s Official Support Communities forum that their phones (seemingly all iPhone 12 models) are dropping both 5G and 4G reception, leaving them without connectivity even in areas with strong signal. Moreover, when I dug further into this issue, I found numerous similar threads with thousands of comments posted to Reddit threads for Verizon, AT&T and more as well as complaints about signal drops on international carriers.
Describing the problem, affected users (spread as widely as the US to Japan, India and the UAE) say reception strength on their new iPhones suddenly drops before disappearing. For some, the signal can return in under a minute but for others they have to restart their phone, toggle Airplane mode or remove and replace their sim to get it back.
“For me it’s almost like clockwork. If you’re actively using your phone for more than 20 minutes at a time, you’re bound to experience the dropped signal. I’ve tried endless workarounds to no avail.” – source
Interestingly, one affected Verizon store worker also confirmed customers are now coming into the store to complain about the issue. Switching between towers seems to be a common cause, regardless of network, for others their signal disappears even when standing still. Unfortunately, some very unlucky iPhone 12 owners are also being impacted by both problems:
“It’s particularly bad when moving (and switching between towers). Even when I’m stationary the signal randomly drops to zero multiple times a day. Only airplane mode/reboot can restore service, and I’ve erased network settings multiple times now. I’m using a new AT&T SIM provided by Apple.” – source
While there is some gallows humor about the issue, the problems are clearly impacting a significant number of iPhone 12 owners. They also add to a wider pattern of cellular issues with the iPhone 12 range. At launch, iPhone 12 owners were impacted by widespread SMS issues while the latest iOS 14 release (iOS 14.2.1) patches problems with iPhone 12 models not receiving MMS messages.
Apple head of security accused of offering iPads as bribes for concealed gun permits
A California grand jury has indicted Apple’s head of global security on charges that he tried to bribe Santa Clara County officials to procure firearms (CCW) licenses, according to a news release. Santa Clara district attorney Jeff Rosen alleges that Thomas Moyer offered 200 iPads — worth about $70,000 — to Capt. James Jensen and Undersheriff Rick Sung in the Santa Clara County sheriff’s office, in exchange for four concealed firearms licenses for Apple employees.
The charges came after a two-year investigation. “In the case of four CCW licenses withheld from Apple employees, Undersheriff Sung and Cpt. Jensen managed to extract from Thomas Moyer a promise that Apple would donate iPads to the Sheriff’s Office,” Rosen said in the news release. The iPads were never delivered, according to Rosen’s office, because Sung and Moyer became aware in 2019 that the district attorney was executing a search warrant for the sheriff department’s CCW records.
Moyer’s attorney, Ed Swanson, said in a statement emailed to The Verge that his client is innocent of the charges filed against him, adding he believed Moyer was “collateral damage” in a dispute between the Santa Clara sheriff and district attorneys’ offices. “He did nothing wrong and has acted with the highest integrity throughout his career,” Swanson said. “We have no doubt he will be acquitted at trial.”
“We expect all of our employees to conduct themselves with integrity,” an Apple spokesperson said in a statement to Ars Technica. “After learning of the allegations, we conducted a thorough internal investigation and found no wrongdoing.”
According to Bloomberg News, Moyer has been at Apple for about 15 years and has been its head of global security since November 2018. He wrote a memo in 2018 warning Apple employees about the potential consequences of leaking information to the media, which he wrote “can become part of your personal and professional identity forever.”
Be Very Sparing in Allowing Site Notifications
An increasing number of websites are asking visitors to approve “notifications,” browser modifications that periodically display messages on the user’s mobile or desktop device. In many cases these notifications are benign, but several dodgy firms are paying site owners to install their notification scripts and then selling that communications pathway to scammers and online hucksters.
When a website you visit asks permission to send notifications and you approve the request, the resulting messages that pop up appear outside of the browser. For example, on Microsoft Windows systems they typically show up in the bottom right corner of the screen — just above the system clock. These so-called “push notifications” rely on an Internet standard designed to work similarly across different operating systems and web browsers.
But many users may not fully grasp what they are consenting to when they approve notifications, or how to tell the difference between a notification sent by a website and one made to appear like an alert from the operating system or another program that’s already installed on the device.
This is evident by the apparent scale of the infrastructure behind a relatively new company based in Montenegro called PushWelcome, which advertises the ability for site owners to monetize traffic from their visitors. The company’s site currently is ranked by Alexa.com as among the top 2,000 sites in terms of Internet traffic globally.
Website publishers who sign up with PushWelcome are asked to include a small script on their page which prompts visitors to approve notifications. In many cases, the notification approval requests themselves are deceptive — disguised as prompts to click “OK” to view video material, or as “CAPTCHA” requests designed to distinguish automated bot traffic from real visitors.
Approving notifications from a site that uses PushWelcome allows any of the company’s advertising partners to display whatever messages they choose, whenever they wish to, and in real-time. And almost invariably, those messages include misleading notifications about security risks on the user’s system, prompts to install other software, ads for dating sites, erectile disfunction medications, and dubious investment opportunities.
That’s according to a deep analysis of the PushWelcome network compiled by Indelible LLC, a cybersecurity firm based in Portland, Ore. Frank Angiolelli, vice president of security at Indelible, said rogue notifications can be abused for credential phishing, as well as foisting malware and other unwanted applications on users.
“This method is currently being used to deliver something akin to adware or click fraud type activity,” Angiolelli said. “The concerning aspect of this is that it is so very undetected by endpoint security programs, and there is a real risk this activity can be used for much more nefarious purposes.”
Angiolelli said the external Internet addresses, browser user agents and other telemetry tied to people who’ve accepted notifications is known to PushWelcome, which could give them the ability to target individual organizations and users with any number of fake system prompts.
Indelible also found browser modifications enabled by PushWelcome are poorly detected by antivirus and security products, although he noted Malwarebytes reliably flags as dangerous publisher sites that are associated with the notifications.
Indeed, Malwarebytes’ Pieter Arntz warned about malicious browser push notifications in a January 2019 blog post. That post includes detailed instructions on how to tell which sites you’ve allowed to send notifications, and how to remove them.
KrebsOnSecurity installed PushWelcome’s notifications on a brand new Windows test machine, and found that very soon after the system was peppered with alerts about malware threats supposedly found on the system. One notification was an ad for Norton antivirus; the other was for McAfee. Clicking either ultimately led to “buy now” pages at either Norton.com or McAfee.com.
It seems likely that PushWelcome and/or some of its advertisers are trying to generate commissions for referring customers to purchase antivirus products at these companies. McAfee has not yet responded to requests for comment. Norton issued the following statement:
“We do not believe this actor to be an affiliate of NortonLifeLock. We are continuing to investigate this matter. NortonLifeLock takes affiliate fraud and abuse seriously and monitors ongoing compliance. When an affiliate partner abuses its responsibilities and violates our agreements, we take necessary action to remove these affiliate partners from the program and swiftly terminate our relationships. Additionally, any potential commissions earned as a result of abuse are not paid. Furthermore, NortonLifeLock sends notification to all of our affiliate partner networks about the affiliate’s abuse to ensure the affiliate is not eligible to participate in any NortonLifeLock programs in the future.”
Requests for comment sent to PushWelcome via email were returned as undeliverable. Requests submitted through the contact form on the company’s website also failed to send.
While scammy notifications may not be the most urgent threat facing Internet users today, most people are probably unaware of how this communications pathway can be abused.
What’s more, dodgy notification networks could be used for less conspicuous and sneakier purposes, including spreading fake news and malware masquerading as update notices from the user’s operating system. I hope it’s clear that regardless of which browser, device or operating system you use, it’s a good idea to be judicious about which sites you allow to serve notifications.
If you’d like to prevent sites from ever presenting notification requests, check out this guide, which has instructions for disabling notification prompts in Chrome, Firefox and Safari. Doing this for any devices you manage on behalf of friends, colleagues or family members might end up saving everyone a lot of headache down the road.
Tech News4 days ago
Microsoft Teams will stop working for millions tomorrow
The Motivator1 day ago
Google launches People Cards to help Africans who want to be found on Google Search
The Future4 days ago
Coding the future: the tech kids solving life’s problems
Entertainment2 days ago
Here’s How to See What You Listened to Most on Spotify This Year
Systems4 days ago
NEW NOKIA LAPTOP SERIES REVEALS BIS CERTIFICATION
Security1 day ago
Warning Issued For Millions Of New iPhone Users
Internet4 days ago
How can I look at others’ WhatsApp status without them knowing it?
The Motivator3 days ago
The Ultimate Guide to Protecting Your Child Online in 2020