fbpx

Credit: Kevin Frayer/Getty

The Google Play app store holds about 250 Android apps that provide access to virtual private network (VPN) services.

The bad news? Many of these VPN apps could actually be sabotaging your security and privacy. A recent study by U.S. and Australian researchers found that many Android VPN apps were potentially malicious, let third parties spy on "secure" transmissions, tracked users or just plain didn't work.

 

It might be easy to disregard all VPN apps as too risky. But would that be a fair assessment? A number of free VPN apps are offered by reputable antivirus companies and desktop VPN providers, although most of those have some level of paid service. With that in mind, are free VPN apps worth the potential security risks?

It depends, said Joe Carson, chief security scientist with Thycotic, an information-security provider based in Washington, D.C.

"VPNs are safer than doing nothing," Carson said. But he added that if you are downloading an Android app, you have to do your homework.

That includes investigating the origin of the VPN app — you probably want to skip any from China, Russia or other countries with a dubious security history, Carson said — and sticking with vendors you are familiar with and trust.

Nothing is ever really free

However, Ryan O'Leary, vice president of the Threat Research Center at WhiteHat Security in Santa Clara, California, is more skeptical.

"I don't think VPN apps are secure, especially free ones," O'Leary said. "The lower the cost of the app, the greater the chance they have security problems."

App developers want to make money, he said, but on a VPN app, you can't really be sure how that's happening.

"At best," O'Leary said, "they are using ads to earn income. At worst, they are selling your private information."

"The lower the cost of the app, the greater the chance they have security problems." -- Ryan O'Leary, Threat Research Center at WhiteHat Security

In fact, he said, "free" should be a red flag when it comes to VPN apps. Unscrupulous app developers may utilize users as end points or for extra bandwidth to support other customers.

"It's expensive to run a VPN," O'Leary said. "There's a good chance that someone else is using your connection."

The most serious risk of free VPN apps is that you may lose control of your data. A VPN service is supposed to encrypt your data stream from your device all the way to the service's servers, from where it enters the open internet. But a shady or poorly configured service could compromise your traffic, either by design or by accident, or could even piggyback on your encrypted connection for nefarious purposes.

"Your data could be intercepted or decrypted," said Mat Gangwer, chief technology officer with Rook Security in Indianapolis. "Bad guys could be using your connection for shady activities or to cover their tracks."

How to pick a VPN app

Are free VPN apps worth that risk? The experts agree: No, unless you are confident the free app is extremely trustworthy.

If you can find a paid VPN app, or one that has in-app purchases for higher levels of service, consider that option instead. We recently reviewed several VPN apps and services, and the paid IPVanish ($10 per month or $78 yearly) took the top spot. The runner-up option, Avast Secureline VPN, is also paid at $59.99 per year.

Paid doesn't guarantee secure, but even partially paid apps are often more protective of your data and give more software updates.

Better yet, stick with apps made by well-known desktop VPN service providers or antivirus software makers. All will include in-app purchases, or some other kind of paid subscription, to use the higher tiers of service, but many will give you a certain amount of free VPN usage per month.

"Bad guys could be using your connection for shady activities or to cover their tracks." -- Mat Gangwer, chief technology officer with Rook Security

Reputable partly free VPN services include Avast's SecureLine VPN and Avira's Phantom VPN There's also F-Secure's Freedome VPN; it costs $6 per month to use, but was singled out as being especially trustworthy by the authors of the VPN-app research paper we mentioned earlier.

However, if you still want to use a completely free VPN app, do your research, the experts advised. Investigate the vendor's reputation, and see where it is located. Question the permissions requested by the app – for example, would a VPN app really need permission to access your phone number or text messages? Read user reviews, especially the less-than-stellar ones, to find out which problems and concerns other users had.

"When done correctly, VPNs are a good option," said O'Leary. "But never forget that, in the end, you get what you pay for."

Source: This article was published on tomsguide.com by SUE MARQUETTE POREMBA


Categorized in Internet Privacy

Achieving internet privacy is possible but often requires overlapping services

It’s one of the internet’s oft-mentioned 'creepy' moments. A user is served a banner ad in their browser promoting products on a site they visited hours, days or months in the past. It’s as if the ads are following them around from site to site. Most people know that the issue of ad stalking – termed 'remarketing' or 'retargeting' - has something to do with cookies but that’s barely the half of it.

The underlying tracking for all this is provided by the search engine provider, be that Google, Microsoft or Yahoo, or one of a number of programmatic ad platforms most people have never heard of. The ad system notices which sites people are visiting, choosing an opportune moment to 're-market' products from a site they visited at some point based on how receptive it thinks they will be. The promoted site has paid for this privilege of course. Unless that cookie is cleared, the user will every now and then be served the same ad for days or weeks on end.

Is this creepy? Only if you don’t understand what is really going on when you use the internet. As far as advertisers are concerned, if the user has a negative feeling about it then the remarketing has probably not worked.

If it was only advertisers, privacy would be challenging enough but almost every popular free service, including search engines, social media, cloud storage and webmail, now gathers intrusive amounts of personal data as a fundamental part of its business model. User data is simply too valuable to advertisers and profilers not to. The service is free precisely because the user has 'become the product' whose habits and behaviour can be sold on to third parties. Broadband providers, meanwhile, are increasingly required by governments to store the internet usage history of subscribers for reasons justified by national security and policing.

The cost of privacy - dynamic pricing

Disturbingly, this personal tracking can also cost surfers money through a marketing technique called 'dynamic pricing' whereby websites mysteriously offer two users a different bill for an identical product or service. How this is done is never clear but everything from the browser used, the search engine in question the time of day, the buying history of the user or the profile of data suggesting their affluence may come into play. Even the number of searches could raise the price.

 

This seems to be most common when buying commodity services such as flights, hotel rooms and car rental, all of which are sold through a network of middlemen providers who get to decide the rules without having to tell anyone what these are. Privacy in this context becomes about being treated fairly, something internet providers don't always seem keen to do.

How to browse privately

Achieving privacy requires finding a way to minimise the oversight of internet service providers (IPS) as well as the profiling built into browsers, search engines and websites. It is also important to watch out for DNS name servers used to resolve IP addresses because these are increasingly used as data capture systems.

At any one of these stages, data unique to each user is being logged. This is especially true when using search engines while logged into services such as Google or Facebook. You might not mind that a particular search is logged by the search provider but most people don’t realise how this is connected directly to personal data such as IP address, browser and computer ID not to mention the name and email address for those services.

Put bluntly, the fact that an individual searched for health, job or legal advice is stored indefinitely as part of their personal online profile whether they like it or not.

VPNs

In theory, the traditional way of shielding internet use from ISPs can be achieved using a VPN provider.

A VPN creates an encrypted tunnel from the user’s device and the service provider’s servers which means that any websites visited after that become invisible to the user’s primary ISP. In turn, the user’s IP address is also hidden from those websites. Notice, however, that the VPN provider can still see which sites are being visited and will also know the user’s ISP IP.

Why are some VPNs free? Good question but one answer is that they can perform precisely the same sort of profiling of user behaviour that the ISP does but for commercial rather than legal reasons. In effect, the user has simply swapped the spying of one company, the ISP, for another, the VPN.

Post-Snowden, a growing number advertise themselves as 'no logging' providers, but how far the user is willing to go in this respect needs to be thought about. Wanting to dodge tracking and profiling is one thing, trying to avoid intelligence services quite another because it assumes that there are no weaknesses in the VPN software or even the underlying encryption that have not been publicly exposed.

IPVanish

IPVanish is a well-regarded US-based service offering an unusually wide range of software clients, including for Windows, Mac and Ubuntu Linux, as well as mobile apps for Android, iOS and Windows Phone. There is also a setup routine for DD-WRT and Tomato for those who use open source router firmware. Promoted on the back of speed (useful when in a coffee shop) and global reach as well as security. On that topic, it requires no personal data other than for payment and states that it does not collect or log any user traffic.

Cyberghost

Another multi-platform VPN, Romanian-based Cyberghost goes to some lengths to advertise its security features, its main USP. These include multi-protocol support (OpenVPN, IPSec, L2TP and PPTP), DNS leak prevention, IP sharing (essentially subnetting multiple users on one virtual IP) and IPv6 protection. Provisions around 50 servers for UK users. It also says it doesn’t store user data.

Privacy browsers

All browsers claim to be ‘privacy browsers’ if the services around them are used in specific ways, for example in incognito or privacy mode. As wonderful as Google’s Chrome or Microsoft’s Edge might be their primary purpose, isn't security. The companies that offer them simply have too much to gain from

The companies that offer them simply have too much to gain from a world in which users are tagged, tracked and profiled no matter what their makers say. To Google’s credit, the company doesn’t really hide this fact and does a reasonable job of explaining its privacy settings.

 

Firefox, by contrast, is by some distance the best of the browser makers simply because it does not depend on the user tracking that helps to fund others. But this becomes moot the minute you log into third-party services, which is why most of the privacy action in the browser space now centres around add-ons.

Epic Privacy Browser

Epic is a Chromium-based browser that takes a minimalistic approach to browsing in order to maximise privacy. It claims that both cookies and trackers are deleted after each session and that all browser searches are proxied through their own servers, meaning that there is no way to connect an IP address to a search. This means your identity is hidden. Epic also provides a fully encrypted connection and users can use its one-button proxying feature that makes quick private browsing easy, although it could slow down your browser.

Tor

This Firefox-based browser that runs on the Tor network can be used with Windows, Mac or Linux PCs. This browser is built on an entire infrastructure of ‘hidden’ relay servers, which means that you can use the internet with your IP and digital identity hidden. Unlike other browsers, Tor is built for privacy only, so it does lack certain security features such as built-in antivirus and anti-malware software.

Dooble

This stripped back Chromium-based browser offers great privacy potential but it may not be the first choice for everyone. Able to run on Windows, Linux and OS X, Dooble offers strict privacy features. It will disable insecure web-based interfaces such as Flash and Javascript, which will make some web pages harder to read. In addition, user content such as bookmarks and browsing history can be encrypted using various passphrases.

See here for a full list of our best secure browsers. 

Privacy search engines

It might seem a bit pointless to worry about a privacy search engine given that this is an inherent quality of the VPN services already discussed but a couple are worth looking out for. The advantage of this approach is that it is free and incredibly simple. Users simply start using a different search engine and aren’t required to buy or install anything.

DuckDuckGo

The best-known example of this is DuckDuckGo. What we like about DuckDuckGo is it protects searches by stopping 'search leakage' by default. This means visited sites will not know what other terms a user searched for and will not be sent a user’s IP address or browser user agent. It also offers an encrypted version that connects to the encrypted versions of major websites, preserving some privacy between the user and the site.

In addition, DuckDuckGo offers a neat password-protected 'cloud save' setting that makes it possible to create search policies and sync these across devices using the search engine.

Oscobo UK search

Launched in late 2015, Oscobo returns UK-specific search results by default (which DuckDuckGo will require a manual setting for). As with DuckDuckGo, the search results are based on Yahoo and Bing although the US outfit also has some of its own spidering. Beyond that, Oscobo does not record IP address or any other user data. According to its founders, no trace of searches made from a computer is left behind. It makes its money from sponsored search returns.

DNS nameservers

Techworld's sister title Computerworld UK recently covered the issue of alternative DNS nameservers, including Norton ConnecSafe, OpenDNS, Comodo Secure DNS, DNS.Watch, VeriSign and, of course, Google.

However, as with any DNS nameserver, there are also privacy concerns because the growing number of free services are really being driven by data gathering. The only way to bypass nameservers completely is to use a VPN provider’s infrastructure. The point of even mentioning them is that using an alternative might be faster than the ISP but come at the expense of less privacy.

DNS.Watch

Available on 84.200.69.80 and 84.200.70.40, DNS.Watch is unique in offering an alternative DNS service without the website logging found on almost every rival. We quote: “We're not interested in shady deals with your data. You own it. We're not a big corporation and don't have to participate in shady deals. We're not running any ad network or anything else where your DNS queries could be of interest for us.”

OpenDNS

Now part of Cisco, the primary is 208.67.220.220 with a backup on 208.67.222.222. Home users can simply adjust their DNS to point at one of the above but OpenDNS also offers the service wrapped up in three further tiers of service, Family Shield, Home, and VIP Home. Each comes with varying levels of filtering and security, parental control and anti-phishing protection.

Privacy utilities

Abine Blur

Blur is an all-in-one desktop and mobile privacy tool that offers a range of privacy features with some adblocking thrown in for good measure. Available in free and Premium versions ($39 a year) on Firefox and Chrome only, principle features include:

- Masked cards: a way of entering a real credit card into the Blur database which then pays merchants without revealing those details. 

- Passwords: similar in operation to password managers such as LastPass and Dashlane without some of the layers of security and sophistication that come with those platforms. When signing up for or encountering a new site Blur offers to save or create a new strong password.

Masked email addresses are another feature, identical in principle to the aliases that can be used with webmail systems such as Gmail.  Bur’s management of these is a bit more involved and we’d question whether it’s worth it to be honest were it not for the single advantage of completely hiding the destination address, including the domain. Some will value this masking as well as the ease of turning addresses on and off and creating new ones. On a Premium subscription, it is also possible to set up more than one destination address.

- Adblocking: with the browser extension installed, Blur will block ad tracking systems without the conflict of interest are inherent in the Acceptable Ads program used by AdBlock Plus and a number of others.  We didn’t test this feature across many sites but it can be easily turned on and off from the toolbar.

- Two-factor authentication: Given the amount of data users are storing in Blur, using two-factor authentication (2FA) is an absolute must. This can be set up using a mobile app such as Google Authenticator, Authy or FreeOTP.

- Backup and Sync:  Another premium feature, this will sync account data across multiple devices in an encrypted state.

- Masked phone: probably only useful in the US where intrusive telemarketing is a problem, this gives users a second phone number to hand to marketers.  Only works in named countries including the UK. Only on Premium.

 

Overall, Blur represents a lot of features in one desktop/mobile browser extension. Limitations? Not terribly well explained in places and getting the best out of it requires a Premium subscription. Although the tools are well integrated and thought out most of them can be found for less (e.g. LastPass) or free (e.g. adblocking) elsewhere.  The features that can’t are masked phone and masked card numbers/addresses.

Source : This article was published in techworld.com By John E Dunn

Categorized in Internet Privacy

We'll show you how to protect your online privacy as governments around the world, including the U.S., step up their online surveillance efforts.

One of the most important skills any computer user should have is the ability to use a virtual private network (VPN) to protect their privacy. A VPN is typically a paid service that keeps your web browsing secure and private over public Wi-Fi hotspots. VPNs can also get past regional restrictions for video- and music-streaming sites and help you evade government censorship restrictions—though that last one is especially tricky.

The best way to think of a VPN is as a secure tunnel between your PC and destinations you visit on the internet. Your PC connects to a VPN server, which can be located in the United States or a foreign country like the United Kingdom, France, Sweden, or Thailand. Your web traffic then passes back and forth through that server. The end result: As far as most websites are concerned, you’re browsing from that server’s geographical location, not your computer’s location.

 

We’ll get to the implications of a VPN’s location in a moment, but first, let’s get back to our secure tunnel example. Once you’re connected to the VPN and are “inside the tunnel,” it becomes very difficult for anyone else to spy on your web-browsing activity. The only people who will know what you’re up to are you, the VPN provider (usually an HTTPS connection can mitigate this), and the website you’re visiting.

A VPN is like a secure tunnel for a web traffic.

When you’re on public Wi-Fi at an airport or café, that means hackers will have a harder time stealing your login credentials or redirecting your PC to a phony banking site. Your Internet service provider (ISP), or anyone else trying to spy on you, will also have a near impossible time figuring out which websites you’re visiting.

On top of all that, you get the benefits of spoofing your location. If you’re in Los Angeles, for example, and the VPN server is in the U.K., it will look to most websites that you’re browsing from there, not southern California.

This is why many regionally restricted websites and online services such as BBC’s iPlayer or Sling TV can be fooled by a VPN. I say “most” services because some, most notably Netflix, are fighting against VPN (ab)use to prevent people from getting access to, say, the American version of Netflix when they’re really in Australia.

For the most part, however, if you’re visiting Belgium and connect to a U.S. VPN server, you should get access to most American sites and services just as if you were sitting at a Starbucks in Chicago.

What a VPN can’t do

While VPNs are an important tool, they are far from foolproof. Let’s say you live in an oppressive country and want to evade censorship in order to access the unrestricted web. A VPN would have limited use. If you’re trying to evade government restrictions and access sites like Facebook and Twitter, a VPN might be useful. Even then, you’d have to be somewhat dependent on the government’s willingness to look the other way.

Anything more serious than that, such as mission-critical anonymity, is far more difficult to achieve—even with a VPN. Privacy against passive surveillance? No problem. Protection against an active and hostile government? Probably not.

HideMyAss Pro 2

HideMyAssA VPN service provider such as HideMyAss can protect your privacy by ensuring your internet connection is encrypted.

The problem with anonymity is there are so many issues to consider—most of which are beyond the scope of this article. Has the government surreptitiously installed malware on your PC in order to monitor your activity, for example? Does the VPN you want to use have any issues with data leakage or weak encryption that could expose your web browsing? How much information does your VPN provider log about your activity, and would that information be accessible to the government? Are you using an anonymous identity online on a PC that you never use in conjunction with your actual identity?

Anonymity online is a very difficult goal to achieve. If, however, you are trying to remain private from prying eyes or evade NSA-style bulk data collection as a matter of principle, a reputable VPN will probably be good enough.

Beyond surveillance, a VPN also won’t do much to keep advertisers from tracking you online. Remember that the website you visit is aware of what you do on its site and that applies equally to advertisers serving ads on that site.

To prevent online tracking by advertisers and websites you’ll still need browser add-ons like GhosteryPrivacy Badger, and HTTPS Everywhere.

How to choose a VPN provider

There was a time when using a VPN required users to know about the built-in VPN client for Windows or universal open-source solutions such as OpenVPN. Nowadays, however, nearly every VPN provider has their own one-click client that gets you up and running in seconds. There are usually mobile apps as well to keep your Android or iOS device secure over public Wi-Fi.

Of course that brings up another problem. Since there are so many services to choose from, how can you tell which ones are worth using, and what are the criteria to judge them by?

 

First, let’s get the big question out of the way. The bad news for anyone used to free services is that it pays to pay when it comes to a VPN. There are tons of free options from reputable companies, but these are usually a poor substitute for the paid options. Free services usually allow a limited amount of bandwidth usage per month or offer a slower service. Tunnel Bear, for example, offers just 500MB of free bandwidth per month, while CyberGhost offers a free service that is significantly slower than its paid service.

CyberGhost VPN

CyberGhostEverybody loves free services; but when you want to use a VPN, the free version usually isn't the best deal.

Then there are the free VPNs that use an ad-supported model, which in my experience usually aren’t worth using at all. Plus, free VPNs are usually anything but; in lieu of payment they may be harvesting your data (in anonymized form of course) and selling it as “marketing insights” to advertisers.

The good news is VPNs aren’t expensive. You can usually pay as little as $5 a month (billed annually or in blocks of several months) for VPN coverage.

We won’t get into specific VPN service recommendations in this article; instead, here are some issues to consider when shopping around for a VPN provider.

First, what kind of logging does your VPN provider do? In other words, what information do they keep about your VPN sessions and how long is it kept? Are they recording the IP addresses you use, the websites you visit, the amount of bandwidth used, or any other key details?

All VPNs have to do some kind of logging, but there are VPNs that collect as little data as possible and others that aren’t so minimalist. On top of that, some services discard their logs in a matter of hours or days while other companies hold onto them for months at a time. How much privacy you expect from your VPN-based browsing will greatly influence how long you can stand having your provider maintain your activity logs—and what those logs contain.

TunnelBear interface

TunnelBear
TunnelBear is one of the author's favorite VPNs, but there are many good choices on the market.

Second, what are the acceptable terms of use for your VPN provider? Thanks to the popularity of VPNs with torrent users, permissible activity on specific VPNs can vary. Some companies disallow torrents completely, some are totally fine with them, while others won’t stop torrents but officially disallow them. We aren’t here to advise pirates, but anyone looking to use a VPN should understand what is and is not okay to do on their provider’s network.

Finally, does the VPN provider offer their own application that you can download and install? Unless you’re a power user who wants to mess with OpenVPN, a customized VPN program is really the way to go. It’s simple to use and doesn’t require any great technical knowledge or the need to adjust any significant settings.

Using a VPN

You’ve done your due diligence, checked out your VPN’s logging policies, and found a service with a great price and a customized application. Now, for the easy part: connecting to the VPN.

Here’s a look at a few examples of VPN desktop applications.

TunnelBear, which is currently my VPN of choice, has a very simple interface—if a little skeuomorphic. With Tunnel Bear, all you need to do is select the country you want to be virtually present in, click the dial to the “on” position, and wait for a connection-confirmation message.

SaferVPN works similarly. From the left-hand side you select the country you’d like to use—the more common choices such as the U.S., Germany, and the U.K. are at the top. Once that’s done, hit the big Connect button and wait once again for the confirmation message.

SaferVPN

SaferVPN

With SaferVPN, all you need to do is choose the country you wish to have a virtual presence in.

HMA Pro is a VPN I'll be reviewing in the next few days. This interface is slightly more complicated, but it’s far from difficult to understand. If you want to select your desired virtual location click the Location mode tab, click on the location name, and then choose your preferred location from the list. Once that’s done click the slider button that says Disconnected. Once it flips to Connected,you’re ready to roll.

There are numerous VPN services out there, and they all have different interfaces; but they are all similar enough that if you can successfully use one, you’ll be able to use the others.

That’s all there is to using a VPN. The hard part is figuring out which service to use. Once that’s done, connecting to a VPN for added privacy or to stream your favorite TV shows while abroad is just a click away.

Source : techhive.com

Categorized in How to

Internet privacy was once again thrust into the limelight recently when President Donald Trump signed a bill that would allow internet service providers to sell your browsing history to third parties like advertisers.

As much as the news rekindled concerns around internet privacy, little has actually changed. The signed bill is generally keeping things as they are. The outrage comes from the fact that the bill is rolling back an Obama-era measure to prevent ISPs from tracking and selling your browsing history, which didn't have time to take effect before he left office.

Still, some of you may be looking for ways to browse the web privately, and one of the most prominent solutions is to use a virtual private network, or VPN, which cloaks your online activity.

Here's what VPNs are, what they do, and what to look out for if you're an average person using the internet.

 

A VPN essentially hides your internet activity from your internet service provider, which means it has nothing to sell to third parties.

A VPN essentially hides your internet activity from your internet service provider, which means it has nothing to sell to third parties.

If the internet is an open highway, VPNs act like a tunnel that hides your internet traffic. The VPN encrypts your internet traffic into a garbled mess of numbers that can't be deciphered by your ISP or a third party. 

Most VPNs also hide identifying details about your computer from ISPs.

Most VPNs also hide identifying details about your computer from ISPs.

Any device that's connected to your ISP's network has an IP address, which looks like a series of numbers. Many Americans have multiple devices, so ISPs use IP addresses to see which device has accessed which websites and where.

Without an IP address, your devices wouldn't be able to communicate with the websites you want to look at, and you wouldn't be able to browse the internet.

VPN services hide the IP addresses on the devices you use with the VPN and replace them with IP addresses from one of their servers, which can be located anywhere in the world. So if you're in the US but are connected to a VPN server in Europe, ISPs will see the VPN's European server's IP address instead of your device's.

 

Can't ISPs track my browsing history through the VPN's IP address?

They could if you were the only user on that VPN server. But several users are usually using the same VPN IP address, so they can't determine whether a browsing history belongs to you, specifically. It's like searching for a needle in a stack of needles.

VPN services aren't perfect.

By using a VPN, you're still switching the trust of your privacy from your ISP to your VPN service. With that in mind, you need to make sure the VPN you use is trustworthy and doesn't store logs of your browsing history.

Certain VPN services say they don't log your browsing activity and history while you're connected to their servers. It means ISPs or a third party can't retroactively check your browsing history, even if it could decrypt the VPN's encryption "tunnel," which is unlikely in the first place.

For an extra layer of protection, choose a VPN whose servers are based outside the US. That protects against the possibility of legal entities in the US trying to access your browsing history through court orders.

They can slow down your internet speed.

The "internet" travels incredibly quickly around the world, but it's still bound by the laws of physics.

Since VPN services reroute your internet traffic through one of its servers somewhere around the globe, your internet speed could be slightly reduced.They essentially make your internet traffic take a longer route than it usually would, which means things can take longer to load.

The further away the VPN server is from your location, the longer the distance your internet traffic has to travel, which can end up in slower internet speeds. 

Most free VPN services may not be enough to protect your privacy.

Many free VPN services simply hide your IP address and don't encrypt your data, and it's the encryption part that protects your privacy more thoroughly.

You have to pay extra for privacy.

Paying extra for a premium VPN service on top of your internet bill so you can browse privately isn't very appealing. 

Should you get a VPN?

Should you get a VPN?

By getting a VPN in light of the recent events, you're preventing your ISP from tracking your activity and selling your browsing history to a third party to make more money out of your subscription. 

Some people don't want their browsing history to be seen by ISPs, nor do they want it to be sold to advertisers, even if it isn't tied to you personally. Some ISPs have said they value their customers' privacy and don't track their activity, but some of their language surrounding this subject can be vague.

Secondly, it seems fair to be recompensed for providing, albeit involuntarily, your precious browsing histories, as advertisers covet them to find out what you're interested in and show you targeted ads. If my ISP is making money out of selling my browsing history, I'd expect my monthly internet bill to be reduced, as I'm technically providing my ISP a service by browsing the web and exposing my interests. 

The likelihood of this happening, however, is uncertain and perhaps unlikely considering it's now an ISP's "right" to sell your browsing history to third parties. There's no law out there that forces ISPs to compensate their customers for providing their browsing histories, so don't expect them to anytime soon.

In a way, you can't blame the ISPs.

In a way, you can't blame the ISPs.

ISPs can see which sites you're visiting, anyway, because they can tell what internet traffic is going through which IP address. From their point of view, they might as well make money out of it. There's certainly a market for browsing histories, and after all, a business is in the business of making money.

Still, not everyone is comfortable with having their activity tracked at all — or having to opt out versus opting in — even if they have a squeaky-clean, legal web-browsing history.

 

Author: Antonio Villas-Boas
Source: businessinsider.com

Categorized in Internet Privacy

In light of the latest news that President Trump has overturned the FCC Internet privacy rules, discussions for and against virtual private networks (VPNs) have resurfaced. One of the biggest complaints with the repeal is that internet service providers are now legally allowed to sell your browsing data, if they’d like. While some ISPs have said that they won’t sell your browsing history for now, that doesn’t bar them from doing so in the future.

Proponents of VPNs believe that by utilizing such a service, you can obfuscate your browsing history so that your ISP won’t be able to build a “catalog” of your browsing habits. Opponents to VPNs dutifully note that by using a VPN service all you’re doing is migrating your browsing history from one ISP’s eyes to another. Browsing history data collection aside, benefits still exist by using VPNs, especially on your iPhone or iPad.

 

Why should I use a VPN on iOS?

Many iPhone and iPad users have come to believe that iOS as a whole is an incredibly secure platform. That may be true to an extent, but vulnerabilities still exist. More obviously, these vulnerabilities may not exist in iOS themselves but rather third-party apps that implement poor code.

A few months back we reported on how both Experian and myFICO mobile contained security vulnerabilities that potentially leaked user data onto connected networks. Simply put: launching your Experian app on iOS on an unsecured network meant your user credentials could be pulled maliciously. Once pulled, attackers could pull up all your personal and credit data linked to Experian.

In cases where third-party apps are insecure, using a VPN can add an additional layer for obfuscation. Instead of an attacker easily seeing your credentials, your credentials are now being passed through another network entirely.

Which VPN should I use on iOS?

This age-old question continues to be one of the more difficult aspects of VPN discussions. There are literally hundreds of VPN providers out there, but deciphering which to choose is one the most difficult challenges.

To begin, our first recommendation is do not use a free VPN service provider. Maintaining VPN data servers cost real money, so any company willing to offer free VPN servers to its users means it’s most likely selling that user data. Worse still, that “free” VPN provider may even not be actually securing your data but rather sending it out in the open.

The second recommendation is to not start with the App Store. Normally the iOS App Store is a great location to dive in and discover applications to solve problems you may have, but you should be extra careful here. In the case of VPN applications, you want to find one that hs been thoroughly vetted. Sites like That One Privacy Site have set out to build detailed comparisons against as many VPN providers as possible. Keeping in line with the President’s FCC ruling, looking for a VPN provider that doesn’t keep logs on data usage is a great start.

After that, we’d recommend testing out a few different VPNs for a few weeks. Different VPN providers have different experiences with data speeds depending on where their servers are located. In my personal testing, NordVPN has been fantastic for me and served as a companion when I traveled to South America last year. From our readers, we’ve received recommendations on CloakPrivate Internet Access, and Hide My Ass. By trying multiple different providers, you can learn which ones will offer a better overall experience for you.

Note: All four of the listed VPN providers above have well-built, and easy to understand iOS applications that directly integrate into iOS’ own VPN settings. 

What’s next for VPNs and iOS?

Discussions around VPNs will continue to occur so long as security is in the forefront of user’s minds. Until Apple rolls out its own VPN similar to Google, users will have to rely on their own intuitions on which to pick from.

For a list of VPN providers currently offering discounts, check out our 9to5Toys’ Specials page. Remember to cross-check providers with other resources to make sure it fits your personal criteria.

 

Do you have a personal VPN that you use on iOS that you love? Have any doubts you want answered? Let us know in the comments below!

Categorized in How to

SAN FRANCISCO — Protecting your Internet activities from collection and sale by marketers is easier said than done, especially after Tuesday’s vote to overturn pending FCC privacy rules for Internet Service Providers.

The move by Congress dismantled rules created by the Federal Communications Commission just six months ago, rules that weren’t slated to go into effect until later this year. President Trump is expected to sign the bill into law soon.

Broadband rules axed by Congress, headed to Trump

The decision, decried by consumer groups and Democrats and lauded by Republicans and telecom companies, sent those worried looking for a fallback plan. One possibility? Wider use of VPNs, which provide private end-to-end Internet connections and are typically used to keep out snoops when using public Wi-Fi.

 

"Time to start using a VPN at home," Vijaya Gadde, general counsel at Twitter, tweeted after the decision.

But such protection is limited. While VPNs keep broadband providers from seeing the sites users visit, that masking only goes so far — once logged into a website, an operator like Amazon tracks users' activities so it can suggest tailored products.

"All that a VPN does is hide what take place to get from point A to point B. Once you're on the other side, if you have credentials there — think Netflix — it knows who you are," said Matt Stamper, director of security and risk management programs at the consulting company Gartner.

Congress' decision essentially reverts to the status quo. The FCC argued that IPS’s like Comcast and AT&T should not face more stringent privacy rules than online companies such as Facebook and Google, which also collect information about users. Opponents countered that IPS's are different because they have access to users' full web browsing habits and physical addresses.

With the repeal, Internet providers won't be required to notify customers they collect data about or ask permission before collecting, sharing and selling data about what they do online, beyond the initial Terms of Service agreement. Information collected could include websites visited, apps used and physical location.

“Your entire clickstream, basically your life online, has the potentially to become one giant profile,” said Stamper.

That information can then be used to craft highly-targeted ads. This is part of the fundamental business model of many online companies, from e-commerce juggernaut Amazon to search giant Google to social network Facebook. They follow users’ online movements and actions, then use the information to better market to them. Increasingly, broadband providers are also getting into the content and advertising business. For instance, that's a key reason Verizon is buying Yahoo.

While web companies' profiles aren't person-specific, they allow their own products and those of advertisers to minutely target a type of customer, say a 30-year-old woman in the Southwest who likes rock climbing. While individual companies' privacy policies vary and sometimes allow for opt-outs of information sharing, in general websites can sell or share this de-personalized information with partners.

Side-stepping that constant surveillance while trying to use the web in our daily lives is almost unachievable, said Stamper.

 

“Realistically, unless somebody is extraordinarily well-versed in technology, has a really good understanding of what different sites are doing and how they do it, it’s almost impossible for the average consumer to keep their details private,” he said.

One option is for customers to find the privacy policy of their ISP and specifically opt out of data collection, said Robert Cattanach, a privacy lawyer with the firm of Dorsey & Whitney.

That's easier said than done, said ACLU lawyer Neema Singh Guliani.

"You'll need to go through what in some cases is going to be a long, arduous and frustrating process in understanding what you can do to control the information they gather about you," she said.

Overall, the best course of action for those concerned about what's collected about them is to practice ‘digital privacy hygiene’ by giving as little information as possible when doing things online, to minimize the digital footprint available to companies, said Nuala O’Connor, president and CEO of the Center for Democracy & Technology, a non-profit digital rights group.

“I was asked for my phone number when buying towels recently at a home store. They don’t need my phone number! Just sell me the towels!  Companies need to do a better job about minimizing the data they’re collecting, but in the meantime we can all be stingier about what we give out,” she said.

Long term, the situation could create incentives for companies to offer privacy-for-pay, “tiered pricing models that would effectively make privacy a privilege for those who could afford to pay more for these services every month,” said Fatemeh Khatibloo, a privacy analyst with Forrester.

Source : usatoday.com

Categorized in Internet Privacy

(Reuters) - The vote by the U.S. Congress to repeal rules that limit how internet service providers can use customer data has generated renewed interest in an old internet technology: virtual private networks, or VPNs.

VPNs cloak a customer's web-surfing history by making an encrypted connection to a private server, which then searches the Web on the customer's behalf without revealing the destination addresses. VPNs are often used to connect to a secure business network, or in countries such as China and Turkey to bypass government restrictions on Web surfing.

Privacy-conscious techies are now talking of using VPNs as a matter of course to guard against broadband providers collecting data about which internet sites and services they are using.

"Time to start using a VPN at home," Vijaya Gadde‏, general counsel of Twitter Inc, said in a tweet on Tuesday that was retweeted by Twitter Chief Executive Jack Dorsey.

Gadde was not immediately available for comment. Twitter said she was commenting in her personal capacity and not on behalf of the company.

The Republican-led U.S. House of Representatives voted 215-205 on Tuesday to repeal rules adopted last year by the Federal Communications Commission under then-President Barack Obama to require broadband providers to obtain consumer consent before using their data for advertising or marketing.

The U.S. Senate, also controlled by Republicans, voted 50-48 last week to reverse the rules. The White House said President Donald Trump supported the repeal measure.

Supporters of the repeal said the FCC unfairly required internet service providers like AT&T Inc, Comcast Corp and Verizon Communications Inc to do more to protect customers' privacy than websites like Alphabet Inc's Google or Facebook Inc.

Critics said the repeal would weaken consumers' privacy protections.

VPN ADVANTAGES, DRAWBACKS

Protected data includes a customer's web-browsing history, which in turn can be used to discover other types of information, including health and financial data.

 

Some smaller broadband providers are now seizing on privacy as a competitive advantage. Sonic, a California-based broadband provider, offers a free VPN service to its customers so they can connect to its network when they are not home. That ensures that when Sonic users log on to wi-fi at a coffee shop or hotel, for example, their data is not collected by that establishment's broadband provider.

"We see VPN as being important for our customers when they're not on our network. They can take it with them on the road," CEO Dane Jasper said.

In many areas of the country, there is no option to choose an independent broadband provider and consumers will have to pay for a VPN service to shield their browsing habits.

Private Internet Access, a VPN provider, took a visible stand against the repeal measure when it bought a full-page ad in the New York Times on Sunday. But the company, which boasts about a million subscribers, potentially stands to benefit from the legislation, acknowledged marketing director Caleb Chen.

VPNs have drawbacks. They funnel all user traffic through one point, so they are an attractive target for hackers and spies. The biggest obstacle to their routine use as a privacy safeguard is that they can be too much of a hassle to set up for many customers. They also cost money.

"The further along toward being a computer scientist you have to be to use a VPN, the smaller a portion of the population we're talking about that can use it," said Ernesto Falcon, a legislative counsel for the Electronic Frontier Foundation, which opposed the bill.

(Reporting by Stephen Nellis and David Ingram in San Francisco; Editing by Jonathan Weber and Peter Cooney).

Author : Stephen Nellis and David Ingram

Source : metro.us

Categorized in Internet Privacy

As soon as Version 40 is launched, Opera will be the first web browser that can boast its own free VPN service to increase security and privacy during navigation. The feature started its first testing back in April and can really be a unique opportunity to re-launch one of the oldest desktop browsers in the market. Most standard browsers such as Chrome and Firefox offer a "private mode" that simply maintain privacy inside the computer, in order to avoid other users to check the history and nothing more. A VPN service instead helps to keep at bay any potential intrusions or unwanted prying eyes by adding encrypting software, blocking tracking cookies and hiding the user's IP address.

 

Anyone who is browsing through a commercial or public Wi-Fi hotspot usually uses a VPN to add an additional layer of privacy and to protect himself against Wi-Fi sniffers or advertisement trackers that spy on users' internet habits. The most secure VPN services currently available on the market offer various features other than just avoiding that sensitive information gets into the wrong hands. Bitcoin anonymous payments, no-log policies and location hiding are just some of the most appreciated among them, although paying a monthly fee to access one of these services can add up to monthly expenses. Opera will be the first one to offer this service for free and without bandwidth cap, also adding the opportunity to get around geolocation-locked contents, such as movies or TV series that cannot be streamed from that location.

Krystian Kolondra, Opera’s desktop browser chief, explained that inclusion of VPN functions is going to be a standard feature of new browsers, and this tool will be as essential "as the lock and key is to your house.”

However, the major downside is that Opera's VPN is not a "true VPN" but just a proxy that redirects all traffic to SurfEasy, a company subsidiary that usually offers this service for a monthly fee. The traffic encrypted is only in the browser, so everything that is sent through any other network function such as chats, virtual drives and email clients is not covered. Although SurfEasy promised not to store any users' browsing habits and information on its servers, Opera will still get insight on all the details coming from clients' surfing history. This "proxy" feature will just re-route traffic through five locations: Canada, U.S., Singapore, Netherlands and Germany, leaving the vast majority of the European traffic yet uncovered.

Author : CLAUDIO BUTTICE

Source : http://www.digitaljournal.com/tech-and-science/technology/opera-adds-a-built-in-vpn-feature-for-secure-web-browsing/article/477581

Categorized in Search Engine

Those of you who frequent the darkweb should be familiar with VPN (Virtual Private Network) services and have done some research to find a trustworthy provider. For readers who are just starting to explore the darker catacombs of the Internet a VPN is a mandatory tool for online anonymity.

But not all VPN services are created equal.

>>>Click for DeepDotWeb’s Chart of Best VPN services<<<

For n00bs

A VPN provides a secure connection between your computer and the VPN servers. All communications between your computer and the VPN are encrypted and sent through a secure tunnel over the Internet, preventing outsiders from spying on your web activity. You can securely connect to a VPN service and surf the web from their servers, using their IP addresses.

There are lots of reasons to use a VPN service such as establishing a secure connection over an insecure network, accessing censored or region specific web content, or hiding p2p sharing activity that is often frowned upon in the US. But if you’ve made it to DDW you’re probably starting to understand that there are parts of the web where more nefarious things happen (which DDW acknowledges but does not condone) and anonymity is of the utmost importance.

The connection between your computer and the VPN is secure, but the connection between the VPN and the rest of the web isn’t. Your activity on the web can be monitored and traced back to the VPN IP addresses, but cannot be traced back to your own IP address. When you use a VPN no one can trace your web activity back to you (insert obligatory meme).

In theory.On the internet

For Everyone

A VPN service’s main selling points are security and privacy, but privacy is interpreted differently among VPN providers. Just ask former lulzsec member Cody Kretsinger (a.k.a. recursion), how private his VPN service was.

 

Kretsinger used a popular VPN called HideMyAss and engaged in activity that linked him, and his online persona “recursion,” to several high profile hacks, including unauthorized access to servers controlled by Sony Pictures. As it turns out HMA keeps logs of users’ IP addresses and logon/off times. A UK court order was issued to HMA to turn over the logs related to the offending account, which were then used to identify and arrest Kretsinger.

VPN providers can log web activity over their network, but it is more common to see VPN providers log users’ IP addresses, logon/off times and bandwidth usage. This logging activity allows providers to identify individuals abusing the service for fraud and spam, but in doing so they acquire information that can be used to identify individual users.

You can be absolutely sure if a VPN provider is pressured to cooperate with authorities and they have any information to identify you as the suspect you will be up shit creek and you will be there without a paddle. No one is going to go to jail for you.

This is why some VPN services go out of their way NOT to log any information that could possibly identify their customers. They cannot be forced to hand over incriminating information that they do not have.

The Devil is in the Details

It is mundane but it is so incredibly important when considering a VPN to read the company’s Terms of Service and the Privacy Policy, and these documents need to be in plain English not lawyer-eese. A VPN provider who legitimately cares about customers’ privacy will lay it out in black in white what information, if any, is recorded and for how long.

Good VPN providers state that they store “personal information” necessary to create an account and process a payment (for example: name, e-mail address, payment data, billing address), but state that they do NOT log users’ IP addresses, logon/off times, or bandwidth usage.

Great VPN providers go a step further to minimize the amount of “personal information” required by accepting bitcoin or other cryptocurrencies, eliminating the requirement for billing information. This further insulates the user’s true identity by requiring an as little information as an e-mail address to create an account.

An honorable mention must go out to VPN provider MULLVAD who do not even require an email address. Visitors to the website click “create account” and they are given an account number without entering any information at all.

VPN Providers to Avoid

If you intend to use a VPN to hide your p2p activity on the web or go to the other side of the great virtual divide we recommend that you steer clear of these VPN providers. We want to be fair, VPNs who make this list are not “bad” VPN providers but they do participate in logging activities that put their users at risk. These VPNs do not provide true privacy on the web.

Bad vpn Providers

Privacy Focused VPN Providers

The following is a list of ten VPN providers who openly state that they do not log any information that may be used to identify anyone using their VPN service. To be considered as a privacy focused VPN provider the service must have the following qualifications:

  1. Does NOT log any information that could be used to identify the user.
  2. Requires minimal personal information to sign up.
  3. Accepts cryptocurrency.

You will note that there are VPN providers based in the USA on this list. It is a common misconception that US VPN services are legally required to log activity on their network. This simply isn’t true, but they are still required to cooperate with US law enforcement while other countries are not. Required cooperation is partly the reason they dutifully do not log activity on their networks. These companies cannot be held liable for withholding information they do not have. Choosing a VPN service, and which country it is based in, is up to you, but we do not want to discourage people from supporting small businesses in the US based on hearsay

Anyone concerned with their privacy for any reason should consider one of the following VPN services. As a DDW Disclaimer: You shouldn’t rely on a VPN provider to protect you from the authorities. It’s really best if the authorities don’t have a reason to be looking for you at all.

>>>Click for DeepDotWeb’s Chart of Best VPN services<<<

Best Vpn Providers

Author:  IBURNEZ

Source:  https://www.deepdotweb.com/2014/07/08/is-your-vpn-legit-or-shit

Categorized in Internet of Things

The Internet today is huge. It offers many opportunities but also brings certain dangers. That is why need decent protection when we browse the web. The topic is quite popular and there are many options you can try. You can find much information about VPN, Proxy, TOR and other technologies but what does all that mean and which option should you choose. In this article, we will explain popular options in details, namely the trended TOR bundles TOR plus VPN and TOR plus Proxy.

Architecture

TOR is quite popular right now and it provides a decent level of protection. However, there are certain risks involved like malicious exit nodes .

There is a remedy. VPN or Proxy may serve as a great addition to TOR but only one of them can secure your traffic from malicious TOR nodes. Let us clarify why is that. The reason for that lies in the difference between VPN and Proxy technologies.

 

Security and Privacy

HTTP Proxy simply changes your IP for web traffic and SOCKS Proxy extends the functionality to work with other traffic (e.g FTP, BitTorrent, etc). Therefore, Proxy offers anonymity but not privacy.

VPN has an option of traffic encryption and DNS leaks protection. In other words, VPN provides both anonymity and privacy. VPN plus takes the concept to a new level and introduces an extra security layer .

This is a DNS leak test result for Privatoria’s VPN TOR service

Set-up process

There are not so many ways to use TOR together with Proxy and VPN. Proxy is more flexible in this regard as it can be used ensemble with TOR browser or Tails OS. The configuration process is trivial. You simply have to enter web browser’s preferences>advanced>network and enter the settings.

This is how Privatoria Proxy plus TOR settings look like on a Debian 8 with MATE desktop

There are also more advanced configurations that you can try, for example a Proxy Chain .

Unfortunately, VPN cannot be used inside Tails OS. The developers clearly state that on the official site . Fortunately, Privatoria offers a way to use TOR plus VPN. The best, you don’t have to use Tails OS or a web-browser for that. To configure Privatoria’s VPN TOR service on Debian-based systems use regular OpenVPN functionality (you’ll need packages “openvpn” “network-manager-openvpn” and “network-manager-openvpn-gnome” packages for it to work).

This is how the settings look like on a Debian 8 with MATE desktop

Speed

Proxy is an absolute winner in this situation. This is most because your connection only goes through one extra computer and not the whole network. The proxy also does not touch your OS networking infrastructure, unlike VPN. That is why VPN can slow the system down a little. Also, VPN connection speed should be slower compared to VPN due to a longer path that the data has to travel. Add TOR to the mix and what you’ll get is a pretty long distance. Fortunately, with Privatoria Proxy and VPN connection speed does not differ due to service’s specific system architecture.

 

Here is the speed test screenshot

Conclusion

Internet anonymity and privacy tools finally make their way to the mainstream audience. It is important to know the differences between Proxy and VPN and how both interact with the TOR network. The main point to remember is the that Proxy TOR should be used for simpler tasks like watching YouTube while VPN TOR is a choice better for sending a personal e-mail.

Source : deepdotweb

Categorized in Deep Web
Page 2 of 3

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.

Follow Us on Social Media

Finance your Training & Certification with us - Find out how?      Learn more