WebProNews

Tag: VPN

  • US Agencies Request the Most User Data From Big Tech, Apple Complies the Most

    US Agencies Request the Most User Data From Big Tech, Apple Complies the Most

    Americans concerned about their user data falling into the hands of foreign governments may want to look closer to home.

    According to new research by VPN provider SurfShark, the US government makes the most requests for user data from Big Tech companies than any other jurisdiction in the world. The company analyzed data requests to Apple, Google, Meta, and Microsoft by “government agencies of 177 countries between 2013 and 2021.”

    The US came in first with 2,451,077 account requests, more than four times the number of Germany, the number two country on the list. In fact, the US made more requests than all of Europe, including the UK, which collectively came in under 2 million.

    While the US and EU were responsible for a combined total of 60% of all data requests, the US “made 8 times more requests than the global average (87.9/100k).”

    The number of accounts being accessed is also growing, with a five-times increase in requests from 2013 to 2021. The US alone saw a 348% increase during the time frame, and the scope and purpose of the requests are expanding.

    “Besides requesting data from technology companies, authorities are now exploring more ways to monitor and tackle crime through online services. For instance, the EU is considering a regulation that would require internet service providers to detect, report, and remove abuse-related content,” says Gabriele Kaveckyte, Privacy Counsel at Surfshark. “On one hand, introducing such new measures could help solve serious criminal cases, but civil society organizations expressed their concerns of encouraging surveillance techniques which may later be used, for example, to track down political rivals.”

    The report also sheds light on which companies comply the most versus which ones push back against requests. For all of its privacy-oriented marketing — “what happens on your iPhone stays on your iPhone” — Apple complies with data requests more than any other company, handing it over 82% of the time.

    In contrast, Meta complies 72% of the time, and Google does 71% of the time. Microsoft, on the other hand, pushes back the most among Big Tech companies, only handing data over 68% of the time.

    The findings may also put a dent in US efforts to ban TikTok and other foreign apps under the guise of protecting user privacy and data.

  • Apple’s iOS 16 Bypasses VPNs and Communicates With Apple

    Apple’s iOS 16 Bypasses VPNs and Communicates With Apple

    On the heels of news that Android bypasses VPNs and leaks data, developers have discovered that iOS 16 does even worse.

    Developers at Mysk have discovered that iOS 16 contacts Apple’s servers outside of a VPN tunnel, even leaking DNS requests. A number of different services trigger the behavior, including Health, Maps, and Wallet.

    The issue is similar to one Mullvad discovered with Android devices, where Google’s operating system routes some traffic outside a VPN connection. Android even does this when the Block connections without VPN option is enabled.

    Both issues are extremely concerning. When a VPN is in use, ALL traffic should be routed through the VPN. The issue is even more concerning with iOS 16 since it is leaking DNS information. Apple has worked hard to cultivate a reputation for privacy and security, making this latest news especially embarrassing for the company.

    While VPNs are not the security silver bullet some make them out to be, they are nonetheless an important element in the battle to remain private online. For the two major mobile operating systems to circumvent VPNs and contact their respective companies’ servers is an egregious security and privacy violation.

  • Mulvad VPN: Android Circumvents VPNs and Leaks Data

    Mulvad VPN: Android Circumvents VPNs and Leaks Data

    Famed VPN company Mullvad has found that Android circumvents VPNs and leaks data, raising privacy implications.

    Mullvad is one of the leading VPN providers and consistently wins praise for being one of the most secure and private options on the market. Unlike many companies in the space, Mullvad has traceable ownership, anonymous payments, and has been audited by a third party.

    In one of its latest security audits, Mullvad discovered an issue with Android. According to the company’s blog, the mobile operating system bypasses VPNs and leaks data, even when the option to Block connections without VPN is enabled:

    We researched the reported leak, and concluded that Android sends connectivity checks outside the VPN tunnel. It does this every time the device connects to a WiFi network, even when the Block connections without VPN setting is enabled.

    We understand why the Android system wants to send this traffic by default. If for instance there is a captive portal on the network, the connection will be unusable until the user has logged in to it. So most users will want the captive portal check to happen and allow them to display and use the portal. However, this can be a privacy concern for some users with certain threat models. As there seems to be no way to stop Android from leaking this traffic, we have reported it on the Android issue tracker.

    Mullvad’s report outlines the potential privacy implications:

    The connection check traffic can be observed and analyzed by the party controlling the connectivity check server and any entity observing the network traffic. Even if the content of the message does not reveal anything more than “some Android device connected”, the metadata (which includes the source IP) can be used to derive further information, especially if combined with data such as WiFi access point locations. However, as such an de-anonymization attempt would require a quite sophisticated actor, most of our users are probably unlikely consider it a significant risk.

    There are third-party versions of Android that are designed to be more privacy and security-oriented. CalyxOS and GrapheneOS are two such examples, taking the open-source version of Android before Google loads it up with their software and releasing it.

    GrapheneOS is already immune to this particular issue, and the CalyxOS devs are working on the issue.

  • VPN Providers Abandon India Amid Privacy Crackdown

    VPN Providers Abandon India Amid Privacy Crackdown

    As expected, India’s new privacy regulations are leading to a mass exodus of VPN providers.

    India introduced legislation to force VPN providers to capture and collect customer data, defeating the very purpose of why many use VPN services. Many companies threatened to leave the country if the legislation passed, and they are now following through, according to Wired.

    “As digital privacy and security advocates, we are concerned about the possible effect this regulation may have on not only our users but people’s data in general,” says a NordVPN spokesperson. “From what it seems, the amount of stored private information will be drastically increased throughout hundreds or maybe thousands of different companies.” She adds that similar regulations have been “typically introduced by authoritarian governments in order to gain more control over their citizens.”

    Despite India having the highest VPN adoption rate last year, or perhaps because of it, the government began moving to force VPN providers to collect customer data. The government has tried to reassure the industry and its citizens that it would only take advantage of that data collection on a case-by-case basis. Many are not convinced, however, given India’s history of surveilling activists, critics, and political rivals.

    “VPNs by nature can be a privacy advancing tool and can be capable of protecting information security in multiple ways, being used by individuals and companies to secure confidential information,” says Tejasi Panjiar, Internet Freedom Foundation associate policy counsel. “They also help secure digital rights under the constitution, especially for journalists and whistleblowers, because the nature of information that’s transferred over VPNs is primarily encrypted, which allows them not only to secure confidential information but also to safeguard their own identity, protecting them from surveillance and censorship.”

    NordVPN, ExpressVPN, and Surfshark have all taken steps to remove their servers from India while still providing ways for Indian customers to connect to their VPN services.

  • Lawmakers Want the FTC to Address VPN Providers’ ‘Deceptive Data Practices’

    Lawmakers Want the FTC to Address VPN Providers’ ‘Deceptive Data Practices’

    Senator Ron Wyden and Representative Anna G. Eshoo have written FTC Chairwoman Lina Khan asking the agency to address “deceptive data practices” in the VPN industry.

    Virtual private networks are often touted as a vital security and privacy measure, but many computer experts say their importance is overrated. To make matters worse, many VPN providers don’t live up to the claims they make about the privacy they offer.

    The lawmakers point out how widespread the problems are in their letter:

    “In December 2021, Consumer Reports (CR) found that 75 percent of leading VPN providers misrepresented their products and technology or made hyperbolic claims about the protection they provide users on their websites, such as advertising a ‘military-grade encryption’ which doesn’t exist,” the lawmakers write. “Advocacy groups have also found that leading VPN services intentionally misrepresent the functionality of their product and fail to provide adequate security to their users. We’re highly concerned that this deceptive advertising is giving abortion-seekers a false sense of security when searching for abortion-related care or information, putting them at a higher risk of prosecution.”

    The lawmakers then went to provide specific examples of some of the abuses VPN companies have become known for:

    “VPN services have also been exposed for collecting, and, in some cases, abusing, user data. In 2020 it was revealed that a leading analytics firm used personal data from over 35 million people who had downloaded one of their 20 VPN and ad-blocking apps to power their analytics platform without consent.  Notably, the apps didn’t reveal their connection to the analytics firm. Another study found that 75 percent of Android VPN apps report personal user data to third-party tracking companies and 82 percent request permissions to access sensitive resources, including user accounts and text messages.”

    The lawmakers’ letter makes clear the dangers of downloading and installing a VPN without doing due diligence to ensure it lives up to its claims. Many VPNs provide little to no information about their business or their leadership, offering little real-world accountability for their actions. Many have not been independently audited to verify their claims.

    One VPN that often comes recommended by top security experts for checking all of the above boxes is Mullvad. Based in a privacy-friendly jurisdiction, Mullvad’s apps are open-source and have been externally audited. The company has a zero-logs policy, and accounts are anonymous. In fact, the company recently removed the ability to have a reoccurring subscription to cut down on how much information it has on its customers.

    Unfortunately, VPN companies of Mullvad’s caliber are few and far between.

  • VPN Providers May Be Forced to Pull Out of India

    VPN Providers May Be Forced to Pull Out of India

    VPN providers may be forced to pull out of the Indian market over a new law that undermines the privacy VPNs offer.

    India passed the Cyber Security Directions, a directive that requires VPN providers to keep records of customer names, IP addresses, email address, financial transactions, and more for a period of five years. India has now signaled there will be no tolerance for companies that refuse to comply, according to TechCrunch.

    Numerous companies have expressed concern over the laws, especially VPN providers that specifically guarantee anonymity. Many, such as Mullvad, NordVPN, ExpressVPN, ProtonVPN, and others guarantee their customers a service that doesn’t track them or keep the kind of logs the Indian government wants.

    “The new Indian VPN regulations are an assault on privacy and threaten to put citizens under a microscope of surveillance. We remain committed to our no-logs policy,” said ProtonVPN.

    Rajeev Chandrasekhar, the junior IT minister of India, told TechCrunch that VPN providers who conceal who uses their services “will have to pull out.”

    The only services exempted are corporate and enterprise VPNs. The new directive goes into effect for everyone else in June.

  • ExpressVPN Offering One-Time $100,000 Bug Bounty

    ExpressVPN Offering One-Time $100,000 Bug Bounty

    ExpressVPN is offering a one-time, $100,000 reward to anyone who can hack its servers.

    ExpressVPN is one of the leading VPN services on the market, and is consistently recommended by many reviewers. Like a lot of companies in the tech industry, ExpressVPN offers bug bounties as a way of encouraging white hat hackers and security researchers to find bugs and report them, before they can be exploited by bad actors.

    The company is now offering a major incentive, in the form of $100,000, specifically for proof of “unauthorized access to a VPN server or remote code execution,” or vulnerabilities “that result in leaking the real IP addresses of clients or the ability to monitor user traffic.”

    Obviously, the company will require proof of the exploit, in order to pay the bounty.

    In order to qualify to claim this bounty, we will require proof of impact to our user’s privacy. This will require demonstration of unauthorized access, remote code execution, IP address leakage, or the ability to monitor unencrypted (non-VPN encrypted) user traffic.

    It’s a safe bet security researchers will be eager to take a shot at ExpressVPN’s services, with that much money at stake.

  • US Carriers Deny Blocking iCloud Private Relay — Mostly

    US Carriers Deny Blocking iCloud Private Relay — Mostly

    Following reports that T-Mobile was blocking Apple’s iCloud Private Relay, all three major US carriers have denied actively blocking it — for the most part.

    iCloud Private Relay is a feature introduced as a beta in iOS 15 and macOS Monterey. The feature is similar to a VPN, and hides a person’s internet traffic. Some users reported that T-Mobile was starting to block the feature, something that 9to5Mac confirmed.

    According to The Verge, all three carriers are trying to reassure users they are not intentionally or actively blocking Private Relay. Verizon and AT&T, in particular, said they are not blocking the feature in any way.

    Things are a bit more complicated with T-Mobile. The vast majority of customers will not experience any issues, but accounts that are using T-Mobile’s Family Controls won’t be able to use Private Relay.

    “Customers who chose plans and features with content filtering (e.g. parent controls) do not have access to the iCloud Private Relay to allow these services to work as designed. All other customers have no restrictions,” T-Mobile’s spokesperson The Verge.

    That explanation is inline with Apple’s own description of Private Relay:

    Networks that require the ability to audit traffic or perform network-based filtering will block access to Private Relay.

    T-Mobile also told The Verge that it discovered an issue with Private Relay that could cause it to not work, and informed Apple so they could fix it.

    “Overnight our team identified that in the 15.2 iOS release, some device settings default to the feature being toggled off. We have shared this with Apple. This is not specific to T-Mobile.” 

    A Potential Future Showdown

    Hopefully all three carriers maintain their current stance. As The Verge points out, European carriers — including T-Mobile — have been campaigning against Private Relay, even asking the EU Commission to block the feature. The carriers claim it is “cutting off other networks and servers from accessing vital network data and metadata, including those operators in charge of the connectivity.”

    There’s two issues with the carriers’ actions:

    First, should the carriers succeed in convincing the EU Commission to block the feature, it’s a reasonable assumption that VPNs will likely be next on the chopping block, given that Private Relay offers many of the same benefits.

    Successfully blocking Private Relay — let alone if the carriers target VPNs next — will significantly undermine many users’ privacy and security online.

    Second, if the EU Commission gives in and blocks Private Relay, it will essentially confirm the right of companies to mine at least some datafrom paying customers, regardless of whether the customer agrees to it.

    As we have written about before, it’s one thing for the provider of a free service to mine data from their customers. Since they’re providing a service for free, profiting from the customer’s data is often the accepted trade-off.

    On the other hand, when a customer is paying for a service, there should be an expectation that’s where the transaction ends — the company provides a service in exchange for a fair amount of money, end of story.

    If the carriers are successful in their goals, it will set a dangerous precedent that will erode privacy for everyone.

  • New York Times: ‘Stop Paying for a VPN’

    New York Times: ‘Stop Paying for a VPN’

    Writing for the New York Times, Brian X. Chen makes the case that it’s time to stop paying for VPNs.

    Virtual private networks (VPN) are popular tools people use to protect their privacy online. Theoretically, a VPN masks a person’s activity by routing their traffic through the VPN’s network. As a result, it’s much more difficult for third parties to track a person’s movement online. The individual’s ISP can’t see what websites they’re visiting, and the websites can’t easily track their activity.

    Unfortunately, the world of VPNs can be among the most mysterious and opaque in the software industry. Many companies’ ownership is obscured, making it difficult for customers to have any real sense of accountability. Still others engage in activities and practices that are questionable at best — such as ExpressVPN knowingly hiring a former US intelligence operative that worked as a hacker-for-hire for the United Arab Emirates.

    Even worse, as Chen points out, a number of high-profile and popular VPN services have been purchased by shady companies. Kape Technologies is one such company, and has been accused of developing malware by Google and the University of California. Unfortunately, Kape has bought CyberGhost VPN, Zenmate and ExpressVPN, the latter a service that routinely receives high scores and recommendations from a slew of publications.

    Chen makes the case that the current state of the web, where the vast majority of websites are using HTTPS, makes VPNs unnecessary for most users. In addition, for Apple users, iCloud Private Relay is specifically designed to provide a layer privacy, although it doesn’t truly compete with a VPN.

    As Chen points out, there are some situations where a VPN is useful, specifically when a user needs to mask their location in order to access certain content.

    All-in-all, Chen’s piece is a thought-provoking look at an industry that, while once invaluable, may no longer be meeting the vast majority of its users’ needs.

  • ExpressVPN Linked to UAE Spy Ring, Company’s Integrity in Question

    ExpressVPN Linked to UAE Spy Ring, Company’s Integrity in Question

    ExpressVPN may be one of the most popular VPN options available, but some are calling for users to abandon it as its integrity is now in question.

    The US intelligence community was rocked by accusations that former operatives had turned mercenary-for-hire, working for the UAE to surveil the regime’s critics. Code-named “Project Raven,” the operatives’ efforts were not restricted within the UAE. Instead, Project Raven included surveillance of the regime’s critics around the world, including the US. The targets included activist and journalists.

    This revelation has roped in ExpressVPN, as one of those former intelligence operatives working as part of Project Raven included the company’s Chief Information Officer, Daniel Gericke. Some concluded that ExpressVPN was not aware of Gericke’s past when they hired him, but the company has said they were aware of that past — and hired him anyway.

    The news has not gone over well with the company’s critics or customers. In fact, Gizmodo has gone so far as to say customers should look for other options.

    ExpressVPN acknowledged how much it knew about Gericke’s past in a statement:

    When we hired Daniel in December 2019, we knew his background: 20 years in cybersecurity, first with the U.S. military and various government contractors, then with a U.S. company providing counter-terrorism intelligence services to the U.S. and its ally, the U.A.E., and finally with a U.A.E. company doing the same work. We did not know the details of any classified activities, nor of any investigation prior to its resolution this month.

    The investigation ExpressVPN mentions is one led by US prosecutors. A deal was reached in which the defendants, including Gericke, were able to avoid jail time in exchange for fines, cooperation and certain employment restrictions.

    ExpressVPN goes on to explain why it hired Gericke:

    To do that job effectively—to do it, as we believe, better than anyone else in our industry—requires harnessing all the firepower of our adversaries. The best goalkeepers are the ones trained by the best strikers. Someone steeped and seasoned in offense, as Daniel is, can offer insights into defense that are difficult, if not impossible, to come by elsewhere. That’s why there is a well-established precedent of companies in cybersecurity hiring talent from military or intelligence backgrounds.

    The company says its decision ultimately paid off:

    Since Daniel joined us, he has performed exactly the function that we hired him to do: He has consistently and continuously strengthened and reinforced the systems that allow us to deliver privacy and security to millions of people.

    Even if ExpressVPN was not aware of an active investigation into Gericke, it’s hard to imagine the company couldn’t see potential issues if they were aware of his past as they say they were.

  • Microsoft, Google and VPN Apps the Big Winners of Remote Work

    Microsoft, Google and VPN Apps the Big Winners of Remote Work

    Amid the pandemic-fueled transition to remote work, VPNs, Microsoft and Google apps are among the fastest-growing productivity apps.

    The transition to remote work has impacted virtually every industry, including the app industry. Remote workers have had to rely on phones and tablets more than ever, and that reliance has been a boon for productivity apps.

    According to the latest data from Apptopia, via Business Insider, the top 11 productivity apps are dominated by VPN apps, along with Google and Microsoft’s productivity offerings.

    The findings are not suprising, as Microsoft and Google have the two most popular productivity suites on the market. Similarly, maintaining security while working remotely has been a challenge for many companies, helping to explain the increased popularity of VPN apps.

  • Mozilla Expands VPN to Mac and Linux – Testing Included

    Mozilla Expands VPN to Mac and Linux – Testing Included

    Mozilla has been looking to expand its services and products beyond its Firefox web browser in an effort to diversify its profits. One of those endeavors is its VPN service that started life as a Firefox extension, before transitioning to a closed beta and then a publicly available service.

    The initial releases, however, only supported Windows, Android and iOS. The company has now expanded its support to include macOS and Linux, rounding out support for every major platform.

    Mozilla VPN currently offers service in the US, the UK, Canada, New Zealand, Singapore and Malaysia. This makes its focus far more narrow than competing services, such as ExpressVPN, although Mozilla says more countries will be added.

    Mozilla promises it doesn’t log network activity and doesn’t restrict bandwidth. Like many of its competitors, Mozilla VPN can be run on five different devices from a single account.

    The company has claimed that its service is faster than rivals because it uses less code. In our testing, however, those claims seem highly subjective, based on the selected VPN server.

    For example, starting with an internet connection that averages 35 to 40 Mbps, we connected to Mozilla VPN using the three closest available locations. Two of the locations yielded speeds ranging from 0.37 to 0.44 Mbps. The third location, Chicago, yielded speeds of 32 and 33 Mbps.

    Mozilla VPN Speed Tests
    Mozilla VPN Speed Tests

    While not comprehensive, our brief testing shows Mozilla still has some work to do before it rivals ExpressVPN, widely considered the fastest service available.

    Nonetheless, with Mozilla’s well-established reputation for protecting user privacy, their entry into the market is a welcome one.

  • FBI Warns of Increased Voice Phishing Attacks Over VoIP

    FBI Warns of Increased Voice Phishing Attacks Over VoIP

    The FBI is warning that cyber criminals are taking advantage of VoIP systems to target company employees in sophisticated voice phishing attacks.

    As the pandemic has forced unprecedented numbers of employees to work remotely, maintaining the same level of corporate security has become an issue. Cyber criminals are taking advantage of this by gaining access to VoIP systems and company chatrooms and then convincing employees to log into a fake VPNs in an effort to steal their credentials.

    The FBI issued an advisory to warn companies and help them mitigate the threat.

    As of December 2019, cyber criminals collaborated to target both US-based and international-based employees’ at large companies using social engineering techniques. The cyber criminals vished these employees through the use of VoIP platforms. Vishing attacks are voice phishing, which occurs during a phone call to users of VoIP platforms. During the phone calls, employees were tricked into logging into a phishing webpage in order to capture the employee’s username and password. After gaining access to the network, many cyber criminals found they had greater network access, including the ability to escalate privileges of the compromised employees’ accounts, thus allowing them to gain further access into the network often causing significant financial damage.

    In one instance, the cyber criminals found an employee via the company’s chatroom, and convinced the individual to log into the fake VPN page operated by the cyber criminals. The actors used these credentials to log into the company’s VPN and performed reconnaissance to locate someone with higher privileges. The cyber criminals were looking for employees who could perform username and e-mail changes and found an employee through a cloud-based payroll service. The cyber criminals used a chatroom messaging service to contact and phish this employee’s login credentials.

    The FBI recommends multiple mitigation steps, including enabling multi-factor authentication, starting new employees with minimal security privileges, actively scanning for unauthorized access or modifications, implementing network segmentation and giving administrators two accounts, one with admin privileges and the second for other duties.

  • Exposed Credentials Leave 100,000+ Zyxel Firewalls and VPNS Vulnerable

    Exposed Credentials Leave 100,000+ Zyxel Firewalls and VPNS Vulnerable

    A researcher at Dutch security firm EYE has discovered a critical vulnerability in Zyxel’s firewall and VPN gateways, as a result of exposed credentials.

    Zyxel sells a line of popular firewall and VPN gateway devices. Niels Teusink, a researcher with EYE, discovered a major issues that leaves over 100,000 devices vulnerable.

    When doing some research (rooting) on my Zyxel USG40, I was surprised to find a user account ‘zyfwp’ with a password hash in the latest firmware version (4.60 patch 0). The plaintext password was visible in one of the binaries on the system. I was even more surprised that this account seemed to work on both the SSH and web interface.

    Teusink goes on to highlight why this vulnerability is so dangerous.

    As the zyfwp user has admin privileges, this is a serious vulnerability. An attacker could completely compromise the confidentiality, integrity and availability of the device. Someone could for example change firewall settings to allow or block certain traffic. They could also intercept traffic or create VPN accounts to gain access to the network behind the device. Combined with a vulnerability like Zerologon this could be devastating to small and medium businesses.

    Teusink recommends updating to the latest firmware version immediately.

  • Ransomware Results In a Fatality In Germany

    Ransomware Results In a Fatality In Germany

    Ransomware has been a growing issue for years but, in a first, ransomware appears to have caused the death of a hospital patient.

    According to the BBC, a ransomware attack disabled Düsseldorf University Hospital in Germany. A female patient at the hospital was preparing for a life-saving procedure when the ransomware hit, and died when medical personnel were trying to transport her 30km away to the nearest hospital.

    It’s possible the hackers mistakenly targeted the hospital. The BBC quotes local reports saying the hackers were trying to hit another university. Those same reports say the hackers turned over the decryption keys without payment once they realized the hospital had been impacted.

    Whether the attack was intentional or not, authorities are now investigating it as a negligent homicide. Unfortunately, it also appears the attack could have been averted. The hackers used a well-known vulnerability in Citrix VPN software, a vulnerability that organizations had been warned about as early as January. If prosecutors do make their case, the hospital will likely face penalties for ignoring the danger.

    This tragedy should serve as a sobering reminder to companies of all kinds to keep up with security alerts and vulnerabilities, and keep their software and services up-to-date.

  • Mozilla’s Firefox VPN Now Available In Beta

    Mozilla’s Firefox VPN Now Available In Beta

    Mozilla’s standalone Firefox VPN service has entered beta and is available for Windows, Android and Chromebooks.

    Mozilla has emerged as one of the staunchest privacy advocates in corporate America, coming out in favor of the California Consumer Privacy Act (CCPA), vowing to extend its protections to all Firefox users. Similarly, Mozilla extended the protections offered by the EU’s GDPR to all users as well.

    Given its strong focus on privacy, it’s not surprising Mozilla has opted to offer VPN software. VPNs are critical components for journalists and political dissidents around the world, not to mention corporate use and anyone concerned with privacy.

    Mozilla is offering two varieties: one as a free browser extension and the other as a standalone service for $4.99/mo. The latter is what is now available in beta. Mozilla touts servers in 30+ countries and no browser or network monitoring or logging. The service can be used on five devices under a single account.

    The beta is currently available for Windows 10, Android and Chromebooks, with macOS, iOS and Linux coming soon.

  • EU Ramps Up Facebook Antitrust Inquiry

    EU Ramps Up Facebook Antitrust Inquiry

    European Union (EU) investigators are ramping up their antitrust inquiry into Facebook’s data practices, according to The Wall Street Journal.

    The EU’s investigators have been requesting “documents related to allegations by rival companies and politicians that Facebook leveraged access to its users’ data to stifle competition, rewarding partners and cutting off rivals, those people said.”

    One such example stems from how Facebook used VPN provider Onavo, which the company purchased in 2013. The WSJ reported in 2018 that Onavo was passing information about its users’ habits to Facebook, essentially serving as an early warning system for the social media giant. By providing information on what rival apps Onavo customers were using, Facebook could take action before those apps became a threat to Facebook’s business.

    According to the WSJ, the EU used a “law that allows for daily fines to punish noncompliance,” when requesting documents about how Facebook manages access to its user data. By using that law, the EU is tipping its hand that it doesn’t trust Facebook to comply with its requests unless it’s forced to do so. At the same time, by focusing on how Facebook manages data access, the EU’s investigation seems to be centering around these allegations of anticompetitive behavior.

    We will continue to provide updates as the story develops.

  • Don’t Snoop Me Bro Is Your Easy To Use Anti-NSA Device

    Privacy and anonymity on the Internet are no longer an expectation on the Internet. If you don’t want somebody snooping through your traffic, you have to work for it. Unfortunately, encrypting your connection through a VPN can sometimes be a little too complicated for your average user. That’s where Don’t Snoop Me Bro comes in.

    Don’t Snoop Me Bro, a startup out of Somerville, Massachusetts, recently announced their first product – the DSMB Tunnel. It’s a little red box that becomes an OpenVPN tunnel by simply turning a key. It’s billed as the easiest way possible to ensure your anonymity online.

    So, how does this all work? It works just like any other VPN service, but with the added benefit of having the hardware automatically encrypt your traffic so you don’t have to. As an added benefit, the DMSB Tunnel comes with a year of free VPN service with endpoints expected to be available in the following countries: UK, Germany, The Netherlands, Switzerland, South Africa, US, Russia, Ukraine, Thailand, Singapore, Hong Kong, Japan, Brazil, Chile and Mexico.

    Encryption hardware isn’t exactly known for being cheap though. How much is all this going to cost you? The team’s goal is to be able to sell the DSMB Tunnel at $150. Right now, however, they’re running a special deal on their Indiegogo page that will net you a DSMB Tunnel for only $130.

    For more details on the DSMB Tunnel, check out the team’s promotional video:

    Don’t Snoop Me Bro Indiegogo Campaign from Don't Snoop Me Bro on Vimeo.

    Don’t Snoop Me Bro is just the latest company to emerge in the wake of the NSA revelations to promise anonymity online. In fact, John McAfee, creator of the McAfee anti-virus software, has been talking about a new start up called Future Tense that promises to deliver an Internet that “solves all of our security concerns.”

    [Image: Don’t Snoop Me Bro/Indiegogo]

  • VPN Interest Spikes After “Six Strikes” Goes Live

    It was pretty much a given that the Copyright Alert System, better known as “Six Strikes,” would increase the use of VPNs or proxies in the U.S. Still, it’s nice to confirm our assumptions, and a report released today does just that.

    TorrentFreak reports that interest in VPNs and proxies have increased dramatically over the last month as more people are now searching for ways to protect their BitTorrent transfers from the ever watchful, and quick to judge, eyes of the Internet police.

    The interest was judged on a selection of Google Search trends that reveal searches for terms like “BitTorrent Proxy,” “BitTorrent VPN,” and “VPN torrent” have all increased over the last few months. The biggest spike came at the end of February/beginning of March when the CAS went live, and mainstream media started reporting on it.

    Of coure, these trends are only indicative of people looking for information. Are the actual VPN providers seeing an increased interest in their products? Speaking to TorrentFreak, BeeVPN says that they have seen an increase in interest and are even starting to incorporate “six strikes” into their marketing campaigns.

    Like I said at the start, it was a given that VPNs would see a surge in popularity when the Copyright Alert System went live. What’s going to prove interesting is how the CCI responds to people trying to circumvent the system.

  • AT&T and IBM Announce a Cloud Service For Private Networks

    AT&T and IBM Announce a Cloud Service For Private Networks

    This week AT&T and IBM announced that they will be teaming up to provide a “network-enabled” cloud service for private networks. The product will be promoted to Fortune 1000 companies across the world as an option for companies that need both cloud solutions and a high level of security. The service will be offered starting in “early 2013.”

    AT&T’s virtual private networking and IBM’s SmartCloud Enterprise+ services will be combined for this new product. The companies claims that the product will tightly integrate the security protections of both. The goal is for customers to be able to quickly move data from their own data centers to the new cloud service. Those companies will then gain flexibility while still having secure data that can move between all types of devices, such as smartphones, tablets, and retail kiosks.

    “As more organizations realize that cloud can be secure, easily managed, and a key part of their business strategy, cloud will quickly evolve as a tool for innovation rather than just for infrastructure,” said Erich Clementi, senior vice president of IBM’s Global Technology Services division. “We believe this new service from two recognized leaders in cloud computing provides a compelling way for large organizations to exploit cloud’s transformational power.”

    The financial terms of the agreement between AT&T and IBM have not yet been released.