Jump to content
nsane.forums

Search the Community

Showing results for tags 'privacy'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Found 30 results

  1. Coalitions representing more than 670 companies and 240,000 members from the entertainment sector has written to Congress urging a strong response to the Facebook privacy fiasco. The groups, which include all the major Hollywood studios and key players from the music industry, are calling for Silicon Valley as a whole to be held accountable for whatever appears on their platforms. It has been a tumultuous few weeks for Facebook, and some would say quite rightly so. The company is a notorious harvester of personal information but last month’s Cambridge Analytica scandal really brought things to a head. With Facebook co-founder and Chief Executive Officer Mark Zuckerberg in the midst of a PR nightmare, last Tuesday the entrepreneur appeared before the Senate. A day later he faced a grilling from lawmakers, answering questions concerning the social networking giant’s problems with user privacy and how it responds to breaches. What practical measures Zuckerberg and his team will take to calm the storm are yet to unfold but the opportunity to broaden the attack on both Facebook and others in the user-generated content field is now being seized upon. Yes, privacy is the number one controversy at the moment but Facebook and others of its ilk need to step up and take responsibility for everything posted on their platforms. That’s the argument presented by the American Federation of Musicians, the Content Creators Coalition, CreativeFuture, and the Independent Film & Television Alliance, who together represent more than 650 entertainment industry companies and 240,000 members. CreativeFuture alone represents more than 500 companies, including all the big Hollywood studios and major players in the music industry. In letters sent to the Senate Committee on the Judiciary; the Senate Committee on Commerce, Science, and Transportation; and the House Energy and Commerce Committee, the coalitions urge Congress to not only ensure that Facebook gets its house in order, but that Google, Twitter, and similar platforms do so too. The letters begin with calls to protect user data and tackle the menace of fake news but given the nature of the coalitions and their entertainment industry members, it’s no surprise to see where this is heading. “In last week’s hearing, Mr. Zuckerberg stressed several times that Facebook must ‘take a broader view of our responsibility,’ acknowledging that it is ‘responsible for the content’ that appears on its service and must ‘take a more active view in policing the ecosystem’ it created,” the letter reads. “While most content on Facebook is not produced by Facebook, they are the publisher and distributor of immense amounts of content to billions around the world. It is worth noting that a lot of that content is posted without the consent of the people who created it, including those in the creative industries we represent.” The letter recalls Zuckerberg as characterizing Facebook’s failure to take a broader view of its responsibilities as a “big mistake” while noting he’s also promised change. However, the entertainment groups contend that the way the company has conducted itself – and the manner in which many Silicon Valley companies conduct themselves – is supported and encouraged by safe harbors and legal immunities that absolve internet platforms of accountability. “We agree that change needs to happen – but we must ask ourselves whether we can expect to see real change as long as these companies are allowed to continue to operate in a policy framework that prioritizes the growth of the internet over accountability and protects those that fail to act responsibly. We believe this question must be at the center of any action Congress takes in response to the recent failures,” the groups write. But while the Facebook fiasco has provided the opportunity for criticism, CreativeFuture and its colleagues see the problem from a much broader perspective. They suck in companies like Google, which is also criticized for shirking its responsibilities, largely because the law doesn’t compel it to act any differently. “Google, another major global platform that has long resisted meaningful accountability, also needs to step forward and endorse the broader view of responsibility expressed by Mr. Zuckerberg – as do many others,” they continue. “The real problem is not Facebook, or Mark Zuckerberg, regardless of how sincerely he seeks to own the ‘mistakes’ that led to the hearing last week. The problem is endemic in a system that applies a different set of rules to the internet and fails to impose ordinary norms of accountability on businesses that are built around monetizing other people’s personal information and content.” Noting that Congress has encouraged technology companies to prosper by using a “light hand” for the past several decades, the groups say their level of success now calls for a fresh approach and a heavier touch. “Facebook and Google are grown-ups – and it is time they behaved that way. If they will not act, then it is up to you and your colleagues in the House to take action and not let these platforms’ abuses continue to pile up,” they conclude. But with all that said, there is an interesting conflict that develops when presenting the solution to piracy in the context of a user privacy fiasco. In the EU, many of the companies involved in the coalitions above are calling for pre-emptive filters to prevent allegedly infringing content being uploaded to Facebook and YouTube. That means that all user uploads to such platforms will have to be opened and scanned to see what they contain before they’re allowed online. So, user privacy or pro-active anti-piracy filters? It might not be easy or even legal to achieve both. https://torrentfreak.com/facebook-privacy-fiasco-sees-congress-urged-on-anti-piracy-action-180420/
  2. The by default highly questionable set options concerning privacy and data protection in Windows 10 brought me to the idea for the development of this little program. Microsoft generously enables everybody to change the concerning settings, but hides them in countless menus, where a normal user does not want to search for! The program should therefore be a help, to display the available settings relatively clearly and to set the desired options if necessary. The primary focus is on settings for Windows 10 and its apps (for example the new browser "Edge"). The program will be expanded gradually, if possible and available, with the corresponding Windows 8.1 features in the future. W10Privacy is certainly no programming masterpiece, but meets my envisaged purpose. The software is still in an early development phase: suggestions and requests will be gladly accepted and considered, if necessary, in the further development! Manual/Instructions + Screenshots - EN Manual/Instructions + Screenshots - DE Changes in 3.1.0.0 (17.04.2018) - Add additional privacy settings, as well as a setting for the search function and Cortana - Supplement to the options "retrieve search suggestions and web results disable through Bing" and "disable Windows smart screen" for more Registry Keys. These setting have been set, these will be displayed, now with the new W10Privacy Version first as inactive. The settings are enable again. Removal of one of the two options regarding the refusal to grant the App access to the diagnostic functions ("_app_zugriff_diagnose"). Due to a typing error, the second setting was listed as a separate setting. Many thanks to Joachim for the hint! Homepage Download page Download SHA256-Hash: d892fa2ec007ad20c85c33edea60bf9e26aa8bf5416a98afaa6bd3389726f943 @Geez Portable Online - Mirror: First screen enter: 1523363058 Site: https://www.mirrorcreator.com Sharecode[?]: /files/1AG4NUKR/W10Privacy_Portable_x.x_Rev1_Multilingual_Online.exe_links
  3. In our series on privacy and security, we delve into true VPNs, secure and anonymizing web proxies, browser VPNs, and explain what to look for in a VPN service. Normally, a connection between your browser and a website passes from your browser to your computer, from your computer to your WiFi or home network (if you have one), from your home network to your Internet Service Provider (ISP), from your ISP to your country’s national Internet operators, from your country’s national Internet operators to the website’s country’s national Internet operators, from the website’s country’s national Internet operators to the website’s hosting provider, from the website’s hosting provider to the website. That is a lot of steps! In fact, the traffic can even pass through other countries on the way, depending on where in the world you and the website are located. No pretense of privacy on insecure connections With an insecure connection, anyone who controls or shares any part of that connection, can see the data that was sent over the connection – whether it’s someone else on your computer, network, your ISP, the operators of the various sections of the Internet along the way, your government and the governments of any countries along the way, the hosting provider, or anyone else who owns a website on the same host. It’s all visible. Data sent over secure connections When a website offers a secure connection (HTTPS URLs with valid certificates and high-grade encryption), and you make use of it, the data sent over the connection can only be seen by your browser and the website. Wait, is it that simple? Not really. In order to make the connection, the browser has to look up the website’s IP address using a DNS service, usually provided by your ISP. It then uses that IP address to make the connection. This means that anyone monitoring the connection will see the website’s domain being sent out in a DNS request, and can, therefore, work out what website you are connecting to, even if they cannot see what is being sent. Even if you are able to use a secure DNS service, when the browser connects to the website anyone monitoring the connection can see which IP address is being connected to, and can use a reverse DNS lookup to work out what website you are visiting. Enter VPNs When people use a VPN for browsing, it is normally because they want to do one of two very different things: Hide their network communication from other users of their local network, their ISP, or an oppressive authority. Hide their IP address from the website, for privacy reasons, or just to access a website which blocks access to connections from certain countries. In their purest form, VPNs offer a way to securely connect your computer to another network, such as your employer’s work network. When your computer tries to send data over the network, a VPN service on your computer encrypts the data, sends it over via the Internet to the destination VPN server, which sits on the network you want to connect to. It decrypts the network traffic and sends it over the destination network as if your computer had done it itself. The responses from the network are sent back to your computer in the same way. Anyone monitoring any other part of the connection along the way cannot see what was sent, or which computer on the destination network your computer was connecting to. Sounds good but is this what most VPN services actually do? The answer is “no.” This is where proxies come in. Proxy services explained A proxy is a service that makes requests to websites on behalf of your computer. The browser is set up to connect via the proxy. When the browser starts to load a website, it connects to the proxy in the same basic way that it would connect to a website, and makes its request. The proxy then makes the request to the website on behalf of the browser, and when the website responds, it sends the response back to the browser. This may appear to offer the privacy benefit of not allowing the website to see your IP address (appealing to the second group of users), but a regular proxy will, in fact, send your IP address to the website using the X-Forwarded-For header. After all, the proxy owners would not want to be blamed if you were to try to attack the website – this way, the website owners will know it was actually an attack coming from your IP address. Of course, you could also try to add a fake X-Forwarded-For header to your requests to try to pin the blame on someone else, but websites can use a list of known and trusted proxy addresses to determine if your X-Forwarded-For header is likely to be fake. Most proxies, known as HTTPS proxies, can also pass secure connections directly to the website unmodified since they cannot decrypt them without the website’s certificates. This allows HTTPS websites to be used through a proxy. A proxy may also try to decrypt the connection, but to do so, it must present a fake certificate – its own root certificate – to the browser, which the browser will recognize as untrusted, and show an error message in order to protect you from the interception. This is sometimes used for debugging websites, and when doing so, the person who is testing will need to accept the proxy’s certificate. It is also sometimes done by antivirus products so that they can scan the connection. Secure web proxies Secure web proxies allow the connection to be made to the proxy securely, even if the website being connected to is using an HTTP (or insecure HTTPS) connection. This has the privacy benefit of preventing other users of your local network from seeing the network data (appealing to the first group of users). They can see that you are connecting to a secure web proxy (though the connection really just looks like a secure website connection), but they cannot see what data is being sent over that connection. Of course, the website can still see the X-Forwarded-For header, so it will still know your IP address (undesirable for the second group of users). To be trustworthy, a secure web proxy also uses certificates to prove its identity, so you can know that you are connecting to the right secure web proxy – otherwise, someone could intercept your proxy connection, and present a fake secure web proxy, so that they could monitor your connection to it. Anonymising proxies An anonymizing proxy is basically just a proxy or secure web proxy that does not send the X-Forwarded-For header when connecting to websites. This means that the website cannot see your IP address, making you anonymous to the website (appealing to the second group of users). Some services also offer the option of intercepting the page to remove JavaScript and other unwanted content, but this means that you also must supply the proxy owner with any logins, and the proxy owner is able to see what you are doing, even on secure websites. It just swaps one privacy risk for another privacy risk. It would appear that an anonymizing secure web proxy would solve both cases at once, but it is not that simple, and there are many other things to consider, e.g. how your network and computer are set up. Your computer may also send out DNS requests when you connect to a website, CRL and OCSP requests when using website certificates (if CRLSet is not available), and the browser may also send out other requests, such as malware protection blacklist requests, or thumbnail requests. This is where a VPN can be better (but it is important to note that most are not). It also means that if a user uses the proxy to launch an attack, the proxy service will get the blame. To avoid this, the proxy owners may throttle connections, or require logins, and keep logs of connections, so that the correct person can be held accountable. This defeats the purpose for anyone trying to use the proxy for privacy. What to look out for in a VPN service In most cases, VPN services are nothing more than an anonymizing secure web proxy labeled as “VPN”. They often claim that they “secure website connections” or “encrypt your website connections”. Neither of these are true but many companies resort to phrases like these to keep up with the competition. A VPN service of this kind cannot possibly secure a connection to a website, because it only controls part of that connection. In other words, the VPN is not being used as a pure VPN, it is being used as a proxy. While the connection passes securely between your browser and the VPN server, it then has to leave the VPN server’s network and return to the Internet in order to connect to the website. The website connection is just as insecure (or secure if it uses HTTPS) as it’s always been. The connection could still be intercepted during the second half of its journey. All the VPN can do in this case, is to add a little privacy over part of the connection. In addition, secure (HTTPS) connections are about a lot more than just encryption. They also provide assurances that the connection goes to a website that owns a trusted certificate which proves that nobody has intercepted the connection and presented a fake copy of the website. A VPN cannot alter that, and it cannot turn an insecure connection into a secure connection. Without the certificate handling, even a completely encrypted connection is not secure. Enhancing privacy When talking about VPNs, we desperately need to move away from using “secure” and start talking about enhancing privacy, because that is what a secure web proxy or VPN-as-a-proxy actually does. In theory, a VPN-as-a-proxy would not need to be anonymizing, but in practice they almost all are. The biggest difference between a secure web proxy and a VPN-as-a-proxy is that the VPN – when using a proper VPN service on the computer – can capture all relevant traffic, not just the traffic initiated by the browser. A VPN can also capture the DNS, OCSP, CRL, and any other stray traffic generated by the browser which may not relate to the website connection itself (such as malware protection checks). In some cases, the browser may be able to reduce the amount of these when using a secure web proxy, such as making its own DNS requests, but there are still cases which cannot be reliably captured on all systems. Therefore a VPN-as-a-proxy is better than a secure web proxy which is pretending to be a VPN. Browser VPNs If a browser application offers a feature, or an extension, that claims to be a VPN that works just for that single application, it is a good sign that it is not actually a VPN but an anonymizing secure web proxy. This doesn’t make it bad, it just means that it’s likely to have limitations that prevent it from capturing all traffic related to the connection. It may not capture DNS traffic (but in some cases, it can, depending on the implementation). It may not capture certificate revocation checks made by the system. This means that although it may hide the majority of the traffic, it might still allow little bits of information to get past the proxy, and someone who is monitoring the network traffic from your computer might still be able to work out what websites you are visiting – an important privacy consideration if you belong to the first group of users. A VPN-as-a-proxy is much better in this case as it captures all traffic from the computer. This does mean that you would not have the same choice; either all traffic from all applications goes through the VPN, or nothing does. You cannot just have the traffic from a single application go through the VPN. However, both an anonymizing VPN-as-a-proxy and an anonymizing secure web proxy can be quite effective at hiding your IP address from the website, so the second group of users can be well covered. Other tips Disable any plug-ins which might reveal your IP address via other means. In Vivaldi, disable broadcasting of your local IP address with WebRTC (Settings – Privacy – WebRTC IP Handling – Broadcast IP for Best WebRTC Performance). Use a clean profile or private browsing mode, to remove any existing cookies or cached files that can be used for identification. Stay tuned for more tips in our series on privacy and security. < Here >
  4. The by default highly questionable set options concerning privacy and data protection in Windows 10 brought me to the idea for the development of this little program. Microsoft generously enables everybody to change the concerning settings, but hides them in countless menus, where a normal user does not want to search for! The program should therefore be a help, to display the available settings relatively clearly and to set the desired options if necessary. The primary focus is on settings for Windows 10 and its apps (for example the new browser "Edge"). The program will be expanded gradually, if possible and available, with the corresponding Windows 8.1 features in the future. W10Privacy is certainly no programming masterpiece, but meets my envisaged purpose. The software is still in an early development phase: suggestions and requests will be gladly accepted and considered, if necessary, in the further development! Manual/Instructions + Screenshots - EN Manual/Instructions + Screenshots - DE Changes in 3.0.0.0 (10.04.2018) - Add additional options for Windows 10, 1803, and the adjustment of existing settings, so that these are to be formally published Version compatible. - Add additional options, which versions are in some cases also for older Windows valid. - All App-related settings are now found in the newly created "Apps". - small improvements Homepage Download page Download SHA256-Hash: 4a531da2f9b0c97fc0aad4bdef2106b51889a8407e2478915467b5b1c7e6060a @Geez Portable Online - Mirror: First screen enter: 1523363058 Site: https://www.mirrorcreator.com Sharecode[?]: /files/1AG4NUKR/W10Privacy_Portable_x.x_Rev1_Multilingual_Online.exe_links
  5. Avast Secure Browser 64.0.388.186 Avast Secure Browser is an updated version of the Avast SafeZone browser. It's a 32-bit Chrome knife: Browser includes a Security and Privacy Center where you can select a set of inbuild tools and features to protect your online activities: - stealth mode - anti-fingerprinting - anti-phishing - anti-tracking - https encryption - password manager - extension guard - privacy cleaner - flash blocker Other functions: - Video Downloader allows you to save any video and audio files in one click Optional: - Avast Free Antivirus - Banking mode (Avast Free Antivirus is required) - SecureLine VPN (requires the installation of Avast SecureLine VPN) Homepage: https://www.avast.com/en-gb/secure-browser Download installer for Win 7, 8, 10, 2.5 MB: https://cdn-download.avastbrowser.com/avast/avast_secure_browser_setup.exe
  6. A few tools to help you surf the web privately In the aftermath of Facebook’s Cambridge Analytica scandal, now might be a good time to take care of the data that is being harvested thru your browser when you surf the web. Below is a non-exhaustive list of the tools I use when surfing the web that help make my online experience more secure. Let me know if you use any others you think are important — I’m happy to add them. Browser — watching over your shoulder If you are not entirely comfortable with the Google Privacy White Paper, there are plenty of options: Firefox Quantum, Brave and Chromium, and Firefox Focus (for mobile). If you are worried about losing speed, WIRED says Firefox Quantum is faster than Chrome: You have no reason not to switch — unless you don’t care about your private life. By the way, you can check to see what Google knows about you in “My Activity.” Search Engine — it is like your BBF: you tell them everything. Q: Would you show your mom everything you type in your search engine? A: I would not. Remember: companies leak data — and we give a lot of data to companies. Below is an example of what you give to Google when you use their search engine: Source: Google And if you you sign up for an account — and remain logged in — they collect the following: Source: Google Even Apple collects data through Safari to gather user’s habits. Again, why should you care about the data collected through your browser? Information profiles build up — and sometimes data leaks. The bad news is that those leaks are becoming ubiquitous. Check out the graphic below, and keep scrolling down — I’ll see you at the bottom: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ I think you can safely assume that your personal data will be leaked at some point in your life. Google has leaked data in the past. Imagine for a sec, if you can, the whole data set that Google has (owns?) about you. Actually, back in the day, AOL leaked the data of 650,000 users. An AOL user who discussed the leak with a reporter at the time said: So, which search engine can you use instead? DuckDuckGo has done a fantastic job over the last few years. I have also tried Ixquick and Qwant in the past. https://duckduckgo.com/traffic A few more tips to protect your search privacy: 1. Don’t put personally identifying information in your search terms 2. Don’t use your ISP’s search engine 3. Don’t login to your search engine or related tools 4. Block “cookies” from your search engine 5. Vary your IP address (intermediate) 6. Use web proxies and anonymizing software like Tor (advanced) What about the rest of your browser? Browser extensions A tremendous part of your online life goes thru your browser. You should set it up right. HTTPS everywhere I use HTTPS everywhere to encrypt all my traffic. For you to understand why you should encrypt your traffic, take a look at Eric Butler’s Firesheep — from a WIRED article in 2010: That is why you should encrypt your traffic. Now, on to the next one. Privacy Badger by Electronic Frontier Foundation What is it? Fair enough, and you might already be using an ad blocker, right? Like Disconnect, Adblock Plus, or Ghostery? And you might be wondering: why use Privacy Badger instead if it does not block all ads? From the Electronic Frontier Foundation team who built Privacy Badger: A note: Electronic Frontier Foundation’s founder John Perry Barlow passed away last month. If you still haven’t read his beautiful and visionary memorandum on the web: here it is. Back to extensions — last but not least: DuckDuckGo’s browser extension— Black Mirror for websites It does a few things and has some overlap with the above extensions. But above all, its Privacy Grade shows how a website can be trusted — it is like Black Mirror for websites. Here is Medium’s grade, for instance: Not too bad — but I think you can do better, Medium Staff. Drum roll — and just because we are in the midst of Facebook’s Cambridge Analytica scandal: Boom. Worst grade. Well done Facebook. I guess you can #DeleteFacebook. (Interestingly, you’ll note that no tracker tracks you while you are on Facebook’s website.) I hope this post was useful and will allow you to practice more secure web browsing! Thanks for reading. Source
  7. Some cybersecurity experts and regular users were surprised to learn about a Chrome tool that scans Windows computers for malware. But there’s no reason to freak out about it. The browser you likely use to read this article scans practically all files on your Windows computer. And you probably had no idea until you read this. Don’t worry, you’re not the only one. Last year, Google announced some upgrades to Chrome, by far the world’s most used browser—and the one security pros often recommend. The company promised to make internet surfing on Windows computers even “cleaner” and “safer ” adding what The Verge called “basic antivirus features.” What Google did was improve something called Chrome Cleanup Tool for Windows users, using software from cybersecurity and antivirus company ESET. Tensions around the issue of digital privacy are understandably high following Facebook's Cambridge Analytica scandal, but as far as we can tell there is no reason to worry here, and what Google is doing is above board. In practice, Chome on Windows looks through your computer in search of malware that targets the Chrome browser itself using ESET’s antivirus engine. If it finds some suspected malware, it sends metadata of the file where the malware is stored, and some system information, to Google. Then, it asks you to for permission to remove the suspected malicious file. (You can opt-out of sending information to Google by deselecting the “Report details to Google” checkbox.) Last week, Kelly Shortridge, who works at cybersecurity startup SecurityScorecard, noticed that Chrome was scanning files in the Documents folder of her Windows computer. “In the current climate, it really shocked me that Google would so quietly roll out this feature without publicizing more detailed supporting documentation—even just to preemptively ease speculation,” Shortridge told me in an online chat. “Their intentions are clearly security-minded, but the lack of explicit consent and transparency seems to violate their own criteria of ‘user-friendly software’ that informs the policy for Chrome Cleanup [Tool].” Her tweet got a lot of attention and caused other people in the infosec community—as well as average users such as me—to scratch their heads. “Nobody likes surprises,” Haroon Meer, the founder at security consulting firm Thinkst, told me in an online chat. “When people fear a big brother, and tech behemoths going too far...a browser touching files it has no business to touch is going to set off alarm bells.” Now, to be clear, this doesn’t mean Google can, for example, see photos you store on your windows machine. According to Google, the goal of Chrome Cleanup Tool is to make sure malware doesn’t mess up with Chrome on your computer by installing dangerous extensions, or putting ads where they’re not supposed to be. As the head of Google Chrome security Justin Schuh explained on Twitter, the tool’s “sole purpose is to detect and remove unwanted software manipulating Chrome.” Moreover, he added, the tool only runs weekly, it only has normal user privileges (meaning it can’t go too deep into the system), is “sandboxed” (meaning its code is isolated from other programs), and users have to explicitly click on that box screenshotted above to remove the files and “cleanup.” In other words, Chrome Cleanup Tool is less invasive than a regular “cloud” antivirus that scans your whole computer (including its more sensitive parts such as the kernel) and uploads some data to the antivirus company’s servers. But as Johns Hopkins professor Matthew Green put it, most people “are just a little creeped out that Chrome started poking through their underwear drawer without asking.” That’s the problem here: most users of an internet browser probably don’t expect it to scan and remove files on their computers. When reached out for comment, a Google spokesperson redirected me to the blog post from last year and Schuh’s tweets. A section in Chrome’s Privacy Whitepaper explains that “Chrome periodically scans your device to detect potentially unwanted software.” That exact language has been there since at least January of 2017, according to archived versions of the whitepaper. And similar language (“Chrome scans your computer periodically for the sole purpose of detecting potentially unwanted software”) has been there for even longer. Martijn Grooten, the editor of Virus Bulletin and organizer of one of the premiere antivirus conferences in the world, told me in a Twitter chat that the behavior of the Chrome Cleanup Tool was “sensible.” “For almost all users, this seems really harmless, and for those who are extremely concerned about Google seeing some metadata, maybe they shouldn't be running Google's browser in the first place,” he said. This story has been updated to include a quote from Kelly Shortridge. Source
  8. Facebook has been collecting call records and SMS data from Android devices for years. Several Twitter users have reported finding months or years of call history data in their downloadable Facebook data file. A number of Facebook users have been spooked by the recent Cambridge Analytica privacy scandal, prompting them to download all the data that Facebook stores on their account. The results have been alarming for some. “Oh wow my deleted Facebook Zip file contains info on every single phone cellphone call and text I made for about a year,” says ‏Twitter user Mat Johnson. Another, Dylan McKay, says “somehow it has my entire call history with my partner’s mum.” Others have found a similar pattern where it appears close contacts, like family members, are the only ones tracked in Facebook’s call records. Ars Technica reports that Facebook has been requesting access to contacts, SMS data, and call history on Android devices to improve its friend recommendation algorithm and distinguish between business contacts and your true personal friendships. Facebook appears to be gathering this data through its Messenger application, which often prompts Android users to take over as the default SMS client. Facebook has, at least recently, been offering an opt-in prompt that prods users with a big blue button to “continuously upload” contact data, including call and text history. It’s not clear when this prompt started appearing in relation to the historical data gathering, and whether it has simply been opt-in the whole time. Either way, it’s clearly alarmed some who have found call history data stored on Facebook’s servers. FACEBOOK HASN’T BEEN ABLE TO COLLECT THIS DATA ON IPHONES THANKS TO APPLE’S PRIVACY CONTROLS While the recent prompts make it clear, Ars Technica points out the troubling aspect that Facebook has been doing this for years, during a time when Android permissions were a lot less strict. Google changed Android permissions to make them more clear and granular, but developers could bypass this and continue accessing call and SMS data until Google deprecated the old Android API in October. It’s not yet clear if these prompts have been in place in the past. Facebook has responded to the findings, but the company appears to suggest it’s normal for apps to access your phone call history when you upload contacts to social apps. “The most important part of apps and services that help you make connections is to make it easy to find the people you want to connect with,” says a Facebook spokesperson, in response to a query from Ars Technica. “So, the first time you sign in on your phone to a messaging or social app, it’s a widely used practice to begin by uploading your phone contacts.” The same call record and SMS data collection has not yet been discovered on iOS devices. While Apple does allow some specialist apps to access this data in limited ways like blocking spam calls or texts, these apps have to be specifically enabled through a process that’s similar to enabling third-party keyboards. The majority of iOS apps cannot access call history or SMS messages, and Facebook’s iOS app is not able to capture this data on an iPhone. Facebook may need to answer some additional questions on this data collection, especially around when it started and whether Android users truly understood what data they were allowing Facebook to collect when they agreed to enable phone and SMS access in an Android permissions dialogue box or Facebook’s own prompt. The data collection revelations come in the same week Facebook has been dealing with the fall out from Cambridge Analytica obtaining personal information from up to 50 million Facebook users. Facebook has altered its privacy controls in recent years to prevent such an event occurring again, but the company is facing a backlash of criticism over the inadequate privacy controls that allowed this to happen. CEO Mark Zuckerberg has also been summoned to explain how data was taken without users’ consent to a UK Parliamentary committee. Source
  9. Lumen Privacy Monitor is a free application for Google Android that monitors connections that applications make on a device it runs on to uncover communication with tracking servers and data collecting. Created as an academic research project, Lumen Privacy Monitor provided the researchers with a large set of data to analyze. The results were published in the paper "Apps, Trackers, Privacy, and Regulators A Global Study of the Mobile Tracking Ecosystem" (access PDF here). One of the key findings was that the research team managed to identify 233 new trackers that were not listed on popular advertising and tracking blocklists. Lumen Privacy Monitor Android users need to have a strong stomach during installation and on first run: the app requires lots of permissions, needs to install a root certificate, will monitor encrypted and normal traffic by default, and send anonymized data to the researchers. The application requires access to personal data on the device to determine leaks. The researchers note that personal data is never submitted. Still, the application is not open source and it is clear that the privileges that it requests are cause for concern. If you give permissions to the app, install the root certificate and flip the monitoring switch to on, you will get detailed reports about application activity and leaks. Lumen Privacy Monitors monitors apps while it runs. The main interface displays the three tabs leaks, apps and traffic. Leaks display personal or device information that apps may leak. A severity rating is Apps lists all applications that the monitoring app picked up with options to display a detailed report about individual apps. Traffic offers an overview of the analyzed traffic. It includes information about HTTPS and other connections, bandwidth, and the overhead that ads and analytics scripts and connections cause. Apps The Apps group is probably the most interesting as it reveals important information to you. A tap on a monitored application displays interesting information such as the list of domains the application tried to establish connections to, the number of trackers and the overhead caused by them, leaks and traffic overviews, and the list of requested permissions. The list of connections is certainly useful as you can determine whether these connections appear to be valid or not. While you may need to research domains before you understand why the application may want to connect to it, you'd quickly find out if an app connects to tracking servers or makes other unwanted connections. The list of permissions includes risk assessments for each permission which you may use to determine whether to keep an application installed or remove it. Closing Words What I like particularly about Lumen Privacy Monitor is that it reveals the overhead that ads and tracker connections cause, the connections an app makes, and the data leaks of applications. It would be better if the researchers would consider releasing the application as open source to address concerns about the application's wide-reaching permission requests and installation of a root certificate. What you do with the information is entirely up to you. You could consider removing applications or install apps that block connections to trackers to prevent data leaks. Ghacks.net
  10. Best VPN 2018

    Best VPN 2018 February 24, 2018 by Sven Taylor With all the alarming developments in mass surveillance, ISP spying, online censorship, and content restrictions, you are probably looking for the best VPN to stay safe online. But be careful! To find the best VPN, you’ll need to watch out for VPN scams, VPNs that lie about logs (PureVPN), VPNs that leak IP addresses (VPN Unlimited), and even malicious VPNs with hidden tracking libraries (Betternet). So tread carefully my friends. The rankings of the best VPN services below are based on extensive test results to check for IP address leaks, DNS leaks, connection issues, app performance, reliability, speed, and whether the features work correctly. Additionally, I also considered company policies, jurisdiction, logging practices, and the trustworthiness of the provider. Best VPNs 2018 Now we will take a deep dive into the top five best VPN services for 2018, discussing the pros, cons, features, and testing results for every provider. ExpressVPN ExpressVPN is a trusted and highly-recommended service that remains one of the best all-around VPNs on the market. It is based in the British Virgin Islands and offers a great lineup of applications for all devices. Extensive testing for the ExpressVPN review found the apps to be very secure, with exceptional performance throughout the server network. ExpressVPN is also a service that continues to get better. In the past six months they have made significant improvements to their apps to protect users against rare leak scenarios. These efforts culminated in the public release of their leak testing tools, which can be used to test any VPN for flaws/failures (open source and available on GitHub). ExpressVPN’s logging policies (only anonymized stats) were recently put to the test when authorities in Turkey seized one of their servers to obtain user data. But no customer data was affected as authorities were not able to obtain any logs (further explained here). This event showed that ExpressVPN remains true to its core mission of protecting customer privacy and data. ExpressVPN is also one of the best VPN providers you will find for streaming. Whether you are using a VPN with Kodi or streaming Netflix with a VPN, ExpressVPN offers applications to support all devices as well as a high-bandwidth network with great performance. Their support is also superb, with 24/7 live chat assistance and a 30 day money-back guarantee. Exclusive discount – ExpressVPN is currently offering an exclusive 49% discount on select plans, which reduces the monthly rate down to $6.67 (the non-discount price is $8.32 per month). ExpressVPN Windows client. + Pros User-friendly and reliable apps Exceptional speeds throughout the server network 30 day money-back guarantee Split tunneling feature (for Mac OS, Windows, and routers) Great for Netflix and other streaming services Strong encryption and leak protection settings 24/7 live chat support – Cons Apps collect anonymized connection stats, but users can opt out (IP addresses not logged) Perfect Privacy After testing out many different VPN services, Perfect Privacy holds the top spot as the best VPN for advanced online anonymity. You may have never heard of Perfect Privacy because they largely ignore marketing and instead focus on providing a high quality, privacy-focused service with very advanced features. Nonetheless, this is a well-respected VPN provider that has earned high praise from the tech community for exposing massive vulnerabilities with other VPNs. Their network is composed entirely of dedicated servers that provide you with fast speeds, great reliability, and plenty of bandwidth at all times (you can see real-time server bandwidth here). They have also passed real-world tests when two of their servers were seized by Dutch authorities last year. However, no customer data was affected due to no logs and all servers operating in RAM disk mode with nothing being saved on the server. For features they offer multi-hop VPN chains, advanced firewall configuration options (DNS and IP leak protection), port forwarding, NeuroRouting, Socks5 and Squid proxies, obfuscation features to defeat VPN blocking (Stealth VPN), and a customizable TrackStop feature to block tracking, malware, advertising and social media domains. They also give you an unlimited number of device connections and offer full IPv6 support (giving you both an IPv4 and IPv6 address). While Perfect Privacy offers very advanced features that you won’t find anywhere else, it also comes with a Swiss price tag at €8.95 per month. Additionally, these advanced features may be overkill for some users, especially if you are new to VPNs. Nonetheless, for those seeking the highest levels of online anonymity, security, and overall performance, Perfect Privacy is a solid choice. The Perfect Privacy Windows client, using a four-hop VPN cascade. + Pros Unlimited number of device connections Multi-hop VPN chains, up to 4 servers (self-configurable) NeuroRouting (dynamic, server-side multi-hop that can be used with all devices) Absolutely no logs without any restrictions Dedicated servers operating only in RAM disk mode Full IPv6 support (provides both IPv4 and IPv6 addresses) Customizable firewall/port-forwarding options TrackStop advertisement, tracking, and malware blocker – Cons Higher price Full VPN Manager client not available for Mac OS (but BETA client available, along with other installation options) VPN.ac VPN.ac is Romania-based VPN service with excellent overall quality for a very reasonable price. It was created by a team of network security professionals with a focus on security, strong encryption, and high-quality applications. Their VPN network is composed entirely of dedicated servers with secure, self-hosted DNS. VPN.ac’s server network provides you with great speeds and reliability (see the review for details). Performance is maximized with reliable applications and excellent bandwidth on their network at all times. (You can see their real-time bandwidth stats by selecting VPN Nodes Status at the top of the website.) For a lower-priced VPN service, VPN.ac offers an impressive lineup of features: maximum encryption strength, obfuscation features, double-hop VPN server configurations, and a secure proxy browser extension. All support inquiries are handled internally by the network security professionals who built the infrastructure. The one drawback I found is that VPN.ac maintains connection logs – but all data is erased daily. , which they clearly explain on their website. When you consider everything in relation to the price, this is one of the best values you’ll find for a premium VPN service. The VPN.ac Windows client, using a double-hop configuration. + Pros High-security VPN server network (dedicated servers, with self-hosted encrypted DNS) Excellent speeds with lots of available bandwidth Multi-hop (double VPN) server configurations Obfuscation features – Cons Advanced encryption (7 available protocols) Low price for a very advanced VPN (good value) Connection logs (no activity, erased daily) NordVPN NordVPN is a popular no logs VPN service based in Panama. Just like with ExpressVPN, NordVPN is a service that has made significant improvements over the past year. It performed well in testing for the latest update to the NordVPN review. The NordVPN apps have undergone some great updates to further protect users against the possibility of data leaks, while also adding a newly-improved kill switch to block all non-VPN traffic. As another improvement, NordVPN has rolled out a CyberSec feature that blocks advertisements, tracking, and malicious domains. And finally, NordVPN continues to work with Netflix and other streaming services. NordVPN is a great choice for privacy-focused users. Aside from the Panama jurisdiction and no-logs policies, NordVPN also provides advanced online anonymity features. These include double-hop server configurations, Tor-over-VPN servers, and also a lineup of obfuscated servers to conceal VPN traffic. NordVPN’s customer service is also top-notch. They provide 24/7 live chat support directly through their website, and all plans come with a 30 day money-back guarantee. NordVPN discount – NordVPN is currently offering a massive 77% discount on select plans, which drops the monthly rate down to only $2.75. (This is significantly cheaper than their standard rate with the annual plan at $5.75 per month.) The NordVPN Windows client. + Pros User-friendly apps 30 day money-back guarantee Multi-hop (double VPN) server configurations 24/7 live chat support No logs Competitive price Ad blocking feature – Cons Variable speeds with some servers VPNArea VPNArea is not the biggest name in the VPN industry, but this Bulgaria-based provider did well in testing for the review. They take customer privacy very seriously, with a strict no logs policy, good privacy features, and Switzerland hosting for business operations. Being based in Bulgaria, they do not fall under data-retention or copyright violation laws, which further protects their users. Aside from being a privacy-focused service, VPNArea also offers numerous servers that are optimized for streaming and torrenting. It continues to work well with Netflix, BBC iPlayer, Amazon Prime, Hulu and others. Torrenting and P2P downloads are allowed without any restrictions. They continue to improve their service with new features, including obfuscation (Stunnel) and ad-blocking through their self-hosted DNS servers. VPNArea is also one of the few VPNs that offer dedicated IP addresses. VPNArea Windows client. + Pros Competitive price No logs Great for streaming and torrenting Ad-blocking DNS servers 6 simultaneous connections (which can be shared with others) Dedicated IP addresses available – Cons Apps are somewhat busy DNS leak protection must be manually configured # # # Considerations for finding the best VPN As we already discussed, choosing the best VPN all boils down to determining which factors you consider the most important. In other words, it’s a very subjective process. Here are seven important factors to consider: Test results – How well does the VPN perform in testing? This includes both performance testing (speed and reliability) and leak testing (IP leaks and DNS leaks). Privacy jurisdiction – Where the VPN is legally based affects customer privacy. Many people avoid VPNs based in the US and other surveillance countries for this reason. For more of a discussion on this topic, see the guide on Five Eyes / 14 Eyes and VPNs. Server network – Three considerations when examining VPN servers are quality, locations, and bandwidth. Some VPNs prioritize server quality, while others prioritize locations. Also, see if you can find a real-time server status page to get an idea of available bandwidth, which will indicate performance. Privacy features – One good privacy feature for more online anonymity is a multi-hop VPN configuration. This will encrypt your traffic across two or more servers, offering more protection against surveillance and targeted monitoring. Operating system – Be sure to check out if the VPN you are considering supports the operating system you will be using. Obfuscation – Obfuscation is a key feature if you are using a VPN in China or anywhere that VPNs may be blocked. Obfuscation is also key for school and work networks that may restrict VPN use. Company policies – It’s always good to read through the company policies to see if it’s a good fit. Privacy policies, refund policies, and torrenting policies are all good to consider before signing up. There are many other factors you may want to consider when selecting the best VPN – but this is a good starting point. Best VPN speed and performance Many people are wondering how to achieve the best VPN speed. Others are wondering which VPNs are fastest. If you are using a good VPN service, you really shouldn’t notice a huge reduction in speed. Of course, the extra work that goes into encrypting/decrypting your traffic across VPN servers will affect speed, but usually it’s not noticeable. To optimize your VPN speed and achieve better performance, here are some factors to consider: Internet service provider interference – Some ISPs interfere with or throttle VPN connections. This seems to be a growing problem. Solution: use a VPN with obfuscation features, which will conceal the VPN traffic as HTTPS. (Perfect Privacy with Stealth VPN, VPN.ac with the XOR protocol, and VyprVPN with the Chameleon protocol are all good options.) High latency – You can generally expect slower speeds when you connect to servers further from your location. Using multi-hop VPN configurations will also increase latency and slow things down. Solution: Use servers closer to your location. If you utilize a multi-hop VPN chain, select nearby servers to minimize latency. Server congestion – Many of the larger VPN services oversell their servers, resulting in congestion, minimal bandwidth, dropped connections, and slow speeds. All of the recommendations on this page performed well in testing and offer adequate bandwidth for good speed. For example, see the Perfect Privacy server page and the VPN.ac server page (VPN Nodes Status at the top). Antivirus or firewall software – Antivirus and third-party firewall software often interfere with and slows down VPNs. Some software will implement their firewall on top of the default (operating system) firewall, which slows everything down. Solution: Disable the third-party firewall, or add an exception/rule for the VPN software. WiFi interference – WiFi interference or problems are unrelated to the VPN, but it can make a difference in overall speed. Solution: It may not be convenient, but using a wired connection will improve speed and security. Processing power – Many devices don’t do well with the extra processing power that is needed for VPN encryption/decryption. This is especially the case with older computers, routers, and mobile devices. Solution: Switch devices or upgrade to a faster processor (higher CPU). Network setup – Some networks do not work well with certain VPN protocols. Solution: The best solution is to experiment with different VPN protocols and/or ports (OpenVPN UDP / TCP / ECC / XOR, IPSec, etc.). Some VPN providers also allow you to modify MTU size, which may improve speed. To achieve the best VPN speed possible, it’s a good idea to experiment with the different variables. Assuming the servers are not overloaded with users, the two main ways to optimize performance are choosing a nearby server with low latency and selecting the right protocol. As mentioned above, the best protocol may vary depending on your unique situation. Best VPN services for streaming Many people who enjoy streaming are turning to VPNs to unlock content that is blocked or restricted and also gain a higher level of privacy. As mentioned above, the best all-around VPN for streaming is ExpressVPN because it always works with Netflix and other streaming services, it offers a huge lineup of apps, and the customer support is great. Another solid choice for streaming is VPNArea. Using a VPN with Netflix will allow you to access all the content you want wherever you are located in the world. Below I am accessing US Netflix from my location in Europe, using an ExpressVPN server in Washington, D.C. VPNs to avoid in 2018 There are a lot of different VPNs on the market – so it’s a good idea to consider your choices carefully. The problem, however, is that the internet is full of disinformation concerning VPNs. Large sites are often paid lots of money to promote inferior services. But this is no secret. With that being said, here are some important details that many of the larger websites are hiding from their readers: PureVPN – PureVPN is recommended by some big websites, but there are many red flags. When testing everything for the PureVPN review, I found IPv4 leaks, IPv6 leaks, DNS leaks, broken features (kill switch) and a host of other speed and connection problems. Also concerning, I learned that PureVPN was caught logging user data and handing this information over to US authorities – all despite having a “zero log policy” and promising to protect user privacy. Betternet – Betternet is a Canada-based provider that is known for offering a free VPN service. Unfortunately, when I tested everything for the Betternet review I found the service to leak IP addresses (both IPv4 and IPv6) as well as and DNS requests. An academic research paper also listed Betternet as #4 on the Top 10 most malware-infected Android VPN apps, while also embedding tracking libraries in their apps. Scary stuff, considering that VPNs are supposed to provide privacy and security (but that’s why you don’t use a free VPN). Betternet’s Android VPN app tested positive for malware by 13 different antivirus tools (AV-rank 13) !!! Hotspot Shield – Hotspot Shield is another troublesome VPN service with a well-documented history or problems. Hotspot Shield VPN was directly identified in a research paper for “actively injecting JavaScript codes using iframes for advertising and tracking purposes” with their Android VPN app. The same study also found a large presence of tracking libraries in the VPN app’s source code. Hotspot Shield was also in the news for a critical flaw in their VPN app which reveals the user’s identity and location. Hidemyass – HideMyAss is a UK-based VPN provider with a troubling history. Despite promising to protect user privacy, HideMyAss was found to be turning over customer data to law enforcement agencies around the world. VPN Unlimited – Extensive testing of the VPN Unlimited apps identified numerous leaks. This screenshot illustrates IPv6 leaks, WebRTC leaks, and DNS leaks with the VPN Unlimited Windows client. Leaks with VPN Unlimited Of course, there are many examples of problematic VPNs. But you can test your VPN to also check for issues that may affect your privacy and security. If you’re serious about privacy and online freedom… Start using a VPN whenever you go online. In just the last few years we’ve seen a number of unprecedented developments in corporate and government mass surveillance: Internet service providers in the United States can now legally record online browsing history and sell this data to third parties and advertisers. Mass surveillance also continues unabated… Residents of the United Kingdom are having their online browsing history, calls, and text messages recorded for up to two years (Investigatory Powers Act). This private information is freely available to various government agencies and their global surveillance partners. Australia has also recently implemented mandatory data retention laws, which require the collection of text messages, calls, and internet connection data. Free speech and free thought are increasingly under attack all around the world. While this has traditionally been a problem in China and other Middle Eastern countries, it is increasingly common throughout the Western world. Here are a few examples fo what we see unfolding: YouTube videos that are blocked or censored. Social media accounts, tweets, posts, and/or entire platforms that are blocked. Websites of all different varieties (torrenting, Wikipedia, news, etc.) blocked. What you are seeing is the continual erosion of privacy and online freedom. And it’s happening throughout the world. The point here is not to sound alarmist, but instead to illustrate these trends and how they affect you. The good news is that there are very effective solutions for these problems. You can protect yourself right now with a good VPN and other privacy tools. Stay safe! Recap – Best VPNs for Privacy, Security, and Speed SOURCE
  11. part 1 (YET ANOTHER) WARNING .... Your online activities are now being tracked and recorded by various government and corporate entities around the world. This information can be used against you at any time and there is no real way to “opt out”. In the past decade, we have seen the systematic advancement of the surveillance apparatus throughout the world. The United States, United Kingdom, Australia, and Canada have all passed laws allowing, and in some cases forcing, telecom companies to bulk-collect your data: United States – In March 2017 the US Congress passed legislation that allows internet service providers to collect, store, and sell your private browsing history, app usage data, location information and more – without your consent. This essentially allows Comcast, Verizon, AT&T and other providers to monetize and sell their customers to the highest bidders (usually for targeted advertising). United Kingdom – In November 2016 the UK Parliament passed the infamous Snoopers Charter (Investigatory Powers Act) which forces internet providers and phone companies to bulk-collect customer data. This includes private browsing history, social media posts, phone calls, text messages, and more. This information is stored for 12 months in a giant database that is accessible to 48 different government agencies. The erosion of free speech is also rapidly underway as various laws allow UK authorities to lock up anyone they deem to be “offensive” (1984 is already here). Australia – In April 2017 the Australian government passed a massive data retention law that forces telecoms to collect and store text messages, phone calls, location information, and internet connection data for a full two years, with the data being accessible to authorities without a warrant. Canada, Europe, and other parts of the world have similar laws and policies already in place. What you are witnessing is the rapid expansion of the global surveillance state, whereby corporate and government entities work together to monitor and record everything you do. What the hell is going on here? Perhaps you are wondering why all this is happening. There is a simple answer to that question. Control Just like we have seen throughout history, government surveillance is simply a tool used for control. This could be for maintaining control of power, controlling a population, or controlling the flow of information in a society. You will notice that the violation of your right to privacy will always be justified by various excuses – from “terrorism” to tax evasion – but never forget, it’s really about control. Along the same lines, corporate surveillance is also about control. Collecting your data helps private entities control your buying decisions, habits, and desires. The tools for doing this are all around you: apps on your devices, social networks, tracking ads, and many free products which simply bulk-collect your data (when something is free, you are the product). This is why the biggest collectors of private data – Google and Facebook – are also the two businesses that completely dominate the online advertising industry. So to sum this up, advertising today is all about the buying and selling of individuals. But it gets even worse… Now we have the full-scale cooperation between government and corporate entities to monitor your every move. In other words, governments are now enlisting private corporations to carry out bulk data collection on entire populations. Your internet service provider is your adversary working on behalf of the surveillance state. This basic trend is happening in much of the world, but it has been well documented in the United States with the PRISM Program. So why should you care? Everything that’s being collected could be used against you today, or at any time in the future, in ways you may not be able to imagine. In many parts of the world, particularly in the UK, thought crime laws are already in place. If you do something that is deemed to be “offensive”, you could end up rotting away in a jail cell for years. Again, we have seen this tactic used throughout history for locking up dissidents – and it is alive and well in the Western world today. From a commercial standpoint, corporate surveillance is already being used to steal your data and hit you with targeted ads, thereby monetizing your private life. Reality check Many talking heads in the media will attempt to confuse you by pretending this is a problem with a certain politician or perhaps a political party. But that’s a bunch of garbage to distract you from the bigger truth. For decades, politicians from all sides (left and right) have worked hard to advance the surveillance agenda around the world. Again, it’s all about control, regardless of which puppet is in office. So contrary to what various groups are saying, you are not going to solve this problem by writing a letter to another politician or signing some online petition. Forget about it. Instead, you can take concrete steps right now to secure your data and protect your privacy. Restore Privacy is all about giving you the tools and information to do that. If you feel overwhelmed by all this, just relax. The privacy tools you need are easy to use no matter what level of experience you have. Arguably the most important privacy tool is a good VPN (virtual private network). A VPN will encrypt and anonymize your online activity by creating a secured tunnel between your computer and a VPN server. This makes your data and online activities unreadable to government surveillance, your internet provider, hackers, and other third-party snoopers. A VPN will also allow you to spoof your location, hide your real IP address, and allow you to access blocked content from anywhere in the world. Check out the best VPN guide to get started. Stay safe! SOURCE
  12. WikiLeaks Chat Reportedly Reveals GOP Bias Leaked conversations from a private WikiLeaks chat group reportedly reveal founder Julian Assange as favoring a Republican Party candidate in the last US presidential election. Rumors have been swirling for some time that the whistleblowing site in some way colluded with Russia over the leaking of hacked Democratic Party emails during the race for the White House. Special counsel Robert Mueller is also investigating possible collusion between the Trump campaign and Russian intelligence, which is said by the CIA, NSA and others to have leaked the damaging emails under the “Guccifer 2.0” moniker. Hillary Clinton has described the efforts of “Russian WikiLeaks” as contributing to her election loss. The leaked transcripts from the direct message group chat would seem to support her suspicions. “We believe it would be much better for GOP to win,” Assange is reported to have written. “[Clinton]’s a bright, well connected, sadistic sociopath.” The private group chat with several WikiLeaks supporters was leaked to The Intercept by the person who originally set it up in 2015; someone who goes by the pseudonym 'Hazelpress'. That person is said to have decided to go public after reports were published claiming that Donald Trump Jr had secretly contacted the site ahead of the election, during which correspondence he was advised to tell his father to reject the results as rigged if he lost and to ask if he could get Assange an Australian ambassadorship. WikiLeaks claims to be a neutral transparency organization. The leaked transcripts also reveal an underlying current of misogyny and anti-Semitism. There's no direct evidence that Assange penned the WikiLeaks entries in the chat log, although as founder he’s widely believed to be in control of the site’s Twitter feed. He’s currently holed up in the Ecuadorian embassy in London, where he’s been hiding from the police since 2012. SOURCE
  13. Crypto-Experts Slam FBI's Backdoor Encryption Demands A group of world-renowned cryptography experts have backed a senator’s demands that the FBI explain the technical basis for its repeated claims that encryption backdoors can be engineered without impacting user security. Senator Ron Wyden, who sits on the powerful Senate Select Committee on Intelligence, released the letter following a heated committee debate with FBI director Christopher Wray. The letter is signed by Bruce Schneier, Paul Kocher, Steven Bellovin, and Martin Hellman — who won the 2015 Turing Award for inventing public key cryptography. “We understand and sympathize with the frustration that law enforcement has to deal with when evidence may exist but cannot be accessed due to security mechanisms. At the same time, our extensive experience with encryption and computer security makes us cognizant how much the details matter: a seemingly minor change in an algorithm or protocol can completely undermine the security aspects of the system,” they write. “Instead of vague proposals that sound reasonable yet lack details, the FBI needs to present the cryptographic research community with a detailed description of the technology that it would like implemented. That would allow the technology to be analyzed in an open and transparent manner so that its advantages and disadvantages can be weighed.” Wyden sent a letter to Wray demanding the same on January 25, shortly after the FBI boss made his first speech. in which he repeated previous requests for tech experts to achieve what they say is impossible. He claimed that the FBI has nearly 7800 devices it can’t access because of encryption, describing the situation as an “urgent public safety issue.” Wray and the DoJ are not alone in their calls; British home secretary Amber Rudd has been widely ridiculed in the past for calling for the same, whilst admitting that she doesn’t understand the technology. She was in the news again this week, after it emerged that there has been significant progress in another anti-terror initiative, involving the automated identification and removal of extremist content via an algorithm developed by London-based ASI Data Science. SOURCE
  14. FedEx S3 Bucket Exposes Private Details on Thousands Worldwide Personal information for thousands of FedEx customers worldwide has been exposed after a legacy Amazon Web Services (AWS) cloud storage server was left open to public access without a password. Kromtech Security Center researchers stumbled upon the AWS S3 bucket, finding that it contained more than 119,000 scanned documents, including passports, drivers’ licenses and Applications for Delivery of Mail Through Agent forms, which contain names, home addresses, phone numbers and ZIP codes. The victims include citizens of countries around the globe, including Australia, Canada, China, EU countries, Japan, Kuwait, Malaysia, Mexico, Saudi Arabia and others. The server turned out to be an inherited one, with information from Bongo International – a company that FedEx bought in 2014. Bob Diachenko, head of communications at Kromtech, noted that the shipping giant relaunched Bongo in 2016 as FedEx Cross Border International, to enable international shipping delivery and logistics. That service was closed down last April, but the bucket remained exposed. "Technically, anybody who used Bongo International services back in 2009–2012 is at risk of having his/her documents scanned and available online for so many years,” Diachenko said. “Seems like [the] bucket has been available for public access for many years in a row. Applications are dated within [the] 2009–2012 range, and it is unknown whether FedEx was aware of that ‘heritage’ when it bought Bongo International back in 2014." FedEx has now removed the server from public access and issued a statement saying that there’s no evidence that the data fell into nefarious hands. “After a preliminary investigation, we can confirm that some archived Bongo International account information located on a server hosted by a third-party, public cloud provider is secure,” FedEx told ZDnet. “The data was part of a service that was discontinued after our acquisition of Bongo. We have found no indication that any information has been misappropriated and will continue our investigation.” Tim Prendergast, CEO of Evident.io, noted that nonetheless, it’s a fact that hackers are actively searching for these kinds of misconfigurations. “Hackers are going after S3 buckets and other repositories because that's where the data is but also because they're easy to find,” he said via email. “There's a whole hacker cottage industry around finding and exploiting S3 buckets, and it's growing because as cloud environments grow, so do the number of unsecured assets that are discoverable.” The incident shows once again that many companies aren’t following best practices when it comes to securing their cloud infrastructure, and many seem confused about whose responsibility it is to provide that security. “The incident, echoing others we’ve seen time and time again…raises the larger issue that many organizations have not yet fully grasped the idea that most public cloud providers are not managing their data – but are just providing a platform or infrastructure, so the management protection of data is left up to the companies themselves,” Obsidian Security CTO Ben Johnson said via email. “It’s critical that enterprises understand the risks of the cloud – that availability and uptime also mean that their data can be easily accessed unless they have the right controls in place.” Brian NeSmith, CEO and co-founder at Arctic Wolf Networks, added: “We need to get our heads out of the clouds, because cloud services are only as secure as you make them. Companies need to start applying the same rigor and discipline to their cloud infrastructure as they do to their on-premises network.” The incident also showcases the need to implement good security practices after a merger or acquisition. “During any M&A transaction it is important that the company who is selling their assets notify their customers that the business is going to be sold and their private data will be transferred to new ownership,” Kromtech’s Diachenko said. “The purchasing company should give customers the option to opt out of their data being transferred and provide a data protection notice. This case highlights just how important it is to audit the digital assets when a company acquires another and to ensure that customer data is secured and properly stored before, during and after the sale. During the integration or migration phase is usually the best time to identify any security and data privacy risks.” SOURCE
  15. Energy-efficient encryption for the internet of things MIT researchers have built a new chip, hardwired to perform public-key encryption, that consumes only 1/400 as much power as software execution of the same protocols would. It also uses about 1/10 as much memory and executes 500 times faster. Credit: Massachusetts Institute of Technology Most sensitive web transactions are protected by public-key cryptography, a type of encryption that lets computers share information securely without first agreeing on a secret encryption key. Public-key encryption protocols are complicated, and in computer networks, they're executed by software. But that won't work in the internet of things, an envisioned network that would connect many different sensors—embedded in vehicles, appliances, civil structures, manufacturing equipment, and even livestock tags—to online servers. Embedded sensors that need to maximize battery life can't afford the energy and memory space that software execution of encryption protocols would require. MIT researchers have built a new chip, hardwired to perform public-key encryption, that consumes only 1/400 as much power as software execution of the same protocols would. It also uses about 1/10 as much memory and executes 500 times faster. The researchers describe the chip in a paper they're presenting this week at the International Solid-State Circuits Conference. Like most modern public-key encryption systems, the researchers' chip uses a technique called elliptic-curve encryption. As its name suggests, elliptic-curve encryption relies on a type of mathematical function called an elliptic curve. In the past, researchers—including the same MIT group that developed the new chip—have built chips hardwired to handle specific elliptic curves or families of curves. What sets the new chip apart is that it is designed to handle any elliptic curve. "Cryptographers are coming up with curves with different properties, and they use different primes," says Utsav Banerjee, an MIT graduate student in electrical engineering and computer science and first author on the paper. "There is a lot of debate regarding which curve is secure and which curve to use, and there are multiple governments with different standards coming up that talk about different curves. With this chip, we can support all of them, and hopefully, when new curves come along in the future, we can support them as well." Joining Banerjee on the paper are his thesis advisor, Anantha Chandrakasan, dean of MIT's School of Engineering and the Vannevar Bush Professor of Electrical Engineering and Computer Science; Arvind, the Johnson Professor in Computer Science Engineering; and Andrew Wright and Chiraag Juvekar, both graduate students in electrical engineering and computer science. Modular reasoning To create their general-purpose elliptic-curve chip, the researchers decomposed the cryptographic computation into its constituent parts. Elliptic-curve cryptography relies on modular arithmetic, meaning that the values of the numbers that figure into the computation are assigned a limit. If the result of some calculation exceeds that limit, it's divided by the limit, and only the remainder is preserved. The secrecy of the limit helps ensure cryptographic security. One of the computations to which the MIT chip devotes a special-purpose circuit is thus modular multiplication. But because elliptic-curve cryptography deals with large numbers, the chip's modular multiplier is massive. Typically, a modular multiplier might be able to handle numbers with 16 or maybe 32 binary digits, or bits. For larger computations, the results of discrete 16- or 32-bit multiplications would be integrated by additional logic circuits. The MIT chip's modular multiplier can handle 256-bit numbers, however. Eliminating the extra circuitry for integrating smaller computations both reduces the chip's energy consumption and increases its speed. Another key operation in elliptic-curve cryptography is called inversion. Inversion is the calculation of a number that, when multiplied by a given number, will yield a modular product of 1. In previous chips dedicated to elliptic-curve cryptography, inversions were performed by the same circuits that did the modular multiplications, saving chip space. But the MIT researchers instead equipped their chip with a special-purpose inverter circuit. This increases the chip's surface area by 10 percent, but it cuts the power consumption in half. The most common encryption protocol to use elliptic-curve cryptography is called the datagram transport layer security protocol, which governs not only the elliptic-curve computations themselves but also the formatting, transmission, and handling of the encrypted data. In fact, the entire protocol is hardwired into the MIT researchers' chip, which dramatically reduces the amount of memory required for its execution. The chip also features a general-purpose processor that can be used in conjunction with the dedicated circuitry to execute other elliptic-curve-based security protocols. But it can be powered down when not in use, so it doesn't compromise the chip's energy efficiency. "They move a certain amount of functionality that used to be in software into hardware," says Xiaolin Lu, director of the internet of things (IOT) lab at Texas Instruments. "That has advantages that include power and cost. But from an industrial IOT perspective, it's also a more user-friendly implementation. For whoever writes the software, it's much simpler." SOURCE
  16. The company could easily give users the ability to control what information is sent to it, but that’s not what it has in mind. Thinkstock In late January, Microsoft embarked on a PR blitz to reassure Windows users that the company has their privacy in mind. To prove what it called its continuing devotion to privacy, it announced a new tool for Windows, the Windows Diagnostic Data Viewer, that will be available in the operating system’s next semiannual update. The tool, Microsoft said in a blog post by Windows Device Group privacy officer Marisa Rogers, is part of Microsoft’s commitment to be “fully transparent on the diagnostic data collected from your Windows devices, how it is used, and to provide you with increased control over that data.” A beta of the tool was made available for anyone who signs up to be a Windows Insider and downloads the preview version of the next Windows update. Microsoft got plenty of kudos for the new tool. For the company, that was mission accomplished. But it was anything but that for users. The Diagnostic Data Viewer is a tool that only a programmer could love — or understand. Mere mortals, and even plenty of programmers, will be baffled by it, and they won’t gain the slightest understanding of what data Microsoft gathers about them. First, a bit of background. Microsoft gathers diagnostic data about the way people use Windows and then uses that information to improve the way Windows works. Nothing nefarious there; it’s a good way for the company to make Windows better for everyone. The issue for privacy advocates and many individual users is control and transparency. Those advocates want people to know exactly what data is being gathered and sent to Microsoft, and they want users to be able to control that. Microsoft claims that’s what the Diagnostic Data Viewer tool does. But that’s not quite true, for several reasons. The first, as already noted, is that the tool is exceedingly difficult to understand. You can’t, for example, ask it to show you detailed, easy-to-understand information about the data being sent to Microsoft about your hardware and the way you use it — model and make of devices attached to your PC, your app and Windows feature usage, samples of inking and typing output, the health of your operating system and more. Instead, you scroll or search through incomprehensible headings such as “Census.Flighting,” and “DxgKrnlTelemetryGPUAdapterInventoryV2,” with no explanation of what those headings mean. And then when you view the data in any heading, you see an even more incomprehensible, lengthy listing, such as this tiny excerpt from “Census.Hardware”: “cV: “zNWezO9CsEmjb5B,0”, “cV: :y7iOzuVXL)mj+F9j,0”, Each listing has lines and lines like that, all in a code to which users have no key. Will such listings help you know what information Microsoft is gathering about your PC and Windows use? Unless you’re privy to what those codes mean and can decipher the format they’re in, the answer is no. That’s just the beginning, though. Because even if you could understand the information Microsoft gathers about you for diagnostic purposes, there’s not much you can do to stop the company from gathering it. Like it or not, it grabs the information, and you can’t stop it. OK, there is one small loophole. Currently, if you want to control what diagnostic information Microsoft gets about your use of Windows 10, you go to Settings > Privacy > Feedback & Diagnostics. At the top of the screen, under the Diagnostic Data setting, you have two choices: Basic or Full. When you choose Basic, only “data necessary to keep Windows up to date and secure,” is sent, in Microsoft’s description. If you choose Full, much more information is sent, including “additional diagnostic data (including browser, app and feature usage, and inking and typing data).” But there’s no way to exclude even the Basic data from being sent. That one small loophole? If you use the Enterprise Edition of Windows 10, you can stop all data from being sent. But all other Windows 10 users are out of luck. Microsoft should change this. It should release a simple-to-use tool that shows in granular detail and in plain English exactly what diagnostic information is being sent to Microsoft. People should then be allowed to opt in or out for every type of diagnostic information that is sent. And everyone should be able to do that, not just those who have a specific version of Windows 10. Microsoft already has a very useful model for doing this. Its web-based Privacy dashboard lets you view and clear your search history, browsing history, location history and information gathered by Cortana. The dashboard is simple, clearly designed and takes only a few minutes to use. There’s no reason the company can’t give you the same kind of control over the information that Windows gathers about you. If Microsoft truly wanted to be seen as a company that cares about your privacy, that’s exactly what it would do. Here’s hoping that when the final version of the Windows Diagnostic Data Viewer is released, it will do just that. Source: Don’t believe Microsoft’s latest privacy hype (Computerworld - Preston Gralla)
  17. Beginning with the April 2018 feature update, Microsoft will release a tool that allows Windows 10 users to inspect diagnostic data collected and sent to Microsoft's telemetry servers. Windows Insider Program members can test the app starting today. Earlier this week I noted a pair of mysterious (and inactive) links in the Privacy settings of recent preview releases of Windows 10, apparently offering the ability to view and delete telemetry data. Today, Microsoft officially confirmed that the next public release of Windows 10 will include a Windows Diagnostic Data Viewer utility. The app will allow anyone with an administrator account to inspect the telemetry data being collected from a device and sent to Microsoft through the Connected User Experience and Telemetry component, also known as the Universal Telemetry Client. Microsoft's enterprise customers have had this capability for some time, using a bare-bones tool available to IT professionals. The new viewer is considerably more polished and intended for use by nontechnical Windows 10 users. Members of the Windows Insider Program will have access to the Windows Diagnostic Data Viewer app in a new build scheduled to be delivered later today. Although the app will be delivered through the Microsoft Store, users won't be required to sign in with a Microsoft account to download and install it. In a blog post published today, Marisa Rogers, Privacy Officer in Microsoft's Windows and Devices Group, positioned the new tool as a way to be "fully transparent" about what data is collected from a device. I haven't been able to use the tool yet, but a pair of screenshots Microsoft released confirm that most of this data is intended to give Microsoft details about the type of hardware and apps in use by the 600 million-plus Windows 10 devices. Article
  18. Mozilla engineers have borrowed yet another feature from the Tor Browser and starting with version 58 Firefox will block attempts to fingerprint users using the HTML5 canvas element. Canvas blocking is an important addition to Firefox's user privacy protection measures, as canvas fingerprinting has been used for a long time by the advertising industry to track users. Canvas fingerprinting has become widespread in recent years The method has become widespread in recent years after the EU has forced websites to show cookie popups. Because canvas fingerprinting doesn't need to store anything in the user's browser, there are very few legal complications that come with it and this user tracking/fingerprinting solution has become a favorite among ad networks. Canvas fingerprinting works by loading a canvas HTML tag inside a hidden iframe and making the user's browser draw a series of elements and texts. The resulting image is converted into a file hash. Because each computer and browser draws these elements differently, ad networks can reliably track the user's browser as he accesses various sites on the Internet. Canvas fingerprinting is described in better detail in this 2012 research paper. Feature borrowed from the Tor Browser The Tor Browser has fixed this problem by blocking any website from accessing canvas data by default. The Tor Browser displays the following popup every time a site wants to access the canvas element. Tor Browser's canvas fingerprinting blocking system Based on an entry in the Mozilla bug tracker, engineers plan to prompt users with a site permission popup when a website wants to extract data from a < canvas > HTML element. This is similar to the permission shown when websites wish to access a user's webcam or microphone. Firefox 58 is scheduled for release on January 16, 2018. The second feature Firefox takes from the Tor Browser Canvas fingerprinting blocking is the second feature Mozilla engineers have borrowed from the Tor Project. Previously, Mozilla has added a mechanism to Firefox 52 that prevents websites from fingerprinting users via system fonts. Mozilla's efforts to harden Firefox are part of the Tor Uplift project, an initiative to import more privacy-focused feature from the Tor Browser into Firefox. The Tor Browser is based on Firefox ESR, and usually features flowed from Firefox to Tor, and not the other way around. In August 2016, Mozilla also blocked a list of URLs known to host fingerprinting scripts. Previous efforts to improve Firefox user privacy also included removing the Battery Status API. Source
  19. Mozilla engineers have started work on a project named Lockbox that they describe as "a work-in-progress extension [...] to improve upon Firefox's built-in password management." Mozilla released the new extension for employee-use only at first, but users can install it by going to this or this links. Lockbox revamps Firefox's antiquated password management utility with a new user interface (UI). A new Firefox UI button is also included, in case users want to add a shortcut in their browser's main interface to open Lockbox without going through all the menu options. Support for a master password is included, helping users secure their passwords from unauthorized access by co-workers, family members, or others. There are no public plans on Lockbox's future at the moment, but Mozilla will most likely ship it with Test Pilot for some user testing before deciding if to deploy it in the stable branch. Firefox Test Pilot is a Firefox add-on that allows users to install, test, and vote on experimental features that may be added to Firefox in the future. Mozilla has tested several other Firefox features inside Test Pilot before [1, 2]. For example, Firefox's new built-in page screenshot utility — launched through Firefox 55 and 56 — was also tested via Test Pilot. At the moment, Mozilla engineers say Lockbox has only been tested on Firefox 57 and above and that installing on Firefox 56 or lower may not function at all. Also, there's no way to reset the Lockbox master password (at the moment). Source
  20. Pirate Tor Browser Pirate Tor Browser is a bundle package of the Updated Tor client Vidalia, Updated FireFox Portable browser (with Updated foxyproxy addon) and some custom configs , all has been revamped and Updated , Self extracting archive For those wanting to reach torrent webpages they cant reach on a normal browser try the updated pirate browser.. portable.. you might have seen the first version that the pirate bay shared http://piratebrowser.com/ now its been updated and revamped.. better updated links added , updated and added some good extensions to hide yourself online , Pirate Tor Browser version 08 build 7.0.8 Better Pirate Browser version 07 build 56.0.2 - New Pirate.Tor.Browser.0.8.(7.0.8) Better Pirate Browser 0.7 (56.0.2) 27/10/2017 - New HOMEPAGE https://lilfellauk.wordpress.com/pirate-tor-browser/ Download - Pirate.Tor.Browser.0.8.(7.0.8): Site: https://mega.nz Sharecode[?]: /#!Z25lAD4T!2OPkWG4lTEqq7kgEyTNs33LmYXR573b-e4sbfeUHk_8 Download - Better Pirate Browser version 07 build 56.0.2: - New Site: https://mega.nz Sharecode[?]: /#!13ATGQ6L!YgDypu2bvimH6qXZFHdMiXdlePPm1KeFceUfUh8xfd4
  21. Hi, this is the new beta! Yandex just Added more security features It can protect the browser form almost everything! High-quality browser Give it a try The objects of protection: the file browser your browser settings extensions user data (credit card numbers, pins, bookmarks, browsing history) confidential information (passwords, keyboard input, screen contents, etc.) other resources of the browser, affecting its security operating system settings that affect browser security Threats, which protects the module change the files of the browser extension and third-party applications (can be embedded malicious code); theft of user data (passwords, credit card numbers, bookmarks, browsing history); the interception or substitution of downloaded and sent data (MITM attack); any unauthorized changes to browser settings such as default search or security settings; the withdrawal of the application screenshots (used to collect user information); record the application sequence of keystrokes on the keyboard (used to steal passwords); unauthorized removal of the browser or module protection third-party applications. How protection works The protection module is installed with the browser but is a separate application. It only takes a small amount of virtual memory that protects all the user's browser and works even when the browser is closed. The module uses the technology of HIPS. It monitors and warns of potentially dangerous activity programs in the operating system. If the application performs an action that threatens the integrity of the browser protection module blocks the action and reports it. Download it from here Download Yandex Browser (beta) It's beta but stable and reliable. Source Lite - Online Installer: Win (1.3 MB): https://cache-mskdataline01.cdn.yandex.net/download.yandex.ru/browser/beta-custo-int/en/lite/Yandex.exe Standalone Direct links: Win (66.1 MB): https://cache-mskdataline02.cdn.yandex.net/download.cdn.yandex.net/browser/beta-custo-int/en/Yandex.exe Mac (65.3 MB): https://cache-mskdataline11.cdn.yandex.net/download.cdn.yandex.net/browser/beta-custo-int/en/Yandex.dmg Linux - deb x64 (63.7 MB): https://cache-mskdataline03.cdn.yandex.net/download.cdn.yandex.net/browser/yandex/ru/beta/Yandex.deb Linux - rpm x64 (63.5 MB): https://cache-mskdataline05.cdn.yandex.net/download.cdn.yandex.net/browser/yandex/ru/beta/Yandex.rpm
  22. The by default highly questionable set options concerning privacy and data protection in Windows 10 brought me to the idea for the development of this little program. Microsoft generously enables everybody to change the concerning settings, but hides them in countless menus, where a normal user does not want to search for! The program should therefore be a help, to display the available settings relatively clearly and to set the desired options if necessary. The primary focus is on settings for Windows 10 and its apps (for example the new browser "Edge"). The program will be expanded gradually, if possible and available, with the corresponding Windows 8.1 features in the future. W10Privacy is certainly no programming masterpiece, but meets my envisaged purpose. The software is still in an early development phase: suggestions and requests will be gladly accepted and considered, if necessary, in the further development! Manual/Instructions + Screenshots - EN Manual/Instructions + Screenshots - DE Changes in 2.5.1.1 (20.10.2017) - The list of telemetry-IP addresses contained two invalid IP-addresses, which meant that the Firewall-rule 19 was not. Homepage Download page Download SHA1-Hash: 29bcc435bd37084566e08a26ebe2a9c78e009397 SHA256-Hash: e40d69a70cf7aeb35dc4d2b1f567b4edaecb10afdd94173980011e8ed9f5c92a .paf Portable Online Installer by @Geez - Updated - New Due to constant changes to download path by developers, updated the installer to read the last number added to the download page to get the latest version. The last installer was unable to get the last version. First screen enter: 1508535683 Site: https://www.upload.ee Sharecode[?]: /files/7578959/W10Privacy_Portable_x.x_Rev1_Multilingual_Online.exe.html
  23. Windscribe VPN 1.80 Build 28 Stable Internet As It Should Be Windscribe is a desktop application and browser extension that work together to block ads and trackers, restore access to blocked content and help you safeguard your privacy online. Learn More. What's New: https://blog.windscribe.com/windscribe-1-80-changelog-bdc9183bcac4 We’ve been working on this version for quite a while, existing installations should prompt you to update the app over the next 48 hrs. Here is what’s new. Changelog: New features LAN proxy gateway — https://windscribe.com/features/proxy-gateway Secure Hotspot (Experimental) — https://windscribe.com/features/secure-hotspot Variable location drawer height Auto login after signup Ability to choose NDIS5 TAP driver Upgrade to OpenVPN 2.4.x with 2.3.x fallback Service notifications Show Pro data-centers to free users Location latency tool-tips added to signal bars Fixed bugs Always on firewall not working on OS boot on some machines Application crashes after connection attempts are exceeded with “minimize to tray” option checked Application freeze with firewall ON requires reboot API calls not made if app starts with no Internet connectivity Custom installation now allows for non-standard install path Auto-enable disabled TAP adapter 100% CPU when app starts with no Internet connectivity Don’t try UDP protocol if system proxy is configured Constant application window size on variable DPI screens Login form DPI bug On multi-screen computers, tool-tips show on primary monitor Other Changes Leave firewall ON if ran out of free bandwidth to prevent IP leak Increase reconnect timeout from 5 min to 1 hour Server list source changed Moved server location update process to separate thread Only do ping tests while disconnected Update available UI change Output installed anti-virus software into debug log for troubleshooting Open survey on application uninstall Installer command line arg support Black and white top bar icon on MacOS Ping nodes in batches instead of all at the same time Allow for verbose OpenVPN logging via Advanced Parameters screen When beta channel is selected, check for updates right away To-do list for next version: IKEv2 protocol support Emergency Connect Firewall whitelisting overhaul Command line interface Wakeup from hibernation fix Add disconnecting state Async DNS resolver Browser Extensions — New Features Downloads: Windscribe for Your Computer: Windscribe for Your Browser: Windscribe for Your Phone: Windscribe for Your Router:
  24. DoNotSpy10 v3.0 Final Overview: DoNotSpy10 is the world’s first antispy tool for Windows 10. Its straight-forward user interface allows you to manage how Windows 10 respects their privacy. Microsoft introduces many new “diagnostic” features with Windows 10. These services help Microsoft collect usage data and thus to provide a better service. However, collecting and sharing your data with one of the world’s leading technology companies puts your privacy at risk. There are services which are able to record your keyboard input, your speech and any other actions of the user. Others share your WiFi credentials with your contact or connect you to networks shared by your contacts. DoNotSpy10 provides you with the opportunity to easily manage what you want to share and what not. While many of the settings represent what you can configure using the Settings and various other apps, there are also tweaks that are not easily accessible through the apps Windows provides. DoNotSpy10 combines them all in one application – it’s time to protect your privacy, let’s start! Requirements: .NET Framework 4.5 or higher Changelog: - https://pxc-coding.com/blog/donotspy10-3-0-fall-creators-update/ Downloads: Direct-Download(Inc Ads): https://pxc-coding.com/downloads/donotspy10/DoNotSpy10-3.0-Setup.exe Installer MD5: 6F3812E499EE6B1D4DA8B94E8191DF04 Installer SHA1: A90FC45BEFF0648B9EB7E232C965F5C96151CB5E DoNotSpy10 v3.0 Portable (PAF) by @DoomStorm Offline installer - shared by @GlacialMan Site: https://www.upload.ee Sharecode[?]: /files/7571379/DoNotSpy10Portable_3.0.0.0.paf.exe.html Mirrors: Site: https://www.multiup.eu/en Sharecode[?]: /download/1323cbbe3dc6eace288c8f8883d94000/DoNotSpy10Portable_3.0.0.0.paf.exe Site: https://dbr.ee Sharecode[?]: /uYa0
  25. Proton VPN 1.2.1 / 1.2.2 / 1.2.3 / 1.2.4 Stable Overview: Screenshots: Downloads: Download: https://protonvpn.com/download/ Windows Client: v1.2.4: https://protonvpn.com/download/ProtonVPN_win_v1.2.4.exe v1.2.3: https://protonvpn.com/download/ProtonVPN_win_v1.2.3.exe v1.2.2: https://protonvpn.com/download/ProtonVPN_win_v1.2.2.exe v1.2.1: https://protonvpn.com/download/ProtonVPN_win_v1.2.1.exe Clients for macOS, Linux, Android, and iOS are still under development, but it is still possible to use ProtonVPN with these operating systems using third-party OpenVPN clients. Setup guides can be found here: MacOS: https://protonvpn.com/support/mac-vpn-setup/ Linux: https://protonvpn.com/support/linux-vpn-setup/ Android: https://protonvpn.com/support/android-vpn-setup/ iOS: https://protonvpn.com/support/ios-vpn-setup/ VPN Servers and Country Code for Linux, Mac, Android and iOS: https://protonvpn.com/support/vpn-servers/ Changelog: v1.2.4: Fixed Fixed Killswitch behavior after failed reconnect: KS will now require user confirm before restoring unencrypted connection v1.2.3: Fixed Fixed crash related to screen resolution changes v1.2.2: Added Added map zoom component support for smaller resolutions Added login window help tooltip Changed Changed app icon Removed empty space in settings window Updated Secure Core route selection Fixed Fixed sidebar toggle button bug after app update v1.2.1: Fixed Fixed crash related to window state change More Info - Articles & Reviews: Three years ago we launched ProtonMail. Today, we’re launching ProtonVPN. Encrypted email provider ProtonMail launches free VPN service to counter increasing online censorship ProtonVPN Swiss-Based VPN Launches Keeping ProtonVPN Secure New WiFi connection vulnerability discovered. Here’s what you need to know about “KRACK”
×