Jump to content

Search the Community

Showing results for tags 'vpn'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 141 results

  1. In 2019, the High Court of England and Wales ruled that by offering an index of non UK-based or unlicensed radio stations to UK residents, radio aggregator service TuneIn breached copyright. In response the service has now geo-blocked thousands of stations leaving UK customers without their favorite sounds. Unless they use a VPN, then it's business as usual. TuneIn is one of the most prominent providers of radio content in the world. Available for free or on a premium basis, its site and associated app provide access to more than 100,000 stations and podcasts. Unless you happen to live in the UK, which is now dramatically underserved by the company. Sued by Labels in the UK For Mass Copyright Infringement In 2017, Sony Music Entertainment and Warner Music Group sued the US-based radio index in the High Court of England and Wales, alleging that the provision of links to stations unlicensed in the UK represented a breach of copyright. One of the most interesting aspects of the case is that TuneIn is marketed as an “audio guide service”, which means that it indexes stations that are already freely available on the web and curates them so that listeners can more easily find them. When stations are more easily found, more people listen to them, which means that TuneIn arguably boosts the market overall. Nevertheless, the labels claimed this was illegal and detrimental to the music industry in the UK on licensing grounds. Decision by the High Court Handed Down in 2019 In November 2019, the High Court sided with the labels, ruling that unlike Google – which TuneIn had attempted to compare itself to – TuneIn did “much more than that”, in part due to its curation and search features in respect of those stations. “I find therefore that the activity of TuneIn does amount to an act of communication of the relevant works; and also that that act of communication is to a ‘public’, in the sense of being to an indeterminate and fairly large number of persons,” Judge Birss wrote in his decision. When TuneIn supplied UK users with links to radio stations that were not licensed for the UK or were not licensed at all, the Judge said the company infringed the labels’ rights. On the other hand, he also determined that when TuneIn supplied UK users with links to radio stations that are already licensed in the UK, the company did not infringe Sony or Warner’s copyrights. TuneIn sought to paint this latter point as a victory but that still meant that it had breached copyright on a large scale as the majority of stations indexed by TuneIn and supplied to the UK market did not fit into this scenario. Appeal and Subsequent Geo-Blocking of the UK In December 2019 it was revealed that the High Court had granted permission for both sides to appeal. Pending an outcome in that matter, TuneIn’s service in the UK apparently remained unchanged but during the past few days, users of the service reported a major shift in the type and amount of content being provided to UK users. In response to the apparent decimation of its offering, TuneIn took to Twitter to address the complaints. “Due to a court ruling in the United Kingdom, we will be restricting international stations to prohibit their availability in the UK, with limited exceptions. We apologize for the inconvenience,” the company wrote. TorrentFreak contacted TuneIn to ask why this action had been taken now and to receive an indication of precisely how many channels had been blocked and their nature. However, at the time of publishing the company had failed to offer a response, leaving customers – some of whom pay for a premium service – to simply guess where their favorite stations had gone and when (or even if) they would ever return. With TuneIn staying completely silent on the important details, it’s impossible to know whether the company will obtain appropriate licensing to reinstate the lost channels in the future. In the meantime, listeners now have access to a fraction of the channels previously available on the TuneIn site and app. Geo-Blocking Measures Easily Circumvented As pointed out by a reader last evening, in common with many services that restrict output in various regions, TuneIn’s blocking efforts are not comprehensive and can be easily circumvented by listeners in the UK. It transpires that with the use of a decent VPN, one that’s able to switch the user’s virtual location out of the UK and to some other country, the blocked channels/stations are restored to their former glory and accessible in exactly the same way as before. The precise blocking method being used by TuneIn isn’t clear but it’s nowhere as stringent as that deployed by Netflix, for example. An aspect of TuneIn’s blocking that shouldn’t be overlooked is a ‘feature’ of the service itself. TuneIn is a catalog of streams that are already freely available on the Internet. This means that TuneIn acts only as a middleman, indexing stations and making them searchable. While this function is extremely convenient for users, those locked out by TuneIn may only have to do a little research to regain access to their favorite stations. A Little Manual Work Since the company appears to be keeping quiet on the precise details for the moment, it’s hard to conclude whether TuneIn went through its entire station list with a fine toothcomb so that only unlicensed channels were blocked, or whether it erred on the side of caution and blocked everything that it couldn’t be sure of. Presuming the latter is the case (licensing can be difficult to determine), it’s likely that there will be some element of over-blocking and that some channels that shouldn’t have been blocked will now be inaccessible in the UK via TuneIn. This is a particular irritant to listeners of stations that carry no content owned by the labels that brought the lawsuit. In these cases, interested users can bypass TuneIn altogether by visiting the website associated with the station they were listening to, which tend to have their own embedded audio players. However, if visiting multiple sites is inconvenient, some stations publish a URL that can be opened in software such as VLC or other radio apps such as XiaaLive, which also has its own searchable station catalog. Some radio station homepages do not clearly publish their stream URLs but by right-clicking the related audio player in Chrome, for example, it’s possible to view the page’s source code which usually contains the URL of the stream when searching for the term ‘http’ or ‘https’. Experienced users will spot the correct URL quickly but for the less tech-savvy, trial and error or dedicated tools will help. Once a list of URLs is obtained, these can be saved in a VLC playlist, for example, completely negating the need for the TuneIn software. Blocking the Messenger Not the Message While TuneIn may have been largely knee-capped in the UK in terms of international stations, the High Court action has done absolutely nothing to prevent the blocked radio stations from transmitting on the Internet. None of them have anything to do with TuneIn itself as they are operated by third-parties. What the action has achieved, therefore, is to selectively tear up TuneIn’s UK ‘phonebook’. What it hasn’t done is tear up every phonebook available, nor has it taken down a single station indexed by TuneIn, which remain fully operational via their own websites and URLs. It’s a little harder to find them now but hardly a massive undertaking. Update: Comment received from TuneIn “TuneIn is the best platform for broadcasters, and we continue to work with both the broadcast community and users to deliver a world-class listening experience. TuneIn is under judicial order to cease communicating to the public in the UK any sound recordings owned or controlled by Sony and Warner. “Over the past several months, we have worked with broadcasters to confirm their licensing status, removing from our platform those radio stations whose licensing status we are unable to verify at this time. However, stations licensed in the UK can still be made available through the TuneIn service to TuneIn’s UK users.” Source: TorrentFreak
  2. Dear friends, Nowadays our privacy is very important. I am interested to know which VPN service do you use and which is the best according to your opinion. Not to all vpn services are enough secure. Recently, has been discovered that HotSpot Shield in some cases could show your real ip. Have a look here : 1.Android 2. Windows Thanks for your time spent with this poll ! :)
  3. Monday’s CISA advisory is a staunch reminder for federal government and private sector entities to apply patches for flaws in F5 BIG-IP devices, Citrix VPNs, Pulse Secure VPNs and Microsoft Exchange servers. The U.S. government is warning that Chinese threat actors have successfully compromised several government and private sector entities in recent months, by exploiting vulnerabilities in F5 BIG-IP devices, Citrix and Pulse Secure VPNs and Microsoft Exchange servers. Patches are currently available for all these flaws – and in some cases, have been available for over a year – however, the targeted organizations had not yet updated their systems, leaving them vulnerable to compromise, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in a Monday advisory. CISA claims the attacks were launched by threat actors affiliated with the Chinese Ministry of State Security. “CISA and the FBI also recommend that organizations routinely audit their configuration and patch management programs to ensure they can track and mitigate emerging threats,” according to a Monday CISA advisory. “Implementing a rigorous configuration and patch management program will hamper sophisticated cyber threat actors’ operations and protect organizations’ resources and information systems.” No further details on the specific hacked entities were made public. The threat actors have been spotted successfully exploiting two common vulnerabilities – allowing them to compromise federal government and commercial entities, according to CISA. The first is a vulnerability (CVE-2020-5902) in F5’s Big-IP Traffic Management User Interface, which allows cyber threat actors to execute arbitrary system commands, create or delete files, disable services, and/or execute Java code. As of July, about 8,000 users of F5 Networks’ BIG-IP family of networking devices were still vulnerable to the critical flaw. Feds also observed the attackers exploiting an arbitrary file reading vulnerability affecting Pulse Secure VPN appliances (CVE-2019-11510). This flaw – speculated to be the cause of the Travelex breach earlier this year – allows bad actors to gain access to victim networks. “Although Pulse Secure released patches for CVE-2019-11510 in April 2019, CISA observed incidents where compromised Active Directory credentials were used months after the victim organization patched their VPN appliance,” according to the advisory. Threat actors were also observed hunting for Citrix VPN Appliances vulnerable to CVE-2019-19781, which is a flaw that enables attackers to execute directory traversal attacks. And, they have also been observed attempting to exploit a Microsoft Exchange server remote code execution flaw (CVE-2020-0688) that allows attackers to collect emails of targeted networks. As part of its advisory, CISA also identified common TTPs utilized by the threat actors. For instance, threat actors have been spotted using the Cobalt Strike commercial penetration testing tool to target commercial and federal government networks; they have also seen the actors successfully deploying the open-source China Chopper tool against organization networks and using open-source tool Mimikatz. The initial access vector for these cyberattacks vary. CISA said it has observed threat actors utilize malicious links in spearphishing emails, as well as exploit public facing applications. In one case, CISA observed the threat actors scanning a federal government agency for vulnerable web servers, as well as scanning for known vulnerabilities in network appliances (CVE-2019-11510). CISA also observed threat actors scanning and performing reconnaissance of federal government internet-facing systems shortly after the disclosure of “significant CVEs.” CISA said, maintaining a rigorous patching cycle continues to be the best defense against these attacks. “If critical vulnerabilities remain unpatched, cyber threat actors can carry out attacks without the need to develop custom malware and exploits or use previously unknown vulnerabilities to target a network,” according to the advisory. Terence Jackson, CISO at Thycotic, echoed this recommendation, saying the advisory sheds light on the fact that organizations need to keep up with patch management. In fact, he said, according to a recent Check Point report, 80 percent of observed ransomware attacks in the first half of 2020 used vulnerabilities reported and registered in 2017 and earlier – and more than 20 percent of the attacks used vulnerabilities that are at least seven years old. “Patch management is one of the fundamentals of security, however, it is difficult and we are still receiving a failing grade. Patch management, enforcing MFA and least privilege are key to preventing cyber-attacks in both the public and private sectors,” he told Threatpost. Source
  4. VPN provider OVPN has emerged victorious from legal action initiated by movie companies hoping to get closer to the operators of The Pirate Bay. After a back-and-forth process, the court agreed with OVPN's claims that as no-logging provider, it had no useful data to hand over. Early June, movie companies Svensk Filmindustri and Nordisk Film, supported by anti-piracy partner Rights Alliance, embarked on legal action in an effort to track down the operators of The Pirate Bay. Early Background After obtaining information from Cloudflare, Rights Alliance later filed a lawsuit in Sweden against a local ISP, requesting an information injunction that would compel it to hand over information relating to The Pirate Bay. This request stumbled and was thrown out early on when it was discovered the IP actually belonged to VPN provider OVPN. Soon after, OVPN became the focus of attention, with Rights Alliance demanding that it should disclose the same information about The Pirate Bay. OVPN Fightback Begins In its initial response, OVPN made clear that as a no-logging provider, it couldn’t provide any useful information about its alleged customer, The Pirate Bay. The company also argued that no law exists in Sweden that compels a VPN provider to keep logs. The company won the first stage of the legal battle by asserting that with no information to hand over, an information injunction compelling it do so would be completely futile. Furthermore, no evidence had been produced by Rights Alliance or the movie companies stating that it did hold any relevant information. In response, Rights Alliance hired a VPN expert who concluded, from his knowledge of how other VPN providers operate, that OVPN would probably had some information to hand over. However, when presented with more evidence, he later appeared to reconsider his position. Court Sides With OVPN, Believes No-Logging Claims Following a decision handed down Thursday at the Patent and Market Court in Stockholm, OVPN has now emerged victorious. Given the complexities of the case, the decision appears to have been a relatively simple one for the Court. Essentially, if a party denies it has access to specific information – in this case information related to OVPN’s alleged customer The Pirate Bay – it falls upon the applicants to provide sufficient evidence that the data is available to be retrieved. The statements and evidence provided by the plaintiffs failed to show that, according to the Court. “t is not possible on the basis of the statements, which contain a number of uncertainties, to draw any definite conclusions about OVPN’s access to the information to which the application for an injunction relates. Nor does any other investigation arrive at such conclusions,” the decision reads. “Applicants’ application for an information injunction should therefore be rejected,” it concludes. OVPN’s David Wibergh welcomes the Court’s decision which seems to have turned on the provider’s no-logging policies and, as detailed in our earlier reporting, early deletion of server backups. “Rights Alliance and their security experts have not been able to prove any weaknesses in OVPN’s systems that could mean that logs are stored. OVPN therefore wins the information injunction as our statements and evidence regarding our no-log VPN policy have not been disproven,” Wibergh says. “OVPN is one of very few VPN providers that have had their no logs claims proven in court. OVPN is the only Swedish VPN provider that has proven that no logs are stored,” he adds. Rights Alliance Disappointed But Will Maintain the Pressure Rights Alliance says it is disappointed by the Court’s decision, noting that The Pirate Bay “causes harm to rights holders” so it is in their interests to hide to continue their business. “In this case, they have used a Swedish service provider to hide and it is sad to see that they have got away with it, this time. Here, the VPN service has made money by hiding criminal activities and that can not be right. “We will continue to act where we see companies selling their services to infringers,” says Rights Alliance chief Sara Lindbäck. As a result of their loss in this matter, the movie companies represented by Rights Alliance must also pay OVPN’s legal fees, equivalent to around US$12,300. “OVPN is the VPN service to use when privacy matters, and we firmly believe that privacy always matters,” Wibergh adds. “As such, our entire infrastructure is built with privacy & security as the core principles. OVPN does not log any activity when connected to our VPN service. Therefore, we do not know who is connected to our service, what they are doing or when they did it.” For those interested in studying the case in-depth, all relevant court documents can be obtained here (zip) Source: TorrentFreak
  5. Analysis: VPNs should be about enhancing privacy, but CyberGhost's parent company gives us trust issues. As a virtual private network reviewer, one of the hardest lessons I've learned is that no matter how clean a company's code, how skilled its development team, how many transparency gestures it offers users -- VPNs are still businesses based on asking us to trust what can't be seen. We typically engage a VPN service to better protect our online privacy, while understanding that all of our data -- every click, every site, every background app -- is being funneled to a single company, whose servers most of us will never see with our own eyes. Because VPNs ask for so much trust, reputation can make or break a service. Similarly, when I'm examining a service's parent company and background, I'm looking for red flags around potential privacy concerns. That's what's got under my skin about CyberGhost when I recently gave it a fresh review. In CNET's first evaluation on CyberGhost in 2019, we praised the service for its roster of competitive features, but noted lackluster results in speed tests, some problems with its privacy tools and -- most importantly -- security verification that it failed due to its lack of obfuscation technology. Its low price made it worth considering if you needed to change the appearance of your location online, but not if you wanted best-in-class Since then, CyberGhost has seen a significant performance boost following the addition of more than 2,000 servers to the company's fleet over the past year, beating Norton LifeLock's Secure VPN in our speed tests. Its Netflix, gaming and torrenting-focused and proprietary NoSpy servers appear to be attracting more praise than complaints, with good results in my own tests as well. And the service is prepared to roll out a new suite of privacy tools in the coming weeks, all while remaining one of the cheapest VPNs we've reviewed at $2.75 per month for a 3-year plan. I was initially thrilled about the company's privacy-friendly Romanian jurisdiction, located outside of US intelligence-sharing agreements, and its crack team of German developers, who seemed eager to address questions large and small about CyberGhost's history and vision. To top it off, some of the smartest tech enthusiasts I know have grown to love the service, joining the base of loyal CyberGhost's fans known as "ghosties." Unfortunately, I can't at present recommend you join the ghostie brigade, and that's not entirely CyberGhost's fault. Sure, CyberGhost gets my side-eye for the excessive amount of trackers on its website and app. And, yes, its ad-blocker is almost wholly impotent and uses an untrustworthy method of traffic manipulation no VPN should touch. And, naturally, I have beef with CyberGhost for still not having proper obfuscation -- meaning your internet service provider can see that you're using a VPN, which endangers people in countries where VPNs are outlawed. But the real thing holding me back from recommending CyberGhost is the sordid history of its parent company, Kape Technologies. Changing hands For maximum privacy, I recommend VPN providers with a jurisdiction outside of Five Eyes and other international intelligence-sharing agreements -- that is, one headquartered outside of the US, UK, Australia, New Zealand and Canada. So it initially seems like a positive sign that, while CyberGhost has offices in Germany, it's headquartered in Romania. German entrepreneur Robert Knapp says he founded the $114,000 startup on the back of low-wage Bucharest labor before flipping it for $10.5 million in 2017. The issue is who he sold it to -- the notorious creator of some pernicious data-huffing ad-ware, Crossrider. The UK-based company was cofounded by an ex-Israeli surveillance agent and a billionaire previously convicted of insider trading who was later named in the Panama Papers. It produced software which previously allowed third-party developers to hijack users' browsers via malware injection, redirect traffic to advertisers and slurp up private data. Crossrider was so successful it ultimately drew the gaze of Google and UC Berkeley, which identified the company in a damning 2015 study. (You can read the Web Archive version of that document.) This practice, commonly called traffic manipulation, is condemned web-wide. And the only difference between it and one of the oldest forms of cyberattack, called man-in-the-middle (MitM), is that you clicked "agree" on the terms and conditions. In a blog post that CyberGhost has since removed from its site (available now at the Web Archive), CyberGhost CEO Robert Knapp even noted that "while CyberGhost focused on privacy and security from day one, Crossrider started out as a company that distributed browser extensions and developed ad tech products. Quite the opposite of what we did." Crossrider changed its name to Kape Technologies PLC in 2018, in CEO Ido Erlichman's words, to escape the "strong association to the past activities of the company." The name change supposedly accompanied a full turnaround for Kape, as it said it was exiting malicious adware and moving into cybersecurity. However, in the same year, Kape still operated the infamous scareware Reimage -- a potentially unwanted program that positions itself as a computer performance enhancer but which has been known to signal false positives on security threats in order to persuade you to pay for its premium service. And new Crossrider-Kape mutations have been cropping up on the web as recently as August 2019, even as people are still jumping through hoops to remove older Crossrider malware. When I spoke to CyberGhost CTO Timo Beyel, he was quick to distance his company and technology from Crossrider's previous practices. "CyberGhost was never involved in Crossrider's technologies," Beyel told CNET in June. "So I can tell you right now CyberGhost is working independently. We have, of course, the Kape Group which is, from a strategic perspective, holding CyberGhost, an independent entity. And we have our own goals and strategies, vision and also our culture." After buying CyberGhost, Kape then bought VPN ZenMate in 2018 and more recently Private Internet Access, a US-based VPN, in a move which Erlichman said in a press release would allow Kape to "aggressively expand our footprint in North America." Terms of service While CyberGhost may currently function as an entirely independent holding under Crossider-turned-Kape, it's worth pointing out that as late as 2018, Crossrider was still listed in CyberGhost's terms and conditions. "Crossrider may cooperate with public or private authorities at its sole discretion as provided by law," the document read. "(The company) may process and use personal data collected in the setup and delivery of service (connection data). This includes Customer identification and data regarding time and volume of use." Asked about the terms and conditions in August of 2019, a CyberGhost spokesperson told CNET it would look into it but was unclear at the time on why Crossrider's name appeared in them. More concerning than UK-based Crossrider's previous access to user data, however, is that CyberGhost's current terms and conditions (Web Archive version here) don't appear to disclose that the company is still owned by the same (renamed) company, Kape Technologies. CyberGhost's privacy policy does say that CyberGhost can share your data with its unnamed parent company. "We may disclose your Personal Data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes set out in this Policy," the document says. Furthermore, CyberGhost's current terms of service hold that any potential customer disputes will be handled in the UK. "In case of disputes arising from the terms of this Agreement, the Parties hereby irrevocably submit to the exclusive jurisdiction of London, UK," it says. The same clause is found in ZenMate's terms of service, which also fails to openly name Kape. In an email, I asked CyberGhost why neither its privacy policy nor terms of service list UK-based Kape Technologies as the parent company (or ZenMate and Private Internet Access as its sibling companies) with which it reserves the right to share user information. When I asked whether CyberGhost is willing to update its terms and privacy policy in the interest of better disclosure and transparency, the spokesperson for the company said it would. "Our parent company and sisters are public information, so users can easily become aware of the entities that may have access to their data. Notably, as far as our US entities are concerned, we do not share EU user data with them," a CyberGhost spokesperson told me. "We will clarify this in our next policy update." CyberGhost also said that user information is not shared with Private Internet Access or any party outside the EU "other than as disclosed in the Privacy Policy" and that the clause in the company's privacy policy that allows CyberGhost to disclose your personal data to its sibling companies "covers situations of employees working on cross-group projects." I also asked why someone should bother choosing a VPN in Romanian jurisdiction outside of Five Eyes if potential legal disputes would be settled in UK courts, and their information may be shared with a UK-based parent company along with its German and US-based sibling companies. "The choice of jurisdiction applies between the company and the user. When it comes to authorities' requests, we are a Romanian company, and as per Romanian law and our no-logs policy, we do not provide any information about our users," the company replied. "English law was intentionally selected to protect both the users and our company because it is less invasive. For example, Romanian or German law impose statutory requirements additional or different from what the parties agree. Under English law, the priority is given to the terms agreed between the parties. Both parties know exactly what to expect, and there are no surprises. What's more, English law fully embraces GDPR, and therefore data protection is tantamount to that of all EU states." Bottom line: Even a cautious interpretation of these clauses suggests that, although CyberGhost's business jurisdiction is in Romania, CyberGhost could share your data with not only its UK-based parent company, but with its US-based sibling company. More transparency needed Ideally, the VPN you choose should also have undergone -- and published the results of -- an independent third-party audit of its operations, including its use of activity logs. While CyberGhost was given a surface-level comparison to its peers by AV-Test in 2019 (which received average marks), it doesn't appear to have undergone any independent audits since 2012. CyberGhost told CNET in 2019 that it plans to have its data privacy practices audited by an outside organization "in the future," but it didn't provide a timeline. CyberGhost does publish its own yearly transparency report, which includes information on any subpoena requests it receives so people can more readily see whether the service has been subject to inquiries from law enforcement agencies. The company also provides quarterly updates on its site. But customers shouldn't have to rely on a company's own self-evaluation in matters of privacy and data-sharing. It's not enough. I want audits -- not only of CyberGhost, but of any entity or business to which CyberGhost can potentially send my information. I'm talking about more than a gesture of transparency. I'm talking about real evaluations of the uncertain data collection policies that dog both CyberGhost and its sibling companies. These are even more important given CyberGhost's history of being called to the carpet for potentially dangerous data collection when it was discovered that certain user hardware details were being logged. I want to see the Ghosties proven right. But first, we all need more transparency and we all need answers about Kape before I can recommend its products. First published on Aug. 12, 2020 at 7:00 a.m. PT. Source: CNET
  6. One of the biggest reasons to use a VPN is about to disappear Valve will no longer allow users to buy games at a cheaper price by using a VPN (Image credit: Casimiro PT / Shutterstock.com) In addition to protecting your privacy and blocking unwanted tracking online, one of the best reasons to use a VPN is to receive discounts you normally wouldn't. By using a VPN while shopping online, you can save thousands when purchasing airline tickets and other items by changing your IP address to one in a different country. This is because airlines use local pricing, so a ticket in one country may be much cheaper than a ticket for the same flight in a different country. However, some users have abused this trick to purchase games from a different country which has led the PC gaming giant Valve to update the account settings in its digital game store Steam. Steam also uses local pricing so buying a new PC game from Costa Rica for instance might cost $40 or $50 while purchasing the same game in the US would cost $60. In a recent post on Twitter, SteamDB explained how Valve's new changes will prevent users from buying games while connected to a VPN server outside their home country, saying; “Valve has recently made changing your store country more strict, which requires completing a purchase using a payment method from that country. This should hinder the ability of using VPNs to buy games cheaper.” Steam VPN crackdown Going forward, Steam will now monitor which country is specified in a user's account settings and only show prices in that country's currency. If a user moves to a new country or stays abroad for an extended period of time, they can only change their country setting after completing a purchase using a payment method from their new location. While this will certainly prevent users from pulling one over on Valve, it could potentially make life difficult for expats living abroad as obtaining a local bank account can sometimes be difficult. In a support document on its website, Valve explains that using a VPN to disguise your location is against its ToS and could lead to restrictions being placed on your Steam account: “No, using a proxy or VPN to disguise your location is strictly against the Steam Terms of Service and may result in restrictions on your Steam account. If you attempt to redeem a region restricted game and your location is inconsistent with your past Steam activity, a warning will appear.” While you won't be able to use a VPN while shopping on Steam anymore, PC gamers can still benefit from the added security, ability to bypass geo-restrictions and other benefits that these services provide. If you don't have a VPN yet, we recommend checking out our complete list of the best gaming VPNs to find one that suits your needs. Via GameIndustry.biz One of the biggest reasons to use a VPN is about to disappear
  7. We test Mozilla’s new Wireguard-based $5/mo VPN service Mozilla's VPN is available now for Windows, Android, and iOS. Enlarge / Mozilla's new Wireguard-based service offers a very simple, attractive, and cleanly functional VPN user interface. Jim Salter 35 with 29 posters participating, including story author Mozilla, the open source company best known for the Firefox Web browser, made its VPN service generally available in the United States this month. The cross-platform VPN is based on Wireguard and delivered in partnership with well-known and especially techie-friendly VPN provider Mullvad. Mullvad itself was, to the best of our knowledge, the first publicly available VPN provider to offer Wireguard support back in 2017. The Mozilla VPN service costs $4.95 per month and offers server endpoints in 30-plus countries. It currently has VPN clients available for Windows 10, Android, and iOS—but users of other operating systems, such as MacOS and Linux, are going to have to wait. Mozilla says that support for MacOS and Linux is coming soon—but unfortunately, even if you're an advanced user who understands Wireguard configs, you can't just roll your own connection now. The service authenticates via Firefox cloud account. When you sign up for a Mozilla VPN subscription, you'll be asked to create a Firefox account if you don't already have one. The Firefox account is an SSO (Single Sign On) service which uses oauth2, much like a Google account—but it's not tied to a Google account, so even if you sign up using a Gmail address tied to an Android device, that device won't be automatically logged in. Aside from the Firefox-based oauth2 integration, Mozilla's VPN appears to effectively be a Mullvad VPN, with a different client application and different billing entity. It is a bit less expensive through Mozilla, though—Mullvad costs €5 per month. This makes Mozilla's offering about $0.80 per month cheaper, at current exchange rates. Before we go any further, we need to make something clear—we've repeatedly said that Ars Technica, as editorial policy, does not and cannot specifically recommend any public VPN service provider. While Mozilla does put its own stamp of approval on Mullvad's policies, we have neither sufficient access nor resources to audit those claims ourselves. Readers will need to decide for themselves whether Mozilla's endorsement and partnership constitutes sufficient assurances for their own level of privacy and security needs. Readers who want a publicly available VPN service and a somewhat higher level of potential privacy might consider bypassing Mozilla and going directly to Mullvad. The Mozilla VPN service must be tied to a working email address and paid for with a credit card. By contrast, Mullvad accounts have no identifying information besides the account number itself, and they can be paid for with bitcoin—or even literal cash in a mailed-in envelope. We don't have any better way to guarantee Mullvad's internal policies and handling than Mozilla's, of course—but never collecting a user's real-world information in the first place is a pretty solid start on the privacy game. Testing Mozilla VPN—Android (Google Pixel 2XL) On Android devices, the Mozilla VPN client is available directly from the Play store. It's a fairly small download (20MiB) and quick install. Once installed, bringing up the application directs the user to log in with a Firefox single sign-on account; assuming that account also has a paid subscription to the Mozilla VPN service, you're ready to go immediately—no additional configuration is necessary. The application itself is about as simple as it could possibly be. By default on first login, a fairly nearby VPN endpoint is automatically selected by geolocation; the VPN itself is off until toggled on using a small slider. After toggling the slider on, the VPN itself connects in two seconds or less... and that's it. By default, all traffic from the phone is routed through the Mozilla VPN. Diving into the Settings tab reveals a little more functionality. You can manage your Mozilla VPN account, change your VPN endpoint, or opt to pass individual apps on your phone or tablet directly through to the raw network connection. The Mozilla VPN account management just opens a webpage in your default browser; logging in with your Firefox SSO once more gives you access to your payment and profile information. Selecting a VPN endpoint lets you first choose an endpoint country, and then you choose from one or more city locations in that country. The nice thing here is that changing your endpoint automatically breaks and reconnects your VPN connection as well—there aren't any additional clicks necessary. Finally, the "Protect specific apps" setting does just what you'd expect, providing you with two lists—protected apps (those routed through the VPN) and unprotected apps (given direct network access). You don't see these lists at all unless you toggle the slider on; once you do, all apps by default are protected. If you prefer your defaults the other way around, you get a button to "unprotect all apps" as well as individual checkboxes for the apps themselves. So getting things just the way you like them is easy. There is no option to pass LAN traffic directly through—so if you use apps that depend on local traffic, you'll unfortunately need to pass those entire apps through. Testing Mozilla VPN—Windows 10 (build 2004) If you read through the Android section above, you know just about everything you need to know about the Windows client as well. The interfaces are almost pixel for pixel identical, although you can resize the Windows client, since it's running on a full multiple-window desktop interface. The one real difference we found between Android and Windows is the ability to pass local network traffic directly to the local network, bypassing the VPN. This allows connections to devices such as printers, local file servers, Plex media servers, and so forth to continue unmolested. It would be nice if Android offered the same option—one of the biggest complaints we saw in user reviews on the Play store was from people frustrated that enabling the VPN on their phones broke exactly those sort of connections. On the other hand, the Windows client is missing the ability to route individual apps' traffic through the VPN or directly to the local interface. You win some, you lose some. Performance testing with Mozilla VPN The TL;DR here is simple—Mozilla VPN's performance is perfectly fine. We found very little difference between a raw, direct connection and one routed through a relatively nearby Mozilla/Mullvad endpoint, whether testing using a Pixel 2XL phone connected over Wi-Fi, or a Windows 10 build 2004 VM connected via Ethernet. The nearest endpoint to our test location is in Atlanta, Georgia—where we also maintain a self-hosted Wireguard instance. Our self-hosted Wireguard instance in Atlanta was not meaningfully faster or slower than Mozilla's in the same city. We saw slightly better latency to our self-hosted endpoint (accessed via the vanilla Wireguard client on each platform) and slightly better throughput to the Mozilla endpoint. The farther away your endpoint, the more difference you'll see in both latency and throughput. Routing from the US East Coast through London added about 80ms latency and lost about 15-20 percent of the possible throughput, on either Android/Wi-Fi or Windows/Ethernet. Conclusions Did we mention that we cannot specifically recommend any commercial VPN provider? Well, we're not going to stop mentioning it. Although Mozilla has earned many people's trust for its own advocacy for Internet privacy through both policy and code, we cannot verify how either it or its partner Mullvad actually handle its internal networks. With that said, the stated policies of both Mozilla and Mullvad are on point, the Mozilla-provided Android and Windows clients are easy and intuitive to use, and the network performance was very good indeed. If you're in the market for a commercial VPN provider and you like Mozilla, this service is well worth a look. We test Mozilla’s new Wireguard-based $5/mo VPN service
  8. Mozilla VPN launches in some countries officially Mozilla announced the launch of the organization's VPN service, called Mozilla VPN, yesterday on the official blog. Rumors that the official launch was imminent surfaced in June 2020. The service is available in the United States, Canada, the United Kingdom, Singapore, Malaysia and New Zealand, and available for $4.99 per month. Mozilla plans to expand to other -- unmentioned -- countries later this year. A waitlist is provided for users interested in the VPN that cannot join because of country restrictions- The VPN is available for Windows, Android and iOS devices currently, but Mozilla promises that Linux and Mac clients are under development and will become available eventually as well. The network provides access to more than 280 servers in more than 30 countries currently, and does not impose restrictions on bandwidth. Mozilla promises that network activity is not logged, and that it has not partnered with third-party analytics platforms. The VPN solution may be used on up to five devices. The client uses the cutting edge WireGuard protocol which has a slim code base, is open source, focuses on modern cryptographic techniques, and promises very high speeds when compared to classic VPN protocols. The VPN network is provided by Mozilla's partner Mullvad, a privacy-focused VPN offered by the Swedish company Mullvad VPN AB. Mozilla unveiled the VPN solution in 2019, then under the name Firefox Private Network VPN to beta testers from the United States. The organization changed the name because it wants to reach a wider audience with the service and not just Firefox users, and also to better distinguish the device-wide VPN solution from the Firefox Private Network browser extension which adds a VPN-proxy to the Firefox web browser. Mozilla VPN is one of the main attempts by Mozilla to diversify the organization's income. Most revenue comes from search partner deals in the Firefox web browser, and one of Firefox's main competitors, Google with its Chrome browser, provides most of the income currently. Mozilla started several projects in the recent past, some of them paid, to diversify the income. Firefox VPN is probably the most promising product at the time of writing as it fits well into Mozilla's privacy-focused image. Details about the agreement between Mozilla and Mullvad are not available, and it is unclear how much of the $4.99 per month is ending up in Mozilla's pockets. Mozilla VPN launches in some countries officially
  9. Many VPN services advertise themselves as ideal tools to offer security, privacy, and anonymity. To ensure the latter, they often have no-logging policies to prevent individual users from being exposed. However, this is not necessarily true for the small group that use dedicated or static IP-addresses. Millions of Internet users around the world use a VPN to protect their privacy online. Another key benefit is that VPNs hide users’ true IP-address, making them more anonymous. This prevents third-party monitoring outfits from unwanted snooping. Every year we ask VPN providers about their logging policies to confirm that they can’t connect a VPN IP-address to a specific user. In the past, we have seen that this is not always the case. Today, most of the top providers pride themselves on their “no logging” policies. They go to extreme lengths to ensure that anonymity is taken seriously, and some have hired third-party auditors to back up this claim. While we have no reason to doubt these results, not all VPN subscriptions are perfectly anonymous. Even companies with no-log policies can keep records that can link VPN IP-addresses to user accounts. That is, when they also offer dedicated IP-addresses, which are different from regular VPN connections. The Drawback of Decidated VPN IP-Addresses With a dedicated IP-address, which is often sold as an add-on, users get a unique IP-address as opposed to a shared one. This can be very convenient as it reduces annoying captchas and can bypass regular VPN blacklists. However, it comes at an anonymity cost. By connecting through a single IP-address, monitoring outfits can build up a profile of the user’s online activity. The real anonymity tradeoff, however, is that the VPN provider knows the user’s IP-address and can connect it to other account information it has on record. This sometimes includes an email address. This may not be a concern for most people, but it’s certainly something to keep in mind for the small subset of subscribers that use a dedicated VPN IP-address. VPN Providers Confirm Anonymity Tradeoff Broadly speaking, we would say that the “no logs” policies of VPN providers don’t apply to dedicated IPs. That conclusion is backed up by several VPN providers we reached out to, which include VPNArea, NordVPN, CyberGhost, and Torguard. These providers all have a no-logging policy for their regular VPN service, which relies on shared IP-addresses. However, they see dedicated IP-addresses as a separate and different service, which is treated differently anonymity-wise. TorGuard stresses that there are different use cases for these two options and while both are private, dedicated IP-addresses are less anonymous. “When a TorGuard user buys a dedicated IP add-on we need to know that IP address in order to assign it to the right user. If that user paid us with a credit card we will have only a billing name and postal code to bill the user for services. If that same user pays us with cryptocurrency, we hold nothing but an email address and cryptocurrency transaction ID,” Torguard notes. NordVPN says that people often choose dedicated IP-addresses to have static IPs, that could be used only by the owner to access their remote systems. These users are the only ones that have access to it, but the IP-address is linked to their account. “In order to provide such service, we link a specific IP to the account, there are disclaimers within our FAQ section and Help Centre articles, stating the same,” NordVPN clarifies. VPNArea can also match a dedicated IP-address to an account holder. This includes past users until they ask for it to be removed, or once their IP-address has been put in circulation again. “We can match a dedicated IP to its current or past owner and we can match a timestamp of ownership by its owner, unless the owner requested their account data be deleted under GDPR,” VPNArea informs us. The anonymity tradeoff also applies to Trust.zone also confirmed that dedicated IP-addresses are static and can be connected to user accounts until the subscription expires. And the same is likely true for most, if not all of the other VPNs we didn’t reach out to. CyberGhost, for example, had a similar setup. The company stands behind their no-logging approach on regular VPN connections, but up until a few weeks ago, it could connect dedicated IP-addresses to specific accounts. “This is a potential tradeoff when it comes to dedicated IPs. In our marketing materials, we made sure to highlight this is an add-on, and it’s not meant to replace our core VPN functionality,” CyberGhost notes. Transparency is Key These answers shouldn’t come as a surprise to the technically-minded. However, for others, who don’t read the fine print, it may be a wake-up call. After we reached out, CyberGhost informed us that it is planning to overhaul its dedicated IP-address system to remove the association with the user account. The company plans to have this ready in August and will share more details then. While that change will be welcomed by some, it’s not a problem if dedicated IP-address users are logged, as long as these users are aware of it. Not everyone uses a VPN for anonymity, but those who do should be aware of any potential risks. Since VPNs have become associated with anonymity, disclosing these risks is essential. We welcome the transparency and clarifications from the VPN providers. That’s key when it comes to trust. And users should always remain critical as well. Just this week, Comparitech showed that a breach at UFO VPN put doubt on the provider’s logging claims. Disclaimer: NordVPN is a TorrentFreak sponsor but this article was written independently, as all our articles are. Source
  10. Should I leave my iPhone VPN app on at all times? Yes and no - let us explain (Image credit: nikkimeel / Shutterstock.com) Having a VPN on your iPhone is a great way to ensure your device is more secure when using public networks, keeping your identity hidden and your private data private. Additionally, VPNs give you more choice over the websites and content you can access online - despite where you happen to be in the world. But one question that comes up a lot is whether, once installed, you should leave your iPhone VPN app on at all times. VPN apps make your iPhone more secure There are many reasons why it’s a good idea to use a VPN app on your iPhone - especially when it comes to security. If you regularly use public Wi-Fi networks, some aren’t encrypted and could allow hackers to access your personal data. By having your VPN active in the background, it will encrypt your data and make sure it’s always protected while you use public networks. While iPhones are generally regarded as secure, that’s not to say they’ll always protect your privacy. In fact, research has shown that many iOS developers ignore Apple’s strict security roles and don’t add end-to-end encryption to their apps, while Apple has been known to give developers access to user data. VPNs add end-to-end encryption, so turning them off would make your iPhone more vulnerable. What else do iPhone VPN apps do? We spend a lot of our time online, from searching the web to chatting on social media. But what you may not realise is that as you travel the web, your internet service provider can track everything - and even sell your data to advertisers. An active mobile VPN will encrypt your internet traffic and IP address around the clock, meaning you don’t have to worry about privacy issues. If you use a VPN service to access content that isn’t available in your region, we’d recommend keeping it turned on. Once you deactivate it, the content provider will be able to see that you’ve changed IP addresses and know you’ve been using a VPN service. As a result, they could ban you from accessing their platform as it's often a direct breach of their terms of service. (Image credit: OpturaDesign / Shutterstock.com) People use their iPhones for making transactions online daily, whether it’s ordering the weekly food shop, buying a new pair of trainers on eBay or doing online banking. If that’s the case, you should definitely use a VPN and keep it turned on. It'll encrypt personal information such as credit card details and clamp down on fraud - those encrypted tunnels they utilise are perfect for keeping your private data out of the hands of hackers. Another reason to leave your VPN on is that it can stop bandwidth throttling. This is when internet service providers intentionally slow down your internet connection to control online traffic. However, by using a VPN and ensuring it’s always active, your ISP won’t be able to see your IP address and throttle it. But leaving it on all the time? However, you’ll need to make a few compromises when constantly using a VPN. First of all, there’s often a problem with speed. Because VPNs reroute your internet traffic to another server, this can result in time delays. So if you intend on gaming, downloading a long film or transferring large files, it’s probably best to turn your VPN off - as long as you're on a secured source of Wi-Fi, of course. Keeping your VPN switched on may also affect battery life, especially if you spend a lot of time surfing the web, streaming and playing games on your iPhone. It’ll constantly be working in the background, which means you’ll likely see your battery percentage drop throughout the day. For any iPhone user who spends a lot of time on their device, leaving a VPN app on at all times makes a lot of sense. It’ll allow you to protect your personal data and ensure hackers can’t compromise your device around the clock while allowing you to do even more with your iPhone VPN. But just be wary that this may affect battery life and overall internet speed. Should I leave my iPhone VPN app on at all times?
  11. Every week bemused BitTorrent users post online wondering why they have received copyright notices from their ISPs or, worse still, notification of a pending lawsuit. The obvious reason is that they downloaded some pirated content but there are several more, mostly the result of belief in urban myths or misunderstandings of how BitTorrent works. Once upon a time, most BitTorrent users could download whatever they liked with relative impunity. Movies, TV shows, music, games and software could mostly be obtained trouble-free but more than 15 years on, the game has changed significantly. Copyright holders and their anti-piracy partners are highly-organized and Internet service providers in some countries, notably the United States, are keener than ever to forward complaints to lessen their own liability. Yet despite the thousands of articles that have been written on the topic of DMCA notices, ISP account suspensions, and even lawsuits, BitTorrent users still hit the web every week to complain that even in the face of all of their efforts, they are now facing varying degrees of legal trouble. Here are the top reasons, misconceptions, and urban myths that lead to people getting into a fix. Download and Sharing Copyrighted Content Sherlock Holmes shouldn’t be needed to highlight why people who download and share pirated content can get themselves into legal hot water. In most countries that care to enforce copyright, the duplication and distribution of pirated content is illegal and punishable under law, whether in civil or in extreme cases, criminal procedures. Sharing any kind of copyrighted content without the protection offered by a VPN or similar tool, for example, always carries an element of risk. For instance, people think that by downloading older content, such as decades-old films or less popular material, they can completely avoid being tracked by copyright holders. That is not the case. In summary, the only cast-iron guaranteed way to avoid being sent an infringement notice or potentially being subjected to a lawsuit is not to share any copyrighted content at all. Some people may argue that their country doesn’t care about such matters and to those there is a simple response: Maybe today they don’t. Can People Avoid Getting a Notice By Not Seeding or Not Uploading? In a word – NO. Most copyright holders and anti-piracy companies could care less whether BitTorrent users downloaded or uploaded part of a film or all of it. There might be implications in a copyright lawsuit if someone was observed seeding a torrent for a very long time but simply being part of a sharing swarm is enough for anyone to get a copyright infringement notice and/or a ‘strike’ from their ISP in the United States. Equally, there is a persistent belief among some that people who set their upload speed to zero won’t get a copyright notice or even find themselves on the end of a lawsuit. That is completely false. While some are more thorough, there are plenty of companies that will detect a BitTorrent user’s IP address in a swarm (this information is public) and then accuse them of copyright infringement just for being there. This also applies to people who may have gotten halfway through downloading a movie, for example, and then backed out. Many notice senders and copyright trolls do not care how much people downloaded or whether they backed out or not. Some people also claim that since they didn’t upload anything the copyright holder has a weaker case but these are not matters that the ISP notification system cares about. Those targeted may also believe that they could stand up in court and argue that they didn’t distribute anything but, at this point, the defense process will have already cost plenty of time and money. In short and broadly speaking, if a case ends up in court any ordinary Joe who values their time and money has already lost. People do win cases but instances are few and far between. But I Subscribe to a VPN and Still Got a Notice. Why? Using a VPN is all well and good when the user understands how they work, sets them up properly, and remains cautious about their limitations. However, in some cases all of these conditions are overlooked, which can again lead to ISP notifications and even lawsuits. All good VPN providers will supply accurate instructions on how to get their tools up and running but one of the most common blunders is to misunderstand the capabilities of the main products they supply. While those who obtain and correctly set up a good whole-system VPN should have few problems, there are plenty of cases reported online where people wrongly believed that using a browser-based VPN would protect their BitTorrent transfers. While it is common for some BitTorrent clients/systems to have web interfaces these days, the transfers themselves do not take place through a browser. They use an entirely different process that must be protected in its own right or globally on the host system. In short, no browser plug-in will anonymize downloading and/or uploading with BitTorrent. I had my VPN Set Up Correctly System-Wide and Still Got a Notice. Why? Like anything on a computer, VPNs aren’t completely fool-proof unless additional precautions are taken. For any number of reasons a VPN connection can temporarily fail, including but not limited to the underlying Internet connection itself dropping and causing a reconnection. For this reason, some VPN providers provide a ‘kill switch’ function, which prevents Internet connectivity when a problem occurs. If this is not enabled, users can find their real IP addresses exposed to a BitTorrent swarm and people trying to monitor them. Another basic failure is more simply prevented. Some people configure their torrent client to start when their machine boots up. If for any reason their VPN is not activated before this happens, their IP addresses will be exposed in public. While there are a number of possible workarounds, a simple option is to disable the torrent client’s autostart feature and only launch the software once a VPN connection is established. Finally, not all VPN providers are no-log services so by choosing the wrong supplier, anonymity can be undermined. I Enabled the Encryption Option in My Torrent Client and Still Got a Notice, Why? Most major torrent clients do indeed have an encryption option hidden away in their settings and there’s no shortage of reports online from people who have still received a notice after enabling this option. The reason is that this encryption is only aimed at hindering ISPs from identifying BitTorrent traffic so they have more difficulty slowing it down. Client encryption offers no protection whatsoever on the anonymity front and those using it will still have their IP addresses exposed. Conclusion There are many people out there who claim to have used torrents for years, downloaded and shared terabytes of data, yet have never received a complaint or been on the sharp end of a lawsuit. Just as many people drive around above the speed limit most days of their lives without getting a ticket, that is entirely possible. However, in common with speeding drivers, those who take extra risks or don’t exercise caution are putting themselves in danger of falling foul of those who would like to punish them. As a result, always staying below the limit or never sharing any copyrighted material online are the only guaranteed solutions for not getting a fine or, if people are lucky, getting off with a warning. Everything else requires work, additional tools, and/or the acceptance of risk and the attached consequences. Source
  12. Watch out - this VPN might be trying to steal your money Hackers use fake VPn messages to target remote workers (Image credit: Shutterstock / Ico Maker) Office 365 customers are being targeted by a phishing campaign that uses fake VPN update messages to steal login details. Security experts have flagged that the campaign looks to impersonate legitimate messages telling remote workers that they need to update their VPN configuration while working from home. The phishing emails used in the campaign are made to look as if they come from an organization's IT support department in an effort to lure employees into opening them. According to the email security firm Abnormal Security, so far 15,000 targets have received these convincing phishing emails. VPN usage has soared with more employees working from home than ever before as a result of the pandemic which is why this and other recent phishing campaigns have been so effective. Employees rely on VPNs as a means to connect to their company servers and access sensitive data while working remotely. Office 365 credentials The attackers behind this campaign have gone to great lengths to make not only their phishing emails but also their phishing landing pages more convincing. For starters, the attackers are spoofing the sender email address in their phishing emails to match the domain of targets' organizations. The VPN configs sent in these emails actually take users to a phishing landing page that accurately impersonates Microsoft's Office 365 login page. This fake login page is also hosted on a domain owned by Microsoft. By abusing the Azure Blob Storage platform, the attackers have made it so their landing page has a valid Microsoft certificate that displays the secure padlock since they are using a web.core.windows.net wildcard SSL certificate. Most users would see that the certificate was issued by Microsoft and not even think twice about entering their Office 365 credentials. In a blog post, Abnormal Security warned that this campaign is widespread and that numerous versions of this attack have been spotted in the wild, saying: “Numerous versions of this attack have been seen across different clients, from different sender emails and originating from different IP addresses. However, the same payload link was employed by all of these attacks, implying that these were sent by a single attacker that controls the phishing website.” To avoid falling victim this campaign, users should only enter their Office 365 credentials on official login pages hosted by Microsoft on its microsoft.com, live.com or outlook.com domains. Watch out - this VPN might be trying to steal your money
  13. 5 handy things iPhone VPN apps can do Avoid those geo-blocks, save cash and much more besides (Image credit: Future) You’ve no doubt heard of virtual private networks (VPNs), but may not know what they actually are and how handy they can be - especially where your iPhone is concerned. Whether it’s curbing location blocks to watch the latest Netflix shows not available in your part of the world, getting access to better deals or simply improving your smartphone's security, here are just a sample of the useful things you can do with iPhone VPN apps. 1. Get around geo-blocks One of the best things about VPNs is that they allow you to work around geo-restrictions. So if you want to watch a Netflix show or access a website and find out it’s not available in your region, VPNs can help give you full access. They work by 'spoofing' your IP address so that the content provider effectively thinks you're somewhere else in the world altogether. So if you know there's a show on US Netflix you want to binge on, but you're north of the border or in another country altogether that doesn't have it in their catalogue, turning on your Netflix VPN will convince your iPhone that it's back in the US - letting you watch as if you were back on your sofa. The same goes for Amazon Prime, BBC iPlayer and pretty much every other streaming service you can think of. What’s more, having a VPN on your iPhone will also enable you to curb geo-blocks if you visit a country like China or Russia that has strict censorship laws. In many parts of the world, popular websites and apps (such as Facebook and YouTube) are blocked and can’t be accessed unless you’re able to conceal your IP address. ExpressVPN, in particular, boasts custom traffic obfuscation to improve connectivity in these countries - so no surprise that it tops our charts for the best China VPN. 2. Secure public Wi-Fi Many of us use public Wi-Fi networks, although what you may not realise is that they’re often insecure and can potentially allow hackers to compromise your device. But VPNs will encrypt your internet data, mitigating threats from cyber criminals. Lots of mobile VPN apps, including those from NordVPN and IPVanish, actually come with auto-connect features that automatically kick in when they find an untrusted connection. While Apple’s iPhones have typically been praised for being secure, that doesn’t mean they’re safe from all threats and the App Store isn't immune from being struck with apps riddled with malware. Downloading a VPN app on your iPhone will give you another layer of protection. 3. Improve your download speeds While some VPNs have been criticized for slowing down your connection, those with fast servers can actually improve the performance of your device - we've seen it with our own eyes during our testing. In fact, when we tested the IPVanish app for iPhone, we saw improved download speeds of 15% over long distances! For shorter distances, results were faster again. A lot of VPNs also offer the ability to stop bandwidth throttling (when your ISP purposely slows down your connection), giving you a smooth browsing experience. 4. Get an improved gaming experience If you use your iPhone for playing games, then downloading a VPN app is a good shout. The best gaming VPNs can ensure a smooth gaming experience by automatically connecting to faster servers, provide access to games wherever you are in the world, ensure that DDoS attacks don’t knock you offline when you’re in the middle of a game, get around geo-restrictions that may affect multiplayer games and encrypt your data. And remember, if you're a big gamer on desktop as well, most VPN providers allow you to use your subscription on five devices or more. While Surfshark goes even further by letting you use one account for unlimited gadgets. 5. Get things cheaper Ever been frustrated to find out that a really attractive deal isn’t available in your country - maybe it's cheaper to purchase software, a game or even holidays in other regions. As VPN apps enable you to alter your location, you can often save money when shopping for online goods, flight tickets and hotels and get the best deals possible. These apps effectively give you more choice. It’s easy to think of VPNs as something only relevant to tech geeks. However, the reality is that they’re incredibly useful for anyone using connected devices. If you’re an iPhone user who wants to ensure maximum security and be in control of what you can assess online, then an iPhone VPN is the way to go. 5 handy things iPhone VPN apps can do
  14. cateyedd

    VPN Giveaway (SEED4ME VPN) 1.5 Year

    VPN Giveaway (SEED4ME VPN) 1.5 Year The Internet without borders, Protect your privacy, hide your IP, unblock websites It can be used on Windows, MacOS, iPhone/iPad, Android or anywhere using manual Setup How to avail this Offer? This Trick is only for new Members ! Go to - Seed4.Me website and enter your Email ID (Need to be Confirmed Later), type Password. In 'Have a Coupon Code ?' Enter:- STAYHOME It will show 'Get 6 months access for free' Click on I've read and accept T&C and then click 'Register'. After Registering, Confirm your email to successfully activate Half Year of Premium Subscription. PART ONE IS ONE SUCCESSFULLY !! NOW MOVE TO PART 2 Go to Here - *LINK REMOVED* Click on the Yellow Download Seed4me VPN Now. Follow the Steps till the end and you will get an unique Voucher Code, Save it ! Final Step: - Go now to your account on seed4me, click on the left side "Extend Access" Scroll down to Voucher or prepaid card and Click on it. - Enter your unique Voucher Code there. You will be instantly notified below '+1 Year access' if your code is valid. Click on Redeem Voucher or Prepaid card. Do not close the Browser - You will be redirected and will be notified that the Payment was successful. - You will also receive an email confirming the receipt of the payment. Congratulations, Now You have Legal License of VPN for 1.5 Year without paying anything and It is Legally obtained License. You can use the same License in Multiple Devices. HURRY UP YOU HAVE 5 DAYS ONLY
  15. virendra


    For those trying to get new seedvpn accounts,you will get 1.5 years if you have already an account by seed4me, then you will get only 1 year for free ! 1 - Go https://seed4.me/users/register and enter your email id (need to be confirmed later), type-in a password. 2 - In 'Have a coupon Code ?' , enter : STAYHOME . It will show 'Get 6 months access for free' 3 - Click on I've read and accept T&c and then click 'Register'. 4 - After registering, confirm your email to successfully activate half year of premium subscription. Part one is done, let's get now to part 2 : Go to (Sharewareonsale) and click on the yellow Download Seed4me VPN Now. Follow the steps till the end and you will get an unique Voucher code, save it ! Final step: - Go now to your account on seed4me ,click on left side "Extend Access" Scroll down to Voucher or prepaid card and click on it. - Enter your unique Voucher code there. You will be instantly notified below '+1 Year access' if your code is valid. Click on Redeem voucher or prepaid card. Do not close the browser - You will be redirected and will be notified that the payment was successful. - You will also receive an email confirming the receipt of the payment. Congratulations, You now have a fully licensed Seed4.Me Professional subscription for 1.5 years worth more than $59. PS: This offer ends in couple of Days ! So be fast and grab it ! VTSCAN https://www.virustotal.com/gui/url/...5c11e9fb7acfff6885a464200f04e2c59a9/detection
  16. Psiphon Pro gives you unprecedented access to your favourite news broadcast or social media platforms. By its nature, Psiphon Pro also protects you when accessing WiFi hotspots by creating a secure, private tunnel between you and the Internet. Psiphon Pro is the best VPN tool for accessing everything on the Internet. Features: • Global network featuring thousands of servers and diverse entry points, keeping you connected at all times • No registration required, just download and connect for free • Wider selection of protocols than a VPN, offering unparalleled access to everything on the Internet through our global Psiphon server network You can pay a subscription fee through Google Play to remove ads and enjoy a further optimized use of Psiphon Pro, the best VPN out there. What's New: No Changelog. Mod Info: Subscription unlocked Unlimited speed bandwidth; Optimized graphics and cleaned resources; Removed unwanted Permissions + Receivers and Services; PsiCash Tab removed; Forced open browser after established connection disabled; Changed main bar to dark color; No advertisements Google Play Info: https://play.google.com/store/apps/details?id=com.psiphon3.subscription Download: Site: https://www.mirrored.to Sharecode: /files/8LB8V1VS/Psiphon_Pro_v272_Build_272_Mod.apk_links
  17. The VPN industry has exploded over the past few years. Fuelled by a greater awareness of online security, a desire to watch geo-restricted content, and yes, piracy, more people are hiding their online identities than ever. But did you know that many VPN providers are owned by the same few companies? A report from The Best VPN, shared exclusively with TNW, looks at five companies in particular — Avast, AnchorFree, StackPath, Gaditek and Kape Technologies. It found that over the past few years, these companies have acquired a total of 19 smaller players in the VPN space, including HideMyAss and CyberGhost VPN. AnchorFree The company with the most brands under its belt is AnchorFree. That’s not surprising since it’s the only firm on our list founded primarily to serve the VPN market. While the other three companies on the list own well-known and established VPN products, they also have a lot of other interests, particularly when it comes to information security services and products. The Best VPN was able to draw links between AnchorFree and seven smaller VPN brands. These include Hotspot Shield, Betternet, TouchVPN, VPN in Touch, Hexatech, VPN 360, and JustVPN. The report notes that AnchorFree isn’t consistently transparent when it comes to telling consumers what brands it owns. While some products carry the AnchorFree logo clearly (like Hotspot Shield), others require you to dig deep into the site’s terms-and-condition to find out who owns what StackPath The next company on the list is StackPath. The Best VPN describes it as a “huge cyber-security company,” and that’s accurate. The firm has raised over $180 million, with revenues of more than $157 million in 2017. Driving this success is a Batman’s utility-belt’s worth of sub-brands and products. These include several VPN brands (like IPVanish, StrongVPN, Encrypt.me), as well as CDN, cloud computing, and information security products. StackPath also provides the infrastructure required to launch a VPN service to other brands, thanks to its WLVPN service. This powers Pornhub’s VPN offering (predictably called VPNHub), as well as Namecheap VPN. Avast Avast is a Czech cybersecurity firm best known for its free antivirus software. Over the years, the company has quietly carved itself out a respectable position within the competitive VPN market. It owns three brands: HideMyAss, Avast Secureline VPN, AVG Secure VPN, and Zen VPN. It’s interesting to note that Avast got its hands on two of these products — namely HideMyAss and AVG Secure VPN — through its $1.3 billion acquisition of AVG Software in 2016. Kape and Gaditek With only two VPN brands apiece, Kape and Gaditek are the smallest companies on this list, but they couldn’t be any more different. Kape is primarily an investment vehicle focusing on the tech sector, and is listed on the London Stock Exchange. Gaditek, on the other hand, is a sprightly Pakistani startup based in the bustling city of Karachi. The jewel in Kape’s crown is Romania’s CyberGhost VPN, which it acquired for €9.2 million (roughly $9.7 million) in March, 2017. The following year, it bought another top-tier VPN provider, ZenMate. ZenMate claims more than 40 million users. Gaditek, on the other hand, focuses on the budget end of the market. It owns PureVPN and Ivacy, both of which offer ultra-affordable plans. Does this matter? There’s nothing wrong, or even especially inappropriate, about a larger player acquiring smaller rivals. Just look at Google, a company that has acquired more than 200 companies over its 20 year life. Acquisitions are the heart and soul of the technology business. But that doesn’t explain why the VPN market is so fragmented, with hardly any brands absorbed into their larger owners. Liviu Arsene, Senior E-threat analyst at Bitdefender, suggests that this merely reinforces the sense of privacy that’s vital for the success of a VPN product. Arsene also argued that allowing VPN providers to retain their independence after an acquisition could allow them to remain agile and innovative. “Large VPN providers that operate a single large-scale infrastructure have a harder time integrating new privacy-driven technologies because of compatibility, integration, and deployment issues,” he said. “The VPN industry is all about having as many servers around the world as possible, in order to ensure both availability and coverage for their customers. Acquiring smaller VPN companies and allowing them to operate independently makes sense because these infrastructures need to be agile, flexible, dynamic, and constantly integrating new privacy-drive technologies in order to allow for more privacy for their clients,” Arsene added. This argument was echoed by a representative from Hide.me, who also suggested that having separate providers allows larger VPN conglomerates to target all segments of the market. “It is more profitable to obtain users through the acquisition of smaller VPN providers than to obtain those users by using standard marketing channels. Once they have that access, they are using a smaller brand for test runs of different business models without direct harm to the mainstream brand. Usually, acquired smaller VPN providers have another price structure than the main brand, and they can cover a more significant chunk of the market,” they explained. Original post : https://thenextweb.com/tech/2019/01/23/youd-be-surprised-how-many-vpns-are-owned-by-the-same-company/ By: MATTHEW HUGHES
  18. Malwarebytes launches Malwarebytes Privacy VPN service Malwarebytes, best known for the security product that is also called Malwarebytes, unveiled Malwarebytes Privacy on April 23, 2020 officially. Malwarebytes Privacy is a "next-gen VPN" according to the announcement on the company blog that "helps protect your privacy and your personal information when you go online". The company claims that the VPN is "much faster than traditional VPNs", does not slow down devices and uses less battery on portable devices. Malwarebytes states that its VPN service does not collected user logs or Telemetry data and that user data remains private, even from the company itself. As far as basic information is concerned, Malwarebytes Privacy is only available for Windows 7 and newer versions of Windows at the time of writing. Malwarebytes is working on clients for Apple Macintosh, Apple iOS, Google Android, and Chrome devices but did not reveal when it plans to release the clients. Interested users may sign up for €49.99 per year and use the VPN on up to five devices. A trial option is not available at the time of writing and the product page lacks vital information that users interested in the service may need to make a buying decision. Information that is missing includes the number of supported locations and servers, confirmation that bandwidth/traffic is not restricted, details about the technical implementation other than that 256-bit AES encryption is used, and more. The settings provided in the client are bare-bones at the time. You get auto-launch and auto-connection options, but that is it. The program lacks advanced features such as a kill switch, custom DNS settings, additional protections, e.g. blocking of known malware hosts, and others. Closing Words I was not able to test the service because there is no trial option available; Malwarebytes claims that its VPN performs better than competing services needs to be put to the test. Right now, it looks like a hasty release even if tests verify the claims as the client is rather bare-bones and only available for Windows. The company should consider launching a trial option for users interested in the service as some may want to test its performance before they make a buying decision. The price is right there in the middle at the time of writing. It is not the cheapest option but also not the most expensive. Compared to top of the class VPN services, it is lacking in many regards currently. Most obvious is the lacking of clients for mobile devices and other operating systems but there are others, including no option to configure the service without using the client and a lack of options in the clients. Malwarebytes is not the only company that launched a VPN product this year. Cloudflare launched its Warp VPN last year for mobile devices and Mozilla launched Firefox Private Network VPN as well. Source: Malwarebytes launches Malwarebytes Privacy VPN service (gHacks - Martin Brinkmann)
  19. Rogerio Luar

    Software SoftEher VPN - 2FA ?

    Hello, I use SoftEher VPN for server access, Any member who knows this SoftEher is there a possibility to implement 2FA? Indicate any software that uses VPN (server + client) with two authentication factors?
  20. Opera + VPN 68.0.3618.46 https://get.geo.opera.com/ftp/pub/opera/desktop/68.0.3618.46/win//Opera_68.0.3618.46_Setup_x64.exe https://get.geo.opera.com/ftp/pub/opera/desktop/68.0.3618.46/win/Opera_68.0.3618.46_Setup.exe
  21. cateyedd

    OkayFreedom VPN 1 Year Premium Code

    I am posting a License Code for 1 Year subscription of OkayFreedom VPN. Redeem fast. HomePage Download link License Code:
  22. ExpressVPN is a well-respected virtual private network (VPN) software package. Most users will download this bundle so that they can have the ability to browse the Internet anonymously. This is beneficial due to the fact that no cookies will be stored and that their personal information is likely to remain much safer. This system is supported in multiple different countries and as it is free to download, it may be a welcome alternative to similar paid options. Basic Features and Usability ExpressVPN uses a number of proxy servers located in different parts of the world. More than 87 countries can be accessed through no less than 130 dedicated connections. Another benefit in regards to this package is that unlike some other platforms, the user can switch between proxies an unlimited number of times. This can help to reduce interruptions and adapt for slower connection speeds. No personal information is recorded, so anonymity is guaranteed. Other Benefits This application can work with the iPhone as well as the iPad. We should also note that it supports standard wireless Internet alongside 3G and 4G connection speeds. Additional encryption software (UDP and TCP protocols) is optional and in the event of any questions, an ExpressVPN customer support representative is available 24 hours a day and seven days a week. Download Link : Site: http://pasted.co Sharecode: /01935085
  23. Cloudflare’s WARP VPN is launching in beta for macOS and Windows It will be available to WARP+ subscribers first Cloudflare’s WARP VPN service began its life last year as a free add-on to the company’s app — which itself is a DNS resolver application that promises faster internet — and was immediately popular. (There were, at one point in time, approximately 2 million people on its waiting list.) Today, the company announced in a blog post that it’s bringing WARP to macOS and Windows in beta. “While we announced the beta of with WARP on April 1, 2019 it took us until late September before we were able to open it up to general availability,” writes Matthew Prince, the company’s CEO. “We don’t expect the wait for macOS and Windows WARP to be nearly as long.” The beta will be available first to WARP+ subscribers — who pay to use Cloudflare’s Argo network, which makes their internet speeds even faster — with invites sent out sometime in the next few weeks. “The WARP client for macOS and Windows relies on the same fast, efficient Wireguard protocol to secure Internet connections and keep them safe from being spied on by your ISP,” Prince writes. “Also, just like WARP on the mobile app, the basic service will be free on macOS and Windows.” Linux support, he says, is coming soon. Source: Cloudflare’s WARP VPN is launching in beta for macOS and Windows (The Verge)
  24. Millions of VPN users at risk of hacking - here's what you need to know After analyzing the top free VPNs available on the Google Play Store, security researchers have discovered that several contain critical vulnerabilities. VPNPro's investigation found that the app SuperVPN Free VPN Client, which has over 100m installs, contains critical vulnerabilities that open users of the app up to man-in-the-middle (MITM) attacks. By exploiting these vulnerabilities, a hacker can easily intercept all of the communications between a user and the VPN provider to find out exactly what the user is doing online. Security flaws found in top free VPN Android apps Ethics and VPN: the industry needs to aim higher The hidden truth behind ‘unlimited’ or ‘lifetime’ VPNs According to VPNPro, nearly 105m users who have installed SuperVPN Free VPN Client could be at risk of having their credit card details stolen, their private photos and videos leaked or sold online or their conversations recorded. To make matters worse, of the top free VPN apps analyzed by its security researchers, 10 other apps contained similar vulnerabilities. Free VPN apps Besides SuperVPN Free VPN Client, the other free VPN apps that VPNPro found to have vulnerabilities include TapVPN Free VPN, Best Ultimate VPN – Fastest Secure Unlimited VPN, Korea VPN – Plugin for Open VPN, VPN Unblocker Free unlimited Best Anonymous Secure, Super VPN 2019 USA – Free VPN, Unblock Proxy VPN, Wuma VPN-Pro (Fast & Unlimited & Security), VPN Download: Top, Quick & Unblock Sites, Secure VPN – Fast VPN Free & Unlimited VPN and Power VPN Free VPN. Cybersecurity expert at VPNPro, Jan Youngren explained to 9News that using a free VPN could actually leave users less protected than not using one at all, saying: "(VPN users are) more willing to transmit sensitive information on VPN apps than on other apps. For a VPN app to then be so vulnerable is a betrayal of users' trust and puts them in a worse position than if they hadn't used any VPN at all." VPNPro disclosed these vulnerabilities to the developers of all 10 affected VPN apps back in October in order to give them enough time to fix these issues. However, only one VPN app, Best Ultimate VPN, responded and patched the vulnerabilities. Source
  25. Major vulnerabilities found in top free VPN apps on Google Play store SuperVPN Free VPN Client is one of the most popular free VPN apps you can find on the Google Play store, having gained more than 100 million installs already. But besides being a very popular app, there’s something else you need to know about this free VPN: SuperVPN Free VPN Client is also very dangerous. You see, our analysis shows that this app has critical vulnerabilities that opens it up to dangerous attacks known as man-in-the-middle (MITM) hacks. These vulnerabilities will allow hackers to easily intercept all the communications between the user and the VPN provider, letting the hackers see everything the user is doing. This is actually quite the opposite of what a VPN is supposed to do. A VPN is supposed to keep your online activities private and secure from all snooping eyes. In fact, a VPN is supposed to be so safe that, even if a hacker could intercept these communications, it would take them longer than the age of the universe to even begin to decrypt the data. But that’s not what SuperVPN has done here. The implications here are pretty dire. Based on our research, more than 105 million people could right now be having their credit card details stolen, their private photos and videos leaked or sold online, every single minute of their private conversations recorded and sent to a server in a secret location. They could be browsing a fake, malicious website set up by the hacker and aided by these dangerous VPN apps. But what’s even worse is that this app isn’t alone: of the top VPN apps we analyzed, 10 free VPN apps have similar critical vulnerabilities. If you’ve installed any of these dangerous VPN apps, you should delete them immediately: Vulnerable VPN apps on Google Play Store About this research In order to undertake our analysis, we first developed a proof of concept for creating a man-in-the-middle (MITM) attack. We then looked at the top apps in Google Play that were returned when searching for the keyword “vpn” in January 2019. We first attempted our MITM attack on two top-10 VPNs – SuperVPN and Best Ultimate VPN – and then filtered and tested the remaining apps. We disclosed these vulnerabilities to all 10 affected VPN apps in October 2019 and provided them with enough time to fix these issues. Unfortunately, only one of them, Best Ultimate VPN, answered and ultimately patched their app based on the information we provided within this 90-day period. The others did not respond to our queries. We’ve also reported these vulnerabilities to Google, but so far haven’t heard anything back from them yet. Key takeaways 10 of the top free VPN apps in the Google Play store have significant vulnerabilities, affecting nearly 120 million users These vulnerabilities allow hackers to easily intercept user communications, including seeing the visited websites and stealing usernames and passwords, photos, videos, and messages 2 apps use hard-coded cryptographic keys, and 10 apps are missing encryption of sensitive data. 2 of these apps suffer from both vulnerabilities. One app was already identified as malware, but never removed from the Play store, gaining 100 million installs in the meantime. In earlier research, we identified this app for potentially manipulating Google Play in order to rank highly and get more installs 4 of the affected apps are located in Hong Kong, Taiwan or mainland China Some apps have their encryption keys hard-coded within the app. This means that, even if the data is encrypted, hackers can easily decrypt this data with the included keys Because of the vulnerabilities, hackers can easily force users to connect to their own malicious VPN servers Let’s take an in-depth look at one app to show what kind of vulnerabilities we found. SuperVPN putting 100 million users at risk SuperVPN is a highly popular Android VPN that was in position 5 for the “vpn” keyword at the time of our analysis. According to Google Play, the app has been downloaded more than 100 million times (in January 2019 it only had 50 million installs): SuperVPN app installs Just to show you how big of a number that is for any VPN, this is the same number of installs for much more popular apps like Tinder and AliExpress: Tinder app installs AliExpress app installs What we did In our tests, we noticed that SuperVPN connects with multiple hosts, with some communications being sent via unsecured HTTP. This communication contained encrypted data. But after more digging, we found that this communication actually contained the key needed to decrypt the information. What we found After decrypting the data, we found sensitive information about SuperVPN’s server, its certificates, and the credentials that the VPN server needs for authentication. Once we had this information, we replaced the real SuperVPN server data with our own fake server data. Who is behind SuperVPN? SuperVPN and its developer SuperSoftTech have been in our sights before. Our previous research analyzed the few companies secretly behind many VPN products. From that, we know that SuperSoftTech claims to be based in Singapore, but it actually belongs to the independent app publisher Jinrong Zheng, a Chinese national likely based in Beijing. We also discovered that SuperVPN had been called out before in a 2016 Australian research article as being the third-most malware-rigged VPN app. This is only one example of vulnerabilities we found in all 10 apps listed in this article. A reputation for manipulation SuperVPN was discussed before in our earlier research on the potential manipulation tactics the top VPNs were using to seemingly rank higher in Google Play results. In that research, we discovered that the top 10 results for the “vpn” keyword in Google Play were all free VPNs. They were ranking more highly than market leader VPNs, such as NordVPN and ExpressVPN. Our research discovered that these better-ranked apps seemed to be using three easy manipulation techniques to get such high rankings. That means that SuperVPN by SuperSoftTech seems to not only be using manipulation techniques to rank highly in Google Play, but is also dangerously vulnerable. We attempted to contact Mr. Zheng on multiple occasions, but we have not heard back from him. How MITM hackers penetrate VPN apps In order to really understand how critical and dangerous these vulnerabilities are, you have to understand a little of how users normally connect to VPNs. The exact process for VPNs can seem a bit complicated, but the connection is pretty simple. Now, with a hacked VPN connection, there’s a MITM hacker who positioned himself right in the middle of your app and the VPN’s backend server: And this is the dangerous part: by changing the details, he can now force you to connect to his malicious server instead of the real VPN server. While everything will appear to work normally, and you think that you’re being extra safe and secure, you’re actually being seriously exposed. In total, your personal life is exposed, and it’s only limited by the hacker’s imagination what he can do with all that data. What this means for your safety This is a disastrous finding on two levels. In the broader sense, it’s disastrous that any app that participates in user data would have these wide-open vulnerabilities that make it particularly easy for hackers and government agencies to monitor user communications. In a more specific, and more dangerous, sense, it’s disastrous that a VPN would have these vulnerabilities. After all, users are connecting to VPNs in order to increase their privacy and security. For that reason, they’re more willing to transmit sensitive information on VPN apps than on other apps. For a VPN app to then be so vulnerable is a betrayal of users’ trust and puts them in a worse position than if they hadn’t used any VPN at all. However, there could be something larger at play here. When looking at these apps together, there seem to be two essential possibilities: These core vulnerabilities are intentional for these free VPN apps. After all, since a successful MITM attack would allow someone the ability to monitor sensitive user data (or reroute users to fake VPN servers) without the user’s knowledge, that’s a useful tool for any surveillance-hungry organization or nation. On the other hand, we should probably not attribute to malice what can be explained by stupidity – or here, laziness. In simple terms, the app developers here are so focused on getting high amounts of users and stuffing their app with ads, that they placed lower priority on the core security features of their apps. While one possibility may seem worse than another, at some point only the result matters: people using these vulnerable apps are putting their data – and possibly their lives – in danger. Based on that essential fact alone, we highly recommend users avoid these vulnerable VPN apps at all costs. When looking for an effective VPN, we recommend users do their due diligence. Ask yourself the following questions: Do I know this VPN developer or brand? Do they seem trustworthy? Where is the VPN located? Is it in a privacy-friendly country? For mobile apps, what permissions are they requiring? Do they actually need those permissions to function (such as the camera, GPS, microphone)? Free is great – but can you trust this VPN? There are a few commendable free VPNs or VPNs with free options from reputable brands. Taking an active role in filtering out the good VPNs from the bad ones will save users a lot of trouble later on. Source
  • Create New...