A Flaw in Hotspot Shield can expose VPN Users, Locations

Not all VPNs are the same. Some do a great job, others do not. Most VPN experts have known for some time that most of the free VPNs are risky. This week, a security researcher has published code that exposes users’ names and locations in Hotspot Shield, a very popular free VPN. In short, using Hotspot Shield isn’t much more secure than using no VPN at all.

Hotspot Shield, developed by AnchorFree, has an estimated 500 million users around the world relying on its privacy service. By bouncing a user’s internet and browsing traffic through its own encrypted pipes, the service makes it harder for others to identify individual users and eavesdrop on their browsing habits. However, an information disclosure bug in the privacy service results in a leak of user data, such as which country the user is located, and the user’s Wi-Fi network name, if connected.

Continue reading

ProtonMail Now Offers Its free VPN on Android

Last year, ProtonMail introduced a very good free VPN for Macintosh and Windows systems. (See http://bit.ly/2mGoOyg for the earlier article about what was then a new VPN product.) Now the company has expanded its offerings to include a free VPN for Android cell phones and tablets. Unlike most other free VPNs, ProtonMail promises to never include any malware. The company also promises there will be no ads and no selling of user data.

The Android version of ProtonVPN can be downloaded for free from Google Play and is free to use, but, like ProtonMail and ProtonVPN for the desktop, the service has a number of optional paid tiers with more features and higher speeds.

ProtonMail’s primary product (encrypted email that is very private) launched in 2013 and is now used by millions of journalists, activists, and members of the general public, according to its developers.

For more information, see https://protonvpn.com/support/android-vpn-setup/.

You Absolutely Must Secure Your Home Router and You Probably Can’t

Your in-home router/modem may be the most insecure piece of hardware you own. Luckily, there is an easy fix although it isn’t cheap for many people: replace your present router’s internal software with a security-focused product, such as the free and open code, DD-WRT. The expense arises from the fact that most routers cannot easily replace the internal software. If you are one of the majority who owns a non-modifiable router, you will have to purchase a new router (which is a good idea anyway) and then install DD-WRT or a similar product yourself. If you are one of the fortunate few who do own a router that allows for modifying the internal software, you can upgrade to DD-WRT at no charge. Another alternative is that a few companies will sell new routers with DD-WRT or similar software already installed.

You can read much more about this topic in You Absolutely Must Secure Your Home Router and You Probably Can’t in the BoingBoing.net web site at: http://bit.ly/2Cpdspj. That article provides an overview in plain English of a somewhat more technical article, How to Protect Your Home Router from Attacks, by Lucian Constantin, available at: http://bit.ly/2CBh36N.

For the past 3 or 4 months, I have been using DD-WRT installed in a Linksys WRT3200ACM DD-WRT FlashRouter. It includes all the security enhancements of DD-WRT plus it also has a VPN installed. Not only are all connections from my desktop computer, laptop computer, tablet, and even my cell phone protected by the VPN, but even my Roku box, Apple TV, VoIP telephone, security video cameras, and even the Nest thermostat in my home are now connected to the Internet via a safe and secure VPN connection.

Continue reading

Find Out if Your VPN is Leaking Data with this Set of Tools

ExpressVPN has unveiled a suite of free online security tools that allow consumers to test if their VPN provider is leaking data. Leaks occur if a VPN fails at protecting a device’s DNS queries (despite the fact that the rest of the traffic is safe behind a VPN). This can result in ISPs or other third parties having access to the consumer’s browsing history or app usage, rendering a VPN essentially useless.

Using a VPN helps prevent hackers, ISPs, and others from viewing your personal data, compromising your online accounts, seeing what sites and apps you use, and tracking your activity across the web. However, leaks occur when a VPN application fails to fully secure a user’s traffic, sending some or all of it outside the secure tunnel.

The testing software from ExpressVPN is available free of charge.

Continue reading

7 Reasons Why VPNs Might Die Out by 2020

Virtual Private Networks (VPNs) have been a standard tool for anyone seeking online privacy for years. However, a new article by Christian Cawley in the MakeUseOf web site says that VPNs are becoming less and less effective. This is not to say you should give up all VPNs immediately but it does show that privacy online is slowing being eaten away. The article is available at: http://www.makeuseof.com/tag/reasons-vpn-might-die.

“Net Neutrality will die, so let’s take the profit out of killing it.” – Robert X. Cringely

Lobbyists for Big Business and Big Brother apparently have bought enough Congressmen and other officials that the FCC is about to rescind the Net Neutrality rules. Of course, the big losers in this action will be the consumers. That’s you and me.

Robert X. Cringely is the pen name of both technology journalist Mark Stephens and a string of writers for a column in InfoWorld. Cringely, whoever he is or they are, is generally recognized as one of the computer experts and leading consumer advocates of our time. Obviously, Cringely is strongly against this effort by big media companies and by Internet Service Providers (ISPs) to decide for the rest of us which services we can access.

See https://www.thedailybeast.com/how-trump-will-turn-americas-open-internet-into-an-ugly-version-of-chinas for a description of what will undoubtedly happen once the Net Neutrality rules are rescinded.

Cringely writes, “No matter how many protesters merge on their local Verizon store, no matter how many impassioned editorials are written, it’s going to happen. The real question is what can be done in response to take the profit out of killing it? I have a plan.

He also writes:

Continue reading