Think about who has access to your personal information or who is able to read your emails or Facebook posts? We’re not talking about your loved ones! No one should have access to your private data, especially not an unauthorised third party.
You are, however, being tracked online. Whenever you do something online, somebody is watching you. Every time you go online and start using social networks, sending emails, checking online banking statements, buying online or visiting forums – these activities can be spied on and monitored by these people:
1. Cybercriminals and hackers
Cybercriminals and hackers tend to make a living out of stealing the private data and information of people, that is not necessarily your financial data. They could possibly have plenty of information about a person to steal their identity. Once this has happened, it would become quite easy for them to use the stolen identity to transfer money from bank accounts, apply for credit cards in your name, purchase expensive items online, file fake tax returns, and commit other similar crimes. In 2012, 12.6 million U.S. adults were victims of identity theft, which makes up 5.6% of U.S. adults. On average an identity theft victim will spend 12 hours and $365 to repair the damages.
The easiest way for a cybercriminal to steal private information is by sniffing network traffic at public places that have free WiFi such as hotels, coffee shops, and airports. Most WiFi connections are not secure. On of the best ways to protect your data – use VPN.
2. Internet Service Providers or ISPs
An ISP will assign an IP address to all of your internet enabled devices, which will be visible to all whenever you connect to the internet. From this IP address, the ISP will know every single thing that you do online, including what type of browser is used, what emails are sent and received, files downloaded, what websites are visited, etc.
3. Corporations and advertisers
Personal information and even online browsing behavior data are quite valuable to corporations and advertisers. Hundreds of data brokers are compiling and selling information about you: Phone records, texts, phone location, computer location, web history, social networking use, background checks or credit history. This data, which more and more companies tend to mine, sell or trade without any internet user consent – can help certain advertisers pick what services or products should be promoted and what ads should be shown to you, or someone fitting your demographic .
An employer wants their employees to be productive at work, and may monitor online activities to ensure that an employee isn’t wasting time on dating sites, social media sites, or other personal activities such as games or email. That said, they can monitor the computers on your work network and track your online activity.
5. The Government
The government too may be spying on you. They can demand private information from companies such as ISP’s, search engines like Google, and/or social communication services like Facebook. More countries are introducing data retention laws, which make it law to store data about citizens, accessed and shared by several government agencies.
Check out other articles to get vital tips that can help you maintain your online privacy. Have we missed anything, let us know in the article comments below.
Just like most other VPN providers the packages offered by IVPN include all the main features and differ in the package length only. Naturally selecting a longer subscription package reduces the cost of a single month VPN service. The plans range from 1 month package to an annual package. Single month’s price of an annual plan ($100) is almost two times cheaper than the single month plan ($15).
IVPN has an unconditional 7-day money back guarantee though they do not offer a free trial.
Even though IVPN has been offering VPN service for over a decade already, there are only 14 servers in their VPN network. Furthermore, of all these servers only a single one is located in neither USA nor Europe. We would like our VPN provider to have a bigger variety of server locations to have a low ping connection to a VPN server from anywhere in the world.
IVPN supports OpenVPN, L2TP/IPSec and PPTP connections with OpenVPN being suggested to use if possible. Traffic of both OpenVPN and L2TP is secured with up to 256 bit AES encryption. Therefore it is definitely a solid choice if you are looking for security. Moreover, IVPN offers a multihop VPN service for users with high privacy standards.
Despite there not being many payment options the ones that most people accept are here. Any package can be bought using PayPal and Bitcoin. Furthermore, it is possible to pay with cash buying an annual package. The cash payment limitation is very strange and we would like to see it as a possibility for all the packages.
The IVPN website states that they offer a 24/7 live support, though we were not able to find any live chat option. The only contact possibilities we were able to find were a ticket form to contact sales, billing and technical support departments. To test how long it takes to receive an answer from IVPN we have contacted their sales department with a couple of questions. We have received a detailed answers to our questions after about an hour. The response time may not be perfect but the information provided by their sales department was very helpful.
IVPN has a custom software for Windows. After installing their software we have noticed that the client is simple to use with the main configuration settings that all other VPN clients have. However, we have not noticed any interesting unique features as well. Everything worked smoothly and we had no complaints about the software. It is important to note that IVPN does not support OpenVPN connection on iOS devices thus you would need to manually configure L2TP connection.
Just like any VPN provider should be concerned about user privacy, IVPN does not keep any logs boosting your security since third parties can not request IVPN to provide information that does not exist.
After testing a single-hop OpenVPN connection speeds to VPN servers we were very satisfied with no changes in our speeds. However, multi-hop connection hit the speeds really hard and reduced them over four times.
We have also tested L2TP speeds with our iPhone. We were not expecting flawless results like single hop OpenVPN connection though we left unsatisfied since our bandwidth was halved.
IVPN is an experienced VPN providers that focuses on privacy and they are doing a good work. However, seeing that after 15 years of service the provider did not grow their network, we are not motivated enough to believe that they will add more servers like NordVPN has been actively doing.
An updated alpha version of End-to-End Chrome extension has been released by Google and is available on the GitHub code hosting service.
Google is moving steadily towards delivering an end-to-end encryption tool for Chrome users and a lot of input comes from open-source community as well as Yahoo is also involved in creating this tool.
The prereleased updated alpha version that the company moved to and made available on GitHub code hosting service includes a few new implementations and bug fixes contributed by the Yahoo security team and by other contributors that participated in the Vulnerability Reward Program, Stephan Somogyi, Manager of Security and Privacy, noted in a blog post.
Somogyi also noted that the wiki for this End-to-End encryption project has been updated and expanded with new documentation for interested security researches and developers to contribute for the project and also learn more about it.
However, Google is not yet going to make End-to-End available in the Chrome Web Store and will take its time till they feel ready to release a proper tool.
Key distribution and management can be called one of the most difficult usability problems to solve related with cryptography products. The company is not going to release a non-alpha of an End-to-End till they have a solution that will fulfill all its requirements.
New insights were made when new documentation was posted on the project providing new details about how Google is planning to use a centralized key server model to enable the end-to-end encryption tool for Chrome. It is a different way and said to be an easier method than to use the decentralized key distribution and verification models that are now utilized by email encryption solutions.
If Google will successfully implement this centralized key server model for End-to-End project, then a user wishing to send and receive encrypted emails would first be required to register with a Key Directory that is managed by user’s email provider. A public key would then be dedicated to the user’s email, this key could then be used by anyone to send en encrypted email to that user.
In a documentation provided by Google, a goal is written that the company wants to make true, it is to take away any need for the user to know anything about how to operate encryption keys and in the same time make a reliable scheme that would assure users of the encryption provided.
The End-to-End was initially announced by Google back in June, at which time the company defined the Chrome extension as very user friendly and easy to use tool for users in need for additional encryption for their email messages. The tool will also enable to digitally sign and also verify signed email message simply with the use of the browser. The Chrome extension for encrypting your emails is based on OpenPGP standard, an encryption protocol that is largely used by other vendors. Google’s End-to-End extension will not need lots of technical knowledge on how to use it, unlike other encryption tools like GnuPG or PGP.
Google has published the source code of the tool on the GitHub for the open-source community to contribute and learn about the project more. The company thinks that End-to-End must be an open source project.
In order to encrypt entirely all your internet traffic and protect your sensitive data we urge you to use a VPN provider. An appealing option would be to use NordVPN service, which offers an extremely strong encryption for your safe surfing.
There are 3 different plans offered by Boxpn that differ in the subscription length only. The cheapest plan is 1 month package for $9.99 followed by a 3 month package that costs $19.98 and the best value package is the annual plan for $35.88 only. The only thing missing here is the lack of free trial which unfortunately is not offered by Boxpn.
The VPN network consist of over 200 servers that are located mainly in Europe and North America. However there are server outside these regions as well (Panama, Australia, Singapore and Argentina). There is an apparent lack of servers in Asia and Africa making it quite an unfavorable option to chose if you live there or have plans traveling because of the increased ping due to the distance to the closest server.
Boxpn supports supports 4 different protocols: OpenVPN, L2TP, PPTP and SSTP. Even though these protocols should cover everyone’s needs we found one specific fact a little discouraging. Boxpn uses 128 bit encryption to secure our data while the there are providers that use 256 encryption at least with OpenVPN connection to provide better information security on the most popular protocol.
Providing a variety of different payment options is very important and Boxpn is lacking there. Even though they do provide ability to pay using PayPal, Credit Card, Perfect Money and many other options, they do not offer a crucial option for most VPN providers – Bitcoin that provides the highest anonymity of all the payment possibilities.
Unlike other popular VPN providers Boxpn does not have a 24/7 customer support. They also do not have a live chat support making contact using tickets the only option. For some people it may be a big deal if they want to know that they are able to resolve any issue whatever time of a day it is.
Unfortunately Boxpn does not have their own VPN client and recommends using OpenVPN client. It may prevent them from delivering the latest features and security measures to their clients via VPN client updates. It is also slightly more complicated to set up due to the need of configuration files.
Boxpn does not monitor your online activity and thus does not maintain any connections logs that could be used against you. Such log policy ensures that the government is not able to receive information on what you have been doing while connected to VPN servers. No log policy should be followed by every VPN provider as privacy is one of the reasons to use VPN.
Despite hearing good reviews about Boxpn speeds we were dissatisfied by our test results. We observed various drops in download speed ranging from 30% to 80%. And out of the 10 servers we have tested only two of them maintain our speed higher than 50% of our original download speed.
Boxpn is a very cheap VPN. However it has a lot of drawbacks like server locations, encryption strength and the server speeds. None of these things we were missing while using NordVPN that in our opinion is a much better option than Boxpn, even though it is slightly more expensive.
TorrentLocker ransomware takes the advantage of people’s unawareness for random files with .exe extension, contained in spam messages’ attachments.
According to new research, since TorrentLocker, one of the most prevalent pieces of ransomware, first surfaced in February 2014 it managed to claim thousands of victims.
Infosec biz ESET reported that 570 or 1.45 percent, out of 39,670 Windows systems that were infected, in order to get their locked-up files decrypted have actually paid the ransom to criminals. Creators of this ransomware managed to rack up between $292,700 (£187k) and $585,401 (£375k) from these payments.
A random 256-bit AES key is generated by the ransomware in order to encrypt pictures, documents and basically any other files on a PC of a victim before a payment of 4 BTC (around $1,500) is demanded from victims; if money is paid then the data is restored.
A 2048-bit public RSA key is used to encrypt the key itself and then it’s sent to a central server. After that the AES key that sits in the memory is deleted from it. Once the ransom is paid, the picaroon behind the scam decrypt the AES key by making use of their private RSA key and forward it back to the ransom in order to restore the scrambled data.
Supposedly ransomware, which goes by the name of TorrentLocker, managed to encrypt over 280 million files stored on computers mainly in Europe region, but New Zealand, Australia and Canada were also hit.
In order to infect victims, they are sent a spam email containing a booby-trapped attachment – usually covered as a bogus unpaid speeding ticket, package tracking document or unpaid invoice – or a link is followed to a site where a victim downloads the malware. Such web page is usually made to look like a legitimate government or business website, for example as a national postal service that also has a CAPTCHA to appear even more legit.
After the victim opens the attachment which appears to be a ZIP archive containing the executable of the malware or even a Word document that contains Visual Basic macro created in a way so that it downloads and installs the .exe file of TorrentLocker.
Waves of spam that distributes TorrentLocker have been launched at Canada, Australia, Czech Republic, Austria, France, Italy, Netherlands, Ireland, Germany, Turkey, New Zealand, Spain and the United Kingdom. Oddly, the US is not amongst the countries listed above for reasons that are not straight off obvious.
Researchers of ESET speculate that TorrentLocker’s gang is the same one that was also responsible for the malware family called Hesperbot designed to raid online bank accounts.
Marc-Etienne M. Léveillé, researcher at ESET, said that with TorrentLocker the attackers reacted to online reports by overcoming Indicators of Compromise used for malware’s detection, and changed the way AES (Advanced Encryption Standards) is used by them from CTR (Counter mode) to CBC (Cipher block chaining mode) after researchers revealed a method used for extracting the key stream.
TorrentLocker victims, due to the change to AES-CBC, can no longer recover the keystream by exclusive-OR’ing an encrypted file and a backup of plain-text, and in this way recover all of their files that have been encrypted, as explained by ESET’s blog post.
According to the security tools company Tripwire’s director of risk, Tim Erlin, the absence of the US on the target countries’ list is greatly noticeable, as US is a target rich environment. He also named a couple out of many possible reasons why criminals did not target the US including few simple ones like that if US would be targeted we would see a faster development of counteracting the threat, or because that US citizens would produce lower hit rate on paying the ransom, or simply that the US is actually on the list and it will be targeted eventually.
While main way to distribute the TorrentLocker ransomware was malicious attachments inside the spam email, other mechanisms were introduced – such as web browser’s or PDF reader’s vulnerabilities exploiting in order to execute malicious code that installs the malware on to the victims machine.
Erlin added that understanding that these ways of compromise for ransomware are not new or static. A variety of means can be used by the attackers in order to infect a computer system; however spam emails with malicious web links or executable attachments are the most popular because they just work and continue to succeed.
While we still cannot offer strong solution which would prevent you from getting infected by a nasty malware like this (besides the well-known one – do not randomly open files or web links that look suspicious), we still highly recommend the use of a VPN like NordVPN in order to protect your private data. NordVPN offers very strong encryption of your internet traffic and additional features such as double VPN or Tor over VPN, which leaves no chances for any kind of attacker to get a hold of your sensitive information!
BolehVPN offers 4 different VPN packages. The only difference among the packages is the subscription length. Therefore, a 30 days subscriber is using the same VPN and features as an annual subscriber. Other packages include 2 months and 6 months subscriptions. The prices are affordable for most who are interested in VPN. A single year VPN package costs $79.99.
There is also a paid 7 day trial as well as a 1 day free trial. Honestly, we are not very happy with their free trial options because it is very hard to make accurate assumptions about the VPN in 24 hours. Furthermore, in our opinion trial accounts should be free.
The provider’s VPN network consists of servers in Canada, France, Germany, Hong Kong, Italy, Luxembourg, Netherlands, Switzerland, Sweden, United Kingdom and United States. There is a server in Malaysia also, however, just for surfing and streaming. There apparently is going to be a new server in Japan added to the network in the near future as the current one was closed due to abuse. Considering the size of the provider there is a good selection of servers in Europe. However, there are almost no servers in all other regions. Therefore, it may discourage a lot of clients that are looking for a non European IP addresses.
Unlike most other VPN providers, BolehVPN does not support PPTP protocol and supports L2TP and OpenVPN protocols only. Since PPTP is regarded as relatively lackluster protocol security wise, we do not think of it as a drawback.
For the default protocol they use a 128bit AES encryption, though with some OpenVPN servers 256bit encryption is obtainable. It is far from the best encryption possible but it covers needs of a casual VPN user.
BolehVPN accepts payments via PayPal, Credit Card, Liberty Reserve, Malaysian bank-in and Bitcoin. PayPal/CC are very popular options that are widely accessible while Bitcoin provides that extra bit of anonymity. Therefore, every user should have no problems finding and choosing the preferred payment option.
You can ask BolehVPN team questions about the service via live chat that is available during working hours in Malaysia only and by opening a ticket. Considering that the company is relatively small we should not expect them to offer a 24/7 support. However, when we take into account the time they have been providing VPN service it gets a little surprising.
Just like most other VPN clients BolehVPN is very easy to set up and use. It also offers the main features required by any VPN client. What makes the client special is the fact that you can choose from different types that are tailored to offer different features: no encryption, regular VPN, with SOCKS proxies, dedicated for streaming, 256bit AES encryption.
Not only BolehVPN does not keep any connection logs, they are located in outside of the USA and Europe. That makes it even harder for the US or European governments to approach the company.
The speed test we carried out showed no significant download speed losses. However, we lost about a quarter of our upload speed and a slight increase in ping. Overall, we were satisfied with speeds and the stability of the connection since we did not notice any service instability while we were using the VPN for few days.
BolehVPN targets clients who are concerned for their security though offers features for people looking to bypass geo-restrictions as well. However, a protocol used by default is weaker than the most privacy focused VPN providers like NordVPN offer thus you will most likely find a better option if you are looking for a security focused VPN.
Regardless of its isolation and poverty, North Korea has put a lot of resources into Bureau 121, a sophisticated cyber-warfare cell, secretive state’s defectors said as Pyongyang was put under the radar due to recent crippling hack into Sony Pictures Entertainment’s computers.
Pyongyang being responsible for the attack which took its course of action last month has been denied by a North Korean diplomat but national security of the U.S. thinks otherwise.
As said by the North’s defectors Bureau 121, that is hiring some of if not the most talented insular state’s computer experts, is part of the Reconnaissance’s General Bureau, military’s elite spy agency. Defectors also said that it is sponsored by state and definitely is involved in the hacking, used by the government of Pyongyang to either spy on or even sabotage its enemies.
Software security experts and military have said that Pyongyang has all the active cyber-warfare capabilities. A big part of its cyber-warfare is targeted at South Korea which is still technically in a conflict with North Korea. However Pyongyang does not hide its hatred towards U.S., which has backed South Korea during the Korean War in 1950-53.
Hackers belonging to the military are probably most talented and rewarded people in North Korea. Hackers are handpicked at the age of 17 and receives special training from that age, said Jang Se-Yul, who had a chance to study with them at the military college for computer science of North Korea before defecting to South Korea six years ago.
He also said that about 1,800 cyber-warriors are working for the Bureau 121 unit considered as the military’s elite.
Jang mentioned one of his friends which is working in the unit’s overseas team and is one of North Korean trading firm’s employees. Jang also pointed out that his friend was appointed a large apartment allocated by the state in an upscale Pyongyang’s part. North Korea’s cyber experts’ incentives are very strong and they are pretty rich people in Pyongyang, Jang added.
Bureau 121’s hackers were among the best 100 students each year which finish their five years of studies at the University of Automation. University, with a campus behind barbed wire in Pyongyang, for places in it receives over 2,500 applications.
Finally a former professor of computer science in North Korea and defector, Kim Heung-Kwang, said that state hackers are handpicked, noting that this kind of a job is a great honor for these hackers and people are fantasizing about it.
Re/code, technology news site, reported that North Korea is most likely going to be named by Sony as the source of the attack. However spokeswoman for Sony said that studio did not make an announcement and the company declined comment.
A forthcoming comedy and one of the newest Sony Pictures distribution called “The Interview” features a plot to assassinate Kim Jong Un, a leader of North Korea. The film has been described by North Korea as an “act of war”. Currently theaters and TV channels are holding off from playing the movie until holiday season is over.
More than 30,000 South Korean broadcasting companies’ and banks’ PCs were hit by a resembling attack that was launched from North Korea as widely believed by cybersecurity researchers.
A few months later, online presence of the South Korean government was targeted, with the president’s website ruined with a banner reading an encouraging phrase about North Korea’s leader Kim Jong Un.
Both attacks were not considered very sophisticated, however according to South Korean authorities North Korea was to blame, although online activist groups calling themselves ‘hacktivists’ – who, in order to spread political messages, hack high-profile targets – were first to claim responsibility.
Primitive but effective malware, which was later dubbed by the security researchers as DarkSeoul, was used for these attacks.
The hackers, also known as the DarkSeoul Gang, have been involved in a spree, which lasted five years, against various targets within South Korea. As claimed by the security firm Symantec’s report last year, which estimated the group consisted of 10 to 50 hackers and due its ability to execute damaging high-profile attacks was described as “unique”. Still, unknown hacker group “Guardians of Peace” performed very similar attacks to previous ones by the DarkSeoul gang.
It is yet not known whether DarkSeoul gang are working for the isolated country, or some of the troops of Pyongyang in the North Korean ‘cyber army’.
As these attacks continue to happen on big companies, regular users receive more concerns about their own personal data and sensitive information security which cannot be protected by anyone anymore. Well, nearly anyone, guys over at NordVPN have done pretty amazing job creating a product which is amongst the best and offers additional extra security features such as double VPN, Tor over VPN and no logs policy that makes your private data virtually impossible to get to by anyone!
The VPN provider offers plans in a similar way that a lot of other provider do: all in one packages that differs only in the subscription length. There are plans for 1 month, 3 months, half a year, a year and less commonly encountered 2 year plan. Despite plans being seemingly attractive they cost a lot and many visitors may leave the website after seeing the prices. Prices range from € 16.49 for a month to € 10.41 a month if buying a 2 year package. Considering that there are plenty VPN providers who offer a single month packages that cost less than € 10, we were interested that maybe they offer some kind of a feature that no other VPN provider offers. However, all we could find is ability to tunnel the connections of selected programs through VPN instead of all your internet traffic as well as unlimited number of simultaneous connections.
What left us even more surprised is the lack of free trial and refund policies.
One of the selling points of Perfect Privacy has to be their server network. They are a relatively small provider but they are able to offer servers in 23 different countries in all continents. Across these countries there are a total of 36 servers. Nevertheless, there is still a lot to improve on. For example in a country that has so much geo-restricted content – USA there are only two servers and both of them are located in New York meaning that there are no US servers in the west coast.
Security wise Perfect Privacy offers OpenVPN, SSH2-Tunnel, IPSec and PPTP protocols. Encryption is relatively fine since OpenVPN and SSH2-Tunnel are secured using AES-256 Bit encryption. In the mean time PPTP uses MPPE-128 encryption which is much weaker than AES-256 but PPTP was never considered as the most secure protocol anyways.
The payment options variety should be enough for most people but considering the amount they charge we were expecting something more. Nevertheless, what is most important for us is the ability to pay using bitcoins to preserve our anonymity. They also accept payments via PayPal, WebMoney, Perfect Money, EGO pay, etc.
Perfect Privacy does not provide any live support, thus the only options you have are FAQ, tutorials and tickets. We may ignore this fact since the company is rather small. However, if we are going to pay such a price for a VPN we would really expect a 24/7 support that helps you whenever you have questions or problems.
There is only a client for SSH protocol on Windows. If you decide to use OpenVPN protocol or non Windows devices you will have to stick with the open source clients that may not be the optimal solution to reflect the best features that the VPN offers. Overall the SSH client is very easy to use even though does not offer any unique features.
This VPN provider does not keep any logs at all. They also offer an anonymous registration option to emphasize their interest in your privacy. Therefore, Private Privacy is a VPN provider that offers one of the best privacy protection in the market.
During the testing we experienced a slight download speed decrease – about 15%. This is completely understandable due to a strong encryption. Upload speed suffered a slightly bigger hit – almost 30%. And while connected to the closest server we noticed an increase in ping.
Private Privacy is a very solid option for anybody who holds their privacy as a priority. However, the big cost makes it hard to compete against NordVPN that provides similar privacy levels but for a much smaller price.