Think about who has access to your personal information or who is able to read your emails or Facebook posts? We’re not talking about your loved ones! No one should have access to your private data, especially not an unauthorised third party.
You are, however, being tracked online. Whenever you do something online, somebody is watching you. Every time you go online and start using social networks, sending emails, checking online banking statements, buying online or visiting forums – these activities can be spied on and monitored by these people:
1. Cybercriminals and hackers
Cybercriminals and hackers tend to make a living out of stealing the private data and information of people, that is not necessarily your financial data. They could possibly have plenty of information about a person to steal their identity. Once this has happened, it would become quite easy for them to use the stolen identity to transfer money from bank accounts, apply for credit cards in your name, purchase expensive items online, file fake tax returns, and commit other similar crimes. In 2012, 12.6 million U.S. adults were victims of identity theft, which makes up 5.6% of U.S. adults. On average an identity theft victim will spend 12 hours and $365 to repair the damages.
The easiest way for a cybercriminal to steal private information is by sniffing network traffic at public places that have free WiFi such as hotels, coffee shops, and airports. Most WiFi connections are not secure. On of the best ways to protect your data – use VPN.
2. Internet Service Providers or ISPs
An ISP will assign an IP address to all of your internet enabled devices, which will be visible to all whenever you connect to the internet. From this IP address, the ISP will know every single thing that you do online, including what type of browser is used, what emails are sent and received, files downloaded, what websites are visited, etc.
3. Corporations and advertisers
Personal information and even online browsing behavior data are quite valuable to corporations and advertisers. Hundreds of data brokers are compiling and selling information about you: Phone records, texts, phone location, computer location, web history, social networking use, background checks or credit history. This data, which more and more companies tend to mine, sell or trade without any internet user consent – can help certain advertisers pick what services or products should be promoted and what ads should be shown to you, or someone fitting your demographic .
An employer wants their employees to be productive at work, and may monitor online activities to ensure that an employee isn’t wasting time on dating sites, social media sites, or other personal activities such as games or email. That said, they can monitor the computers on your work network and track your online activity.
5. The Government
The government too may be spying on you. They can demand private information from companies such as ISP’s, search engines like Google, and/or social communication services like Facebook. More countries are introducing data retention laws, which make it law to store data about citizens, accessed and shared by several government agencies.
Check out other articles to get vital tips that can help you maintain your online privacy. Have we missed anything, let us know in the article comments below.
Just like most other VPN providers the packages offered by IVPN include all the main features and differ in the package length only. Naturally selecting a longer subscription package reduces the cost of a single month VPN service. The plans range from 1 month package to an annual package. Single month’s price of an annual plan ($100) is almost two times cheaper than the single month plan ($15).
IVPN has an unconditional 7-day money back guarantee though they do not offer a free trial.
Even though IVPN has been offering VPN service for over a decade already, there are only 14 servers in their VPN network. Furthermore, of all these servers only a single one is located in neither USA nor Europe. We would like our VPN provider to have a bigger variety of server locations to have a low ping connection to a VPN server from anywhere in the world.
IVPN supports OpenVPN, L2TP/IPSec and PPTP connections with OpenVPN being suggested to use if possible. Traffic of both OpenVPN and L2TP is secured with up to 256 bit AES encryption. Therefore it is definitely a solid choice if you are looking for security. Moreover, IVPN offers a multihop VPN service for users with high privacy standards.
Despite there not being many payment options the ones that most people accept are here. Any package can be bought using PayPal and Bitcoin. Furthermore, it is possible to pay with cash buying an annual package. The cash payment limitation is very strange and we would like to see it as a possibility for all the packages.
The IVPN website states that they offer a 24/7 live support, though we were not able to find any live chat option. The only contact possibilities we were able to find were a ticket form to contact sales, billing and technical support departments. To test how long it takes to receive an answer from IVPN we have contacted their sales department with a couple of questions. We have received a detailed answers to our questions after about an hour. The response time may not be perfect but the information provided by their sales department was very helpful.
IVPN has a custom software for Windows. After installing their software we have noticed that the client is simple to use with the main configuration settings that all other VPN clients have. However, we have not noticed any interesting unique features as well. Everything worked smoothly and we had no complaints about the software. It is important to note that IVPN does not support OpenVPN connection on iOS devices thus you would need to manually configure L2TP connection.
Just like any VPN provider should be concerned about user privacy, IVPN does not keep any logs boosting your security since third parties can not request IVPN to provide information that does not exist.
After testing a single-hop OpenVPN connection speeds to VPN servers we were very satisfied with no changes in our speeds. However, multi-hop connection hit the speeds really hard and reduced them over four times.
We have also tested L2TP speeds with our iPhone. We were not expecting flawless results like single hop OpenVPN connection though we left unsatisfied since our bandwidth was halved.
IVPN is an experienced VPN providers that focuses on privacy and they are doing a good work. However, seeing that after 15 years of service the provider did not grow their network, we are not motivated enough to believe that they will add more servers like NordVPN has been actively doing.
An updated alpha version of End-to-End Chrome extension has been released by Google and is available on the GitHub code hosting service.
Google is moving steadily towards delivering an end-to-end encryption tool for Chrome users and a lot of input comes from open-source community as well as Yahoo is also involved in creating this tool.
The prereleased updated alpha version that the company moved to and made available on GitHub code hosting service includes a few new implementations and bug fixes contributed by the Yahoo security team and by other contributors that participated in the Vulnerability Reward Program, Stephan Somogyi, Manager of Security and Privacy, noted in a blog post.
Somogyi also noted that the wiki for this End-to-End encryption project has been updated and expanded with new documentation for interested security researches and developers to contribute for the project and also learn more about it.
However, Google is not yet going to make End-to-End available in the Chrome Web Store and will take its time till they feel ready to release a proper tool.
Key distribution and management can be called one of the most difficult usability problems to solve related with cryptography products. The company is not going to release a non-alpha of an End-to-End till they have a solution that will fulfill all its requirements.
New insights were made when new documentation was posted on the project providing new details about how Google is planning to use a centralized key server model to enable the end-to-end encryption tool for Chrome. It is a different way and said to be an easier method than to use the decentralized key distribution and verification models that are now utilized by email encryption solutions.
If Google will successfully implement this centralized key server model for End-to-End project, then a user wishing to send and receive encrypted emails would first be required to register with a Key Directory that is managed by user’s email provider. A public key would then be dedicated to the user’s email, this key could then be used by anyone to send en encrypted email to that user.
In a documentation provided by Google, a goal is written that the company wants to make true, it is to take away any need for the user to know anything about how to operate encryption keys and in the same time make a reliable scheme that would assure users of the encryption provided.
The End-to-End was initially announced by Google back in June, at which time the company defined the Chrome extension as very user friendly and easy to use tool for users in need for additional encryption for their email messages. The tool will also enable to digitally sign and also verify signed email message simply with the use of the browser. The Chrome extension for encrypting your emails is based on OpenPGP standard, an encryption protocol that is largely used by other vendors. Google’s End-to-End extension will not need lots of technical knowledge on how to use it, unlike other encryption tools like GnuPG or PGP.
Google has published the source code of the tool on the GitHub for the open-source community to contribute and learn about the project more. The company thinks that End-to-End must be an open source project.
In order to encrypt entirely all your internet traffic and protect your sensitive data we urge you to use a VPN provider. An appealing option would be to use NordVPN service, which offers an extremely strong encryption for your safe surfing.
There are 3 different plans offered by Boxpn that differ in the subscription length only. The cheapest plan is 1 month package for $9.99 followed by a 3 month package that costs $19.98 and the best value package is the annual plan for $35.88 only. The only thing missing here is the lack of free trial which unfortunately is not offered by Boxpn.
The VPN network consist of over 200 servers that are located mainly in Europe and North America. However there are server outside these regions as well (Panama, Australia, Singapore and Argentina). There is an apparent lack of servers in Asia and Africa making it quite an unfavorable option to chose if you live there or have plans traveling because of the increased ping due to the distance to the closest server.
Boxpn supports supports 4 different protocols: OpenVPN, L2TP, PPTP and SSTP. Even though these protocols should cover everyone’s needs we found one specific fact a little discouraging. Boxpn uses 128 bit encryption to secure our data while the there are providers that use 256 encryption at least with OpenVPN connection to provide better information security on the most popular protocol.
Providing a variety of different payment options is very important and Boxpn is lacking there. Even though they do provide ability to pay using PayPal, Credit Card, Perfect Money and many other options, they do not offer a crucial option for most VPN providers – Bitcoin that provides the highest anonymity of all the payment possibilities.
Unlike other popular VPN providers Boxpn does not have a 24/7 customer support. They also do not have a live chat support making contact using tickets the only option. For some people it may be a big deal if they want to know that they are able to resolve any issue whatever time of a day it is.
Unfortunately Boxpn does not have their own VPN client and recommends using OpenVPN client. It may prevent them from delivering the latest features and security measures to their clients via VPN client updates. It is also slightly more complicated to set up due to the need of configuration files.
Boxpn does not monitor your online activity and thus does not maintain any connections logs that could be used against you. Such log policy ensures that the government is not able to receive information on what you have been doing while connected to VPN servers. No log policy should be followed by every VPN provider as privacy is one of the reasons to use VPN.
Despite hearing good reviews about Boxpn speeds we were dissatisfied by our test results. We observed various drops in download speed ranging from 30% to 80%. And out of the 10 servers we have tested only two of them maintain our speed higher than 50% of our original download speed.
Boxpn is a very cheap VPN. However it has a lot of drawbacks like server locations, encryption strength and the server speeds. None of these things we were missing while using NordVPN that in our opinion is a much better option than Boxpn, even though it is slightly more expensive.
TorrentLocker ransomware takes the advantage of people’s unawareness for random files with .exe extension, contained in spam messages’ attachments.
According to new research, since TorrentLocker, one of the most prevalent pieces of ransomware, first surfaced in February 2014 it managed to claim thousands of victims.
Infosec biz ESET reported that 570 or 1.45 percent, out of 39,670 Windows systems that were infected, in order to get their locked-up files decrypted have actually paid the ransom to criminals. Creators of this ransomware managed to rack up between $292,700 (£187k) and $585,401 (£375k) from these payments.
A random 256-bit AES key is generated by the ransomware in order to encrypt pictures, documents and basically any other files on a PC of a victim before a payment of 4 BTC (around $1,500) is demanded from victims; if money is paid then the data is restored.
A 2048-bit public RSA key is used to encrypt the key itself and then it’s sent to a central server. After that the AES key that sits in the memory is deleted from it. Once the ransom is paid, the picaroon behind the scam decrypt the AES key by making use of their private RSA key and forward it back to the ransom in order to restore the scrambled data.
Supposedly ransomware, which goes by the name of TorrentLocker, managed to encrypt over 280 million files stored on computers mainly in Europe region, but New Zealand, Australia and Canada were also hit.
In order to infect victims, they are sent a spam email containing a booby-trapped attachment – usually covered as a bogus unpaid speeding ticket, package tracking document or unpaid invoice – or a link is followed to a site where a victim downloads the malware. Such web page is usually made to look like a legitimate government or business website, for example as a national postal service that also has a CAPTCHA to appear even more legit.
After the victim opens the attachment which appears to be a ZIP archive containing the executable of the malware or even a Word document that contains Visual Basic macro created in a way so that it downloads and installs the .exe file of TorrentLocker.
Waves of spam that distributes TorrentLocker have been launched at Canada, Australia, Czech Republic, Austria, France, Italy, Netherlands, Ireland, Germany, Turkey, New Zealand, Spain and the United Kingdom. Oddly, the US is not amongst the countries listed above for reasons that are not straight off obvious.
Researchers of ESET speculate that TorrentLocker’s gang is the same one that was also responsible for the malware family called Hesperbot designed to raid online bank accounts.
Marc-Etienne M. Léveillé, researcher at ESET, said that with TorrentLocker the attackers reacted to online reports by overcoming Indicators of Compromise used for malware’s detection, and changed the way AES (Advanced Encryption Standards) is used by them from CTR (Counter mode) to CBC (Cipher block chaining mode) after researchers revealed a method used for extracting the key stream.
TorrentLocker victims, due to the change to AES-CBC, can no longer recover the keystream by exclusive-OR’ing an encrypted file and a backup of plain-text, and in this way recover all of their files that have been encrypted, as explained by ESET’s blog post.
According to the security tools company Tripwire’s director of risk, Tim Erlin, the absence of the US on the target countries’ list is greatly noticeable, as US is a target rich environment. He also named a couple out of many possible reasons why criminals did not target the US including few simple ones like that if US would be targeted we would see a faster development of counteracting the threat, or because that US citizens would produce lower hit rate on paying the ransom, or simply that the US is actually on the list and it will be targeted eventually.
While main way to distribute the TorrentLocker ransomware was malicious attachments inside the spam email, other mechanisms were introduced – such as web browser’s or PDF reader’s vulnerabilities exploiting in order to execute malicious code that installs the malware on to the victims machine.
Erlin added that understanding that these ways of compromise for ransomware are not new or static. A variety of means can be used by the attackers in order to infect a computer system; however spam emails with malicious web links or executable attachments are the most popular because they just work and continue to succeed.
While we still cannot offer strong solution which would prevent you from getting infected by a nasty malware like this (besides the well-known one – do not randomly open files or web links that look suspicious), we still highly recommend the use of a VPN like NordVPN in order to protect your private data. NordVPN offers very strong encryption of your internet traffic and additional features such as double VPN or Tor over VPN, which leaves no chances for any kind of attacker to get a hold of your sensitive information!