Many people use web browser add-ons (such as Ad-blockers) for their everyday browsing. What most people are unaware of is that many of these add-ons have permissions that allow the add-on to view the content of the web pages the user is viewing.
The problem? If someone has installed a malicious add-on, their web browsing data (e.g. browsing history, password credentials, what they type into a website, etc.) would have been sent to the add-on’s creator. Now I am not implying that every single web browser add-on does this, but there is a very high potential that this can happen.
Would only using open-source browser add-ons be a safe option? Well open-source add-ons would definitely lower the chance that someone would get away with spying on you. However open-source projects do not have a spotless security track record either. There is still some risk.
Even Mozilla themselves warn about this problem with web browser add-ons (also called extensions).
Here is an example of what I am talking about (https://www.zdnet.com/article/mozilla-removes-avast-and-avg-extensions-from-add-on-portal-over-snooping-claims/).
Posted in Android, Computers, General, Internet and Servers, Security, Software
I have noticed, off and on, people on discussion boards (e.g. forums, comment sections) seem to have an abrasive, if not downright toxic (hostile) attitude towards people. I know, this is not surprising. There always have been people that have acted this way on the Internet.
However, why do people act this way? While I do not pretend to be a psychologist, I have some ideas of why people engage in this kind of behavior online (or offline).
(Please take note, everything I say are my own opinions.)
Some people are clinically depressed. They do not necessarily mean to cause anyone problems, but they just see their life as one big mess. They in turn let their feelings about themselves (and their life) bleed into their online conversations with others.
- Life Stress
Stress can be the cause of someone being frequently irritated. For example, some guy on a truck/SUV forum has just lost his job and is in danger of losing his really nice truck. He makes large monthly payments each month. He is also struggling to pay his rent. With these life problems, I would not be surprised if he were to get fussy with others online.
Many times people being hostile online is due to arrogance. They believe their opinion is the only correct one, and that no one else can be right.
If they happen to be right, they become even more smug and arrogant. If they happen to be wrong, they will never admit it and unfortunately, most of the time, never change their ways. Either way, not a pretty sight.
This happens a lot on comment sections of websites. There is always someone that wants to ask “smart” questions to other people. However when the person they asked the “smart” question to is able to answer their question, they typically either insist on a stupid “comment war” that leads nowhere, or they sneak out like a thief in the night, never bothering to give a reply for courtesy.
Someone being insecure (not being sure/confident of themselves) can drive someone to get frequently defensive (usually without justification). They also show signs of paranoia and maybe even arrogance, since someone telling them they are wrong causes them to become even more insecure.
This one is similar to arrogance. Someone being prideful online is not hard to spot. Usually it is recognized by the “tone” of someone’s message.
For example, someone who has lots of money (e.g. a rich businessman) writes an online article. He says that he is of the opinion “poor” people either cannot or have a very small chance of becoming rich like himself.
Now most people would read his article that think “Wow! That guy is a jerk.” Well they would be right. A prideful online post, as mentioned before, is not hard to spot.
I believe people who post similar to my example above, are insecure, and need to put other people down to feel better about themselves. In my experience, they will even act as if they are being sincere, when they are not.
Also, their entire post does not have to be putting someone down. Just one or two sentences will give away the author’s true intentions.
As everyone knows, there are people out there who cannot rest until they have caused someone trouble. The Bible talks about these kind of people (Proverbs 4:14-16 *). When it comes to online conversations, they will give pointless talk with little to no technical arguments, wasting everyone’s time in the process.
They also semi-frequently say something like “I’m done with you.” and stop responding, as if you were the one being ridiculous. However, they are just projecting their own ridiculousness onto you, in an effort to coverup the fact they are the troll (troublemaker).
* Proverbs 4:14-16 New American Standard Bible (NASB)
Do not enter the path of the wicked And do not proceed in the way of evil men. Avoid it, do not pass by it; Turn away from it and pass on.
For they cannot sleep unless they do evil; And they are robbed of sleep unless they make someone stumble.
Posted in Christian, Computers, General, Internet and Servers
Many people use VPNs for their Internet connections, in the attempt to prevent their Internet Service Providers (and others) from seeing what they do while on the Internet.
These VPN services tunnel all of your web traffic (everything you do with your Internet connection, not just data from web browsing) through their servers.
( Of course, VPNs are also used for connecting two remote locations together over the Internet, but that is outside the scope of this post. )
While a VPN service can potentially help to protect your privacy, there are many myths people believe about VPNs.
1 : VPNs will prevent hackers from hacking into my computer
First off, if your computer has an open attack vector facing the Internet, you will eventually get hacked sooner or later.
Secondly, VPNs do not stop malware from infecting your computer (thus allowing a hacker into your computer), nor does it prevent a hacker from learning your real IP address and trying to attack your computer directly.
2 : No malware can get onto my computer while using a VPN
As mentioned above, VPNs do not stop malware from infecting your computer. The VPN service will download that malware-infested file just as happily as your ISP would have.
Your best defense against malware, is a good anti-virus/anti-malware application (e.g. Malwarebytes is a good one), and using common sense when downloading something off the Internet (e.g. does the website you are downloading the file from look sketchy?).
I am aware that some VPN providers provide a feature that blocks malware and ads for you automatically. This is just the VPN provider blacklisting known malware and ad-tracker domains. The VPN itself is not protecting you. It is the blacklists on their DNS servers that are protecting you.
You can provide yourself the same kind of protection by running a Pi-Hole device on your network.
Of course, it is more user-friendly to have a VPN service automatically do this for you, instead of doing it yourself.
3 : VPNs will get past all geo-restricted websites
While VPNs can successfully access geo-restricted web content, some content providers (e.g. Netflix and Steam) disallow VPNs of any kind (according to their Terms of Service). However telling someone that VPNs will always work with geo-restricted websites is just plain false information.
4 : Every “no log” provider really does not log anything
As I have said before on my blog, I am sure there really are VPN providers that honestly do not log anything that can easily trace back to a specific user. However, how do you know that they will not start logging without your knowledge? You don’t.
Also as an IT administrator, I know that not logging anything is pretty much impossible, since logs are necessary to help fix critical problems. It is up to you to decide who to believe when it comes to “no logs”. After all, you are using their network, not your own. Ultimately you are just taking their word for it.
In addition, the VPN’s upstream ISP most certainly will log all traffic. So by using traffic analysis attacks, your real IP may be uncovered anyway.
5 : I can be an outlaw online, since I use a VPN
No VPN will completely protect you if you are doing something to attract the attention of a large, well-connected organization (e.g. a government agency). So if you are thinking about doing something “out-lawish” online (via a VPN), you better just forget it. You will get caught sooner or later.
6 : I am completely anonymous to my VPN provider
This one can be semi-true. There are VPN providers that only require an email and can be paid in cryptocurrency (e.g. Bitcoin). However, unless proper steps are taken, your Bitcoin payments can still be tracked.
Also, your VPN provider will know your real IP address, which could (please notice I said “could” not “will”) be leaked to certain people which may then expose your identity.
7 : Anything I send over a VPN is completely secured from prying eyes
A VPN service does not provide point-to-point security. What I mean is that if you access my blog (via HTTPS) through a VPN, your initial connection is encrypted both at the browser and the VPN connection you have established.
However that extra security stops at the VPN itself. Whatever you transmitted to my server gets sent out as if you never used a VPN to begin with after it leaves the VPN’s server.
If you are using a HTTPS enabled website, neither the VPN provider nor anyone else can look at the contents you are transmitting.
On the other hand, if you use a website that has no HTTPS (HTTP-only), then both the VPN service and anyone else (after the data leaves the VPN) can not only snoop your traffic, but they can also modify it. Not good.
8 : All VPN services have full control over their servers
While it is true that most (if not all) VPN services own their own servers (dedicated or VPS), this does not necessarily mean they have full, complete control over their servers.
Why? Simple. Unless they acquire their own data-center, the VPN company has no real idea of what is happening to their servers. This may not bother you, but it is a potential vector for a security breach of customer information.
9 : With a VPN, you will be anonymous everywhere you go online
There are three problems with this idea.
First, there is no way to be 100% anonymous online. That is a myth.
Secondly, assuming your VPN is not a bad actor itself, the minute you login into a personal account (e.g. Facebook, Twitter, Google, Bing, etc.), you will have just identified yourself to the remote computer.
Third, a VPN service cannot stop web tracking methods like tracking cookies and web browser fingerprinting.
Now you may be asking, “How does this allow someone to track my online visits?” Good question. A web browser fingerprint is the identification of someone’s web browser in an attempt to track you regardless of what IP address you are coming from.
Basically your web browser is probed to determine what add-ons you have installed, what fonts are installed on your computer, what video card your computer has (via WebGL), PNG hash, what operating system you are using, your web browser’s 2D canvas, etc. All of this information is combined to form a fingerprint of your web browser.
If you have ever visited a website (without using a VPN) and later on you visit the same website (this time, using a VPN), they can still have a pretty good guess that it is you just by looking at your browser fingerprint you left the last time you visited (without the VPN).
Web browser cookies work in a similar manner. If you do not delete your cookies every time you exit a website, later on when you visit that same website again, they can read the cookie they placed in your web browser and know it is you, even if you are connecting under a different IP address via a VPN service.
web cookies used for good – online shopping cart, logging into your webmail
web cookies used for evil – tracking your visits to spy on you and sell the collected information to 3rd-parties…or worse
10 : “My Internet service gets 100/10 (download / upload) speed, so the VPN service I purchased will give me the same download/upload speed”
This one can sometimes be true, but usually isn’t. You have to understand that there are usually so many customers on any particular VPN server, that the bandwidth is strained between all the users.
If you have 100 people each using 10 Mbps of download bandwidth, there is not going to be much bandwidth left for anyone else to use, if the server does a max of 1000 Mbps.
If you have a 100/10 Internet service, you are doing good if you get 50/8 on a VPN. I am not saying that all VPN servers are slow, but in my experience, most of them are. If you have very fast Internet service, don’t expect to utilize all your bandwidth with a VPN service.
11 : “My VPN service has been audited. It has been verified to not be keeping user logs.”
I have heard of a commercial VPN service being audited to “confirm” no logs are being kept. Unfortunately this means nothing.
You are just having blind-faith in what some audit company says. Unless you have personally inspected each and every section of the VPN service’s network, you really have no clue if it really is secure or not.
It’s your business whether or not to believe an audit, but I personally consider it unwise.
I hope this post has helped dismantle some myths you may have heard online about VPN services.
So what is the best use for a VPN service?
1) hide your activity from your ISP or untrusted network (does not prevent governments from tracking you down)
2) prevent the remote computer (e.g. web-server) from knowing your real IP address
3) circumvent Geo restrictions (not always reliable and may even be violating the “Terms of Service” of the service you are accessing)
Using a VPN for anything other than those three specific reasons will result in a false sense of security for you. Also, as mentioned before, this all assumes that your VPN provider is a good guy. After all, you are sending your data through their network. Since they have become your “new” ISP, they could sell your data for a pretty penny, and you would be none the wiser.
Please Note: I did not write this post to scare you away from using a VPN provider, but I wanted to make sure people understand that a VPN service is not a “magic pill” that will cure all of your online web privacy problems (as many people seem to think).
Using a VPN for the purpose of preventing your government from spying on you or being 100% anonymous on the web is pointless.
Posted in Computers, Internet and Servers, Security, VPN