Several ‘no log’ VPN Providers Caught Keeping Logs

I have written before about being cautious concerning any VPN providers who claim they are not keeping logs.

Just this morning, I was sent an email concerning several VPN providers who had their data dumped onto the Internet, proving they had been keeping logs while claiming they do not keep logs.

This is more proof that you should never trust a “no logging” VPN service to not keep logs.

Now am I saying that using a paid VPN is useless? No, but you need to be careful which VPN service you are using. In my experience, very few are legitimate, and even the legitimate ones are probably logging enough data to eventually identify you.

VPN services are in it for the money and most will say anything (e.g., “no logs”) to make a quick buck. Not to mention they could be selling your user data on the side – a double-whammy.


Posted in Computers, Internet and Servers, Security, Software, VPN

Do You Really Need to Pay for Antivirus Software on Windows?

Quick Answer: No. Windows Defender offers decent protection while being free, conveniently updates via Windows Update, and is not a huge resource hog.

Long Answer:

Anti-virus software has been available for a long time. For years, people paid for virus protection via a subscription service.

Over the last 10 or so years, free anti-virus software such as Avast, Avira, Windows Defender, AVG, Malwarebytes (the free, non-premium version), etc. have taken a hold of the market. Now I have used all of the above-mentioned anti-viruses. They are all pretty good (AVG, for me, ran on the slow side), but my favorite of the bunch is Windows Defender.

Now I do not have fancy charts, data sheets, graphs, etc. to show the “awesomeness” of Windows Defender. What I can tell you is I am running it on several Windows boxes without any trouble or noticeable slowdown.

None of the boxes have had a successful virus intrusion – while running Windows Defender – for the past 3+ years. False positives for me are pretty much non-existent, and I do not have to think about updating Defender, since Windows Update takes care of that automatically.


Q: What advantage would a paid anti-virus software give me that a free one won’t?

A: Pretty much just support. No guarantee of getting support with free software, but with paid software they kind of have to give support, at least if they want to stay in business.

Everything else – including anti-virus definitions (updates) – are good with both paid and free software.


Q: Are there any open source anti-virus software out there for me to use?

A: The only one I would recommend is ClamAV. However, this is not a proper anti-virus solution for most people.

While ClamAV has a real-time scanner, it is not used by default, and it can make your computer run slow (even ClamAV’s own help documentation warns about this). It also has a minimal amount of definitions (from my experience, will catch almost nothing out-of-the-box), and has no graphical user interface for you to use (yes, you will be manually editing a configuration file with a text editor), and it will catch several false positives if you are not careful.

This is not a user-friendly software solution. It is geared towards servers and server administrators to set it up properly.


Q: Do any of the mentioned anti-virus software have any back-doors, spyware code, etc. in them?

A: I really do not know, but I would never discount the possibility. The only solution that should not have any “spy” code in it would be ClamAV, but as mentioned before, ClamAV is very non user-friendly and will cause headaches to people who do not know what they are doing.

Unfortunately, all the good free anti-virus software is closed-source. I can understand this, because no company wants their trade-secrets exposed to the entire world. This would not be good for business!

Also – just a quick note – I personally would avoid the Kaspersky anti-virus software. They are based in Russia, and I would not trust any Russian software on my computer. I have nothing against the Russian people themselves, I just don’t trust their government not to spy on me. Just a thought.


Posted in Computers, Internet and Servers, Operating Systems, Security, Software

What Incognito Mode Can and Cannot Protect

A couple weeks ago, someone online posted a comment saying you can stay “safe and secure” online due to using the web browser’s incognito mode.

Is this true. Does incognito mode really prevent someone from ever tracking you online?

Short answer: no

Long answer:

People believe the myth that the incognito mode – on your web browser – will keep you safe and private. However this is not the case.

Incognito mode only does the following:

  • prevents web history from being logged locally
  • prevents download history from being logged locally
  • prevents cookies & cache data from being stored locally

In other words, incognito mode will prevent someone from spying on you, just by opening the web browser and viewing the web history and downloads.

Now what does incognito mode not protect against?

  • Malware on the system — Any malware on the system will be totally unaffected by your use of incognito mode.
  • IT department — Your IT department will still be able to track your Internet usage on their network. This is especially true if you use their local DNS resolvers. They will know what websites you visit, regardless of your use of incognito mode.
  • Internet Service Provider — Unless you make use of a VPN service, your ISP will definitely know where you go online, regardless of your use of incognito mode.
  • Government surveillance — Of course, incognito mode will be of no use to you here. Also, even using a VPN will not help much if you are being targeted by a government.

In addition, if you have your web browser logged into a service (e.g., Google Chrome logged into Google), they can track your browsing habits regardless of being in incognito mode or not.

The link below helps prove that any browser being in “private” or “incognito” mode (whatever you want to call it) does nothing to prevent 3rd parties from spying on you.

https://www.reuters.com/article/us-alphabet-google-privacy-lawsuit-idUSKBN23933H


Posted in Computers, Internet and Servers, Security, Software, VPN

Should I Use Another DNS Resolver?

Should I switch my current DNS resolver?

If you are just a regular Internet user (not self-hosting anything), and you are currently using your ISP’s DNS resolver, I would switch to a 3rd party DNS service (e.g., Cloudflare).

However if you are self-hosting anything (e.g., email), then I would opt for running my own DNS resolver for reliability.


Here are my opinions on the three typical ways to get DNS.

ISP DNS Resolver:  usually OK performance / no privacy

  • Works out-of-the-box with your Internet service.
  • Since you are using servers they control, always assume your ISP is logging your DNS requests (no privacy).
  • Sometimes an ISP actually has worse DNS resolvers (slower, less secure) than a 3rd party DNS service.
  • I used to make use of my ISP’s DNS resolvers. They would occasionally go down every few months. It made it look like the Internet was down, but it was just their DNS resolvers that were down, which caused software to fail since they could not resolve domains to connect to services.
  • Some ISPs will redirect you to their own online search engine, if the domain you are looking for does not exist. That is real tacky. They should just give the standard DNS error response, instead of – effectively – hijacking your DNS service.

Third-Party DNS Resolver (e.g., Cloudflare, OpenDNS):  good-to-excellent performance / potentially less private

  • 3rd party DNS resolver may be logging your DNS lookups, regardless of what their Privacy Policy says.
  • Can be faster than your ISP’s DNS resolvers. This is due to 3rd party DNS services having a very large network infrastructure. They can handle large amounts of traffic with ease.
  • Cloudflare does support DNS-over-TLS. However this is just encrypting your connection to Cloudflare. When Cloudflare retrieves the DNS records for you – assuming they do not have a cached copy – that connection of theirs is unencrypted. This means the DNS records Cloudflare gets for you can be manipulated by a 3rd party, outside of Cloudflare’s control.
  • Encrypting your DNS does not prevent your ISP from seeing what domains you are going to, if the web-server you are connecting to does not support both the TLS 1.3 protocol and the ESNI extension. This is due to the fact the SNI (Server Name Identification) gets sent from the web-server in plain text. With this information, your ISP can effectively see which domains you are visiting, regardless if your DNS is encrypted via Cloudflare or another 3rd party service.
  • Unless you are using a VPN service, your ISP will still have to route your connection to the website (they can see the web-server’s IP address). This may give away where you are going on the Internet, even if your ISP cannot read your DNS queries.
  • There are some free public DNS resolvers, run by volunteers (read: no large corporations), who claim they do not log your domain lookups. Just like I mentioned before, you must take their word for it.

Self-Hosted DNS Resolver (e.g., Unbound DNS server):  OK-to-good performance / potentially more private

  • Useful if you want to have reliable lookups, since you are cutting out the middle-man handling your DNS requests (you are going directly to the source, instead of having someone else do it for you).
  • If you are self-hosting web services (e.g., web and email), it is recommended to run your own DNS resolver. While not necessary, this will help prevent interruptions to your services.
  • While there is no worry about the DNS resolver keeping logs (you are running it, after all), there still is the possibility of your ISP and/or other entities sniffing your DNS lookups and keeping a log that way. This is because DNS is inherently insecure (not encrypted).
  • Unbound runs on many different operating systems (e.g., FreeBSD, OpenBSD, NetBSD, MacOS, Linux and Microsoft Windows).
  • Unbound does require some knowledge of DNS to be setup properly. Users who have little to no experience with DNS servers may find setting up Unbound to be difficult.
  • Something to keep in mind. When doing your own DNS lookups, usually you are contacting the Root DNS servers, domain TLD nameservers, and of course one of the domain’s nameservers using your public IP address from your ISP. This means all three of those services may log your IP address when doing lookups.
    • For example, if I lookup my domain computerlagoon.com via Unbound, it will first ask a Root DNS server for a nameserver belonging to the .com TLD. From there it will ask one of the TLD’s nameservers for one of my nameservers to get the webserver’s IP address.
    • There is a very good chance the .com TLD nameserver, run by Verisign, is logging domain lookups. This means someone, somewhere is more than likely logging your lookups (associating your lookups with your IP) even if you opt to self-host your own DNS resolver.

Summary Chart

Easiest out-of-the-box solution | best for people who just want things to work ISP DNS resolver
Best performance | good for people who want more performance than what their ISP provides 3rd-party DNS (e.g., Cloudflare, 1.1.1.1)
Best reliability | best for people who self-host web services (e.g., email) self-hosted solution (e.g., Unbound DNS server)

Posted in Computers, Internet and Servers, Operating Systems, Security