Let’s Encrypt – Free SSL/TLS Certificates for Your Website
If you have a personal or small business website that you wish to secure via an SSL/TLS certificate, you can use Let’s Encrypt to do it for free.
It used to be when you needed web encryption for your website, you had to go to a certificate authority and pay for one. What is worse, the certificate would have to be renewed every so often. It depended upon how many years you paid for in advance.
If you opted not to renew your certificate, your web visitors would see a scary message telling them “Your connection to the website is not secure!”.
Technically the “your connection is not secure” message is incorrect. An expired certificate can still secure your connection to a server, assuming you have not enabled HSTS for your domain. It’s only that the web browser – and other software – will no longer “trust” the certificate because it has expired.
Some services give their users a user-friendly option to setup a Let’s Encrypt certificate for their website. However, for people like me with custom setups, we must use other less user-friendly solutions.
If you are interested, here is the “Getting Started” link: https://letsencrypt.org/getting-started/
Posted in Computers, Internet and Servers, Security, Software
Several ‘no log’ VPN Providers Caught Keeping Logs
I have written before about being cautious concerning any VPN providers who claim they are not keeping logs.
Just this morning, I was sent an email concerning several VPN providers who had their data dumped onto the Internet, proving they had been keeping logs while claiming they do not keep logs.
- https://www.theregister.com/2020/07/17/ufo_vpn_database/
- https://betanews.com/2020/07/15/ufo-vpn-data-leak/
- https://www.techradar.com/news/these-no-log-vpns-actually-collect-plenty-of-logs-and-the-data-has-been-exposed
This is more proof that you should never trust a “no logging” VPN service to not keep logs.
Now am I saying that using a paid VPN is useless? No, but you need to be careful which VPN service you are using. In my experience, very few are legitimate, and even the legitimate ones are probably logging enough data to eventually identify you.
VPN services are in it for the money and most will say anything (e.g., “no logs”) to make a quick buck. Not to mention they could be selling your user data on the side – a double-whammy.
Posted in Computers, Internet and Servers, Security, Software, VPN