Firefox tweaks to enhance security and privacy

Firefox tweaks to enhance security and privacy When it comes to privacy and security, Firefox is probably the best browser to use due to its flexibility in changing/tweaking settings. These are some recommended settings and add-ons to make Firefox more secure and privacy-oriented.

BestVPN：click here

To change the following settings, open the URL about:config and acknowledge by clicking on I’ll be careful, I promise! Then search for the setting name and double-click on it to enable/disable it.

Disable WebRTC:

media.peerconnection.enabled – false media.peerconnection.use_document_iceservers – false

Note: Disabling WebRTC is a must, as it would otherwise leak your real IP address when you are connected to a VPN. Search for the parameter names and double click to enable/disable them (true for enabled and false for disabled).

Disable IPv6 for DNS lookups.

network.dns.disableIPv6 – true

Disable sending pings (more info)

browser.send_pings – false browser.send_pings.require_same_host – true

Enable Do Not Track:

privacy.donottrackheader.enabled – true privacy.donottrackheader.value – 1 privacy.trackingprotection.enabled – true

Disable geolocation:

geo.enabled – false geo.wifi.uri – (blank)

Disable geotargeting:

browser.search.geoSpecificDefaults – false browser.search.geoSpecificDefaults.url – (blank) browser.search.geoip.url – (blank)

Disable telemetry:

toolkit.telemetry.enabled – false toolkit.telemetry.server – (blank)

Disable ‘safe browsing’ aka. Google tracking/logging:

browser.safebrowsing.downloads.enabled – false browser.safebrowsing.downloads.remote.enabled – false browser.safebrowsing.enabled – false browser.safebrowsing.maleware.enabled – false

Disable DNS prefetch (don’t make DNS lookups to speed-up loading of resources in a page):

network.dns.disablePrefetch – true

Disable prefetching of pages that are likely to be visited:

network.prefetch-next – false

Disable WebGL (more info):

webgl.disabled – true

Disable the internal PDF reader:

pdfjs.disabled – true

Note: PDF files will open using your reader software. For security reasons, we do not recommend to use Adobe Reader but some of its alternatives.

Recommended add-ons: Flashblock: blocks Flash and allows it on-demand. We recommend to disable Flash completely but if you need it on some websites (e.g. streaming services that aren’t using HTML5 yet), this is a must – mainly for security purposes. EFF’s privacy Badger: blocks tracking and spying ads. EFF’s HTTPS Everywhere: forces HTTPS connections when available (you might need to add manual filters for non-popular websites that you visit). uBlock Origin: lightweight ad-blocker. RefControl: allows you to control what gets sent as HTTP Referer (source of visit). In default state, without this addon, sites can see where you “come from” (e.g. link via other website). NoScript: blocks pretty much everything that might be a risk to security/privacy, but it will also break functionality on many websites by default. Use it if you’re the kind of paranoid user or if you have some spare time to whitelist trusted sites one by one.

Credits: some of the settings are taken from here (however, tested beforehand and used by our staff on the long-term)

Additional remarks: Keep in mind that all browsers have their own flaws and they usually represent the weakest link in using a VPN service. Cookies, addons, fingerprinting, design flaws and vulnerabilities – they come with all browsers. The settings and addons recommended above will only reduce the attack surfaces, but they are not a silver-bullet solution. This list is dynamic, and we will add more settings/add-ons as we find them.

BestVPN：click here

http://vpn.baiaq.cn/archives/12009

Max simultaneous connections changed to 6

We just changed the maximum allowed simultanous connections for a single VPN account to 6, from 3 initially for standard accounts – and to 3 from 2 initially for the 1 Week trial accounts. The change is into effect immidiately and applies to all VPN accounts (existing and new).

BestVPN：click here

Why the change? There are two reasons why we decided to make this account upgrade.

Solving Auth Failed issues on reconnection attempts: Under certain circumstances usually depending on how the user connects (what software, protocol etc.), the VPN client doesn’t send a “clean close” notice to the server, meaning that sudden disconnect/reconnect actions may result in an attempt to by-pass the limit of 3 simultaneous connections allowed per account. The servers would normally notify the auth backends of timeouts in case of unexpected drops of connections, but it takes at least a minute (timeframe to detect that a client disconnected). Therefore, legitimate re-connection attempts might be flagged as attempts to pass the 3-connections threshold per account if they occur too fast(within a minute), resulting in failed login attempts.

Considering the feedback we received and our experience, we believe that 3 to 5 simultaneous connections should be enough for most people. The 6th connection should be useful in case of fast-reconnects without cleanly close the previous sessions (i.e. too quick for the server(s) to send a time-out notice to the backends).

Listening to suggestions: The change also comes as a response to suggestions that we received from customers. Quite a few of our customers wanted to be able to connect 4 or even 5 devices at the same time, so we decided to honor this specific request without changing pricing or adding “addons”.

We hope that this change is welcomed by our users, either to solve some re-connection issues or just to be able to use more devices at the same time with a single account.

BestVPN：click here

http://vpn.baiaq.cn/archives/12011

A story of imitation and security done wrong, featuring a VPN service

TL;DR: A VPN service copied our extension’s design, they use(d) our API servers and implemented their browser proxy service insecurely. We make this public to avoid the awkward moment when someone might accuse us of copying them and not the other way around.

BestVPN：click here

Normally we wouldn’t point the finger at someone else to highlight insecure/bad implementations, but this is an exception from our conduct.

Today we found out from a customer of ours that TorGuard’s Proxy Extension looks very similar to ours(Webstore/official page). We investigated the findings and confirmed that it is, mostly, a copycat (see our tweet).

Our extension for Chrome was first released on December 17, 2014; for Firefox on April 19, 2015. Their extension for Chrome was first released on May, 2015. Public announcements, number of users/ratings, SSL certificate dates stand as evidence to confirm which was created first.

This is a comparison between our app version 1.6.x(mirror) for Chrome/current version 1.0.1 for Firefox and Torguard’s current version.

The design similarities are very obvious even to an untrained eye. A note to those who aren’t familiar with Chrome extensions development: the code can be easily inspected, not being closed source. An extension like CRX source viewer can be used to view code in Webstore directly. Or you can download the .crx file, unzip it and inspect it.

It’s not only the design that’s similar, but they also use the same geo-location API server address (highlighted in the comparison image above). This is our own geo-IP API server that we’re using internally (for software, extensions etc.). Hosting this image on the API server to prove that it is ours, in case someone has doubts.

Fyi, using someone else’s API servers, as a VPN service, is a very irresponsible mistake – just terrible from a security & privacy point of view. What they do by using someone else’s servers such as our API service, essentially, is to expose all their Chrome Proxy users’ IPs to a competitor. We don’t interfere with the queries in any way, but you should be aware that a malicious competing service could make use of such opportunity to log IPs of users or even worse, redirect them or forge the JSON replies to mess-up with the extension functionality: e.g. trolling scenario where connected location will display “Fort Meade, Maryland” regardless of real gateway IP location.

Now, moving to the security part. Not everything from our app was copied (they missed the good parts!), for example the storage of credentials and the update of active servers via JSON queries:

Torguard stores the credentials in clear-text; we are XORing the pass to protect it against spyware that will search all over the place for clear-text credentials; To reproduce: add some credentials and save them > right click on extension > Inspect popup > Resources > Local Storage Torguard gets the up-to-date list of proxy gateways over HTTP (again in clear-text); we get them over HTTPS (A+ on Qualys/mirrored results): from Torguard’s background.js, from our background.js; The obvious risk of providing server IPs over HTTP is that they can be easily hijacked in a MitM attack; Torguard’s HTTPS proxy is highly insecure: uses insecure ciphers like RC4, supports SSL 3, is vulnerable to POODLE attack, doesn’t provide Forward Secrecy. Gets a shameful Grade C on Qualys test. Result mirror 1, mirror 2 (to see the original result). And this is our result/mirror (FS enabled, no weak ciphers, support only for TLS 1.1 and 1.2); An advice to Torguard: when copying someone else’s work, please also consider your users. Don’t promise them “anonymity”(a false promise as a VPN service, but that’s a different topic) and “security” unless you do it correctly, at least to a reasonable degree.

We demand apologies on this matter and we also urge Torguard to make the necessary design & code changes to make it less obvious that their Chrome Extension is a blatant, unethical imitation.

Cheers!

Update 1: they acknowledged (mirror 1, mirror 2) earlier today removal of our geo API servers from their app, though not having a problem with the copycat design. Update 2: they updated the Chrome extension, adding encryption for credentials. They also “secured” the HTTPS proxies (now getting a grade B instead of C mirror). Extension design is still the same. Mirrors hosting their extension version 0.1.69: Mega, our CDN (you can also unzip it) Mirror hosting of our previous version 1.6.4 that’s been copied: our CDN

BestVPN：click here

http://vpn.baiaq.cn/archives/12013

Important privacy measures for VPN users

This tutorial was initially posted in our KB several months ago, but we’re planning to make use of the blog for future howto’s.

Without proper privacy measures, a VPN WILL NOT provide a high level of identity protection out-of-the-box. There are several other factors that may expose your real identity and those are often ignored. Below are some of the most important requirements in order to reduce the risk of exposing your identity when using a VPN. Please read this short guide in full and get in touch with us if you require help/more details.

BestVPN：click here

Disable Flash Flash is notoriously bad when it comes to security and privacy. Over the years it’s been one of the preferred targets for attack vectors leading to malware/spyware infections and system exploitation by just opening a website hosting malicious Flash code.

Moreover, it also leaks personal identifiable information such as your real IP address. Blocking Flash by default and allowing it to run only on trusted websites (eg. Vimeo, Youtube) on request is a must. use Flash blocking browser plugins, such as Flashcontrol (Chrome) or Flashblock (Firefox) to display a place-holder instead of running the Flash content, and only allow it when you need it and you trust the website. Please note that Chrome browser has Flash support embedded and enabled by default, therefore using a plugin is – again – a must. Completely uninstalling and disabling it is even a better option to consider, eventually use it in a sandbox (virtual machine).

Disable/Block WebRTC WebRTC leaks important information such as all your internal IP addresses even if you are connected to the VPN! Here is a demo: https://vpn.ac/webrtc.html

More details on the WebRTC browser issues, in our announcement: WebRTC browser issue and fixes.

Disable it in Firefox: type about:config in address bar and toggle media.peerconnection.enabled to false. In Chrome (desktop) it can’t be disabled and extension-based protection is problematic, as exploits can by-pass them. This extensions seems to do the trick at this moment.

Block tracking scripts and ads EFF’s Privacy Badger is a must-have plugin that’s very effective in blocking tracking tools. uBlock (Chrome), Adblock (Chrome) and AdBlock Plus (Firefox) are excellent ad blockers.

Protect against DNS Leaks DNS leaks occur because the Operating System doesn’t properly assign the VPN DNS resolvers. Check for DNS leaks when you are connected to the VPN, at dnsleaktest.com (running the Extended test). If it displays other than our Private resolvers (their name is self-explanatory in the results), fix the DNS leak. The fix is very simple and once done correctly, there’s no need to do it again. Therefore we prefer to provide instructions on how to fix it manually once and for all, instead of relying on VPN software functions which aren’t always effective.

Fix DNS Leaks on Windows:

Assign a manual DNS server instead of relying on DHCP. DO NOT assign your home router or your ISP DNS.

Go to Control Panel > Network and Internet > Network Connections Right click on the Network adapter you are using > Properties > Internet Protocol Version 4 (TCP/IPv4) Check Use the following DNS server address

These are some of the public DNS resolvers that you can use:

Worldwide: 8.8.8.8 and 8.8.4.4 (Google Public DNS), 4.2.2.1 to 4.2.2.4 (Level 3), 74.82.42.42 (Hurricane Electric) In China use: 114.114.114.114 and 114.114.115.115 (try also 8.8.8.8) More public resolvers available at opennicproject.org/Tier2

Our own public resolvers will be available in the very near future.

It’s a good practice to always use a 3rd party DNS resolver than your own ISP.

Fix DNS Leaks on Linux (when running OpenVPN from terminal):

You will need to run a script when OpenVPN is connecting. Here is a tutorial.

Disable IPv6 If you have IPv6 enabled and you don’t need it, disable it from network interface properties. Disabling it also fixes potential DNS leaks if your router has DHCP support and internal IPv6 enabled (OpenWRT routers have it enabled by default).

Use firewall rules to block traffic outside of VPN tunnel On Windows, you can use the default firewall to ensure that certain applications will only transfer data via VPN and stop once the VPN is disconnected. Here is a tutorial to setup Windows Firewall to protect against bittorrent IP leakage. it can be used for other software e.g. browsers, messaging apps. You can also remove the default gateway (of the physical network interface) once connected to the VPN, so no traffic would leak if the VPN disconnects. Our VPN software for Windows has support for this feature.

Uninstall Java It’s unlikely that you need it, as an end-user. If you do need Java for some specific applications, we recommend to use it in a virtual machine. Just like Flash and Adobe Reader, Java is another software that had tons of security vulnerabilities and would put you in great risk.

Clean cookies Use a browser plugin/extension to remove cookies: Vanilla (Chrome), Self-Destructing Cookies (Firefox)

Disable Location reporting in browser In Firefox: In the URL bar, type about:config Type geo.enabled Double click on the geo.enabled preference Location-Aware Browsing is now disabled For more tips on Firefox, check firefox-debloat.

In Chrome: Open Chrome settings > Show advanced settings > Privacy > Content settings Scroll to Location and check “Do not allow any site to track your physical location”

Monitor your network traffic GlassWire (for Windows / currently in BETA so may cause issues) is a great tool that you can use to see what applications are doing traffic and what are the IP addresses they connect to. It also provides network traffic statistics and some basic Firewall (block/allow all traffic per application basis).

Change the Wi-Fi router SSID if it’s unique/provided by ISP Many ISPs provide their customers with pre-configured Wi-Fi routers that will use unique, location identifiable SSIDs (Wi-Fi network names). Change the SSID to a non-unique one/generic like eg. DeskJet/Internet. You may also want to disable SSID broascast or change the SSID often.

More things to do Ensure your OS is always up to date. The same applies to browsers and all software you use. Don’t install/keep software that you don’t need. Use virtual machines to test new/cool things found on the Internet. Do regular malware and virus scans. Consider using separate browsers for separate online identities. Again, please disable Flash, Java, WebRTC and don’t use Adobe Reader (use alternatives for PDFs like Foxit Reader). Those things together are to blame for tens of millions of malware infections and exploitation. No anti-virus or “security suite” will protect the user completely against new/0-day vulnerabilities affecting the mentioned software. Quite often, an anti-virus provides a false sense of security and it’s better to eliminate the root cause by disabling vulnerable software for good.

More tools & measures will be added to this article so you may want to revisit it in the future.

BestVPN：click here

http://vpn.baiaq.cn/archives/12015

Blog reboot

We decided to ditch the bloated WordPress blog and start a new one, on a cleaner platform. Since there wasn’t much content value on the older blog, just some announcements every now and then, we also decided to concentrate more efforts on the blogging part, especially on privacy & security howto’s and awareness articles. The design is still minimalistic but it will be improved in the next weeks.

BestVPN：click here

http://vpn.baiaq.cn/archives/12017

IP X service launched

When it comes to using a VPN service for security and privacy purposes, it is essential to make sure that it is working as expected and everything is correctly configured to avoid exposing your real IP address, as well as reducing the ways in which remote sites can fingerprint and track you, as a visitor.

BestVPN：click here

This is the reason why privacy-conscious VPN users rely on sites that can detect and show their IP addresses, or even more details like DNS servers, browser footprints, WebRTC leaks and so on.

We’ve been using such services, too, for years. But we always found something that we weren’t satisfied with in all such sites. One and the most important being lack of accuracy of the tests performed, for example detecting a single DNS resolver while several are used.

Last summer we decided to start working on our own IP geo-location and leak detection site and we are happy to announce that it is now ready to use.

You can give it a try at ipx.ac

Quick Q&As

Q: How accurate is it? A: Very accurate. Compare the results you are getting to some of the other test sites. Even if it’s new and we’re sure some improvements and bug fixing need to be made, we never planned to create “yet another” IP geo/leak test site but the most accurate and reliable of them all, and we are serious about it.

Q: What does the site name mean? A: We wanted something relevant, yet easy to remember, quick to type in a browser, including mobile. “IP” is self-explanatory, and the “X” stands for marking the spot, or the “unknown”. Not really sure about it, but you get the idea

Q: Can I use the site even if I connect to other VPN/Tor/proxy etc.? A: Yes, absolutely. There is no restriction.

Q: How do I know that you won’t show “all good” results when I am connected to vpn.ac service? A: It’s in our best interest to provide an accurate, neutral service, that eventually contributes to better privacy for users. Moreover, one can run tests on different sites and make a comparison, so there is really no reason on our side to be biased or display fake results.

Q: Can the site be used just for IP geo-location info? A: Sure. You can query IPs in the query form in the upper-right. Just enter some IP address to get the geo-IP info about it.

Q: Can you detect in your tests if I am connected to a VPN? A: Yes. There’s the IP type which can be residential or not. If it’s not residential but a datacenter, it’s pretty obvious that it is a VPN connection. Also, in the next weeks we will add a secondary IP-insight database that contains all known VPN/Tor/Proxy IPs. Combined with the MTU, OS and some other tests, the result is very accurate.

Q: How do I find more details about each test result section? A: There’s a “?” (question mark) sign in the header of each section. Click it and more info will be displayed in a pop-up.

Q: If I find a problem or a bug, how can I help? A: Please get in touch with us and give us the details.

Q: In some sections there’s nothing displayed but just a spinning icon. A: It’s normal, some tests aren’t compatible with some browsers. In the future we will make it clearer that specific tests aren’t available.

For suggestions, please don’t hesitate to get in touch with us.

BestVPN：click here

http://vpn.baiaq.cn/archives/11988

Ditch the HTTPS Scanning feature of your antivirus

Users might be vulnerable while accessing secure HTTPS websites, and their antivirus is to blame. A thorough research, conducted by experts at Mozilla Firefox, Google, Cloudflare and three American universities, shows that several popular antivirus software “drastically reduce connection security” and expose users to decryption attacks. This isn’t new by any means and the HTTPS interception technique used by anti-viruses has been the subject of debate for several years.

BestVPN：click here

Half of the world’s traffic is encrypted using the secure TCP/IP HTTPS protocol. Because traffic is encrypted, it’s not normally accessible for security inspections. However, antivirus products install their own root certificates on computers to be able to analyze HTTPS traffic. But instead of helping the user stay safe, this opens the gate to vulnerabilities, the study shows.

And here’s the problem: Security software vendors are poorly handing inspection after the TLS handshake, according to the researchers. They’ve looked at eight billion TLS handshakes generated by Firefox, Chrome, Safari, and Internet Explorer, with antivirus software on. Researchers have analyzed Firefox’s update servers, a set of popular e-commerce websites and the Cloudflare content distribution network.

“In each case, we find more than an order of magnitude more interception than previously estimated,” the paper reads. They found interception happening on four percent of connections to Mozilla’s Firefox update servers, 6.2 percent of e-commerce sites, and 10.9 percent of US Cloudflare connections. What’s worrying is that when intercepted, 97 percent of Firefox, 32 percent of e-commerce, and 54 percent of Cloudflare connections became less secure.

“As a class, interception products drastically reduce connection security. Most concernedly, 62% of traffic that traverses a network middlebox has reduced security and 58% of middlebox connections have severe vulnerabilities,” the report reads.

Not only do security software reduce connection security, but also introduce vulnerabilities such as failure to validate certificates.

“While the security community has long known that security products intercept connections, we have largely ignored the issue, believing that only a small fraction of connections are affected. However, we find that interception has become startlingly widespread and with worrying consequences,” the researchers say.

They’ve publish the result hoping to encourage manufacturers “to improve their security profiles and prompt the security community to discuss alternatives to HTTPS interception”.

Another serious problem enabled by the HTTPS scanning feature is that it breaks HTTP Public Key Pinning (HPKP). HPKP is a technology enabling website operators to “remember” the public keys of SSL certificates in browsers, enforcing the use of specific public keys for specific websites. This reduces the risk of MiTM attacks using rogue/non authorized SSL certificates. But HTTPS scanning and HPKP can’t work together, therefore if a website has HPKP enabled, when you access it the support for HPKP for that site will be disabled in the browser.

For the sake of example, we tested 3 antiviruses (Eset, Kaspersky and BitDefender) with HTTPS scanning feature enabled against a HPKP test website.

HPKP Test Results with HTTPS Scanning enabled:

As you can see, the test shows Not Supported when the certificates are issued by the antiviruses.

HPKP Test Results with HTTPS Scanning disabled:

Now, with the HTTPS scanning disabled, the browser is using the correct certificate, issued by Comodo.

What to do Meanwhile, our advice is to just disable the HTTPS scanning feature of your antivirus. This functionality contradicts the very idea of TLS/HTTPS point-to-point security and gives the users a false sense of security.

This is how to disable it in the 3 security products tested.

Eset Internet Security: Setup > Internet Protection > Web Access Protection > Web Protocols > uncheck Enable HTTPS checking Kaspersky Internet Security: Settings > Additional > Network > Encrypted connections scanning > Do not scan encrypted connections Note: By default it is scan encrypted connections upon request from security components which isn’t so intrusive as with other products.

BitDefender Internet Security: View Modules > Web Protection > disable Scan SSL

Further reading:

HTTPS Interception Weakens TLS Security SSL/TLS/HTTPS: Keeping the public uninformed HPKP: HTTP Public Key Pinning Pinning hopes on pinning

BestVPN：click here

http://vpn.baiaq.cn/archives/11990

Yahoo scanned emails in real time, at the request of the NSA or FBI

The tech giant said it was only abiding the laws of the United States.

If you have a Yahoo mail account, your private conversations might have been seen by the intelligence agencies such as the NSA or the FBI. Reutersreported that the tech giant has been scanning hundreed of millions of accounts for over a year, looking for “a set of characters” provided by spies. The article is based on statements from two former employees and another person familiar with the matter. Microsoft and Google quickly said they don’t allow their customers to be monitored by intelligence agencies.

BestVPN：click here

First, Yahoo claimed they were only complying with the American legislation. Then, they called the Reuters report “misleading.”

“We narrowly interpret every government request for user data to minimize disclosure. The mail scanning described in the article does not exist on our systems,” the tech giant said in a statement.

The American Civil Liberties Union said that the case is “unprecedented and unconstitutional.”

“[I]f the report is accurate, it represents a new—and dangerous—expansion of the government’s mass surveillance techniques,” Electronic Frontier Foundation said in an online statement.

“The sweeping warrantless surveillance of millions of Yahoo users’ communications described in the Reuters story flies in the face of the Fourth Amendment’s prohibition against unreasonable searches. Surveillance like this is an example of “general warrants” that the Fourth Amendment was directly intended to prevent.”

According to Reuters, Yahoo complied with a classified US government directive. “Some surveillance experts said this represents the first case to surface of a U.S. Internet company agreeing to a spy agency’s demand by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time,” the Reuters article reads.

The “set of characters” might had been phrases in an email or an attachment, according to unnamed sources.

At this point it’s not clear what data and how much data did Yahoo provide to the NSA and FBI.

If you care about your data and your personal information, trust no one, and encrypt everything that’s sensitive. You can delete your Yahoo account and opt for PGP/GPG email encryption with any other public mail service, or even better – use Protonmail instead. It’s best if the service is not US-based.

Although there’s little one can do against a resourcefull entity such as the NSA, it’s vital to follow the basic rules of the privacy-conscious user: encrypt everything, use strong passwords, browse with Tor and, of course, use a VPN to encrypt your internet traffic and mask your IP. Email is broken by design, therefore it’s advised not to use it for communicating information that you want to remain private.

BestVPN：click here

http://vpn.baiaq.cn/archives/11992

Privacy vs. Anonymity

Some people prefer to sing on a stage, and get a round of applause. Others care about privacy and sing at home, when no one’s listening. There are people who like to write their name next to online comments they post, others prefer to hide it.

BestVPN：click here

Privacy refers to activities you keep to yourself, or to a limited group of people, whereas anonymity implies letting others see what you do, without them seeing who did it.

Privacy and anonymity are, therefore, different concepts, but they should all be fundamental rights. Whether you’re browsing the web, sending an email or chatting with someone, you should feel free to express yourself without the pressure to self censor yourself due to the fear of being watched or identified in a crowd.

More and more people become aware of the importance of guarding online privacy and anonymity. 92 percent of the Americans care about privacy, according to TRUSTe. Another research, carried out by the Youth IGF Project, shows that two thirds of the people that communicated online over the course of a year did so without revealing their identity at least on one occasion.

More than half of internet users have taken steps to avoid observation by specific people, organizations, or the government, a Pew Research Center study shows. Also, 86 percent have removed or masked their digital footprints—from clearing cookies and encrypting their email, to avoiding using their name or masking their IP address.

A solid and trustworthy VPN service comes in handy for those who care about their privacy. At VPN.ac, we strive to give you this human right back. We protect against eavesdroppers and some types of attackers, and we can also spoof your IP address, to appear that you’re browsing from another location.

For an additional layer of privacy, please consider using Bitcoin for online payments. Here you can learn how to get bitcoins and how to pay securely.

However, it’s a myth that VPNs grant anonymity. Truth be told, those claiming to provide online anonymity only say it for marketing purposes. No VPN service can help you be completely anonymous, and those who state it cannot meticulously back the claim.

A powerful enough organization can expose the real identity of users through several methods: tapping internet traffic, exploiting vulnerabilities in network/server infrastructures to exfiltrate data, correlate payments, inject attack vectors into network traffic, make use of rogue employees and so on. A VPN service is a single point of failure who you are trusting with your online traffic. Relying on single points of failures for anonymity is, in most cases, a mistake.

Online anonymity isn’t something that’s black or white. There are several degrees, depending on how powerful your opponent is. The question is: who do you want to protect yourself against? If you want to be anonymous while browsing the web, for the websites you visit, then even a dynamic IP from your ISP or one that’s used by others (e.g. Carrier-grade NAT or a public network) might just do the trick, given the fact that it can be quite hard for the common website owners to match an IP to a person.

If your threat model includes powerful actors such as the NSA, govermental organizations, state-sponsored attackers, then you need to walk an extra mile – and it won’t be an easy ride. In this case, it’s best to use Tor on top of your VPN. This is important, as we’ve learnt that the FBI can spy on Tor users and does not need a warrant for that and it’s safe to assume that the Tor network is and will continue to be a de facto target for such organizations.

If you use Tor on top of VPN, you have an additional protection layer for your IP address: in case there’s a weakness in the Tor protocol, the odds are that the exposed source IP address will be the one of the VPN gateway. This is no longer a single point of failure scenario and it increases the difficutly on getting the real IP of the end-user.

Some might say they don’t need to hide their online activity, because they don’t do anything wrong. Well, neither does that person who sings alone in the shower.

Further reading: Important privacy measures for VPN users

BestVPN：click here

http://vpn.baiaq.cn/archives/11994

Start using bitcoin

If you aim for serious privacy, it’s smart to use crypto currencies when making payments, instead of “traditional” methods like credit cards.

BestVPN：click here

Credit card payments, bank transfers and virtually all other traditional payment methods are easily traceable. Bitcoin transactions, however, aren’t. This is, therefore, the way to go if you’re a privacy-wise internet user and you don’t want to be part of some databases containing all your purchases.

A VPN service increases the level of privacy while online, though the weakest link in this process is the payment method. All online transactions are registered in the bank or processors’ databases and held for an unlimited amount of time. Most payment processors hold even the credit card information when a transaction is made and they can be targeted in cyber attacks that could result in credit card theft.

Why use Bitcoin If you buy a car, a laptop, an online subscription or an ordinary bagel, the transaction will be stored forever and it could be used to profile you at a given time in the future. The transaction history and “buying habbits” can also be shared with third parties for marketing research purposes.

Bitcoin, on the other hand, is different. Payments are pseudo-anonymous. You can easily exchange your currency into bitcoin and then purchase your VPN subscription. Note that you shouldn’t use that very same bitcoin wallet to pay for goods delivered to your door, in case you don’t connect the two orders.

If your online privacy is important to you, bitcoin works best as a payment method. This applies particularly to those who live in countries tightly controlled by the state, to journalists, free speech advocates, as well as those who need to keep their digital matters private.

Another reason why bitcoin is the preffered payment method for privacy services, such as VPNs, is the fact that several traditional payment processors have already decided to stop payments to some VPN and smartDNS services. Bitcoin is decentralized and can’t be shut down by Governments, banks and other such entities.

By using bitcoin, you can also help VPN providers to improve their services and help protect users’ privacy, since transaction fees are lower and they can use the remaining money to further grow their business.

Bitcoin is safe This digital currency is fairly new, it appeared in 2008. It is estimated that there are currently several million users worldwide using bitcoin as payment or involved in the ecosystem.

If you use some basic security practices while using Bitcoin, your coins should be safe, perhaps even safer than the fiat money in the bank. You should keep your keys secret, perhaps printed on a sheet of paper and stored in a safe place.

Bear in mind that while privacy oriented, bitcoin should not be treated as an investment option due its highly volatile nature that can fluctuate over 10% per day.

Security Best Practices Use only reputable exchange services for exchanging fiat into Bitcoin and vice-versa Use strong passwords for online exchange accounts, enable two-factor authentication if available (see our passwords guide) Store bitcoin in multiple wallets and don’t keep a large amount in one place if it is an online service, such as a bitcoin exchange (they are often targeted in cyber-attacks) Keep your PC and mobile devices secure and always make back-ups Recommended further reading: bitcoin.org, cointelegraph.com

How to get bitcoins There are several methods of purchasing bitcoin such as online exchanges, local ATMs and even physical transactions with local sellers.

Online exchanges: coinbase, bitstamp, kraken ATM locations: coindesk.com, coinatmradar.com. Please keep in mind that not all locations are marked on this map, so keep an eye out for the bitcoin logo at your local ATMs. Local transfer options: localbitcoins.com and mycelium.com For more available methods in your location, visit buybitcoinworldwide.com

If you want to find out more about bitcoin, we recommend the following resources: bitcoin.org, bitcointalk.org and the Reddit community.

BestVPN：click here

http://vpn.baiaq.cn/archives/11996

How to deal with all your passwords

According to several surveys, the average person has over 20 passwords (via Sophos, TechCrunch, GCHQ). Remembering them all is, well, a pain in the neck, to put it mildly.

BestVPN：click here

We do a lot of risky stuff to keep ourselves logged in. 14 percent of people have only one password for all their online accounts, Kaspersky Lab recently announced. Another 36 percent reuse passwords across different accounts, while 12 percent make slight changes, writing for instance 1 instead of 2 at the end of the character string that’s supposed to keep them safe.

Remembering all the passwords has become so annoying that most internet users prefer to forget the “safety first” rule in order to simplify their life. The good news is that you can have both. Here are some insights that you might find useful.

Use good passwords “Through 20 years of effort, we’ve successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess.” – via xkcd IT geeks advise people to use passwords that meet several complexity requirements. They should:

Have more than 12 characters Have lowercase characters (a-z) Have uppercase characters (A-Z) Contain at least one number (0-9) Have at least one special character (such as $ or ! or ^) They shouldn’t contain:

The login ID English words Slightly modified English words, such as “p@ssw0rd” for “password”, or “w0rk” for “work” Strings of 3 or more identical characters, such as “qqqq” or “111” Changing passwords on a regular basis is advised. At least for the most important assets like your main email account, online banking/PayPal etc.

All the above, if done correctly, would increase the password entropy (or “quality”). But what is entropy when it comes to passwords? It is the measurement of how unpredictable passwords are. Mixing random characters or words would increase the entropy. Good passwords managers will display the entropy measured in bits when you are using their build-in password generators. Our recommendation is to use only passwords with over 100 bits of entropy. High entropy makes the passwords virtually immune to automated bruteforcing.

Here’s a good one: rf$s6A(whz@}-9Tg(K+

Multiply it by 20, the number of passwords the average person has, and you’ll find yourself in hell. No one can be expected to remember that many passwords. It’s unpractical.

But, what about fingerprint authentication instead of passwords? Well, fingerprints aren’t passwords. Fingerprints, just like any bio-metrics, are meant to be used for identification, not authentication.

Lately, fingerprints are used for authentication as a result of being pushed by mobile makers, such as Apple, and the rest who follow. That is wrong.

Biometric passwords, such as the fingerprint scanners our laptops and mobile phones use, aren’t reliable. It only takes 5 minutes and an inkjet printer to break them. Fingerprints are just usernames, not passwords. We leave our fingerprints on hundreds of objects such as glasses or door knobs over the course of a day. Also, one can be easily forced to “put his finger” on the fingerprint reader, legally or not.

Recently, the LA Times revealed that the US government wants citizens to use fingerprints to unlock iPhones, as this method will make breaking a smartphone an easy task.

Are you sure it’s a good idea to use fingerprints for authentication? We think not.

Use a reliable and secure password manager The smart thing to do is to let a password manager do all the work. You only need to remember a master password – a really strong one – and it’ll take it from there. It’ll generate strong, secure passwords and will remember them for you.

However, there are good password managers, and there are bad ones. The worst are those embedded in the browser as addons, as browsers have vulnerabilities and the data is stored by third parties. LastPass, for instance, has been hacked before, and has urged users to update their passwords.

We advise you to use KeePass as your password manager (or KeePassX which is cross-platform for Linux and Mac). Its database is an encrypted file, stored locally, protected with a password or with an encryption key. You can store it in the cloud or on a thumb drive, as you prefer.

KeePass is easier to use than you might think. You simply open it, search for a keyword, and then double-click on the username and password you were looking for. This only takes 5 seconds of your life and is your safest option. Sure, browser-based addons can be more convenient, as they can automatically fill-in your credentials. But if security is absolutelly important for you, it’s better to use Keepass and then again, it only takes a few seconds to authenticate by copy & pasting the credentials. What’s even better is that you don’t even see the password, you can just double-click on it while it’s displayed as “*****”.

We use it ourselves for hundreds of logins and it works as it should. We never had any problems with it, also we simply don’t know the passwords that we are using. All of them are randomly generated, with a strength of over 140 bits.

Your smartphone is not that safe Many cybersecurity experts believe smartphones are not safe to be used for storing critical information. They don’t make mobile payments and don’t use their primary email accounts on mobile devices. Their advice for maximum security is to only keep less important passwords on smartphones. A mobile phone is easy to misplace. It can be stolen, it can be lost. Plus, downloaded apps are more or less secure and might leak your data.

We don’t recommend to sync your password manager database across mobile devices. If you care about your security on-the-go, then use the mobile devices like you know that you’ll lose them. Be cautious.

Speaking about mobiles, this is where two-factor authentication comes in handy though. We advise you to use it as often as you can, with all the online services that support it, like Gmail, Yahoo, Twitter. App-based two-factor authentication such as Google Authentication is a better option than SMS two-factor.

How to check if your password has been compromised Major data breaches happen almost every week. If an account is compromised and the same password is used for others, they all become at risk. Which means, you’re a bit safer if you use the terrible password 12345 for a website, and then 12346 for another one, than if you use 12345 for all of them.

To put it short: it’s worse to use the same “secure” password for several services than simple passwords, but unique for all services. Re-using passwords is just terrible.

Still, if you care about your money, your data and your online identity, please use a reliable password manager.

You can see if your accounts have been compromised in data breaches on Have I Been Pwned

Summing up Reusing passwords is worse than using simple, yet unique passwords. Don’t bother generating and remembering dozens of passwords: use good password managers. Don’t write them down and don’t store them in .txt or .xls files. Again, use password managers. Good password managers are open-source, let you keep local databases. Use two-factor authentication with any important service, if available, especially with those email accounts used as the same login for most online services. Fingerprints are usernames, not passwords. Don’t store passwords of important accounts on mobile devices. Passwords’ entropy should be over 100 for anything that is important. Did we mention that simple thing to do that makes passwords safer by orders of magnitude? Don’t reuse them. if you have any other tips, let us know!

BestVPN：click here

http://vpn.baiaq.cn/archives/11998

Companies, NGOs, and academics call for strong encryption. Draft Encryption Bill is naive

US President Barack Obama has received this week a letter signed by 37 academics, NGOs, and companies. They “respectfully request” that the White House opposes the Encryption Bill, a legislation that will “undermine security”. They ask the administration to release a statement supporting encryption.

BestVPN：click here

The letter reminds that it has been 167 days since a pro-encryption petition posted on SaveCrypto.org has reached 100,000 signatures, meeting the established threshold to require an official response from the President.

“Despite a commitment to work to provide this response within 60 days, it has been more than 160 days without an answer from your office,” the letter reads.

Drafted by Senators Richard Burr (North Carolina) and Diane Feinstein (California), the Encryption Bill has been seen as “stupid” or “naive” by computer science experts and human right advocates. The documents states that companies should use weaker encryption, in order to break it in case they get a court order from state authorities.

A weaker encryption means that our devices will be vulnerable to cyber threats, the 37 companies, NGOs and academics said.

“[T]he draft legislation we’ve seen from Senators Burr and Feinstein, like legislation we’ve seen popping up in countries around the world, significantly undermines our safety and security. The president must demonstrate leadership and political maturity by making clear that the United States will work to support the strongest encryption available,” said Amie Stepanovich, U.S. Policy Manager at Access Now.

Similar legislation is being taken into consideration in the UK and Hungary.

Update, 14/04: Draft of Anti-Encryption Bill Officially Released

BestVPN：click here

http://vpn.baiaq.cn/archives/12000

Adobe Flash must die

Back in the early 2000s, when the Internet was relatively new, people were focused on building things rather than destroying them. There were just 17 million websites online in the year 2000, compared to a billion today.

BestVPN：click here

In those early ages of the internet, Flash was seen as the next big thing. It enabled interactive web pages, online games, video and audio streaming, and even YouTube used it to display video content. Companies such as Nike, hp, Nokia, and Disney embraced the technology.

Very few voices noticed, back then, that Flash wasn’t built security-wise, and that its jillion flaws would eventually fire back.

Last year alone, 313 Flash vulnerabilities have been discovered, the grand total currently reaching no less that 700 flaws, according to CVE Details.

Flash, the most popular 0-day target This technology is constantly under attack, and vulnerabilities surface every other day. Advanced persistent threat groups such as Pawn Storm leverage its design flaws. 8 of top 10 vulnerabilities used by exploit kits last year targeted Adobe Flash and this is why you should get you worried if you are still having Flash enabled in your browsers.

This software is a favorite vector for carefully planned cyber attacks, and antiviruses can’t do much against it. In most cases, Flash player exploits would easily by-pass security software and infect the computers.

Flash ranked 3rd last year with its 313 vulnerabilities discovered. Only Mac OS X (384) and iOS (375) had a higher number of bugs, according to CVE Details.

Zerodium, the Zero Day broker that operates on the black market, offers up to $80,000 for a Flash vulnerability, among the highest amounts of money paid to bug hunters. Only iOS, Android, and Windows Phone flaws are better rewarded.

Usually, a Flash vulnerability is fairly easy to exploit. Ransomware creators, for instance, prefer to use Flash and Adobe Reader. These two technologies are “the easy mode” to roll-out their stuff.

Solutions Websites are gradually switching from Flash to HTML5, which is a good thing and a strong signal that Flash is dying. Browsers are also taking a stand. Mozilla ditched Flash, Google doesn’t allow Flash ads although it still uses the software embedded in Chrome, but we hope they will disable it like Mozilla does.

It helps, to some extent, if you enable a click-to-play plugin in your browser or you use a plugin such as Flash Control, available for both Google Chrome and Mozilla Firefox. Chrome provides a better protection compared to other browsers, such as the Internet Explorer, as it employs a sandbox. Yet, this doesn’t mean it’s bulletproof and you are better off disabling it for good.

You can also use a separate browser specifically for playing flash content, and only go for trusted websites, like some big media streaming services.

Note that uninstalling it in Windows might be tricky. If you can’t find it in the list of installed programs, then you will need to download from Adobe a tool called uninstall_flash_player.exe.

Final words If security and privacy are important to you, then you should stop using Adobe Flash player right now. There is absolutely no reason to continue using it if you care about your online safety and your data. By simply removing it, your computer security would improve by orders of magnitude.

BestVPN：click here

http://vpn.baiaq.cn/archives/12002

Broken by design: DNS

A quick intro The internet was built on trust. In the early days of the Internet as we know it, security and privacy of communications were not priorities when it came to developing esential protocols. DNS, just like email, is broken by design and very little has been done to add security and privacy layers to it. In modern times, hackers and state entities figured out how to take control over it.

BestVPN：click here

When the internet was created, everyone assumed it will be only used for the good, for information sharing, education, and freedom purposes. So nobody thought about making it secure in the first place.

Recent events such as the Arab Spring, and political regimes like the ones in China or Iran, have shown us how easily web censorship can be implemented because of one single design error of the internet’s structure: DNS, the service that helps us write google.com in our browser instead of the IP of this website, 74.125.224.72.

The main issue is that DNS requests are sent unencrypted, in clear text. This means: little or virtually no privacy for the user favor the lowest-cost, easiest to implement and most efficient tools for mass-censorship, profiling and blocking Internet resources/websites a fairly easy way for hackers, government agencies and internet providers to get access to your Internet activity Some more info on how DNS works Whenever you want to access a website, your are sending a DNS request to resolve that website’s hostname (e.g. google.com) to an IP address (e.g. 74.125.224.72). The DNS request is sent to a recursive DNS resolver to handle that request for you. That resolver is operated either by your ISP (in most cases) or by a 3rd party service providing public recursive DNS services (e.g. OpenDNS, Google and others). Normally, all these DNS requests are insecure – sent and received in clear-text.

Why clear text DNS requests is bad news Essential information, such as the websites you visit, is out in the open, as a consequence of these unencrypted DNS requests.

Based on your browsing history, an attacker can even build a list with the software you use on your computer – as most software call back home for updates and such. By knowing these, attackers can launch targeted attacks, using dedicated exploits and tools which may be virtually impossible to detect by the antivirus you use, and exploit vulnerabilities in specific software that you are using.

Also, a MiTM (Man in the Middle) attacker can see the DNS requests you send, along with other information. Such an entity can be a hacker, a government agency or your ISP.

Not only that attackers can see the DNS requests that you make, but they can also manipulate them easily, for example hijacking those requests to serve non-legitimate IPs to distribute malware/spyware.

What does my Internet provider know about me? Almost everything.

Most people use DNS services offered by their ISPs, without being aware that such a habit makes censorship and mass-surveillance much easier, as nearly all providers log DNS queries and may easily implement system-wide rules to hijack or block queries. Or simply implement logging policies, resulting in logging your entire browsing history, accurate to the second.

Basically, the provider sees virtually everything you access online by simply focusing on the DNS requests you make. It knows who, when and how someone has accessed a website and adds this info into a database. Therefore, the ISP can even profile you.

Your DNS records might end up in the hands of advertisers. AT&T for instance is known to sell such data, unless customers pay the company not to allow this to happen. Also, it might end up in the hands of the government forcing ISPs to log and provide DNS logging data.

Some might argue that if you care about browsing anonymously, you’re probably doing something illegal. The truth is that there’s plenty of online content you simply might not be comfortable sharing.

Solutions There are several things you can do to conceal your online activity. First, never use DNS services offered by your ISP. We recommend to go for third-party services instead. They might even offer features your internet provider does not. OpenDNS and Google Public DNS will know less about you compared to your own ISP. Also, there are many privacy conscious DNS services to choose from. A list of alternative DNS is provided by Wikileaks.

Compared to ISP DNS services, third-party DNS services can be faster, more reliable and even offer security features that aren’t implemented by most ISPs. Such solutions often come with parental control for filtered web traffic and access to geo-blocked content.

Keep in mind that even if DNS is insecure by design, in general, if an ISP doesn’t have DPI (Deep Packet Inspection) measures in place, you’re fairly safe by using a 3rd party DNS. DPI is very expensive and not as easy to implement efficiently as simply enabling logging on the own DNS recursive resolvers. Therefore, that’s a main reason why most ISPs wouldn’t engage in such practices and likely focus on their DNS resolvers hosted on-premise.

These, however, will not help Chinese users browse the internet freely. Even through a third-party DNS, their internet provider might still be able to intercept and hijack DNS queries by using DPI solutions. Yet, this is the exception, not the norm. This only applies to standard DNS queries made through port UDP-53 (even in China). Therefore, if someone uses a DNS server on a different port, they can easily bypass country-wide censorship.

Another solution is DNSCrypt, which provides DNS query encryption. For the moment, however, there isn’t any user-friendly software that can easily offer this. Mobile users can change DNS service for WiFi connection only. In the case of a mobile connection, it only works for rooted smartphones.

ICYDK: What DNS is and how it works In the early ages of the internet, you had to type a number in order to reach a website. Today, if you want to access Google, you can either hit Google.com on your browser, or its IP address, 74.125.224.72. The first option is, however, more convenient.

In the beginning, the link between websites and IP addresses was a text file. At some point, it became too large to manage. The University of Wisconsin created, in 1983, the Domain Name System or DNS, a system that automatically associates IP addresses with names.

DNS servers receive requests to convert domain names such as Google.com into IP addreses. If they can solve them, the website will automatically load. Otherwise, they ask another DNS server for help. If no server can track down the domain name, you get an error message.

Quick sum-up, conclusions and advice Problems DNS is broken as it is. Very little effort has been made to improve it, from security and privacy points of view. Not much can be done for mobile devices using mobile broadband connections (requires root). They will always use the carrier DNS. It is the easiest, cheapest and most effective mass-surverillance and censorship method. All repressive governments and spying agencies love it. There are some easy fixes, such as using a 3rd party DNS instead of own ISP. Not a perfect method, but good enough. Attackers can easily profile your browsing history as well as software that you have installed, then launch accurate targeted attacks against such software. This is not about “DNS leaks” or using VPNs in general, but about one of the elephants in the room. DNS leaks will be detailed in other article. Solutions Never use your ISP DNS. Use 3rd party services. Any 3rd party DNS service is better than your ISP. Most common services use anycast to ensure low-latency regardless of your geo-location. Therefore, there’s no noticable delay. Use DNSCrypt. Increase awareness by telling others what are the problems with DNS. The more people will know about it, the better chances we will have that encryption will be standardized into DNS protocol so that will be use by the masses. Further reading DNS hijacking Pretty Bad Privacy: Pitfalls of DNS Encryption DNS Censorship (DNS Lies) As Seen By RIPE Atlas Turkish Internet Censorship Takes a New Turn Accidental DDoS? How China’s Censorship Machine Can Cause Unintended Web Blackouts The Collateral Damage of Internet Censorship by DNS Injection Towards a Comprehensive Picture of the Great Firewall’s DNS Censorship

BestVPN：click here

http://vpn.baiaq.cn/archives/12004

Netflix announces its intention to block region unblocking services

Netflix just announced today that they are planning to take new steps in detecting & blocking services that are being used to access locked regions, such as VPNs, proxies and SmartDNS unblockers.

BestVPN：click here

Frankly, we’ve seen this coming, following their recent global expansion. The question is how ‘strict’ their locking technology would be.

Our thoughts on this decision and region-locking, in general: Expats/travelers: We know for a fact that a lot of our customers are either expats or people travelling, who want to get access to the service they are paying for. Locking them from accessing content they should have access to is unfair. Local vs. other regions content offering: we don’t believe that it is fair for users in most countries to pay the same price, or actually more (e.g. $7.99 vs. €7.99) and have access to a fraction of the content otherwise available in a different region, such as US. Moreover, users aren’t provided with a clear comparison in terms of content availability before signing-up, and we can safely assume that most people would simply sign-up expecting to have access to the same content as those in other regions. This may arguably fall under false-advertising. Archaic entertainment distribution models: Content owners and studios should get their heads out of the sand and re-think their business models. It is 2016, folks. People from all over the world would gladly pay for your content, if they are allowed to do so in the first place. Yet, they aren’t. Which we believe to be an unfair and bad practice in modern times. /2cents The news:

Evolving Proxy Detection as a Global Service (Netflix Blog) Netflix says it will do more to stop customers from bypassing country restrictions (The Verge) Netflix Vows to Shut Down Proxy Users Who Bypass Country Restrictions (variety.com)

BestVPN：click here

http://vpn.baiaq.cn/archives/12006

How to Stay Safe in your Job Search

Looking for a job on the internet must not be focused on landing for a scheduled job interview only. We must also consider our safety and take cautions and common sense in searching and applying for a job.

BestVPN：click here

But before you go to your job application, you should know that there are requirements that you must meet or submit before you can continue to the online process. These processes include signing up, uploading of your curriculum vitae or resume, and filling up forms that contains mostly your personal information. And because they are requiring the applicants to fulfill these processes before continuing they are also responsible to take security measures for their applicants security. Here are some of the risks that they are to minimize and protect their applicants from, enlisted here are as follows:

Identity Theft – Some of the job post are only posted for doing fraud. Phishing – These job posts are only after your email address just to send enticing invitations to visit their fraudulent sites. Pay before boarding – these are schemes will ask you a certain amount of money like some kind of security for your place. Financial frauds – some schemes will only extract or gain some of your banking information to rob. Malware or Virus – when you are transacting or applying online you are also expose to malware or virus. Although jobs platform is already doing their best to minimize these risks for you not to get involve, you should also take the initiative to be cautious on your actions. These are some of the tips that will help you or will remind you of the things that you should do or you should be aware of in searching and applying for a job:

Share only necessary details. The necessary details that these platforms will need will be mostly your Full name, Address and Phone number. Be wary of the details .that you will share like your Social Security number, birthday, and passport. Only share this information to trusted sources or sites.

Create a strong password.  You should learn that there are password-dictionary applications used by hackers that will be able to crack your password. You should not use words coming from the dictionary or numbers only because they can also an application to crack the combination of your number password. A good password contains a mixture of letters, numbers or characters. You can also use “Passphrase” which can contain long phrases and some characters and numbers. Do not use same password for each platform.

Be realistic. Some of the job offers are too good to be true that is why you need to have a good judgement and common sense. Maybe it is a job offer that contains less work and big income. These is surely not true, we cannot earn money the easy way. Be cautious on these job offers and think of your safety.

Don’t click on suspicious sites. Some job advertisements will send you a link, always exercise caution. Check the URL and try to recognise the website. If it looks suspicious then don’t take the risk. If ever you get scammed you should contact the administrator of the website as soon as possible.

Use VPN. While you are looking, searching and applying for a job then you should be aware that you are sharing your personal details to the websites you signed up. However you can minimize the risk of being a victim of some third-party cybercriminals by using an encrypted connection. VPN or Virtual Private Network will provide you a security by encrypting your connection, protecting your activity while accessing your job platforms and will secure your location as well. This way you will get protection from hackers lurking around somewhere.

In finding a job, we sometimes forget our safety because we are focused on landing a job. That is why we should take these precautionary tips to help us land a job safely from fraud.

BestVPN：click here

http://vpn.baiaq.cn/archives/11973

Stay Anonymous and Surf the Internet Like a Ghost Using A VPN

Have you tried surfing the internet without a VPN? We always do! When you’re surfing the internet, it’s like you’re walking outside naked where anybody can see you. How can we say this? Here’s the explanation. Every time you browse the internet. All your internet activities, the website you used to sign in and other Internet-related activities are tracked and monitored without you knowing. It is all according to your way of browsing.

BestVPN：click here

Have you noticed some ads popping whenever you watch a video or look at some photos of you and your friend last summer? If you browsed Amazon or other shopping sites, you can see that whenever you browse another website, you can see related ads on your screen. It is because these websites spy you. How come? If you’re familiar with cookies, then you’ll fully understand. They use cookies to track you and show you their ads and other content. That sounds so creepy, isn’t it?

Stop browsing the internet without thinking about your internet security and online privacy! Get a Virtual Private Network service and surf anonymously like a ghost! Why are you going to be scared when you can do something about it? Instead of being afraid of creepy things and creepy situations that might happen to you, connect to a VPN service and enjoy the best VPN for anonymous surfing! It shields you from websites that track and spy you for your personal data. Have you heard about the news concerning to legality of ISP providers in selling your internet activities? Don’t let them do it! A Virtual Private Network is going to be one of the best ways to protect your personal information.

Here are more examples of what a Virtual Private Network can do. It keeps your online bank transactions safe from the prying eyes of hackers waiting to attack you. Protect your personal information whenever you shop online. Lets you access geo-restricted websites. All you need to do is to connect to a VPN server and you’ll be able to access some content which is not yet available to your country. Keep your personal information safe and secure whenever you connect to different public WI-FI hotspots. Let’s admit it, we cannot avoid it. Who doesn’t want free internet anyway? Just always remember that when it’s free, you should be careful. Use a VPN to keep your online privacy. Can make you save more money when you book a flight and deals. You’ll see the price difference if you’re going to book a flight to another country. Try to search without using a VPN then connect to a VPN and you’ll see it. Make sure you’re connected to the right VPN server location. Although most of the VPN service users experience slower speed whenever they connect to a VPN service, you’ll find some solutions for it. You may contact your VPN service support and they’ll assist you when finding some trouble regarding connections.

Subscribe to a VPN now! Check out www.anonine.com for more amazing features.

BestVPN：click here

http://vpn.baiaq.cn/archives/11975