Privacy Talks | Interview with Alex Kehaya from Orchid VPN

Privacy Talks | Interview with Alex Kehaya from Orchid VPN

[7:04] – One question that I have, is why wouldn’t an average user just set up their own VPN if trust is such an issue?[13:20] – You mentioned those curated lists, that also allows people to choose from servers that provide them certain functionality, like Netflix in the US for instance.

Why I don't believe in encrypted mail providers anymore

Why I don't believe in encrypted mail providers anymore

In the case of Protonmail, another encrypted mail provider, you'll need to find OpenPGP keys and you're basically back to square one.Tutanota doesn't have any bulk tools but it's easy enough to just shift-click all the email in the desktop client and export to eml files.

Private Internet Access launches dedicated IP address option

Private Internet Access launches dedicated IP address option

In accordance with our strict no logging policy, Private Internet Access uses an innovative token system to offer dedicated IP addresses without connecting them to VPN accounts.

You need to use a Master Password in Thunderbird if you use OpenPGP

You need to use a Master Password in Thunderbird if you use OpenPGP

Thunderbird email client users who use the program's built-in email encryption functionality need to set a master password in Thunderbird to properly protect their encryption keys.Thunderbird email client users who use the program's built-in email encryption functionality need to set a master password in Thunderbird to properly protect their encryption keys.

Private Internet Access Legacy VPN Network Sunset Announcement

Private Internet Access Legacy VPN Network Sunset Announcement

The legacy VPN network is sunsetting in October and Private Internet Access users will need to update their clients to be able to use the NextGen VPN network.

Experian breach affects over 24 million customers and businesses in South Africa

Experian breach affects over 24 million customers and businesses in South Africa

ShareTweet Consumer credit reporting agency Experian has suffered a data breach at their South African branch.

Zoom Security Exploit - Cracking private meeting passwords - Tom Anthony

Zoom Security Exploit - Cracking private meeting passwords - Tom Anthony

Over the next couple of days, I spent time reverse engineering the endpoints for the web client Zoom provide, and found I was able to iterate over all possible default passwords to discover the password for a given private meeting.

As bosses embrace tech to monitor remote workers, can privacy endure?

As bosses embrace tech to monitor remote workers, can privacy endure?

MILAN/NEW YORK (Thomson Reuters Foundation) - When a client asked Los Angeles-based graphic designer Lea to install software that would count her keystrokes, track the websites she visited and take screenshots to keep tabs on her work, she felt uneasy.

Aarogya Setu, India’s contact-tracing app, goes open-source

Aarogya Setu, India’s contact-tracing app, goes open-source

According to Kant, 98% of Aarogya Setu installs are on Android devices, which explains the initial release of the Android client source code for the app.

Twitter: we need a break.

Twitter: we need a break.

As Mastodon is designed to be a more privacy-conscious alternative to Twitter, the developers have very carefully mimicked certain aspects of Twitter’s UI/UX.Out of the vast selection of clients available, I am going to be using Tusky, and Pinafore on the web.

So I reverse engineered two dating apps...

So I reverse engineered two dating apps...

In this post I show some of my findings during the reverse engineering of the apps Coffee Meets Bagel and The League.It would be best if the developers make sure the app only attaches authorization bearer header in requests to The League API.

Flaw in iPhone, iPads may have allowed hackers to steal data for years

Flaw in iPhone, iPads may have allowed hackers to steal data for years

WASHINGTON/SAN FRANCISCO (Reuters) - Apple Inc (AAPL.O) is planning to fix a flaw that a security firm said may have left more than half a billion iPhones vulnerable to hackers.

The WhatsApp privacy problem.

The WhatsApp privacy problem.

This can be used to track in a significant way and there is no way for users to protect themselves from this, except abandoning whatsapp altogether.Read receipts on voice messages.You can’t turn off read receipts on voice messages, ever.

Open Source Code – The Future of User Privacy

Open Source Code – The Future of User Privacy

Here’s why open source code is the only way to enjoy true privacy, and why you should use an open source VPN client if you want to secure your online data.

How can I block email trackers and read receipts?

How can I block email trackers and read receipts?

As well as simply knowing you've read the email, tracking pixels can be used for various other nefarious and intrusive means, as was proved last year by popular new email client SuperHuman.

The Private Internet Access Android app is being open sourced

The Private Internet Access Android app is being open sourced

Private Internet Access (PIA) is open sourcing its Android VPN app and dependencies code to the public as part of its commitment to open sourcing all clients in the name of transparency and privacy.

Technical analysis of client identification mechanisms

Technical analysis of client identification mechanisms

The other versioning scheme, Last-Modified, suffers from the same issue: servers can store at least 32 bits of data within a well-formed date string, which will then be echoed back by the client through a request header known as If-Modified-Since.

Let’s Reverse Engineer Discord

Let’s Reverse Engineer Discord

After encrypting the entire stream and sending with an RTP header, we can see this packet received and decrypted by our remote Discord client which is in a debugger.

Private internet owner mulling plans for privacy suite in 2020

Private internet owner mulling plans for privacy suite in 2020

This comprehensive plan which we have started implementing we hope will lead the way to other companies in this space to follow suite and create a “no need for trust” echo system where all our stakeholders will be able to verify how our system works and handles information.

Private Internet Access updates Linux desktop client to prevent against [CVE-2019-14899]

Private Internet Access updates Linux desktop client to prevent against [CVE-2019-14899]

[CVE-2019-14899] affects many different types of VPN protocols including OpenVPN, WireGuard, and IKEv2/IPSec. Private Internet Access has released an update to its Linux client that mitigates [CVE-2019-14899] from being used to infer any information about our users’ VPN connections.

Why Adding Client-Side Scanning Breaks End-To-End Encryption

Why Adding Client-Side Scanning Breaks End-To-End Encryption

Let’s say that when the client-side scan finds a hash match, it sends a message off to the server to report that the user was trying to send a blocked image.

Dnscrypt-protocol/ANONYMIZED-DNSCRYPT.txt at master · DNSCrypt/dnscrypt-protocol · GitHub

Dnscrypt-protocol/ANONYMIZED-DNSCRYPT.txt at master · DNSCrypt/dnscrypt-protocol · GitHub

While the communications themselves are secure, and while the stateless nature of the DNSCrypt protocol helps against fingerprinting individual devices, DNS server operators can still observe client IP addresses.

Android Users: Update Signal Now to Prevent Eavesdropping

Android Users: Update Signal Now to Prevent Eavesdropping

Photo: ShutterstockAccording to a late-September bug report from Google’s Project Zero team, an issue with the popular covert messaging app Signal, on Android, allowed any attacker to essentially eavesdrop on a person’s device (via audio, not video).

TSA: Forced Strip-Search No More Offensive Than Voluntarily Using a Locker Room

TSA: Forced Strip-Search No More Offensive Than Voluntarily Using a Locker Room

What we do know from the TSA’s 24-page reply to the lawsuit (.pdf), a motion to dismiss filed Friday in U.S. District Court for the Northern District of Oklahoma, is that they don’t think they should be held responsible.

How to stop Superhuman and other apps from tracking your emails

How to stop Superhuman and other apps from tracking your emails

Even if you disable external images, Boxy Suite will tell you when an email has a tracking pixel anyway , so you'll be able to decide if you want to load images or not based on that.

Digital ID Verification – The Key to Developing Intelligent Security Systems

Digital ID Verification – The Key to Developing Intelligent Security Systems

With the increased advancement in intelligent systems, businesses can now implement systems that are able to verify users in real-time, all the while lending better security to transactions.

Disclosing Tor users' real IP address through 301 HTTP Redirect Cache Poisoning

Disclosing Tor users' real IP address through 301 HTTP Redirect Cache Poisoning

The fact that it is possible to achieve certain persistency in browsers cache, by injecting poisoned entries, can be abused by an attacker to disclose real IP address of the Tor users that send non-TLS HTTP traffic through malicious exit nodes.

Librem One Campaign Wants to Help De-Google Your Life

Librem One Campaign Wants to Help De-Google Your Life

TweetShare 0 Purism, the privacy-orientated Linux device company, has launched a “bundle” of mobile apps and services for Android and iOS. Purism, perhaps best known for the Librem 5 Linux phone crowdfunding campaign , has launched a new initiative offering “privacy protecting, no-track, no-ads” apps and services for mobile users.

Research: Classification of attacks on Tor clients and Tor hidden services

Research: Classification of attacks on Tor clients and Tor hidden services

This message will be routed from the entry node of the hidden service, which is controlled by the adversary, to the central server and will include information such as the circuit ID, the cell timestamp, the source IP address, and the circuit ID.

How To Stop Using Free Email

How To Stop Using Free Email

So for most free services like Gmail, Yahoo, or Hotmail, you're not going to be able to use your existing email address with a different email provider. The next thing you want to do is update all your online accounts that use your old address to contact you.