Category Archives: Encryption
"Illegal to break encryption," the European Court of Human Rights rules – TechRadar
The European Court of Human Rights banned all legal efforts of weakening encryption of secure communications in Europe.
Encryption ensures the enjoyment of fundamental rights such as privacy and freedom of expression, the judgment reads, while helping citizens and businesses to defend themselves against abuses of information technologies. Hence, the ruling to outlaw legislations that could open up backdoors for criminals to exploit.
The decision was welcomed with enthusiasm by privacy experts that have long called the EU Commission to withdraw their CSAM-scanning proposal, known as Chat Control, which planned to enable authorities to scan all citizens' private communications to halt the spread of dangerous content.
"With this outstanding landmark judgement, the 'client-side scanning' surveillance on all smartphones proposed by the EU Commission in its Chat Control bill is clearly illegal. It would destroy the protection of everyone instead of investigating suspects," commented European Parliament and digital freedom advocate Patrick Breyer from Pirate Party.
"EU governments will now have no choice but to remove the destruction of secure encryption from their position on this proposalas well as the indiscriminate surveillance of private communications of the entire population," he added.
In October last year, the EU Parliament already reached ahistorical agreement which asked for the removal of the dangerous provision from theEU Child Sexual Abuse Material (CSAM)Scanning Proposal. Reiterating privacy as a fundamental right, also in that occasion the decision came to safeguard online security and encryption.
However, the Chat Control was still on the tableuntil now, at least.
Right from the start, tech companies using encryption to build softwareincluding VPN services and messaging apps providersargued that weakening encryption in order to catch criminals was a terrible idea.
VPN provider Mullvad VPN got pretty vocal last year to raise awareness of these risks. It sent hundreds of emails to both journalists and politicians, while even putting giant banners across airports and the streets of some European cities. "Mullvad is usually a very silent company. This is probably the first time we really got mad enough to speak out," Jan Jonsson, CEO at Mullvad, told me when the company began its campaign in March last year.
A group of experts wrote the umpteenth open letter less than a month ago, too, to warn that the proposed side-scanning "would negatively impact childrens privacy and security online, while also having dramatic unforeseen consequences on the EU cybersecurity landscape, creating an ineffective administrative burden."
Well, all these efforts have now been rewarded.
"Secure encryption saves lives," said again Breyer. "It is a scandal that the EU Councils latest draft position still envisages the destruction of secure encryption. We Pirates will now fight even harder for our digital privacy of correspondence!"
Visit link:
"Illegal to break encryption," the European Court of Human Rights rules - TechRadar
European Court of Human Rights bans weakening of secure end-to-endencryption – the end of EUs chat control CSAR … – EU Reporter
The European Court of Human Rights yesterday banned a general weakening of secure end-to-end encryption. The judgement argues that encryption helps citizens and companies to protect themselves against hacking, theft of identity and personal data, fraud and the unauthorised disclosure of confidential information. Backdoors could also be exploited by criminal networks and would seriously jeopardise the security of all users' electronic communications. There are other solutions for monitoring encrypted communications without generally weakening the protection of all users, the Court held.[1] The judgement cites using vulnerabilities in the targets software or sending an implant to targeted devices as examples.
Member of the European Parliament and digital freedom fighter Patrick Breyer (Pirate Party) comments:
"With this outstanding landmark judgement, the 'client-side scanning' surveillance on all smartphones proposed by the EU Commission in its chat control bill is clearly illegal. It would destroy the protection of everyone instead of investigating suspects. EU governments will now have no choice but to remove the destruction of secure encryption from their position on this proposal - as well as the indiscriminate surveillance of private communications of the entire population!
Secure encryption saves lives. Without encryption, we can never be sure whether our messages or photos are being disclosed to people we don't know and can't trust. So-called 'client-side scanning' would either make our communications fundamentally insecure, or European citizens would no longer be able to use Whatsapp or Signal at all, because the providers have already contemplated that they would discontinue their services in Europe. It is a scandal that the EU Council's latest draft position still envisages the destruction of secure encryption. We Pirates will now fight even harder for our digital privacy of correspondence!"
Background: The EU Commission and an industrial network of surveillance authorities are calling for generally searching private communications using error-prone technology, including on end-to-end encrypted messengers, for indications of illegal content. This could only be implemented by undermining secure end-to-end encryption. The majority of EU governments support the initiative, but a blocking minority is preventing a decision. The EU interior ministers want to discuss the bill again at the beginning of March. Under massive pressure from Pirates and civil society, the EU Parliament has rejected the destruction of secure encryption and indiscriminate chat control. However, this is only the starting position for possible negotiations with the EU Council, once it agrees on a position. Meta has announced that it will start encrypting direct messages via Facebook and Instagram in the course of this year and discontinue its current voluntary chat control surveillance on these messages. Nevertheless, the EU is in the process of extending the authorisation for voluntary chat control.
Breyer's information page on chat control:chatcontrol.eu
[1]https://hudoc.echr.coe.int/eng/?i=001-230854 (para. 76 ff.)
Share this article:
The rest is here:
European Court of Human Rights bans weakening of secure end-to-endencryption - the end of EUs chat control CSAR ... - EU Reporter
DuckDuckGo’s privacy browser adds built-in password syncing – The Verge
DuckDuckGo has added a new Sync & Backup feature to its privacy-first browser that will keep passwords, bookmarks, and favorites constant across all of your devices without setting up an account. Falling right in line with its usual claims that it wont track you or collect your data, the company says that the data is end-to-end encrypted and that it cannot access your data at any time.
DuckDuckGo writes that data should sync across most Windows, Mac, Android, and iPhone devices, including what youve imported from browsers like Chrome. Setting up the sync involves scanning a QR code if youre using a mobile device or entering an alphanumeric code if youre using a computer.
According to DuckDuckGo, you can also set up single device backup and sync. And as with authentication apps, the browser gives you a PDF with a recovery code that you can use to create an encryption key to get to your data if something happens to your devices.
This addresses one of the main roadblocks to switching to DuckDuckGos browser from one that uses your data for its own ends like Chrome. Its easy to say you want to use a privacy-respecting browser, but passwords are still king of the mountain, and the internets security situation demands that each one of them be totally unique. Password managers are helpful, but with this update, you no longer have to connect an outside password manager to DuckDuckGo (or track your passwords manually) if you want your passwords synced.
DuckDuckGo still doesnt support passkeys, though. Given that they have a real shot at replacing passwords in the not-too-distant future, the company still has its work cut out for it if it wants to mount a viable challenge to browsers from titans like Google, Microsoft, or Apple.
View original post here:
DuckDuckGo's privacy browser adds built-in password syncing - The Verge
Linux: Create Encrypted Tunnels with SSH Port Forwarding – The New Stack
Secure Shell (SSH) has several really cool tricks up its sleeve, each of which offers a handy feature (wrapped in a comforting blanket of security) to help make your life a bit easier.
Last week, we discussed key authentication with SSH; this week we will talk about port forwarding, which can be used to:
There are three different types of SSH port forwarding. They are local (connections from a client are forwarded, via SSH, to a remote host), remote (connections from a remote server are forwarded, via SSH, to another machine), and dynamic (connections from different applications are forwarded, via SSH, to several servers).
There are many examples of port forwarding, some of which can get rather complicated. Because of this, were only going to deal with the first two types of port forwarding here (local and remote). These are also the types of SSH port forwarding that youll use the most.
SSH port forwarding is built into SSH by default, so as long as you have SSH installed, you should have everything you need to work with this feature.
With that said, let me show you how SSH port forwarding works.
Your Linux distribution probably already has SSH installed. However, for port forwarding, youll want the SSH server added as well. For that, you can log into your Linux machine and install it on an Ubuntu-based distribution like so:
sudo apt-get install openssh-server -y
sudo apt-get install openssh-server -y
On a RHEL-based distribution, that command would be:
sudo dnf install openssh-server -y
sudo dnf install openssh-server -y
Once the server is installed, start and enable it on an Ubuntu-based distribution with the command:
sudo systemctl enable --now ssh
sudo systemctl enable --now ssh
On a RHEL-based distribution, the start/enable command is:
sudo systemctl enable --now sshd
sudo systemctl enable --now sshd
The first type of port forwarding well deal with is local. Lets say youre developing a new site and you want to be able to access it via an encrypted connection. This new site may be on your local network or on a remote server. Either way, you can connect to it using the remote SSH server from a local port to a remote port.
Lets say you want to use local port 8080 and forward a connection IP address 192.168.1.11 port 80, via SSH. To do that, the command would be:
ssh -L 8080:192.168.1.11:80 localhost
ssh -L 8080:192.168.1.11:80 localhost
You will be prompted for your local SSH user password and then will be returned to the command prompt. To verify the tunnel worked, open a web browser and point it to:
The remote site (at 192.168.1.11) should appear in the web browser and is being tunneled via SSH encryption.
You can keep using the encrypted tunnel as long as you remain logged in from the terminal window. To close the encrypted tunnel, go back to the terminal window and type:
You will probably find this type of port forwarding to be more useful because it can allow you to give others access to a remote machine, via an encrypted tunnel. Say, for instance, you have someone on your LAN who needs VNC access to a server with a GUI and you want to ensure that connection is encrypted for security purposes. This, of course, would require you have VNC set up properly on the server and a VNC viewer on a client machine.
For this example, well stick with the 192.168.1.11 IP address for the remote machine and the client machine is at 192.168.1.21. You must have SSH access to the client machine as well.
Before you do this, however, you must take care of a simple SSH configuration. Open the SSH server configuration file with the command:
sudo nano /etc/ssh/sshd_config
sudo nano /etc/ssh/sshd_config
Add the following line to the bottom of the file:
Save and close the file. Restart SSH with either:
sudo systemctl restart ssh
sudo systemctl restart ssh
or
sudo systemctl restart sshd
sudo systemctl restart sshd
Now, lets create the remote tunnel. To create the tunnel for VNC (which runs on port 5900), run the following command on the remote server (which, for our example, is at 192.168.1.11):
ssh -R 5900:localhost:5900 USERNAME@192.168.1.21
ssh -R 5900:localhost:5900 USERNAME@192.168.1.21
Where USERNAME is a username on the client machine to which you have access. Once you authenticate that user, the SSH remote tunnel is up and running. The other user could then connect to the server, using a VNC client, with localhost and port 5900.
Remember, even when the remote user disconnects their VNC connection, the tunnel is still up and running. To close the tunnel, go back to the remote servers terminal and type exit.
If youre looking to create encrypted tunnels for various use cases, look no further than SSH. Once you get the hang of creating these tunnels, youll find they can be very useful in several different types of scenarios.
YOUTUBE.COM/THENEWSTACK
Tech moves fast, don't miss an episode. Subscribe to our YouTubechannel to stream all our podcasts, interviews, demos, and more.
SUBSCRIBE
See the original post:
Linux: Create Encrypted Tunnels with SSH Port Forwarding - The New Stack
Kanguru Expands Its Encrypted & Non-Encrypted Data Storage Line with New 512GB High-Capacity USB Flash Drives – PR Newswire
MILLIS, Mass., Jan. 30, 2024 /PRNewswire/ -- Kanguru has expanded its world-class line of Defender Hardware Encrypted Flash Drives with new 512 Gigabytes (GB) high-capacity data storage, giving organizations and individuals the ability to store significant amounts of information under the best data security products available on the market. Kanguru has also expanded its line of non-encrypted flash drives with large amounts of data storage.
Store Lots of Data with Military Grade AES 256-Bit Hardware Encryption
Users can store, access and transfer generous amounts of information on one encrypted thumb drive with ample storage space compared to lower-capacity alternatives, storing documents, multimedia files, music libraries, high-resolution photos, software, and more under military grade AES 256-Bit Hardware Encryption. Kanguru also has secure and non-encrypted SSDs available with up to 8T.
Kanguru Defender encrypted drives protect sensitive data from unauthorized access with exceptional, built-in high-security benefits:
Defender Hardware Encrypted Flash Drives with High-Capacity Storage Include:
Learn More >>
For users who may not be in the market for encryption but are in need of high-capacity drives, the following devices also offer high-capacity storage options:
Learn More >>
See also Kanguru's 4T capacity NVMe SSD with exceptional performance:
Portable, Compact and Lightweight
Thanks to their compact and lightweight portability, Kanguru flash drives are a convenient way to carry and transfer large volumes of files on a single, compact device between different computers and locations. Users can easily access and transfer presentations, photos and media across multiple platforms. Fast data transfers allow quick access and copying of files from one device to another, and is much safer and reliable than online transfers. This is particularly useful for professionals who work across multiple locations.
Ideal for Backups
Users will find that high-capacity memory sticks are an excellent solution for backing up crucial files. Creating a portable backup that can be stored separately from an original device is a necessary step in data protection for many reasons, including disaster recovery, accidental erase, hardware or human error. For Defender encrypted drives it also assists organizations in meeting complex security policies and compliance requirements while meeting GDPR, HIPAA, SOX, GLBA and more.
Fast Data Transfers
Kanguru flash drives offer ultra-fast data transfer speeds for quick copying and access to files with USB 3 (USB 3.2 Gen 1x1).
If you have any questions about these or any other Kanguru products, please contact Kanguru at 1-(508)-376-4245 or email the sales team at [emailprotected].
Kanguru is a global leader providing best-in-class, secure portable storage solutions, for enterprise, businesses, organizations and consumers with easy-to-use, secure IT products, duplication products and data storage for over 30 years. For more information on Kanguru, please visit http://www.kanguru.com.
FOR MORE INFORMATION, PLEASE CONTACT:Don Wright, Marketing ManagerKanguru Solutions[emailprotected](1) 508.376.4245
SOURCE Kanguru Solutions
Go here to see the original:
Kanguru Expands Its Encrypted & Non-Encrypted Data Storage Line with New 512GB High-Capacity USB Flash Drives - PR Newswire
Cybersecurity Encryption Technologies: Confidentiality | by Coded Conversations | Coded Tech Talk | Jan, 2024 – Medium
Confidentiality: Encryption Technologies
This principle is dedicated to ensuring that information is accessible only to those authorized to view it. Confidentiality mechanisms include data encryption, robust authentication processes, and access control measures that safeguard against unauthorized access and disclosures.
Example:
Picture a lockbox where townsfolk store their valuables. Only those with the right key (authorized users) can peek inside. This lockbox is linked to encryption technologies and access controls that keep prying eyes away from sensitive information.
The invisible guardians of our digital universe, shielding our most sacred data from prying eyes and nefarious minds. In the vast cosmos of computing and cybersecurity, encryption is the spellbinding force that turns readable data into a cryptic puzzle only solvable by those who hold the magical key. So buckle up, my fellow digital explorers, as we embark on an electrifying journey through the deep-ends of encryption technologies, both celebrated and obscure, that weave
View original post here:
Cybersecurity Encryption Technologies: Confidentiality | by Coded Conversations | Coded Tech Talk | Jan, 2024 - Medium
Apple Battles UK Law That Kills Encryption, Calls It A ‘Secret Veto’ Against Global Privacy By Benzinga – Investing.com UK
Benzinga - by Rounak Jain, Benzinga Staff Writer.
Apple Inc. (NASDAQ:AAPL) has sharpened its opposition to the UK governments proposed amendments to the Investigatory Powers Act (IPA) 2016. The tech giant claims that these changes could potentially "secretly veto" new security features worldwide.
What Happened: The proposed amendments would empower the UK Home Office to pre-approve new security features introduced by tech companies, reported BBC.
If the Home Office rejects an update, it would not be released in any other country, and the public would remain uninformed. This could be especially problematic when zero-day vulnerabilities remain unpatched, allowing malicious parties to exploit them.
The UK government is looking to revise the IPA 2016, arguing that while it supports privacy-focused tech, it is also responsible for ensuring public safety. The proposed amendments will be debated in the House of Lords on Wednesday.
Apple has described the move as an "unprecedented overreach" by the UK government, expressing grave concern that the proposed amendments put users privacy and security at risk.
The Home Office responded by stating that decisions about lawful access, which protect the country from child sexual abusers and terrorists, should be taken by those who are democratically accountable and approved by Parliament.
While Apple has previously threatened to withdraw Facetime and iMessage from the UK, the proposed law would extend beyond these services to encompass all Apple products.
Why It Matters: This is not the first time that Apple has opposed the UKs surveillance laws. Earlier in January, Apple and other tech giants expressed opposition to the proposed surveillance laws in the UK, citing potential threats to data security and privacy.
In 2023, Apple joined 80 organizations and technology experts who opposed the Online Safety Bill under consideration in the UK Parliament, arguing that the bill would put people at greater risk from data breaches and surveillance.
Moreover, Apple threatened to pull two of its core services, iMessage and FaceTime, in the UK if the proposed surveillance bill becomes law. The tech giant has consistently opposed the UK governments proposed changes to IPA 2016.
Check out more of Benzinga's Consumer Tech coverage by following this link.
Read Next: If You Invested $1000 In Apple When The iPad Was Launched 14 Years Ago, Heres How Much Youd Have Today
Disclaimer: This content was partially produced with the help of Benzinga Neuro and was reviewed and published by Benzinga editors.
Photo courtesy: Shutterstock
2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Read the original article on Benzinga
Read more from the original source:
Apple Battles UK Law That Kills Encryption, Calls It A 'Secret Veto' Against Global Privacy By Benzinga - Investing.com UK
Phobos Ransomware Family Expands With New FAUST Variant – Infosecurity Magazine
Security researchers have recently uncovered a new variant of the notorious Phobos ransomware family named FAUST.
Phobos, which first emerged in 2019, encrypts files on victimscomputers and demands a ransom in cryptocurrency for the decryption key.
According to an advisory published by FortiGuard Labs last Thursday, the FAUST variant was found in an Office document utilizing a VBA script to propagate the ransomware.
As part of the campaign, the attackers employed the Gitea service to store malicious files encoded in Base64. When injected into a systems memory, these files initiate a file encryption attack.
The FortiGuard Labs analysis revealed a multi-stage attack flow, from VBA script execution to the deployment of the FAUST payload.
Macros remain a dangerous part of malware delivery because VBA provides functionality that many companies use for day-to-day applications,explained John Bambenek, president at BambenekConsulting.
The safest way to deal with this threat is to disable VBA in Office entirely. However, if thats not an option, organizations can at least disable high-riskfunctionality in VBAs using Windows Defense Attack Surface Reduction, such as preventing office applications from creating child processes or from creating executable content.
From a technical standpoint, FAUST ransomware exhibits persistence mechanisms, adding a registry entry and copying itself to specific startup folders.
It checks for a Mutex object to ensure only one process is running, and it contains an exclusion list to avoid double-encrypting specific files or encrypting its ransom information. The encrypted files carry the .faustextension, and victims are instructed to contact the attackers via email or TOX message for ransom negotiations.
Read more on Phobos variants: 8Base Ransomware Group Emerges as Major Threat
The research underscores the threat of fileless attacks and the need for user caution when opening document files from untrusted sources.
While user awareness and caution are crucial aspects of cybersecurity, a layered approach to defense is necessary. Individuals should be cautious with attachments and links. Only opening attachments or clicking on links from trusted sources and be wary of unexpected emails,warned Sarah Jones, cyber threat intelligence research analyst at Critical Start.
Additionally, regularly updating your operating system, applications, and firmware to patch vulnerabilities attackers can exploit is critical. Furthermore, individuals need to ensure their passwords are strong and unique and enable two-factor authentication whenever possible to add an extra layer of security.
View original post here:
Phobos Ransomware Family Expands With New FAUST Variant - Infosecurity Magazine
What Are VPN Apps & Why You Need Them – Privacy News Online
The internet is an essential part of our lives, but being constantly connected makes retaining your privacy a challenge. Ever seen an ad encouraging you to download a VPN app to protect your online privacy? If that left you wondering what a VPN app does, youre not alone.
If you want to take control of your online privacy and limit how much of your activity and information outsiders can see, using cybersecurity tools like VPN apps can help you achieve these goals. If youre planning to use a VPN but youre not quite sure where to start, were here to guide you on the uses of VPN apps, how they work, and why we need to use them.
VPN apps provide a user-friendly way to access VPN services. These apps simplify the process, making it easier to manage your VPN connection. VPN apps encrypt your internet connection, which adds a strong layer of security to your online activity and data. This means your information is concealed from snoopers and potential threats like cybercriminals who carry out cyber attacks to steal your sensitive data.
Encryption masks your online activity your data is scrambled up and wrapped in layers of code to make it unreadable. VPNs also mask your real IP address and cloak it with a different one by rerouting your connection through one of its servers.
With VPN apps, you dont need to set up a VPN manually; the app does all the heavy lifting for you. Many VPN apps come with extra features and options that let you customize how the VPN works.
There are many reasons why you might want to use a VPN app. Here are some of the most common ones:
You want to protect your online privacy and security. A Forbes study revealed that 40% of users experienced a data breach when using public Wi-Fi. This means that their sensitive info, like passwords or personal details, was accessed by unauthorized parties. To stay safe, use a VPN app when youre using public Wi-Fi to protect yourself from cyber threats.
You want to access different platforms without any restrictions. These platforms could be for online entertainment, social media, or staying updated with trends and results from other regions. VPNs let you safely use the streaming libraries you prefer from abroad, bypass network blocks like at school, and see a variety of websites and services from different countries.
You want to find better deals when shopping online. VPNs let you change your virtual location which helps you find different pricing and regional deals. This is useful when youre booking flights or hotels, or want to avoid price discrimination.
When you connect to the internet without a VPN, your unprotected traffic contains data about your IP address and online activity, allowing snoopers and cybercriminals to identify you or commit fraud using the information they discover. The websites you visit also sneak in tracking cookies to spy on your browsing habits for profit but this isnt something a VPN can control.
So, what can a VPN do? It can help prevent various cyber attacks, including DDoS, Man-in-the-Middle attacks, and cookie hijacking. By masking your IP address and encrypting your online activity, a VPN makes it much harder for cybercriminals and other third parties to access your online traffic and personal data.
After you connect to the VPN from your app, it will automatically reroute all your network traffic through an encrypted tunnel to a secure VPN server. VPN apps usually let you choose which VPN server you want to connect to from a list of countries, and many will find the best server for you. Keep in mind that not all VPNs offer the same country options, and some might have servers in fewer places. When you connect to a different VPN server, your IP address and virtual location change, making it look like youre in another country.
Some VPNs come with extra features you can turn on and settings that let you customize your VPN app and connection. As an example, PIA has a feature called MACE that blocks DNS domains used for ads, trackers, and malware.
To get started, simply:
1. Choose a trusted VPN provider.
2. Download the VPN app for your device from your app store, or get it straight from the providers website.
3. Launch the app and create an account.
4. Choose your server then hit the connect button. If you connect first, no worries itll auto-select a server for you.
Using a VPN app is incredibly intuitive. For example, with PIA, you simply open the app on your device and tap the Connect button the app will automatically select the best server for you. You can also choose a specific server location if you prefer. Once connected, you can immediately start browsing with peace of mind, knowing your connection is private and secure.
With a VPN, your online activity is shielded from certain eyes like your ISP, government, cybercriminals, and network owners/admins. It wont totally conceal everything, though. Websites, browsers, and apps can still track you using cookies or information you choose to input. VPNs also cant shield you from phishing, malware, and viruses.
If you need more information or need help setting up PIA VPN, you can contact PIAs 24/7 Customer Support experts any time.
VPN apps can work with a bunch of different devices, but its not a one-size-fits-all kind of deal. Compatibility really depends on the VPN provider youre using and which operating systems it chooses to support with native apps. Not all devices are ready to run VPN apps straight out of the box, either.
You can typically find compatible VPN apps for popular operating systems like Windows, Android, MacOS, iOS, and Linux from premium VPN providers. If your device doesnt support dedicated VPN apps, no worries! You can set up the VPN on your router or use features like PIAs SmartDNS. This lets you change your IP address on devices like consoles and Smart TVs that dont support VPN apps. Keep in mind that while SmartDNS changes your IP address, it doesnt encrypt your connection, which can have its downsides.
Some VPNs put a cap on how many devices you can connect at the same time. PIA doenst limit your connections so you can secure all your gadgets at the same time.
While a VPN app makes it easy to connect to a VPN, its not the only way. You can also manually configure a VPN connection in your devices network settings if it supports VPN configuration.
Heres a thing, though: going manual requires some tech know-how and, if you mess up, it could put your privacy and security at risk.
Using a VPN app is usually more convenient and comes with extra features, but if you go for manual setup, your connection still gets encrypted. Youre still using a VPN provider to direct your traffic through a secure server, just without their app.
Here are alternative options to get VPN protection on your devices if you cant install a VPN app:
If you cant install a VPN app, consider setting up the VPN manually on your device. This involves entering the VPNs server address, your username, and password into your devices network settings. While this method requires a bit more effort, it gives you the same level of protection as a VPN app if you do it correctly.
Before you start, you need to pick a VPN service provider and sign up. Once thats done, get your VPN configuration files from them because youll need these when setting up the VPN manually.
Android devices can vary based on the manufacturer, so the steps may differ. In general, heres how you can setup a VPN on your Android device:
1. Open your devices settings menu and tap Network & Internet or Connections.
2. Select More Connection Settings
4. Tap VPN and add a VPN profile.
5. Enter the VPN details provided by your VPN provider.
6. Save the settings and toggle the VPN switch to connect to the VPN server.
1. Open the Settings app on your iOS device.
2. Tap General and then VPN
3. Click Add VPN Configuration
4. Enter the VPN details provided by your VPN provider.
5. Save the settings and toggle the VPN switch to connect.
1. Press the Windows key on your keyboard and type VPN settings.
2. Click Add a VPN connection
3. Enter the VPN details provided by your VPN provider.
4. Click Save and then click Connect under the VPN connection you just created.
1. Open the Apple menu and select System Preferences.
2. Tap Network
3. Click the + button to add a new network connection.
4. Select the VPN interface and enter the VPN details provided by your VPN provider.
5. Click Apply to save the settings
6. Select the VPN connection you just created and connect.
1. Install the OpenVPN client using your Linux distributions package manager.
2. Copy the VPN configuration file provided by your VPN provider to the appropriate directory.
3. Use the OpenVPN command-line tool to connect to the VPN server using the configuration file.
Setting up a VPN on your router lets you connect every device on your network to the VPN. This means all your devices get the VPNs protection even the ones that dont support VPN apps.
PIA offers a comprehensive guide to help you configure our VPN on your router using flashed firmware. Remember, the setup process may vary depending on your router model and the VPN provider you choose.
If youre mainly concerned about protecting your web browsing, consider installing a VPN browser extension. This will secure your browser traffic, although it wont protect other apps on your device. PIA also offers browser extensions that are easy to install and use.
How to install a VPN browser extension:
1. Open the relevant browser on the device of your choice.
2. Visit the download page for the browser extension, like Chrome, Firefox, and Opera.
3. Click Download
5. Wait for the installation to complete.
6. Select a VPN server and click Connect.
Using a proxy server is another way to change your IP address. A proxy server acts as a digital middleman that routes your requests to the internet, which can change your visible IP address. This can make your online activity harder to track, giving you a level of privacy.
While a proxy can hide your IP address, it doesnt encrypt your internet traffic like a VPN does. This means your online activity could still be visible to others. Thats why its important to know what a proxy does and the security risks you might face when using one.
Not all VPNs are the same. Some are free, some are paid, some servers are fast, some are slow, some are secure, and some are not. But when looking for a VPN, these are some key factors you can consider.
Understand your needs Identify why you need a VPN. Are you looking to secure your data? Bypass geo-restrictions? Maintain anonymity? Your specific needs will guide your choice.
Research the VPNs features Take a good look at what the VPN offers.For instance, PIA provides split tunneling, leak protection, and built-in ad blocking. These features enhance your online experience, thats why its important to consider them when choosing a VPN.
Look at the pricing The cost of VPNs can vary quite a bit, so think about your budget. Some VPNs, like PIA, offer a great service without making your wallet cry.
A VPN app makes using a VPN service on your device a breeze. It gives you an easy way to connect to VPN servers, creating a safe path for your data to travel through the internet. People generally use VPN apps to encrypt their traffic and change their IP address, making it look like theyre browsing from a completely different country or region.
If youre looking for a smooth VPN experience, you can try out PIA VPN. We take privacy seriously, offering strong encryption, a court-verified No Logs policy, leak protection, and even ad-blocking.
Generally, you should keep your VPN on when youre online to protect your privacy. However, there might be times when you want to turn it off, like when its slowing down your connection. PIA is a fast VPN with high-speed connections and support for lightweight VPN protocols, so you wont have to worry about this too much.
While some devices and operating systems come with built-in VPN support, it doesnt mean they have a built-in VPN service. This support simply allows you to connect to a VPN service manually.
If youre wondering whether your device has a built-in VPN, check your network settings. If you see options for a VPN, that means your device can support a VPN connection. To actually use a VPN, youll still need to subscribe to a VPN service like PIA.
Setting up and managing a VPN manually can be a bit tricky, but when you use a VPN service with native apps, it makes things a lot simpler. PIA has native VPN apps for a wide range of devices and operating systems including Windows, Mac, Android, iOS, and Linux. This means that no matter what device youre using, PIA has got you covered.
While free VPN services exist, they often come with limitations and might not be secure. Some free VPNs lack robust encryption standards and may even infect your device with malware. You also put your personal information at risk as many free VPNs will sell your activity data to make money. Free VPNs also have small server networks that can quickly become overloaded and most apply bandwidth and data caps.
In contrast, premium VPNs like PIA offer a more secure and feature-rich service. PIA not only protects your privacy, but it also offers some standout features that enhance your online security and experience. PIA comes with a court-proven No Logs policy, advanced features, a massive 10-Gbps VPN server network, and military-grade encryption.
Yes, its generally safe as long as the VPN provider is trustworthy. For instance, PIA is trusted by millions for our court-tested and independently verified No Logs policy. This means PIA doesnt keep any records of your online activities, making sure your data remains private.
Yes, you can use a VPN on multiple devices. Most VPN providers limit the number of devices you can connect at the same time, but others dont. For instance, PIA allows unlimited device connections with a single subscription whereas most VPN providers limit you to a handful of simultaneous device connections. This means you can secure all your devices without any extra cost.
Using a VPN can sometimes slow down your internet speed, as your data needs to be encrypted and then sent to the VPN server.
Heres the good news. Not all VPNs are created equal, and some are better at handling traffic than others. PIA is a fast VPN and our network is built to support high-speed connections. So, you can enjoy a secure connection without having to compromise on speed.
Continue reading here:
What Are VPN Apps & Why You Need Them - Privacy News Online
What is end-to-end encryption? How does it secure information? | Explained – The Hindu
Information is wealth, and an important way to protect it is encryption. End-to-end (E2E) encryption in particular protects information in a way that has transformed human rights organisations, law-enforcement agencies, and technology companies outlook on their ability to access and use information about individuals to protect, prosecute or profit from them, as the case may be.
Fundamentally, encryption is the act of changing some consumable information into an unconsumable form based on some rules. There are different kinds of such rules.
For example, (with particular settings) the Data Encryption Standard (DES) encrypts the words ice cream to AdNgzrrtxcpeUzzAdN7dwA== with the key kite. If the key is, say, motorcycle, the encrypted text becomes 8nR+8aZxL89fAwru/+VyXw==.
The key is some data using which a computer can unlock (decrypt) some locked (encrypted) text, knowing the set of rules used to lock it.
Say I write down AdNgzrrtxcpeUzzAdN7dwA== on one piece of paper and kite on another piece of paper, crumple them both, and throw them at my friend across the room. Suddenly a man I didnt notice in the middle of the room leaps up to snatch the piece of paper saying AdNgzrrtxcpeUzzAdN7dwA== and runs away with it. Because this fellow doesnt know the key (kite), he wont know what the piece of paper says.
This is how encryption protects information, digitally.
E2E is encryption that refers to particular locations between which information moves.
Say you are chatting with your friend on a messaging app. When you send a message, it first goes to a server maintained by the company that built the app; based on its instructions, the server routes the message to your friend.
In this setup, two important forms of encryption are encryption-in-transit and E2E encryption.
Encryption-in-transit means before a message is relayed from the server to you (or vice versa), it is encrypted. This scheme is used to prevent an actor from being able to read the contents of the message by intercepting the relay. In E2E encryption, the message is encrypted both in transit and at rest i.e. when being relayed from your phone to the server (or vice versa) and when it is sitting inside the server. It is only decrypted when your friend receives the message.
There are several ways to encrypt information depending on the level of secrecy and protection required. If some information is to remain encrypted for 100 years, a computer must require more than 100 years to decrypt it without the key.
One broad distinction is between symmetric and asymmetric encryption.
In symmetric encryption, the key used to encrypt some information is also the key required to decrypt it. DES is a famous example of a symmetric encryption protocol.
In a stronger version of DES, called Triple DES, the key a user provides is split into three parts. Lets say they are mot, orcy, and cle. Then, the message ice cream is encrypted by the first part (mot); the result is decrypted by the second part (orcy); and its result is again encrypted by the third part (cle). The garbled text thus produced is then transmitted to the recipient along with the key.
Symmetric encryption is useful when the sender and the recipient are the same person, for example when you encrypt the hard drive of your computer. The Advanced Encryption Standard (AES), which you might have noticed when setting your WiFi password, is also a symmetric encryption algorithm.
In asymmetric encryption, if the message ice cream is encrypted using the key motorcycle, it can be decrypted using a different key that corresponds to motorcycle in a predetermined way.
For example, say you and your friend agree that if you use the key motorcycle to encrypt the message, your friend will use the key helmet to decrypt it, and if you use banana to encrypt, your friend will use pineapple to decrypt. You and your friend go to a party and find yourself standing far from each other, and you wish to send them a message. So you encrypt ice cream with banana as the key, and you shout out the encrypted text to your friend along with the word banana. Your friend now knows that they should decrypt the text using the key pineapple to reveal the underlying message.
In this situation, using asymmetric encryption, you have been able to reveal the encryption key without compromising your or your friends privacy.
The key you shouted out is called the public key; the corresponding key you agreed your friend would use is called the private key.
(Have a computer? Open the shell terminal called Command Prompt on Windows and Terminal on OSX and Linux type ssh-keygen, hit enter, and follow the next steps. You will soon have your own public and private keys.)
Asymmetric encryption will work as long as the private key and the correspondence between the public key and the private key are kept secret. In advanced implementations of asymmetric encryption, this correspondence is stored in the solution of a mathematical problem that even a computer would require a long time to solve.
It is useful when the sender and the recipient are different. The level of protection it confers is greater the longer the key is.
There are different symmetric and asymmetric schemes that encrypt messages in different ways, i.e. using different hash functions.
The hash function is responsible for encrypting a message. These functions are expected to have many properties. Here are three for example:
(i) The function should accept an input message and produce an encrypted version called the digest in a way that, given the digest, doesnt reveal what the message could be.
(ii) It should accept a message of any length and produce a digest of a fixed length, irrespective of how long or short the message is. This way, the length of the original message cant be deduced from the length of the digest.
(iii) It should produce unique digests for unique messages.
For example, the hash function the DES algorithm uses has many steps, at the heart of which is a table called an S-box: it converts a six-bit value into a four-bit value. (The combination of the first and last digits is provided in a particular row and the middle four digits are provided in a particular column, and the cell where these two meet specifies a unique four-digit bit.)
DES is a type of symmetric cipher called a block cipher, meaning it operates on fixed-length blocks of information at a time, in this case 64 bits, with 56-bit keys. (The bits refer to the message converted to binary.)
A hash function called the Feistel function begins by splitting a block into two parts. In each part, it selects 16 bits and appends them to the end, extending the 32-bit block to 48 bits. This is fed to a XOR logic gate as one input, the other being a 48-bit subkey thats derived from the key. The XOR gates output is then split into eight parts, each of which is remixed in a different S-box. The outputs of the eight S-boxes are finally arranged in a specified pattern.
The function repeats this process until the whole message has been encrypted.
DES was developed at IBM in the 1970s, and since then researchers have found ways to crack it. Nonetheless, its working provided an early illustration of the processes that could be used to obfuscate a message such that they would be easy to implement on computing hardware but hard enough to not be broken easily.
The messaging app WhatsApp uses the Curve25519 algorithm to create public keys for messages. Curve25519 uses the principles of elliptic-curve cryptography (ECC), which in turn is based on some concepts in algebraic geometry. ECCs advantage is that it can provide the same level of security as another asymmetric encryption algorithm but with a shorter key.
Messaging apps with E2E encryption promise that even their parent companies wont be able to read messages sent and received by its users. However, the informational content of the messages can still be accessed in other ways.
A common example is the man-in-the-middle (MITM) attack. This is related to the example earlier of an unnoticed man in the middle of the room jumping up to intercept your message to your friend. In that instance, the man didnt have the key and couldnt decrypt the message. In an MITM attack, this man is the attacker and he has been able to acquire the key to decrypt the message, either by hacking your device to obtain the encryption key as well as the correspondence between the encryption and decryption keys or by hacking your friends device to acquire the decryption keys.
MITM attacks can be prevented by using and comparing fingerprints. Each fingerprint is some data that uniquely identifies a key. Users can compare the fingerprints of their public keys in a separate channel (i.e. different from the one susceptible to an MITM attack) to make sure an attacker doesnt intercept a message, modify it, re-encrypt it with a different key and send it to the intended recipient.
Another issue with E2E encryption is that it could induce complacency in a user who believes an attacker cant access, say, an image theyre sending over a messaging app in any other way. Since the image may be stored on the senders device, an attacker can hack the device to obtain it.
Some potent malware can also snoop on your messages by infiltrating your device via other means an SMS, say and reading them before they are encrypted.
Finally, the company that installs E2E encryption on its products can install a backdoor or an exception that allows the company to surmount the encryption and access the messages. Such a thing may be required by law, such as companies being expected to retain and, in the event of litigation, share that information with lawyers.
Illegal use also abounds, of course, such as that exposed in the Edward Snowden affair in 2013. The whistleblower revealed, for example, that Skype had installed a backdoor on its application that allowed it to access and make copies of the contents of messages to share with the U.S. National Security Agency even though the messages were E2E-encrypted.
If the goal is to surveil a user, an actor can do so if they can access the messages metadata, i.e. data about the messages, such as when they were sent, to which user, how often at different times, from which location, etc., instead of the messages themselves.
More:
What is end-to-end encryption? How does it secure information? | Explained - The Hindu