The IT Nerd

Soccer fans around the world are ready for the biggest event of four years – FIFA World Cup 2018. It draws millions of viewers to their screens, and tension and drama are abundant. Everybody still remembers Germany destroying Brazil 7:1 at home in 2014, and is eager to see what this year’s Cup will bring.

FIFA said that its 2014 World Cup drew 1.01 billion viewers around the world.

However, it’s not always possible to watch your country’s team play, especially when you are traveling. Therefore, many people who might have never used a VPN before (Virtual Private Network) turn to one for watching any game online.

NordVPN, a VPN service provider, has seen an increase in its users during any big sporting event. For example, during 2016 Summer Olympics in Brazil, NordVPN’s sales grew by 104.72%, showing a growing digital awareness of viewers.

“With each large sporting event, more and more people try the VPN technology they might have never used before,” said Ruby Gonzalez, Head of Communication at NordVPN. “We started getting questions about how NordVPN can help expand the options for watching World Cup games weeks in advance. It’s pretty likely to see the number of new users double again and, once the soccer fever is over, many will stick to VPN as they see for themselves how useful and easy it actually is.”

A VPN service links user’s computer to a server in a country of their choice via an encrypted tunnel. For example, a person can appear to be in the U.S. while they actually are in Europe, or vice versa, simply by choosing a different VPN server location.

The Cambridge Analytica scandal has shown that Facebook harvest, shares and profits from users’ data. A new report demonstrates that the issue with Facebook’s data collection goes much deeper than that.

According to the recent news, Facebook shares users’ data with phone makers, sharing it with at least 60 different device producers, including Apple, Microsoft, Samsung and many others. It turns out Facebook has been sharing user details for over a decade, despite users’ privacy and data sharing preferences.

How does Facebook go around the necessary user consent in sharing their data? It has simply categorized these phone producers as partners rather than third parties, which allows Facebook to share data with them without explicit permission.

In addition, Facebook shares the data of users’ friends, even after having claimed that it had cut off third-party access to friends’ data back in 2015. However, since device makers are not considered third parties, users friends’ data is shared.

Where does the data go?

“Once the data is collected, it can be used for various purposes,” said Marty P. Kamden, CMO of NordVPN. “Even though people think that harvested data is harmless, as it’s mostly used for targeted ads or service improvement, collecting information makes it very vulnerable. The Cambridge Analytica scandal has shown us that data could be used for sophisticated political targeting campaigns. There are many other ways how data can be abused, especially if it ends up in the wrong hands.”

Deleting Facebook app from one’s phone might prevent Facebook from sharing one’s data, but only if the phone is new and the person has never logged into the app in the first place. Even doing that might not stop the data collection, because everyone’s data is already probably shared through their friends who are on Facebook.

Therefore, those who really want to protect their data, should quit Facebook – and if they are in Europe, they can also request to delete all their data and to share the list of third parties with which one’s data was ever shared.

Other online security tips include keeping software up to date, not clicking on suspicious links and using password management services.  It’s also advisable to connect to a VPN when going online, as VPN encrypts users’ online activity into a secure tunnel.

In the latest news, it has been reported that a new piece of Russian malware can infect consumers’ routers.

The malware comes from the group called Fancy Bear, believed to be a part of Russia’s military intelligence service. The software could be used to monitor and surveil any traffic that goes across a user’s router, to infect it or to block certain websites. About 500,000 devices globally are already infected with the malware, which could be used to form a network of zombie devices that could block sites by overloading their servers.

Meanwhile in Canada, a 23-year Russian old “hacker on fire” has just been sentenced to 5 years in prison.  Between 2010 and 2017, he stole a massive amount of  Yahoo data to gain access to private emails, while working for the FSB, a Russian spy agency. .

“We are living in times where no one can be certain about their online privacy – there are many interests at play. Many of them come from foreign governments, as in the case with router malware or the Russia-hired hacker stealing email data,” said Marty P. Kamden, CMO of NordVPN. “Certainly, there are also hacks done purely for money, by stealing users’ information and demanding ransom. People log into their computers and don’t know if someone’s not reading their emails or stealing passwords. We recommend certain privacy precautions – no one can afford to be careless about their online security these days.”

1. Protecting your router. The most secure solution is downloading the latest firmwarefrom the manufacturer’s site. For Netgear routers, users can go directly to routerlogin.net, then Advanced options, Administration tab, and click update. For Linksys routers, users should visit the support website and download the firmware. Then they should use their default IP address to update the firmware. If a firmware update is not available, then users need to do a factory reset by pressing a reset button on their router. Other routers have similarly straightforward procedures for updating their firmware.
2. Avoiding phishing emails. The hacker who worked for Russian intelligence, Karim Baratov, was sending phishing emails to specific people, tricking users into handing over their usernames and passwords, and then delivering their login information to the Russian FSB. To avoid similar hacks, users should be very careful not to click on any links in emails if they have any doubt about their legitimacy. Some tips to avoid phishing include checking the sender’s address – and if domain looks suspicious (info@secure.apple.com), not opening the email. It’s also very important not to click on any links – you can hover your mouse on the button to see the destination link. Check if it looks legitimate and, especially, if it contains the “https”part to indicate a secure connection.

For additional safety, always use a VPN that encrypts a user’s online traffic into a secure tunnel. Using a VPN when browsing can protect you against malware and phishing that targets online access points.

Securus, a company that buys up smartphone location data of private citizens and sells it to law enforcement, was just hacked. According to Motherboard, the hacker had gained access to the account information of thousands of law enforcement officials who were using the servicer to track phones.

Before the hack, cybersecurity researcher Robert Xiao discovered an exploit where Securus’ free demo could be used to discover a cell phone’s exact location without even logging in. Anyone, anytime, for any reason, could use their platform to track someone’s exact location.

Securus bought the data from LocationSmart, a company that collects location data from telecoms and sells it to third parties – anybody willing to track someone’s location.

In addition to tracking private citizens, Securus was using the data in other questionable ways. For example, a former sheriff of Mississippi County, Missouri, Cory Hutcheson, used the service to track local judges and other law enforcement officials.

“Many companies are not doing enough to secure sensitive user data. The governmental methods of data collection cannot be trusted either,” said Marty P. Kamden, CMO of NordVPN. “As we have seen with Securus, its cybersecurity was so fragile that the company was hacked less than a week after the existence of its legally questionable and unethical service was exposed. When government hires private companies like Securus, millions of private user data can get stolen, hacked or sold. Collecting data and tracking people can always backfire since this data is handled by other people, who can make mistakes.”

In the documents provided to Motherboard, the hacker proved that they had accessed the login information of prison wardens, administrators, correctional officers, and other law enforcement officials. They also indicated that the hack was “relatively simple,” though no further details have been published.

How to protect one’s privacy?

There’s no way to prevent one’s phone from being tracked while also remaining connected to a network capable of receiving and making phone calls. If phone calls are not necessary, a user can turn their phone off or turn an airplane mode on.

Turning off one’s location settings will make it harder to discover one’s location, but not impossible. To maintain a constant connection, modern phones always try to stay connected to at least three cell phone towers, which allows mobile network operators(and, by extension, the government) to triangulate one’s approximate location to varying degrees of accuracy.

Besides protecting one’s location, those who use the Internet should make sure they use an encryption method to protect their online activity. VPNs help encrypt the information between a user’s computer and VPN server and make it invisible to third parties.

Just two months ago, the #deletefacebook hashtag was trending all over the Internet due to the Cambridge Analytica scandal. Back then, it was revealed that Facebook had allowed third parties to scrape users’ personal data. Aleksandr Kogan, a University of Cambridge psychology professor, had obtained the data of about 87 million Facebook users, which was then used in the Trump election campaign, among others.

Since then, it has come to light that – besides Mr. Kogan – various other scholars have been harvesting information from Facebook accounts, capturing the behavior of millions of individuals.

For example, Swedish and Polish researchers were using a program called “scraper” that logged every comment and interaction from a selected number of Facebook pages for about two years.

“It is still not clear how the data of these millions of scraped profiles is being used,” said Marty P. Kamden, CMO of NordVPN. “As for Cambridge Analytica, at least we know where this data went –it was used to influence elections. How about all the other millions of profiles, collected by other scholars? We know that academic institutions do not always have experts in online security and data protection. Past experience shows that lots of this private information is stored on unsecure servers, and may be sold to marketers, stolen by hackers or handed over to political parties or consulting firms.”

The retained data may include people’s interests, preferences, geographical location, political profile and much more. The amount of collected data allows to match it with profiles and identify the actual people hiding behind anonymized profiles and to target them with specific messages, whether commercial or political. It can also end up in the wrong hands, allowing hackers to expose private information or to blackmail Facebook users.

NordVPN recommends following some simple rules that can help avoid being tracked on Facebook. It’s important not to use any third-party apps, such as quizzes, that require access to a user’s profile. It’s also advisable to revoke access to Facebook apps that are no longer in use or that offer users to get likes or followers.

Outside of Facebook, users should use ad blockers, regularly delete cookies and install anti-tracking browser extensions, such as Disconnect Private Browsing or Privacy Badger. Using a VPN is also crucial – it helps to browse the Internet privately and encrypts the data between a user’s device and the VPN server.

Android users have been subjecting themselves to continuous tracking, and Google has only now come forward with a fix for its app ecosystem.

For a long time, Google has allowed various apps to monitor network activity on a user’s device, and any app could detect not only other apps on an Android device but also when and where they connect to the Internet. Google Play was filled with hidden trackers, and each downloaded app put the user in a surveillance network.

It still remains to be seen how effective the new fix will be – and what other security holes Android users might encounter.  Up until 2019 – when a new logic regarding the way apps access API (Application Programming Interface) is introduced – most of them will still have unrestricted access to the network activity.

“User tracking without their consent undermines basic  privacy and security,” said Marty P. Kamden, CMO of NordVPN. “Apps can monitor network activity even without requesting any sensitive permissions. In addition, this privacy hole could easily be exploited for malicious purposes – for example, when user’s browsing history is collected, their online profile can be created. ”

“Although in this particular case it’s up to Google to protect users’ network activity from being tracked, people should use additional means to safeguard their online privacy. For example, by using a VPN, one ensures they can connect to Internet privately and securely,” Kamden added.

Here are 5 tips from NordVPN on how to keep their Android phone safe:

1. Make sure not to download fake apps – do not click on phishing messages. Original apps from Google Play may have trackers that sell users’ data to advertisers. However, fake apps are even more dangerous. By implanting fake apps on people’s devices, hackers or even governments can piece together text messages, browsing history, call logs and location data. Targets can be tracked and their data can be stolen, because they downloaded a fake version of messaging apps like Signal or Whatsapp through phishing messages received on Facebook or Whatsapp.

2. Get serious about passwords. Most Internet users reuse the same password across multiple accounts. Once a hacker is able to read one of a person’s passwords, they would be able to unlock all their devices and read their emails, enter their bank accounts, and so on. The best way to go is one of the password managers that generate and store different passwords for each account.

3. Accept all software updates & security patches. Android devices – same way as Apple – have recently revealed processor vulnerabilities, designed to hack a smartphone. The only way to avoid these Intel, AMD and ARM chip flaws is to update the phone whenever newest patches are released.

4. Install a VPN. You might have downloaded apps without malware and installed newest security patches, but all your communications and Internet browsing can still be intercepted if you don’t use a VPN. A VPN safely encrypts all information traveling between a device and a VPN server, and is a must on every device, especially if they are using open WiFi networks.

On April 16, Roskomnadzor, the government agency in Russia, started blocking Telegram – it said was the company failed to comply with the Russian requirement to share users’ encrypted communication data.

However, those whose Telegram is blocked have no problem overcoming the restrictions – they just need to download a VPN.

“We are having a lot of first-time users from Russia,” said Marty P. Kamden, CMO of NordVPN. “Since the upcoming Telegram ban was announced, NordVPN has already had a 300% increase of Russian users. People simply need to connect to a VPN server to reach any IP address where they can download Telegram. Many Russians are becoming more technically savvy because of the Telegram block and will now be able to use VPN to unblock other sites blocked in Russia.”

As a response, Roskomnadzor started blocking multiple IP addresses that use the same IP address clusters as Telegram, affecting various businesses and disrupting the Internet in Russia – such as Viber, supermarket chains, taxi service Gett and others.

“The Russian government is failing in their task to block the app,” said Marty P. Kamden. “Telegram has only become more popular in Russia with many moredownloads compared to the week before, and the government has shown its complete lack of understanding of how the technology works.”

The Russian government is continuing its efforts to block the freedom of speech. Its current target is the Telegram messaging app, which has over 200 million users in total and is very popular in Russia. Legal proceedings have been started to block the messaging app in Russia since Telegram had refused to hand over its encryption keys.

Russia has been putting pressure on various international communications and social media companies to remove certain posts or to host their data inside Russia. Some companies gave in, while others refused to cooperate.

For example, earlier this year, Russia demanded that Instagram – which is owned by Facebook – remove posts from opposition leader Alexander Navalny. Instagram caved in. Youtube, owned by Google, refused to do the same and kept Navalny’s videos. Twitter agreed to store user data inside Russia, while Facebook rejected this demand.

“Russia will probably not stop – it will most likely target each company and website they’re interested in, to hand over user information or simply block them. The demand of the Russian government for the encryption keys of Telegram also shows its lack of understanding of how the technology works – besides being a violation of privacy and freedom of speech,” said Marty P. Kamden, CMO of NordVPN. “The whole purpose of encrypted messaging apps is to keep the communications private.”

While the Russian FSB security agency claims it will use private conversations to fight terrorism, disclosing such messages could put many people, including journalists, bloggers and opposition leaders, in danger.

If Russia goes ahead with the intentions to ban Telegram, ISPs (Internet Service Providers) will have to block the domains and IP addresses used by Telegram.

“When someone blocks a certain website or IP address, the block can be bypassed by using a VPN,” said Marty P. Kamden. “A user can choose to connect to a VPN server in any country where that website is accessible, and easily bypass the restrictions. Also, all the information that passes between their computer and the VPN server will be encrypted and private. When Telegram was banned during Iran protests in 2017, many people turned to VPNs to keep using it for private messaging.”

Since March 31, China has officially banned non-state sanctioned VPNs, while businesses and Internet users are waiting anxiously for the ban to take effect. However, there is not much information yet from the Chinese authorities about how and when exactly the ban will be implemented.

“We understand the concern of local and international businesses in China, as well as the needs of scholars, scientists, students and others who vitally need VPNs to freely access the World Wide Web,” said Marty P. Kamden, CMO of NordVPN. “NordVPN believes that everyone should have the freedom to do business, to study or to do scientific research without restrictions.”

China’s Great Firewall is an enormous effort by the Chinese government to control the Internet. VPNs allow companies and individuals to securely access websites that are blocked in China, including Google, Facebook, many news sites, and other social media sites and search engines.

The new Chinese regulations ban anyone from using VPNs that are not approved by the government. Businesses have reported that so far there had been no announcements from authorities about the ban and they were concerned about the lack of information. Many wonder if independent VPNs they have been using will still work.

“NordVPN is working in China with no problems,” said Marty P. Kamden. “We plan to continue these operations, and we are constantly looking for workarounds in China so that people can freely enjoy the Internet.”

A VPN service encrypts all the traffic flow between the Internet and a user’s device. Furthermore, it can prevent tracking software and governments from monitoring the user’s Internet activity and helps hide their IP address.

Today, on Feb 28^th, Canadian digital rights advocacy group OpenMedia is planning a protest to fight against website censorship.

OpenMedia has launched Unfairplay.ca as an answer to FairPlay, a Canadian coalition of 25 media corporations that are aiming to push for the rights to block any website accused of piracy – without court oversight.

“Any kind of censorship may lead to abuse of power, blocking of legitimate sites and denial of the basic freedom of speech,” said Marty P. Kamden, CMO of NordVPN. “Piracy is an issue, but it should be solved by providing more convenient access to content rather than by blocking or taking down websites.”

When a user turns on a VPN, their Internet traffic gets routed through an alternative tunnel. They can also connect to a server in a different country – so they can access any website that is blocked in Canada but available elsewhere.

VPNs also encrypt all traffic between a user’s computer and a VPN server, providing privacy and security when browsing the Internet.

OpenMedia has a goal to deliver at least 50,000 public comments to the CRTC in protest of FairPlay Canada. The submission deadline is now extended until March 29^th, 2018.