The IT Nerd

Addictive scrolling, which develops faster than you think, is not the only thing you should watch out for this holiday season. A Surfshark expert highlights the main online risks you can encounter while scrolling.

Unsupervised AI shopping agents

AI shopping agents are a booming trend, with Big Tech announcing AI updates that can buy the exact sweater you are searching for and even call the shop to ask if they have it in stock. The trend of using chatbots like ChatGPT or Gemini AI to assist you with shopping is also at its peak.

Tomas Stamulis, Chief Security Officer at Surfshark, says the risk arises when you trust AI shopping assistants entirely and without double-checking. “I sometimes use a chatbot to help me with shopping. However, I evaluate what online shops it offers because sometimes they can be scams, taking me to malicious websites. So, always review what AI suggests before purchasing, and never grant unlimited access to your financial details.”

Phone snatching in Christmas markets

Phone snatching, when street criminals take your mobile phone from your hands, usually unlocked, is a particularly common crime in crowded Christmas markets. A moment of your distraction can result in far-reaching consequences. According to Surfshark expert Tomas Stamulis, taking simple steps can help protect you from the damage caused by phone snatching. “Stay vigilant in public, especially in crowded or high-risk areas. Keep your phone out of sight when not in use. Use an anti-spying screen so people around you can’t easily see what you’re doing. Also, ensure “Stolen Device Protection” is active on iOS or “Theft Protection” on Android (depends on device) and your home and work addresses are correct.”

Sneaky links in Christmas greetings

People’s interest in creating Christmas greetings online and sharing them with loved ones does not go unnoticed by scammers. You probably receive those snappy interactive greetings via social media, email, and SMS. Thank the sender for goodwill, yet never click the links included in those greetings. If you did and were led to a strange site, we hope you didn’t provide any of your private information, such as your real name, surname, email address, telephone number, or home address.

Sorry, it’s too good to be true

Have you ever encountered a Christmas deal that seemed too good to be true? It probably was. Scammers create fake gift deals for popular and hard-to-find items to trick shoppers into falling for them. Mr. Stamulis advises being skeptical of Christmas deals that seem unrealistically good. “Always verify the offer by checking the retailer’s official website. If you spot something that seems like a ‘hot deal’, look closely at URLs and other text for typos or unusual characters, which are red flags.”

Gifting your personal data via public Wi-Fi

Free Wi-Fi is available at cafes, restaurants, train stations, hotels, and other public spaces for your convenience. It’s just that the number one rule for a privacy-conscious person is never to use free public Wi-Fi. Public networks are frequently exploited by hackers, who can intercept sensitive data, including account credentials, email addresses, passwords, and financial information. “Without an active VPN, using public Wi-Fi is insecure; it’s like gifting your personal data to total strangers,” points out Tomas Stamulis.

Christmas cleaning your private data will thank you for

Most people want to tie up loose ends before the New Year. Paying back debts, making peace with those you’ve argued with, and just finishing unfinished business. Review the apps you’ve accumulated over the year and get rid of those that just take up space. Surfshark conducted at least a few studies that revealed mobile apps to be extremely data-hungry and privacy-intrusive. Your private data will thank you for this Christmas cleaning.

ABOUT SURFSHARK

Surfshark is a cybersecurity company offering products including an audited VPN, certified antivirus, data leak warning system, private search engine, and a tool for generating an online identity. Recognized as a leading VPN by CNET and TechRadar, Surfshark has also been featured on the FT1000: Europe’s Fastest Growing Companies ranking. Headquartered in the Netherlands, Surfshark has offices in Lithuania and Poland. For information on Surfshark’s operations and highlights, read our Annual Wrap-up. For more research projects, visit our research hub.

As shoppers gear up for the holiday season, Surfshark investigated the data collection practices of the 10 most popular shopping apps in the US, finding that US-based apps tend to collect more data compared to their counterparts in China and Canada. For example, Amazon collects 25 unique data types out of 35, but among Chinese apps, Alibaba is the most data-hungry, collecting 19 unique data types.

“Scrolling through tempting deals on Temu, Shein, Amazon, and other shopping apps is a Black Friday tradition for many. However, before downloading any shopping app, people should consider whether they are truly willing to trade their privacy for a discount,” says Miguel Fornes, Information Security Manager at Surfshark. “Many shopping apps collect far more data than people realize, and this extends beyond purchase history. Some apps can even gather sensitive information such as political views, racial background, or biometric and health data.”

The Amazon shopping app is the most privacy-intrusive. It collects 25 unique data types out of 35, Walmart and Costco each collect 23, and Whatnot — another US-based app — collects 20. Among Chinese apps, Alibaba is the most data-hungry, collecting 19 unique data types, followed by Temu with 17, Aliexpress with 16, and Shein with 15. The Canadian app, Shop, collects 19 data types, which places it on par with the most data-collecting Chinese app.

All the analyzed apps collect information such as email address, name, payment information, physical address, user ID, search history, and product interaction. The majority of these apps also gather device IDs (except for Temu), phone numbers (except for Shein), photos or videos (except for Shop), and location data (except for Shein). Additionally, most of this collected data is directly linked to individual users, enabling these apps to build comprehensive user profiles, which raises privacy concerns. 

Some of the data collected by these shopping apps is surprising and even bizarre. For instance, Amazon and Walmart collect sensitive information — which could include political opinions, racial or ethnic background, biometric data, genetic information, sexual orientation, disability status, or pregnancy details. Whatnot and Alibaba collect users’ contacts, such as contact lists from a user’s phone or address book. In addition, Amazon, Walmart, Whatnot, and Alibaba collect users’ voice or sound recordings.

According to Fornes, these abusive data collection practices can be very dangerous if an app is breached and information about a person is leaked. First, leaked bank account information and purchase history can lead to unauthorized charges, identity theft, and significant financial loss. Second, leaked sensitive information – especially sensitive data like political views or health data – can damage your reputation and financial standing, as health data rarely changes and may be used by insurance and healthcare companies. Finally, all this leaked data might fuel subsequent highly personalized phishing campaigns. Therefore, Fornes advises:

• Don’t download apps you don’t need. If you only shop on Amazon occasionally, accessing their website through a browser is more private than keeping the app installed. Besides, you may improve your battery or device health by offloading those.
• Grant permissions selectively. Only allow access to data essential and directly relevant to the app’s functionality.
• Revoke unnecessary permissions. Regularly review and revoke permissions you have granted. For example, go to settings, apps, app name, permissions on iOS, and change them. Remember the app will still work as intended after removing unnecessary permissions, but just triggering some informational notifications.
• Read the Privacy Policy and opt out of data sharing. Understand what data the app collects, how it’s used, and with whom it’s shared. Many apps offer options to limit data collection for advertising purposes. Look for these settings.
• Strengthen your account security. Use strong, unique passwords; enable two-factor authentication (2FA); consider having a dedicated virtual debit card or escrow payment methods (such as PayPal) for such apps or shopping at less-trusted sites.

 For the complete research material behind this study, visit here.

Surfshark has launched the email scam checker to help protect against email phishing attacks. This on-demand solution aims to provide users with an additional security layer against sophisticated scams, considering the alarming statistic of 3.4 billion phishing emails sent daily and 1.5 million new phishing websites created every month.

The email scam checker, a new feature of the Surfshark Chrome browser extension, offers a robust security layer against drastically increasing email phishing attacks. This tool helps improve users’ online security by allowing them to check suspicious emails and get notified about fraud and phishing attempts.

By identifying malicious attachments and links, Surfshark’s email scam checker significantly reduces the risk of potential fraud and malware infections on users’ devices. Using AI-driven technology, the new feature rapidly detects phishing attempts, safeguarding users’ sensitive data with increased accuracy. With the email scam checker, users can browse the internet with greater confidence and safety, having a powerful ally to combat email scam threats whenever needed.

This advanced protection is crucial because email phishing scams are a growing threat, becoming increasingly sophisticated and harder to detect. With the rapid advancement of AI tools, scammers are constantly evolving their tactics, making fraudulent emails more convincing and the problem harder to control.

The email scam checker is now available on the Surfshark Chrome browser extension for Gmail users with a Surfshark One or One+ subscription.

Surfshark has launched a new feature called the web content blocker that focuses on safeguarding every household when browsing online. It allows you to filter various websites based on categories provided, lock them using 2FA (Two-factor Authentication), and help protect family members from potential online threats caused by curiosity or carelessness.

Unlike traditional tracking applications, the web content blocker helps you protect family members from seeing malicious content and websites — without snooping on their browsing activity or monitoring the actual websites they visit. With this new feature, you can filter various websites by category and lock specific content across all family mobile devices.

To extend this protection to your household, install and open the Surfshark app on the device you’d like to add, log in using the same account, enable Web content blocker, and lock with 2FA if needed. Then, under the Web content blocker feature on the Surfshark website app, you can find the Your devices section, where you can select content categories and ensure a safe online environment for your loved ones.

The web content blocker is now available on Android and iOS platforms for Surfshark One or One+ plan users — more platforms are coming soon.

Additionally, Surfshark announces that its server count has surpassed 4,500. Over the years, Surfshark has continually upgraded its server network to enhance performance and reliability, and this figure reflects its growth.

Surfshark has announced that they have introduced 100Gbps bandwidth servers in response to the growing demand for higher bandwidth and to ensure VPN services won’t become a bottleneck as internet speeds continue to rise.

Surfshark’s new 100Gbps servers allow VPN technology to be future-proof and ready for the growing demand when the shift to higher-capacity hardware happens.

Increased bandwidth also reduces the need for throttling or deprioritizing traffic, allowing users to get closer to their maximum internet speeds more often, even when backing up heavy documents to the cloud or downloading a game.

For this solution, Surfshark has chosen the Amsterdam location due to its impressive internet exchange (AMS-IX), which handles over 14 trillion bits per second, making it one of the world’s largest internet exchanges by traffic volume. To put this into perspective, that’s roughly 1.75 terabytes of data every second, ~560,000 simultaneous 4K streams, equivalent to about 7.5 million people watching TikTok videos simultaneously, or around 63 million people playing Fortnite at once.

Surfshark has launched a dedicated IP feature for its browser extension, available on Google Chrome, Mozilla Firefox, and Microsoft Edge. This addition allows users to route only browser traffic through a dedicated IP.

According to Justas Pukys, Senior Product Manager at Surfshark, the company constantly looks for opportunities to improve the user experience and provide innovative solutions across the industry.

A dedicated IP is well known for reducing human verification requests (CAPTCHA). When multiple users share the same IP address, websites often send verification requests, such as “Select images with traffic lights.” Dedicated IP minimizes this issue by assigning a static address, making traffic appear more consistent to websites. Also, as only one user generates traffic through the IP, it may lead to more stable connections.

Additionally, dedicated IP simplifies access to remote networks by eliminating the unpredictability of changing addresses associated with shared VPN servers. This provides unrestricted service access, allowing users to access apps and websites that block shared IPs or don’t work when IP changes frequently.

Currently Surfshark offers 20 dedicated IP locations: Australia – Sydney; Brazil – Sao Paulo; Canada – Toronto; France – Paris; Germany – Frankfurt am Main; Hong Kong – Hong Kong; Italy – Milan; Japan – Tokyo; the Netherlands – Amsterdam; Poland – Warsaw; Singapore – Singapore; South Africa – Johannesburg; Turkey – Istanbul; United Kingdom – London; United States – Dallas, Denver, Las Vegas, Los Angeles, New York, and San Jose.

The dedicated IP feature is available on Android, Windows, iOS, and macOS and supports all major protocols, including WireGuard®, for maximum speed. Since it has now been included in the extension, all users can access it on Google Chrome, Mozilla Firefox, and Microsoft Edge browsers.

Surfshark celebrates three years of partnership with Heart of Midlothian FC, known as Hearts, a professional football team based in Edinburgh, Scotland, competing in the Scottish Premiership.

To celebrate this partnership, Surfshark is offering a special deal: visit www.surfshark.deals/hmfc or use the code HMFC at checkout to get 4 extra months of Surfshark VPN.

More information can be found in the blog post: https://surfshark.com/blog/surfshark-continues-to-partner-with-hearts 

Surfshark, a leading VPN (Virtual Private Network) provider, introduces FastTrack, an innovative technology that optimizes users’ traffic paths for improved speed and performance. Built on Nexus infrastructure, this solution routes traffic through a network of servers rather than a single VPN tunnel, boosting internet speeds by up to 70%. As a result, users can now experience enhanced VPN connectivity to Sydney, Seattle, and Vancouver.

Optimized network for better VPN speed and performance

Many people believe their internet connection follows a direct, straightforward path, just as it appears at first glance when looking at a world map. However, this is a common misconception, similar to the belief that ISPs (Internet Service Providers) will always optimize user connectivity through the best routes.

In reality, data often travels across a complex web of overground and submarine cables located around the globe. These cables define the actual physical routes that data packets take, which can be very different from what we might think. For example, due to the layout of global network infrastructure, a data packet traveling from one city to another may be routed through multiple cities, countries, or even across continents and oceans.

There’s a similar misconception about ISPs. While they generally prioritize delivering acceptable speeds, they often do not focus on optimizing the actual network routes your data follows. Instead, ISPs typically choose paths based on cost, selecting the most economical routes for them rather than the fastest or most efficient ones for user data.

How does FastTrack work?

FastTrack is built on Surfshark Nexus infrastructure, a unique multi-server routing system that connects users to an entire network of servers — rather than a single VPN tunnel — and then routes the connection to a chosen location. This also works as an additional protection layer because the user’s connection is rerouted via different hops, so no single entity can link a single IP (Internet Protocol) address with the user’s activity.

At the moment, Surfshark is releasing FastTrack to three key destinations — Sydney, Seattle, and Vancouver on macOS, with plans to expand to more destinations in the future. Users can now find enhanced locations marked with a connection route icon in the main list of all VPN locations.

Cybersecurity company Surfshark just released its second no-logs assurance report. The independent verification by Deloitte confirms that Surfshark operates according to the highest privacy and quality standards, and reaffirms that users’ online activities are not logged or tracked.

The recent assurance conducted by Deloitte involved a thorough examination of Surfshark’s systems and internal processes. As part of the evaluation, Deloitte conducted interviews with relevant personnel and reviewed supporting evidence to confirm adherence to Surfshark’s no-logs policy. The assessment included a review of various server types, such as standard, static, and multiport VPN servers. 

Deloitte also evaluated Surfshark’s server configuration and deployment processes, inspected privacy-related settings and procedures, and verified that these align with the stated privacy policy. Furthermore, the assessment confirmed that Surfshark’s no-logs policy is consistently and effectively enforced across all applicable servers and infrastructure components. The detailed report (ISAE 3000) is available to all Surfshark users in their Surfshark account.

Surfshark continues to drive security innovation across the security and privacy sector. Recently, Surfshark introduced public no-logs DNS servers. Surfshark DNS was created for privacy-conscious individuals and organizations, helping them to take the first step towards privacy and security by using this tool. The company has also announced an industry-first, patented technology called Surfshark Everlink. This is a supporting, self-healing infrastructure that ensures continuous VPN connectivity by seamlessly recovering dropped connections.