One of the most rewarding parts of running this blog is getting to interact with readers. I learn a lot from you all, and your questions force me to challenge some of my own assumptions about security and privacy. A reader recently wrote in asking me about Windscribe VPN. I have to admit that my first reaction was to tell the guy to go check That One Privacy Site, imagining an abyssal review of this unheard-of VPN. Reading further he said it got a decent review from TOPG, so I checked it out. It turns out he was right, so I decided to give Windscribe VPN a deeper look. Continue reading “iOS-Friendly VPN: Windscribe VPN”
I am and always have been fan of note-taking applications. I am a prolific note-taker, and while I like taking notes on paper, I don’t always have my favorite notebook on hand. So, I resort to taking notes on my phone. For a while I used Codebook Secure Notebook despite it’s $3.99 cost. The ability to encrypt my notes made the cost worth it, but they lost me when a password manager was rolled into it. When iOS rolled out its encrypted version of Notes, I migrated to this. iOS’ Notes have become overly complicated, so I’m been looking for a replacement. Recently several podcast listeners wrote in about Standard Notes, so I gave it a try. Continue reading “Encrypt Your Thoughts with Standard Notes”
Recently my iPhone dropped below 10% and the low-power mode indicator popped on. As soon as I plugged the phone in I switched off low power mode and then wondered why I was in such a hurry to do so. So, I look into iOS low power mode to see exactly what it is doing. What I found surprised me, and made me realize I should probably leave it on more. Continue reading “Privacy Hack: iOS Low Power Mode”
My search for an alternative, iOS-friendly VPN has led me to NordVPN. I have had my eye on NordVPN for quite some time. It is recommended by https://www.privacytools.io/, which is a strong recommendation. Nord has over 2,100 servers in 59 countries. It also offers a ton of features including VPN-chaining, a kill-switch, and Tor-over-VPN. NordVPN is also very affordable, coming in at $69.00 for 1-year of coverage and $79.00 for a two-year subscription. Continue reading “NordVPN: iOS-Friendly VPN Option”
A Kidnapping in Milan is a book that I’ve meant to read for a long time. I finally got around to it a couple of months ago. Readers of this blog would doubtlessly enjoy this work. It touches on several major themes that I talk about here and on the podcast. Make no mistake – this isn’t a technical manual, nor is it written from the viewpoint of a privacy advocate. This is the story of how some very focused investigators unraveled a mystery using modern (2004+) technology. You don’t have to be a fortune teller to read between the lines of A Kidnapping In Milan and pick out techniques to use as part of your own operational security. Continue reading “Book Review: A Kidnapping In Milan”
In my quest for “backup options” to the security and privacy tools I use daily, I have recently rediscovered Brave. I tried it a few months back at a reader’s request. At the time I didn’t really give it the chance it deserved because Firefox met all my browsing needs and my attention was probably elsewhere. Recently, in the interim between the launch of Firefox 57 and the release of the new NoScript, I gave Brave a second chance. I’ve found there’s a lot to like about it, and it is officially my “backup browser.” This Brave review will explain its features and how to use it. Continue reading “Privacy & Security Browser: Brave Review”
As regular readers here know, I have used and advocated for Private Internet Access for quite some time. A couple of months ago my subscription was nearing its end, and I wanted to shop around a bit. While I don’t have a single complaint about PIA, I have recently come to the realization that I need to stay flexible in my choices. I don’t want to be scrambling for a replacement if the day comes that PIA is no longer trustworthy or no longer meets my needs. This is part of a larger push to have pre-selected alternatives to the apps and services that I rely on for privacy and security. With this in mind I headed to https://www.privacytools.io/ and began my search for an iOS-friendly VPN. Continue reading “The Search for a New iOS-Friendly VPN”
In case you haven’t heard, Amazon recently rolled out “Amazon Key.” This service allows delivery persons to leave packages inside your home. I’m sure I’m largely preaching to the choir here, but I can’t let this one go unanswered. I want to talk about Amazon Key security, and some of the problems it creates. Continue reading “The Amazon Key Security Nightmare”
I thought I would do something I’ve never done before: write up a privacy gift guide ahead of Black Friday and Cyber Monday. Privacy people are hard to shop for. We don’t use Amazon’s Wish List because it’s creepy. Obviously we won’t tell you over SnapChat and Facebook isn’t going to recommend anything because we don’t use it. Since you probably already know what you want, share this privacy gift guide with someone that doesn’t know what you want! Because, you know…privacy. Continue reading “The Ultimate Security & Privacy Gift Guide”
I’ve talked a lot about HTTPS (and we talked about it in podcast Episode 054), but no one really explains how to make sure your connection is really valid. In some situations I have wanted to look beyond the green padlock icon. This concern has grow with reports of various public Wi-Fi services intentionally breaking HTTPS connections. Hardware manufacturers have shipped devices with what amounts to pre-installed malware for the same purpose. I’ve written about this before but I thought it was worth doing a video on HTTPS certificate fingerprinting.
HTTPS – What it is and Isn’t
Before we go into that, let’s talk briefly about why HTTPS is important. Most people know that it’s important, but not many people know why. An HTTPS (Hypertext Transfer Protocol [Secure]) connection is one that is encrypted from your device to the website you are visiting. The encryption is ridiculously strong AES-128. These connections, if established properly, are (currently) impossible to break…assuming the correct “handshake” has been made and and you haven’t been served a bogus certificate. Making sure you haven’t been served a phony cert requires HTTPS certificate fingerprinting as described in the video.
The encryption a proper HTTPS connection offers is excellent. I always recommend using HTTPS versions of sites and running HTTPS Everywhere in your browser. It is not a substitute for a VPN, however. HTTPS does not protect your packet headers. The URLs to which your browse to are completely exposed in these headers, as is your true IP address. I consider this a strong layer of security, but only a layer in a much bigger picture.
Without further ado, check out the video!
HTTPS Certificate Fingerprinting
The website I talked about in the video: https://www.grc.com/fingerprints.htm