Our friends at ExpressVPN are offering students a chance to speak out about privacy this summer.  The ExpressVPN Future of Privacy Scholarship will award $5,000 cash prize to the winner.  That’s just the beginning as the winning entry will also be shared with a worldwide audience.  This is your chance to have your voice heard on the future of privacy for the next generation.  The winning entry will earn a $5,000 scholarship with 5 runners up winning a free year of VPN.  Visit the ExpressVPN scholarship page for more details.

High school students, undergraduates, and graduate students in the United States, Canada, the United Kingdom, the European Union, Australia, New Zealand, or South Africa. are eligible to submit an entry for the ExpressVPN Future of Privacy Scholarship.  Those interested will want to write a 600-800 word essay. The ExpressVPN team has offered a prompt to help you get started.

• Technology companies can self-regulate to provide optimal privacy to internet users. The free market will choose the winners to be those companies that best protect their users, without the need for government interference. Do you agree or disagree?

New to the topic of online privacy?  If so I still encourage you to give thought to the prompt and write an essay.  This is a great opportunity for students to share your thoughts on where we’re headed and how privacy, or a lack thereof, will impact our lives in the future.  Just remember to follow the guidelines listed on the ExpressVPN scholarship page to be eligible for an award.  You will want to submit your essay by Saturday, August 31st.  The winners will be announced by the end of October.  Best of luck!

CyberGhost was the first VPN provider to release a transparency report in 2011. Seven years later the service looks quite different with over 30 million users around the world. Along with the number of DMCA requests, malware activity flags, and police complaints, the 2018 transparency report also includes sections to highlight key infrastructure stats and history of the team behind CyberGhost VPN.

Here are a few highlights from the latest CyberGhost transparency report.

You can download the full report for a look at CyberGhost over the last 7 years. Cheers to their team for continuing the tradition of transparency and giving users more insights into the popular VPN service.

Last year the team at ExpressVPN released a set of leak testing tools to help VPN users find out if their VPN had any leaks. The tools are open source and available via GitHub for anyone to make use of and to engage in the project. Now we’re excited to share that ExpressVPN is taking their transparency initiative a step further with a penetration test and code audit of their popular Chrome web extension and by open sourcing the code.

ExpressVPN is taking a very deliberate approach to transparency. By having an independent third-party test their web extension and following that up by open sourcing the code for the latest version, ExpressVPN is building trust in an industry that is riddled with deception. We won’t dive into the dark side of VPN in this post but you can simply consider the privacy implications of free VPNs and the logging revelations of some well known VPNs to see the need for transparency as trust is a central issue when selecting a VPN to help protect your privacy.

Back to the security audit and open sourcing of the web extension code. ExpressVPN hired Berlin-based Cure53 to conduct a penetration test and audit the source code for their Chrome browser extension. The testing was performed in October 2018 and resulted in 4 vulnerabilities and 4 general weaknesses. None of which rated with a severity level higher than medium. Over the next few weeks the ExpressVPN development team worked to remedy the issues. Cure53 verified the fixes were in place in November 2018. That leads to today’s announcement that ExpressVPN is open sourcing the code for their Chrome and Firefox browser extensions.

Cheers to the ExpressVPN team for taking a leading role in vulnerability testing and open sourcing their code. In fact they have made the results of the Cure53 audit public for anyone to read. We were pleased to see the manner in which the vulnerabilities were addressed which in some cases meant that features were removed from the browser extension. The issue being that the web browser bypasses the intended privacy protection so the developers pulled the features rather than give users a false sense of security. The release of the audit and open source code present users with yet another reason to trust ExpressVPN.

South by Southwest (SxSW) Interactive is set to start in Austin this week.  You can bet there will be plenty of talk around privacy.  A few years ago the audience was greeted by a stream from Edward Snowden that pointed out the need for developers and everyone to focus on privacy.  That wasn’t the only privacy related event in Austin.  Privacy will once again be a hot button issue at the conference this year.  What you might not know is that Golden Frog, the company behind VyprVPN is located in Austin.  They will be sponsoring their annual “Take Back Your Internet” party on Friday night that will include a panel of privacy experts.

The Take Back Your Internet party will take place at Texas Public Policy Foundation in Austin on Friday, March 9th at 6:00 pm CST.  The party will give attendees an opportunity to network and enjoy some dinner including BBQ, gourmet tacos, and craft beer.  The privacy panel will center around whats next for net neutrality, the declining Internet freedoms around the world, and a discuss of personal data s your personal property.  The discussion is very timely given the recent FCC decision to repeal net neutrality.  Golden Frog has gone so far as to meet with an FCC commissioner in Austin last month.

Here’s a list of the privacy panel participants:

• Philip Molter – Co-CTO, Golden Frog
• Drew White – Senior Federal Policy Analyst, TPPF
• Rachel Wolbers – Policy Director, Engine
• Joseph Lorenzo Hall – Chief Technologist, CDT

The panel was moderated by Ellen Troxclair, member of the Austin City Council

You will not need a SxSW badge to join the party.  The Golden Frog team only asks that you RSVP for the event.  I would make it a point to arrive at Texas Public Policy Foundation around 6:00 pm so you network and take in the privacy panel.

Join Golden Frog and partners for their 2018 Take Back Your Internet Party.  In the meantime consider taking a few minutes to watch the privacy panel from 2014.

Safer Internet Day is a great opportunity to for kids and young adults to learn more about steps they can take to stay safe online.  Safer Internet Day is recognized in over 100 countries around the world.  Many will be celebrating with events.  In the United States the celebration includes a special day for students at the Omni hotel in Austin, Texas.  The event will include guest speakers, a special guest, and an opportunity for students to get involved.  The theme this year is “Create, connect and share respect: A better internet starts with you” which points to the fact that we all have a responsibility to help keep the Internet as safe as possible.

A number of schools in Pennsylvania will be on site for the Safer Internet Day event at the National Constitution Center.  For those of us who are aren’t in the area, the organizers are making the event available via a livestream.  You can watch the event live starting at 9:30 am EST.

Here’s a look at the agenda for today’s event (all times shown in CST):

9:30 a.m. – Doors Open & Exhibits

10:30 a.m. – Welcome Remarks

10:50 a.m. – Keynote Speaker: FCC Commissioner Mignon Clyburn

11:25 a.m. – Youth & Tech Industry Issues in Perspective

1:00 p.m. – Student Activity

1:30 p.m. – Announcing the What’s Your Story? Video Contest

1:40 p.m. – A Teen Who Doesn’t Just Play Games — He Builds Them

2:00 p.m. – Event Wrap-Up

2:30 p.m. – Program Close

Whether in attendance or watching via livestream I encourage teachers and parents to get involved in Safer Internet Day.  Many times our kids know as much or more about technology as many parents.  That can be good in some cases but it also means that new obstacles are in their path that we didn’t have to deal with when we were young.  Understanding the threats and steps you can take to promote a safer Internet is well worth the effort.  Cheers to the students at the event in Austin.  Have a great time and stay safe online.

Sunday,January 28th, is Data Privacy Day in the United States.  That might sound like an oxymoron given the Snowden revelations and continued news of our growing lack of privacy.  That’s all the more reason to wake up and start paying attention to your data.  Understand what happens to your personal information when you visit sites, use services and download apps from Internet giants like Google, Facebook, iTunes and Amazon.

You can learn more about Data Privacy Day on StaySafeOnline.org.  They have a full list of events happening across the country that deal with making your data privacy a higher priority.  That’s really what it’s all about.  At least as a beginning to understand the kind of information and just how much data is being stored as you browse the web, use search engines and talk to your friends on Facebook.  Not to mention your mobile apps.

The second image above reads “Terms and Conditions May Apply“.  This is a documentary released in 2013 that examines how free services are gathering your personal data with your approval.  Because let’s face it no one reads the terms and conditions.  After watching the documentary you might think twice before sharing so much personal information online and trusting sites that carry the big brand names.  It’s an eye opener.

• If something online is free, you’re not the customer, you’re the product

Give that sentence some thought next time you log into Facebook to share your activities and family photos.

Since we spend most our time reviewing VPN services it would only be right for us to read the terms and conditions along with privacy policies closer and share the details of what we find.  We’ve started through the list of top VPN providers and will be sharing our findings throughout the year.  Trust me it’s insanely boring to read legal speak but it’s also revealing to see how many companies are tracking your online activities.

The ExpressVPN development team has always been focused on user privacy. Now they are taking things a step further with a new initiative to help users test the privacy of any VPN service. The ExpressVPN Privacy Research Lab has developed a series of privacy testing tools that you can use. Best of all they have decided to open source under the MIT license so others can review the code. Paul Bischoff conducted a series of initial testing for Comparitech. His insightful article includes the testing results for a number of leading VPNs.

We have not had a chance to use the new privacy testing tools from ExpressVPN yet. Before jumping in we wanted to share the news so you can try out the privacy tools as well. From what we read on the ExpressVPN website and the initial results from Comparitech, we look forward to incorporating the new privacy tools into our testing. Speed and reliability are important but strong privacy is the end goal of using a VPN for most users.

Here’s a quick list of leaks that the ExpressVPN privacy tools will help you test:

• IP address leaks
• IP traffic leaks
• DNS leaks
• WebRTC leaks
• Bittorrent leaks
• Leaks resulting from unstable network connections
• Leaks resulting from VPN servers being unreachable

The new privacy testing tools were developed in Python so you’ll find that they support a wide range of devices. You can download the new tools from Github to test your current VPN service. Please share any feedback with ExpressVPN so that they can continue to develop the testing tools. Share your impressions with us @VPNSP.

Key Reinstallation Attacks (KRACK) hacks use a vulnerability in WPA2 WiFi encryption to spy on your Internet traffic when connected to WiFi networks. Since most modern WiFi networks use WPA2 encryption the vulnerability spans millions of devices around the world. The problem spans from routers to phones and a wide range of iOT devices. Whether you are connecting to WiFi from your favorite hangout using your iPhone or connecting to a hotel network on your laptop, the KRACK hack puts everyone at risk.

The news of the KRACK vulnerability broke a few hours ago. You can expect fixes to be released in the days and weeks to come. The problem is a big one since the researchers that discovered KRACK, Mathy Vanhoef of imec-DistriNet, and KU Leuven, found that the security flaw let’s hackers attack all modern WPA2 protected WiFi networks. This means that any device that supports WiFi is very likely impacted by the issue.

The KRACK researchers found that Android, Apple, Windows, Linux, and other platforms are all affected by the attacks. This means that you should be very careful when connected to WiFi networks. In time vendors like Linksys and other router manufacturers will release patches. The attacks go much deeper though since millions (perhaps even billions) of iOT devices are also vulnerable to the attacks. What can you do to protect yourself from the attacks? For now the best answer is to use a VPN like IPVanish.

It helps to understand KRACK a little better to protect yourself. For starters you should assume that all WiFi networks are vulnerable at the moment. The attack requires the hacker to be nearby to intercept your data. The first step to protect yourself is to make sure and install updates on all your devices as soon as they become available. As always, you will want to make sure that any website you log in to or share information on uses SSL encryption. Look for HTTPS in the site address or a lock symbol on most web browsers. The final and best step to protect your privacy is to use a VPN. This will encrypt all of your data as it passes over vulnerable WiFi networks. This is the best solution to protect your privacy until the patches are released.

On Wednesday, July 12th the Internet will come together in protest of the direction the FCC is headed in terms of net neutrality. This is a hot button issue that has come full circle since Trump took office in January. The Internet has gone from net neutrality regulations to a government stance to end net neutrality. These are the same rules that help keep ISP’s like Comcast, Verizon, Time Warner, and AT&T from slowing down or blocking access to websites. The FCC is accepting comments and received feedback from over 3.5 million Internet users in 2015. That helped lead to the strong net neutrality rules that are now in jeopardy. Make sure your voice is heard.

StrongVPN will be joining in on the net neutrality efforts on Wednesday and is offering a promotion around the event. You can save 50% off any StrongVPN plan (monthly, quarterly, annual) in addition to their normal term discounts. The special is live and will remain active through July 17th. Sign up during the #StrongForNetNeutrality promotion and benefit from unlimited VPN access from just $2.91 a month.

The coupon code for the StrongVPN Net Neutrality promotion is DAYOFACTION but you won’t need it. The StrongVPN team has taken care of everything for you. Simply visit their StrongForNetNeutrality page and sign up for any plan to save 50% off. As you can see above, the discount brings the price of unlimited VPN and smartDNS down to $5 a month, $12 a quarter, or just $34.99 for a full year of access. Please take a moment on July 12th to make your voice heard and let the FCC know that we all care deeply about the future of the Internet.