URL spoofing - what it is, and what to do about it

Are we alive? We are live the Android apps a bit different, excellent hi everyone and welcome back to Facebook live. We are naked security by Sophos and yeah. We are trying it out. Our Facebook live on an Android, Wow yeah. If you notice any quality difference. I think you may be blinded by populous, but let's hope we've got it right. The lens is a bit different on this. I can, I see myself in the lens compared to an iPhone, so I'll have to get that. Sometimes it's not because Charlotte shouting at me. It'S because I can see myself and I've scared myself. So today's topic is URL spoofing. It is it, it sounds a bit technical duck.

What what is it and why are we talking about it right now? Well, let's, let's take that start at the end, why are we talking about it now? The reason is, there was a big story all over the media last week about a URL spoofing bug that, as apparently was found some time ago in Apple Safari, so it affects Mac users and iPhone users. Also affected Microsoft is, is an edge Microsoft, patched, their browser apple, didn't the bug got disclosed disclosed and the media got all excited and the deal with URL spoofing and why it's important? If, basically, what it means is the URL you see in the address bar in your browser doesn't match the website that it is in the main window.

So, in other words, it's easy to get confused between where you think you are and where you actually are, because the URL in the address bar has been spoofed. To put it simply so: Oh quickly, hi Teresa hello Teresa, it's good to have you back yeah, so duck, I'm guessing that, because Apple just did a round of updates which included releasing iOS 12 that this bug might have got fixed. Oh, so am i that transparent? Why pick it today? Yes, last night at least UK time well this morning I woke up, and there was the fixed iOS. 12 has been released and there's a there's: a safari 12 update for Mac offs for Mac users, and indeed, even though it's a week since its disclosure Apple of now fixed and now Apple.

Unfortunately, I wish they wouldn't do this. They have this official corporate policy, which is keep totally stung about in security, updates that until they're ready now I get there. The idea is you don't want people guessing and speculating? So when you say hey, there was this bug in our product. You tell people when it's fixed, unfortunately, what it meant is that, a week ago, everyone's panicking going well, I wonder: if Apple's ignored this, does it consider this not to be a bug or is there a bug in the work the bug fix in the works? We speculated on naked security last week that the reason that that Apple was probably very close to a fix on fortune didn't say so wish they had.

But, given that the fix is out today for at least four people in the UK, that means we thought it was worth talking about it. Big story, problematic bug last week, all over the news, if you were worried about it and you get the update, you're sorting. Okay, so why is URL spoofing a hot issue in cybersecurity? The address power has an incorrect text in it. Just it's just one line of text, though, so why is it such a big deal? It sounds a bit of a triviality. Doesn'T it there's? The address bars got like you mention it had a typo where you get a document with spelling mistakes, it doesn't completely throw you off, it doesn't stop you making a judgement, but let me show you some.

Let me show you some pictures of why we rely on the address bar now, as I mentioned earlier, the deal is that you've got the main content window of your website, which is basically filled up by what comes from outside untrusted stuff, and then you get the Url the address bar at the top, which is supposed to be the one true sacrosanct place way where you learn where your browser thinks it is so here's a very, very simple contrived example. You can see, there's a web, cervical n dot example and in the content there's some content and I've put in there there's a web form that could be JavaScript. There could be a logo all sorts of stuff in there and everything in the window actually is determined by the person who operates the web server.

So if then, if they, if that's a foreign site, that's pretending to be NS Don example you're relying on the address bar a bit at the very top to actually tell you that you're on the wrong site. So you can imagine if you can make the bit at the top look like what it shouldn't be. That'S very very beneficial if you're a crook trying to do phishing and the theory is that, although the main window in your website and your browser can be can have anything, including fraudulent logos, fake logos, fake content, the address bar is not directly under the control of Anything remote the browser looks after it carefully, so it's the one true place that is supposed to be able to look at to figure out where you are now.

It turns out that they're using JavaScript inside a web page. This is the example of the researcher who found this problem used. He used a JavaScript function, called location, dot assign, and what that does is it says how, after you've rendered one page, it's so by the way, go somewhere else and fetch that page instead, and so in that example, we're basically redirecting to a site called well. The other dot test and what you'd expect is what actually happens in every browser. You want to try this with. If the site exists, you get something that's very similar to what you had before. I'Ve got different content in there, but the content and the address bar change at the same time now, what this research have found is that he could use a URL that was slightly unusual.

Here'S an example of what he did. He took the URL and he added. What'S called a tcp port on the end now normally web services, port 80 for HTTP and port 443 for HTTPS, so he said: go to a site that exists but to a TC people where nobody's listening. That'S like making a phone call to a company. That'S there through a phone exchange, that's working but to an extension where nobody's sitting so nobody answers. So what you'd expect to happen when you, when you tell the browser, hey switch to this new site? What you'd expect is it'll go well, try to connect to the site event, it will timeout that typically takes one to two minutes and during that time, what you expect is you'll, see the old web page and the old URL, and that's what most browsers did except Edge patched a month or so ago and Safari, and so in Safari.

Unfortunately, what you would see is something that looked more like this you'd see the old content, which could be a phishing or a fake site and you'd see the new URL and only after the download timed out. And you got an error message to display with the URL and the content actually line up now I haven't got a picture of this, but on the mobile safari browser on an iPhone, it was even worse because to save space it didn't actually show the colon 8000. So you didn't even realize you're going to a weird part of the site. So what this researcher said is this is a way of having content from one place could be a phishing site and a URL that suggests that you're actually somewhere else.

Even though you're not there yet can I just stop. You had a quick question. Well, first of all, Andy says hello from Mechanicsburg Pennsylvania, maynia, yes, just real Belt. I think from the name. That'S why I assume that's why it's called can expect. In England, we have Colville guess what they used to mind there. Who knows? Who knows so Theresa says so. This has been caught and fixed in most browsers, like Microsoft, edge, Internet, Explorer, Firefox and Chrome and Apple is catching up with fixing this in version 12. That'S basically it now just quickly. Let'S, let's let me just then show that, even though this was kind of a bug and everyone got very excited about it, there are some things that you could have looked for in Safari and you should look for in every browser.

Anyway - and you can see here that, although you've got that, there's that new URL, at least in the non mobile browser - you can see the 8000 - you don't see a padlock because it has make sure connected to the site. So there's no TLS, there's no security certificate. That it's received that it could possibly display and, of course, if you see a website with a webform on it, you shouldn't be putting data in there unless you think you're on a secure site. So that will be warning number one. The weird port of its visible warning number two, and also you see that blue bar other browsers use different visual cues.

That means whatever is happening, something's still loaded. So if you're going to put data into the forum, while a page is still loading, you're kind of putting it into something - that's not complete or but you're, not quite short, it is yeah. So there were already warnings, even in Safari, that the URL, the page is still loading the URL there's a hint that it's what's coming next, what's here now, but as Teresa mentions Apple, have fixed that which means that, if you've done an update, you will now be Okay - and you should still look out for those things that I've mentioned with whatever browser you're using, is there a padlock?

Does it appear still to be loading the content of the page and to be hung up waiting for a timeout? So you don't know what they still look out for those, even if you think the URL on the content actually line up nicely there cues that tell you what the browser's up to what the website, how the website, at the other end is behaving always very useful To know when you're trying to make a security judgment so Teresa says, is it considered a quick and dirty fix to disable javascript in the browser that would fix this particular URL spoofing because it relies on using javascript to make an already rendered page switch out for Another one and some people do switch off javascript or they use a plug-in like no script that selectively blocks JavaScript.

That'S a good solution for many people. The problem is that there are quite a lot of sites that don't work very well. If you turn JavaScript off because they rely on JavaScript to make things like menus, pop-ups, there's links this clicking that clicking menus that pop up and so forth. They rely on JavaScript to make that work so blindly. Blocking JavaScript gives you a very 1990s style of the web, even though it's 2018, so you might find that if you turn off JavaScript altogether, there are a lot of sites that either don't work at all or they just work really clumsily. That'S the problem with using that as a fix and it's why many people don't bother and why many people don't bother running a script manager, because they can be an awful lot of setting up to make sure you're blocking allowing the right scripts on the right side And the wrong scripts on the wrong side.

Of course, if you have an anti-virus software, not that I'm going to plug sauce home, which is, of course as a free version, if you would like to own it, but to use it, although I have just plugged it if you've got an anti-virus program that can Block both content that comes down and websites that your computer connects to sort of home can do both of those things. What that means, you've also got a fighting chance that if you've got some JavaScript that takes you off somewhere, where it shouldn't be, or it tries to load content from a dodgy site and then pretend it's a good site. You won't reach the dodgy site in the first place or if you get dodgy content back, it won't get rendered in your browser.

So that's an alternative way to blocking JavaScript outright is to say what I want to do. Is I want to block content that my antivirus thinks is suspicious and I want to prevent any visit or any content coming at all from sites that I know are putting me in harm's way. That'S a lot of long answer. Yes, controlling JavaScript does deal with this particular bug, so Andy's asked the question is: are you also? He says you know media from any avpd and VB conferences while he was with ICS. I was just wondering if it was that nd, so high n D, so he's he says: don't a lot of anti-malware products to take this type of redirection, usually an online banking protection m in M tax.

Well! Well, yes, or no, that because there's nothing wrong about! Jumping from one site to another, all loading third-party content into a site, and ironically, at least in the UK, many payment pages, when you go there, they actually temporarily jump you off to a content that comes from your bank, which might ask you a question like put In your secret banking code type in the code that appeared on your phone or does some verification with location, you see a banks logo for a bit and then you jump back to the site where actually doing the payment. So this thing about shifting using JavaScript from one site to another and back is actually used in mainstream sites, so unfortunately, just saying well blindly blocking any sort of attempt to redirect from one site to another.

The point is you're supposed to be able to do that. What a browser's not supposed to do is tell you: you've already reached your new destination when it's still showing the old content. That was the very simple bug that Safari had it updated the address bar before it had any content to match it, which meant that things could get out of sync. What other browsers were doing is they were waiting until they'd been an error, and then they would update the address bar and the screen to say, there's been an error at the same time. So we're never in any doubt and that's what that's the change Apple has made to fix this so, and I just want to ask a question of my own: what is an M & M attacked, I guess man in the middle or man in the browser.

What that means is where you you're suddenly on one site, where you're putting in secure data, what, if you're, not actually going to that site? What, if there's somebody else, that's actually intervening like a proxy grabbing your content and looking at it now, the good news is, if you're, using HTTPS secure sites. You should get some kind of warning, because the imposter site that you're being redirected to won't be able to come up with the right web certificate compared to say your bank or whatever, and you also get what's called a man in the browser attack, which is where You get some kind of JavaScript or plugin inside the browser that actually, instead of block instead of trying to snoop on content, while it's in transit, where in the middle it could be.

If you can actually intercept the traffic at the very end, either at the start or the end, obviously it has to be decrypted there. It has to be decrypted at the server, so the server knows what you're trying to ask for, and it has to be decrypted inside your browser so that you can actually so that it can actually display it, and that's a man in the browser attack same idea. What somebody's doing is, somewhere between your screen, the outside surface of your screen, if you like, and the processing on the server that there's somebody you shouldn't be, there is trying to listen in, they can either do it in the middle man in the middle attack, MIT M, which is when they're snooping on the network, or they can do it in the browser where they actually see the stuff after it's been decrypted.

So when you see MIT M or MIT B, that's what those things mean great so back to URL spoofing. Yes, from Don hello Don, he says how would we get John slashed Jill public to learn to realize what to look for so as to protect themselves from issues? Well, one. We actually write about things, whether directly or indirectly, about things like URL, spoofing, email, address, spoofing, dodgy links in emails; things like that regularly on naked security. For exactly that purpose. We feel that this is not a it's, not a game that we've lost to the cyber crooks. If we just keep reminding people what to look for, then a people have never given this a thought will improve in security and be because the crooks keep changing their game every time we are par as they try and alter theirs.

It means that you people can keep sort of in sync with what the latest attacks are. So we regularly do articles on naked security wet like the one we did for this particular bug where we we fill them up, not just with a description, but we actually put pictures in sequence that show you. This is what will happen when things are going well. This is how you compare it with what happens when things are going badly and our idea is trying to alert people where to look in their browser where to look on the screen. What things to look for the kind of tricks that the crooks for what to do with emails, what not to do with emails and so forth, and so Rob Klein.

That is a shameless plug for naked security. I'Ll stop cause! That'S what I was hoping for. So Rob Klein is really shocked that no one has commented on your awesome t-shirt yet. Well, it is an awesome t-shirt and you too can own one just like it. By going to shop so fast calm - or let me be more formal, HTTP colon, slash, slash shops, office, calm and you can get t-shirts, cool socks, cool, be nice, you can even buy high-end bicycles, but that's not why most people go there. Those are just to kind of they were used by they're, used by some salespeople in a race that we participated in an event that we participated in.

We figured you might like them, but the t-shirts all this and many more other cool slogans like malware is a dish best served. Never, for example, all their. I think so. Rob'S actually asked a question as well. He says: are there times that HTTP isn't really doing the job and are there ways to know? Oh, that is the very open question and they're, usually when you're faced with HTTP web certificates trickery. What usually happens you may see, for example, if you go into a coffee shop and they've got free Wi-Fi and what they do. Is they let you connect to their network and there's no password on the network, but the first time you try and go anywhere.

They basically redirect you to a fake site and the fake site is their login. Their captive portal and their captive portal says: hey. You can't go to Bing com search engine, yet you have to fill in this form and of course, to do that. They have to pretend that their Bing comm for one web page and they can't put the right certificate of you'll, get a certificate warning. So they claimed to be Bing calm, but they don't have the right certificate signed in the right way. So often when you go to a site, that's presenting a bogus web certificate, it's pretty obvious, because no so-called certificate authority issue web certificates will let just anybody have a website to say Microsoft, Commerce, office, karma Bing, calm or whatever it is so one protection is, if You get a warning that says: there's something wrong with a web certificate a couple of years ago.

Loads of people would let their certificates expire or they put the wrong name in, because it was all too hard and we got in the habit of going our certificate warning. Who cares it's only a website and you'd click through and if you're unlucky, your browser would remember that so next time the crooks have got, you won't get the warning again. So if you get a web certificate, security certificate warning, do not ignore it. They are there for a purpose, the other trick. Obviously, this is much harder to deal with what happens if a certificate authority somebody signs web certificates goes rogue and they agree. They agree to sign a certificate for the wrong person.

It'S very difficult to deal with that, but usually it's reasonably infrequent and when it happens, it's all over the news. So keep your eyes open and watch out for web certificate authorities that can no longer be trusted. Okay, that's great and then one final, very quick question for you: don't what should Mac and iPhone users do now well get the update Apple of traditionally been very good at getting updates out fast and people tend to accept them, and since I'm in a hurry, because I know we're over time. I have now botched things up on the phone and what do they say more haste, less speed. Well, while you look at that, I'm going to tell you that Andy says his wife stole his saw for socks.

They are in high demand that doesn't count as stealing does it. If you, if you're, mrs. where's your clothes, that's just you just have to go with that. Yeah, you, okay! So what do you do on on a Mac? Click on me, click on the Apple icon and go about Mac software update and wait to see if there's anything make sure that you probably get them automatically. But it's worth having a check and if you aren't on the list yet because that will stagger the updates. You could jump the queue by saying on to update now same on an iPhone or iPad. You go to what is it settings general software update and after the updates you'll see something like that.

So you see there Safari 12. That'S got the bug fix for this. An iOS 12 for the iPhone that update includes a brand new version of Safari, with this bug fix and while you're about it getting loads of other security updates and feature updates to so you might as well. Do it because the crooks now know what things have? What bugs existed in iOS 12, I owe s11 and Safari 11 before the update was out, so don't be the low-hanging fruit I get out there and get those updates. That'S great. Thank you. Duck has ways for your wisdom and thanks everyone for commenting and question and your questions and you have any more questions for duck or the team pop them in the comments box know we always check after the video has finished and until next time,

VPN Companies Are Lying To You

The Internet can be a terrifyingly beautiful place. One wrong click could be the difference between wholesome family-friendly content and absolute horror. So the idea of using a VPN can make some sense. Some sources say it's: a twenty seven billion dollar industry heading towards a thirty six billion dollars over the next two years. What is VPN companies fight for some of the markets share. Their sales tactics are becoming increasingly scummy, they're, often lying to you and using scare tactics to get you to buy their stuff, and, as someone who believes you have a right to privacy, this is starting to really make me upset. It'S almost like these companies are just trying to take advantage of the idea of privacy and make a couple extra bucks and they're not really helping people to understand how they can be more private online and what a VPN actually does for them cut.

If you wouldn't want mom looking through your web history, why would you let hackers AG companies or your internet and cellular provider do the same thing? They can track and record everything you do online, but not if you have expressvpn all kinds of snoopers want to monitor and collect data about what you do online Nord VPN shields you from them, so you can browse in ultimate privacy nope! That'S not true! If you look at the top VPNs you'll notice, they all make these fake claims about 100 % privacy and security browsing anonymously online being able to surf the web without a trace. The one-click solution to all of your privacy needs this stuff, isn't true, or at least it's an oversimplification of it.

Looking at a few dozen of the most popular VPNs that they boast have two major things: privacy and security, but they don't really deliver on either of them. A VPN passes traffic through their server acting kind of like a proxy. So when you try to download something online instead of the server you're downloading that file from seeing your IP address, they see the vpm server's IP address kind of looks like someone else is downloading it. Your online identity is made up of so much more than just your IP address. If you think, I'm crazy tell me this, how is it VPN going to help you when you and your friends are hanging out the local, Mickey D's chomping down some Nuggets and someone snaps a picture and then every single one of you tags your faces, and you Click like when your crush says man of taste, so much information is exposed just by you interacting and doing things online every day the devices you use.

The pictures you upload, the group's you're, active and channels you subscribe to the Internet is very complex. Think about it. This way you connect to the internet on a device. Let'S say it's: your phone, your device likely has a user account and then to connect to the internet. You would use an application such as Chrome. You would type in a search query and then your VPN would talk to the server in this example. There are multiple things that can record information that would compromise your privacy without the VPNs permission. For example, your GPS, location and search query could be stored somewhere. Let'S say one night: you decide to download something that you know you shouldn't but you're, using a VPN, so no one's going to find out except your device logs what you installed and when do you installed it?

How long you used it where you were when you used it, and maybe you even used one of your social media accounts to log in and now they know all that information too. Maybe you didn't download the app though, and you just search for it on the App Store, but even that information is being logged and can later be used to target you - and you know this because you've seen it before when you search for something online or you, You look at a website or a product later, it's targeting you all over the internet and those ad and analytics companies use things like tracking cookies and browser fingerprinting to follow you everywhere.

A VPN doesn't stop them from that. Even if your traffic looks like it's coming from Australia, when you start searching for local car dealerships, phone numbers and inventory, Google knows that you're trying to buy a car and they know where you're trying to buy it and even if you're, not logged into an account. While you do this and you're using a VPN, there's still hundreds of data points that are available to track you things like time zone fonts, you have installed the width of your device battery level. Video formats you can watch even how you render graphics can all be used to uniquely identify you and associate you to use your accounts and information.

Companies already know about you, apart from using something like Amazon or your data, is sold all the time, sometimes even by the government. All of that information, your address your name phone number birth date - gets indexed in cross-referenced online. So if you've been using the same email or username for years, a VPN can stop someone from associating the dozen other websites that you made accounts on over the years. If you're not familiar with this, I highly recommend you check out. Have I been poned comm poor Bob at AOL has been involved in hundreds of data breaches. You can see on sites like Club Penguin. Even the IP address was stored, so if you're using the same email or password, it's not very hard to connect this stuff together, which is super important to understand, because if VPN will not do anything to erase all of the information that you freely gave away.

So think about all of the accounts you've made. Did you use the same email address? Did you use the same phone number? All of them have location history. They might know your address your name, your purchasing habits, your credit card information and, if you keep using those accounts after you use a VPN that doesn't provide any layer of anonymity at all, imagine using a VPN to make it look like you're in Alaska, but you Keep shipping all of your Amazon orders to the house that you've had for the past 10 years, and Google still sees all of those orders in your Gmail account, and they know it's filling up. Saturday and social media obviously knows when you started using it because you took a picture of it and posted it.

So what did you just accomplished in terms of privacy? Nothing? Well, let's say your gmail account was associated with a small, suburban home in Kentucky and suddenly it looks like you're in Germany every day, Google still knows where you live, and it's not very hard to filter out proxies or VPNs and actually a lot of websites do That, if you're using a VPN to try to connect to something like Netflix, for example, you've probably seen that they'll try to block you. So I probably should bring up that a VPN doesn't help you at all when it's not running, because I know there's people watching this, who have turned their VPN off to watch Netflix or something like that when you do that all of the applications and Internet traffic Is now using your real location and it renders whatever false sense of privacy you had before completely useless.

Well, let's say you use a VPN on your laptop but later at work you just have to log into that game or email or whatever website, while you're going to the bathroom, and you did that on their Wi-Fi now they know that you've been there. So the idea of actually hiding your location, which is one of the main reasons people would use a VPN for privacy, becomes very overwhelming. I mean you have to always use a VPN forever and for most people that's pretty unrealistic. I mean I have multiple aliases. I pay with cash when I go out in public. My mom doesn't even know the cellphone number that was given to me by my phone provider.

I use VoIP numbers and I don't use the VPN all the time and people think I'm crazy when it comes to privacy. I suppose that's part of why I wanted to talk about this. A VPN is just one part of the puzzle of being private online, but VPN companies act like it's. The only thing that you need being private, online and being anonymous online, which are two completely different. Things require a lot of work, and attention and habits to keep up with a VPN is not a one-click solution, no matter how much the marketing company wants you to think. I suppose I should also talk about logging, because technically, when you're using a VPN that company that server knows everything that you're doing and you're trusting them to keep your information private, there are a handful of VPNs that say they don't log anything.

Some of them have even been in lawsuits with the government and have not turned over any logs. But I highly recommend if you are going to use a VPN, that you stick with the company that you trust, maybe even one outside of the United States or what they call the 14 eyes and if you're really into privacy and security. Some of the VPN apps. That you put on your phone or your device, actually open you up to all kinds of other threats and problems because of the permission that they want you to use on the phone, and so it's sort of like. What'S the point of all this, it's also really frustrating to me that they talk about military-grade, encryption and house to cure.

The VPN is, when you use it, some of them even act like you, should never connect to your bank account unless you're using the VPN and some people might be a little bit afraid at this point, because they're thinking I've been logging into my bank for years. Why what did i do? I got a body this VPN right away. I need to stay safe. I don't want a hack or collecting my banking information, but encryption on the Internet is not anything new and it's not something that this VPN company invented. Most people are aware of this, but at the very top of your browser, there's typically a little lock sign.

It means you're using a secure connection HTTPS. This essentially is encrypting your information between the client and the server. So when you submit a form with your username and password, someone else on the network can't actually see what you typed in plain text. So when VPNs talk about how secure they are using encryption, unless, for some insane reason, your bank doesn't use HTTPS, it doesn't really matter and when they say they're encrypting everything really, there were only encrypting the communication between you and them. After that they can't do anything. They can't stop the website that you go on, or the services that you're using from using unencrypted data or giving all of your information away to be fair in terms of security.

In a situation like this, it is possible that an app or device might be communicating and securely and a VPN might be able to help encrypt that data. I just think it's ridiculous that the VPN company would want you to think your bank has no security without them. So in a base level, when used properly, a VPN could be used to mask your IP address, which can be useful for a variety of things. They also could provide an encrypted tunnel between you and a server and for the record, I do think those two things are valuable and worth money, but in terms of 100 % privacy and security, a VPN can't stop your phone from tracking your location and user data.

Couldn'T erase past history about you, stop data breaches, circumvent browser, fingerprinting, force you to use unique passwords or stop your friends and family from revealing information about you online. They also can't really stop you from downloading malicious programmers. Keep you from fishing and hacking attempts or just giving information to the wrong person like a scammer. In other words, they don't give you privacy or security so well. I think it's useful to use a VPN for your privacy online. It'S like one tiny part of the puzzle. It can help mask where you're actually from in some cases it could even make it look like you're somewhere else and if used correctly, can stop your internet service provider from knowing what you're doing, but at a base level.

You'Re not getting much beyond that you're, not getting 100 % privacy security and anonymity for 4 bucks a month you're. Just not! This video is sponsored by you clicking the like button. If you enjoyed the video cuz, I don't know if a VPN company is going to sponsor me after this, but doesn't matter. I hope you learned a few things. I hope you had fun and I will see you in the next video you

Stop using VPNs for privacy.

So a lot of you probably already know about the whole nor DPN drama, but those of you unaware, basically, a very famous, very shield. Vpn service called Nord VPN got hacked somewhere in 2018. Basically, one of the servers got compromised and the attacker was able to get access to all the data that was going through the server for the whole month until North EPN discovered it and shut the whole thing down. Now I've been meaning to do this, video for a while now and the whole lore DPN situation was just an additional motivation sort of, and in this video I want to tell you that you probably shouldn't be using a VPN at all, while, with a few minor Exceptions, of course, let's get started, first of all, full disclosure, a lot of what I'm going to say in this video is based on this very good github, just like joepie 91, in which he described why one should be using VPN services, and I agree on a Lot of what he says, but I want to extend it and kind of elaborate on some points that I disagree on thing is a lot of.

Dbm providers employ so-called bait-and-switch tactics, which means they advertise one thing and at the end, you get something completely different that you didn't sign up, for they all have those flashy websites and advertisements where they promise you ultimate privacy and absolute protection from any kind of track. You know spying or what-have-you, whereas actually VPNs don't really protect your privacy or anything. The only thing a VPN server does is it takes all of your web traffic and it passes it through itself, so that your internet service provider or your employer doesn't see what websites exactly you visit. It only sees the VPN address and that's basically it your privacy is not going to be magically improved by just using the VPN, because you still use your real IP address to log into VPN service and even though pretty much every VPN service says that they don't Log your activities, they have a no lock policy and trusting those claims is the only thing can do really.

There'S no way to check whether your provider actual logs activities or not. There is no transparency about it ever besides, if you're using VPN service to connect to your online accounts such as Twitter, Facebook or Instagram, it becomes really easy to trace your identity to VPN service and it kind of defeats the purpose of using VPN for privacy to Be honest, so the only thing you're accomplishing by using VPN service is hiding your web activity from one untrustworthy party, that is your internet service provider and showing it to another one, possibly even more untrustworthy. Moreover, if a VPN service that you using is based in US, is obliged by law, to provide any kind of user data that it has, including your data also and in a lot of cases.

Those requests are also accompanied by a so-called gag order, which means that the company is obliged to submit any kind of user information that it has, and it's also obliged to keep silent about it. Some VPN providers can also potentially work as a honeypot. They basically operate on an assumption that, if you're using APN, you probably have something to hide. Are you doing something? Not legal means sure you might be just a law-abiding privacy, conscious citizen, but you also might be a script kitty or a drug dealer or an activist and journalists. This also gives EPN services an additional incentive to keep the data to lock the data, because who knows? Maybe there's going to be something interesting in there that they could use against you even also.

There are some drawbacks to using VPN services that are not directly related to privacy, but are pretty inconvenient regardless. Every VPN service has a limited range of IP addresses, so in some cases, especially if you use a very well-known VPN service, your internet service provider and the websites that you're visiting will know that you use a certain VPN which might draw attention to you. Some websites go as far as blocking all of the known VPN IP ranges, which means you probably get used to this kind of messages, because you'll be seeing them a lot. This point a lot of you, especially those who are more well-versed and the privacy stuff might say well, okay, sure VPN services are bad, everyone knows about it, but what about self hosting a VPN on a cheap virtual private server?

That could be better right. If you have some basic knowledge of the linux shell and thirty minutes of free time, you can basically set up a fully working VPN server for just a fraction of costs of those VPN services and at the first glance this option sounds great. But there's a catch and the catch is called openvz. Openvz is a virtualization technology that basically 99.9 % of cheap BPS providers use now the thing about open museu, it's a container based virtualization technology, which means all the VMS on a host share the same kernel and currently the majority of cheap VPS providers use openvz version 6, which ships Linux kernel version 2.6 point 32. A big portion of newer software doesn't even support kernels that are that old.

You want to run docker or maybe you want to set up a wire guard VPN. No, you can't - and I didn't even get to the best part due to the container based nature of openvz. Your VPS provider can basically snoop on everything you're doing in your virtual machine. That'S right! Your provider can basically see your process in real time. Has full access to your storage? It is absolutely impossible to encrypt your hard drive when you're running a openvz based virtual machine, so everything you're doing in your virtual machine is basically an open-book for a provider with other virtualization technologies such as KVM and Zen. It is still possible to snoop on you in seventies, but it usually involves dumping the RAM of your virtual machine, which is much more difficult and time consuming so yeah, basically stay away from open, musi based VPS and pick something that has KVM or zem based virtualization.

However, you might notice that open musi based Virtual Private servers are much cheaper than KVM or Xen based ones. Reason. Over-Provisioning openvz allows a virtual machine to borrow resources from another virtual machine that is currently not using any resources. As a result, a lot of VPS providers sell more virtual machines that they can afford resource wise. Some VPS providers will actually go as far as suspending or terminating your virtual machine if you've been using it to its full potential, stating that you've been overusing their resources. It actually happened to me once so so, if you're going to host your own DPN, for which there are valid reasons, I'm going to talk about them at the end of this video be sure to pick a KVM or a Zen based one, don't cheap out do Keep in mind, though, that a lot of what I've said about VPN services actually holds true for self hosted VPNs.

You still need to make sure that your VPS provider is not based in the country where it can be forced to give out all the data, and you still need to take systematic measures to improve your privacy. And even if you host your own VPN on trustworthy VPS, where you encrypt your hard drive and you and you don't keep any logs, VPNs are still not a silver bullet that will make you magically invincible to all the spyware and all the tracking and invisible to Cia FBI and we'll have you now? Are there valid reasons to use a VPN? Of course? Of course, there are here's some valid cases for using a VPN you're on an open network, for example Airport or cafe, Wi-Fi you're at work or university, and you want to hide your browsing history from your employer or your university.

You want to circumvent censorship and access content that is blocked by your ISP or in your country. And, finally, you want to torrent Linux iOS in a country that is known to be very hostile and very strict about piracy. So, that's basically all one to say: Oh almost forgot to mention our today sponsor you. I want to say a huge thanks to my patrons Mitchell villains. You know Christopher rate area, newer, gamer and everyone else supports this channel. Thank you for watching and I'll see you soon. Bye,

How to make a Proxy Site (Glype)

First, at this video I'd like to say a quick shout out to onyx networks, onyx networks is set up by Bradley and the coding beast so Bradley is the guy who does all the editing and the stuff on the forums, and he also might know that occurred In beast yeah, this is just my way of saying thank you to him by giving his channel little shout-out before this video, so they upload gameplay videos, montages giveaways, some, maybe some coding videos and things like that and link to their channels in the description below be Really awesome, if you guys could check it out so yeah onwards, with the video hey guys, welcome back to a new video tutorial.

Today, I'm going to be showing you how to make your own potentially free proxy website. So you can see proxy jet tutorials comm. Is this Chuck tutorials proxy for secure and browsing on the internet? Now this is powered by something called life. If I'm saying that correctly and I'll show what the gly page looks like um, it's a web-based proxy script written in PHP, and it's literally so easy to do. You don't really have to do any work and the glide it does all the work for you in regards to getting all the proxy sites, and things like that.

So you've probably seen this before, just because a lot of websites use it. If I just go to a random, let's see proxy website a random practice, just a random proxy website that that isn't, hidemyass or something you'll, probably see gly pin action be able to find one other, because i'm awesome yeah. It cuts into fine dinner yeah. A lot of people use, it is what you need to know. I can't find anything right now. I probably should have been prepared before i did the video, but anyway so I'll, show you what my IP is now well I'll show you a part of it anyways.

Well, it's my P. You can see at the moment this is my IP address, we'll just keep an eye out for the 92, but here the rest of it's going to be blanked out, and if I go to Google using this website, the proxy website will continue anywhere. It isn't HTTP, but you know what can you do sort of it? What'S my IP and you can see that my IP address is completely different, so we're actually I'm I in the world right now. Let'S have a look more information about me. So apparently I am in when it loads, I don't think, is going to load.

We are in. Let'S have a look on here. Can we see maybe not but yeah so life does all the work for you and it's probably cuz. We remove scripts and see if that works anyway, we'll go back to the web site here, so yeah life does all the work for you. All you need to do is install it and that's why I'm going to be showing you how to do today, you're going to need a web host now you can buy one. If you want, I recommend the fast, which is who I use. They'Ve got web hosting from one pound 49 per month.

I'Ve been using them for nearly two years now and that's what all my websites run on. Oh, you could probably use zero web host. Other, don't use them anymore because they had a big. Was it a credential? Lika think I remember it without long ago. I don't really use them anymore, just because I have, and I have a web host just don't need to use free ones, so you're just going to need to find yourself a web host might work on localhost, I'm not too sure you can always try using WAMP, But anyway, I'm just going to set up how to install this and I'll get back to you in a second.

So all I'm going to do here is create my subdomain, so you can see the other subdomain. I'Ve got his reviews, dr charles calm, and that will redirect yourself to a folder called reviews. So that's what i'm going to do now. I thoughtyou my guys might want to see this if you already have a domain name, so the subpoena man's going to be proctor for the jet tutorials domain, you can make it proxy dot reviews jet tutorials, but i'm just going to make it proxy dojo tutorials and Then i'm going to press create and that will create, as i think it will create as the folder as well, where we will install guaipe.

So if ever install wordpress the it's very similar on how to do so here we are in FileZilla. So this is my website. You can see, we've got a new folder called proxy and in there we've just got CGI bin. So now what we need to do is download the life so we'll just go to the website, we'll go to download, we'll agree and download it, and it's a very small download and we're going to extract all the files into FileZilla. So literally just grab this stuff and put it in there and it will look blood all the things to FileZilla and then we can go ahead and install it once it's finished.

So there we go we're all installed very quickly and we're just going to go to our subdomain here. So we can go to proxy learjet tutorials comm, and this is what the light will look like. So it's the first time in used installation so when it said when it's found, the sentence file was found and is writable. The installation can proceed, do not leave the script at this stage. So if I leave this at this stage, we are open to a problem. So we can enter some details here. These are the details I'm going to use because I'm assuming I'll probably remember the password and I'm going to press submit.

So this is what we get so we have our control panel here and how to access the control panel. You just do proxy Jetstar's, comm, slash admin, and that will let you on to the proxy. I had the pox control panel, so we've got a number of different settings. If I just actually show you what the page looks like now, it looks like this and you might have seen this before, because this is what gleich looks like and I've seen this before. So maybe you guys have seen it as well, so we're going to go back onto this and we can have a look at what we've got so we've got our PHP versions, I see URL version and it just you know, checks everything and we can go to Our settings here he can input a license key the license keys for advertising.

I think you can change the theme, but you can also get themes which I'm going to show you how to do as well. There'S a temporary directory, the SSL warning foot has included your a link code in hot, linking login, so login. His way you can enable logging are not, and I'm basically it will show you what everyone's accessing and put them into a log file. I'M going to switch mine off because I don't really care what people are doing and you can also restrict to websites that are going through or you can whitelist websites and blacklist them.

And then you've got the IP bans which kind of cool and you've got cookies. And maintenance and user configurable options and yeah so got all of that. And if you go here, we can see that it can view log. So I'll show you how what logs look like so I'll, enable two logs and log all requests and then save the changes, and what I'm going to do here is go to youtube.com my cat type, and we are on YouTube here. We'Re viewing in English us and all I'm going to do is go to FileZilla, I'm going to go to my logs folder.

Where lies: where is the logs? I have lost it. Where does it save it to logs lockbox LC? There we go right, so the folder was never existed, so let's just do one of them, so the log file is stored in the temp folder. So if you go to TMP logs and there's our log and if we view or edit this, you can see all the traffic coming from an IP address, which I will need to blank out. Just to reminder for myself and I'll show you where they are going and then these are all ads, I'm guessing I'm pretty sure they're all ads so I'll, just stuff it loads as well as ok.

So that is awesome all right. I'M going to show you how to put in a theme, so I'm going to type into Google, you like themes and we're going to reload the page and we're going to reload the page again and again and okay, so the that websites, not working brilliant awesome. You are ruining my video so go to globe themes. This is a different website. I'Ve never used this before. Apparently, that is under construction. So we can't use that. Let'S have a look at this one. That'S really not because I really wanted to use this one wonder if I've still got the one downloaded, so, unfortunately, the website ones use is down which had the FEMA I wanted to use.

I will do a follow-up video to this on how to install themes, but what we else we can do is we can actually change some information on this page. So this is inside the FileZilla and we can go to the config file which is somewhere because what happens is: is the config file controls all the information for every single theme? So basically the themes - the page is always static, but the theme is control. What it looks like so, if I go to the themes folder here, I come over, which theme we are using, so just go to slash admin.

Edit settings phim it's going to be default, so we need to go into our default folder. Here we can download this config file, so just good that stuff and download that and we'll open another plus. So you can see here we can change some stuff here. So we've got our site name. We'Ve got our meta description, meta keywords, description, indexable form and index below from proxied, so we can change here. So we can change this to check guitar in order to this instead, because it's neater - because this is still going to be live when this video goes up.

So we can actually change this information as well. So this is a description text which is here this information here, so we'll change that information to toriel's proxy for anonymous browsing. Something like that and we'll leave this information here, because it doesn't have as many configurable options as my old one did, which sucks so then. What we can do is upload the config file back and overwrite that one refresh and there we go so it's kind of crappy. So, unfortunately, that is what happens when the page goes down, and so, if you wondering about removing this kind of stuff, if you I've already tried it, if you remove illogical error out and will let you use the page anymore, so you have to have the credibility Credibility to glide on your proxy page, but that's okay, because this is a really good little software package submit.

So that is the end of this video tutorial. It'S relatively short, well, ten minutes, but it's kind of shorter than I wanted it to be. Just wanted to show you these themes that this guy was making bits pages down under yeah, so very much for watching, please like and subscribe. If you enjoy the video, don't forget to check out my website, jet tutorials comm, hey check out my Facebook and Twitter and yeah all in the description below and if gets you by games using my g2a referral link. All the money goes back to you guys and giveaways, and things like up.

I remember for watching any questions. Please leave them on the forums. I shall see you again next time.

How to Get a Indian Ip Address! (India Vpn With Proxy list) Software

Hello people welcome to my video today, I'm going to show you how to change, how to change your proxy to in the air to change to India IP address or to get IP address from India, whatever there's a lot of what software's out there. But in my opinion, is one of the best softwares, because it's in the in the easy way you can change your IP address and you change you. Can you can change your proxy to the country that you want to change in this case we're going to change to India, so it is very easy, so you only need to you have two options to change country. You can change from here, or you can go directly to to here.

So one of the best things about these photos, you can this real depend. If you want to just visualize India, Indian websites, you only need to click, never change IP, because you don't need to change IP. Every every minute is one of the best things, but this is more about. If you want to use the software different software and some desam software that some programs they required to change IP address or to change IP, the proxy for every one minute or every five minutes, I have a ten minutes. This is why this is good software, and this is why I buy this software. It'S because I use some programs that they require to change the IP every one minute.

So in this case, if you want to just to visualize websites Indian website, you don't need to change IP all time, so you click, never change IP. You select the country, India, so, and you in this quick where you will change IP to India. So here is so, as you can see here, that the this office can change the IP address very quickly and that's going to test if the the EZ at IP has already changed the IP. Now we are in France, so in as you can see now we are in India. So, as you can see, this is a very easy software and you have these options, so you can change the proxy India proxies or the location, the IP location.

You can change for every time as you wish, for example, if you want to change for every 1 minute, you just need to select to change every 1 minute, so every one minute the the the VPN will change the IP address to to other location. In the same country, in this case from India, so let's go into wait a little bit more to confirm that this also can change the IP after 1 minute because we selected here one minute so there's a lot of different companies that this sells very similar softwares With the same similar name, so I would that's why I will recommend you to view you go to the website on the on the description on the video and in that way you you can go directly to the the website where the these this software is located.

So, the after you click on the on the the link on the website. This one description: you will be redirected to this to this website here which you can have two options to download the software. So you will have you don't have nothing to use you? Can you can enjoy the software for three days so in that way you can test if it's working to watch the the Indian websites that you are looking for or for any other proposes, so you will you have three days to for texting this this website. The idea is this software, and this is one of the best things yeah. It'S right. I already tried to other companies before and must most of them they read the way they required.

We pay before tests. So I really don't like that that that's way because we first we must to try and just after if we are happy we can buy. So I was I was happy. So that's why I buy this amazing software and that's why I promote to more people, know more about this software. So, as you can see here, you have the price after three days, the it's not a good and the other great part of this. This completely because the price is not the killer price, you can you can. If you want to enjoy just one more vulture you can for less than five dollars. You can enjoy the this amazing software, the easy at IP for one month or if you want, for example, to use that that's also for all year, so it's 30 dollars so which is not expensive and you can enjoy from other country.

The Indian websites for all. Here and if you are, if you are happy with the software, so you can save more money if you enjoyed for two years, which is a little bit more cheaper than for one year, as I see here for one year's 29.95, so for two years is, is Going to be almost fifty dollars, which is not, it is very cheap. If you compare with other companies, I'm wasn't sure. If you've been in all the companies, they are much more expressive than that one, and this is war and they don't have. The functionality is about this soft, like this software, which which you can change every five minutes.

Everyone needed every ten minutes, every twenty minutes to use all the kind of programs not to if you want just to visualize some Indian website, so you don't need to change every one minute. You just need to select, never change IP. So in that way you can enjoy, this doesn't make any difference. If you change change IP everyone in it, you can still watch the Indian websites, but you don't need to to change every one minute you just need to fix with the to lock. With the same the same IP, so yeah and you can enjoy the website and when you want to back again to your real IP address, so you just need to disconnect and automatically you will back to the same location IP.

Then you are from so she's. Very quick software's is a very good source, very cheap, and I will recommend you to try and and to test it for three days and and please comment on this video. If you, what do you think about this software and tell what website you can enjoy with this software? What Indian website you can you can watch and what programs you can use or not use with this software? So in that way you can help other people too. To know more about this software and to know what they can expect about this, the this amazing software is called easy at IP. So I hope you rate if you liked this video and sorry about my English, but mine is not my main language.

So if you want to rate this video, please is only take one second, and this can help to to me to get more use and help other people to visualize this video. Ok, thanks for watching and have a nice day.