In this article, we look at what keyloggers are, how to detect them, and how to remove them. 

• Keylogger definition
• Are keyloggers malware?
• How does a keylogger infect your system?
• How to detect a keylogger
• Other ways to protect yourself against keyloggers
• Final thoughts

Keylogger definition

A keylogger is any software or hardware device that records your keystrokes when using a computer. Note that “computer” includes mobile devices, as some keylogger software can record your taps and swipes on a touchscreen. 

Software keyloggers are by far the most common, and software keylogging viruses can replicate and infect other devices. 

Hardware keylogging devices might be installed by a manufacturer or government agencies that intercept hardware deliveries. However, the most common type of hardware keylogger is a USB device inserted between a computer’s USB port and its keyboard’s USB connector or dongle (for wireless keyboards). Currently, no known hardware keyloggers can log input from a target mobile device’s touchscreen.  

Most modern keyloggers send the information they collect over the internet to whoever developed or configured them, but some keyloggers (especially physical ones) may require manual retrieval. 

Are keyloggers malware?

Keyloggers are often a form of malware used by criminal hackers to gain illicit access to passwords, bank account details, credit card details, and other highly sensitive information. (Hackers also use hardware keyloggers — a good example is attaching a physical keylogger to the USB ports of computers at an internet café). 

In addition to simple criminal activity, keylogger malware is used for police surveillance,  state-sponsored cyber warfare, and corporate espionage. 

However, there are (more) legitimate uses for keyloggers:

• “Net nanny” software suites often include keylogging capabilities that allow parents to monitor their kids’ online activity and help keep them safe.
• Companies are increasingly using bossware surveillance software with keylogging capabilities (together with the ability to take screenshots and even webcam photos) to ensure employees don’t slack off. The use of this kind of software has skyrocketed as more and more people work remotely. 

How does a keylogger infect your system?

Malware keyloggers infect systems in the same way that other types of malware do.  

• Keylogger viruses self-replicate and spread from computer to computer across networks.
• Keylogger Trojans appear to be legitimate software (or hide inside legitimate software).
• Rootkits may contain keylogger capabilities and can be difficult to detect, even with good anti-malware software.

Learn more about malware

Attackers often distribute malware keyloggers via drive-by-downloads (scripts executed when you visit a malicious website) or phishing (where you are tricked into installing malicious software or clicking a link to a drive-by-download website). 

Corporate or state-sponsored hackers and the police often perform highly targeted attacks against individuals via personalized spear-phishing tactics that use social engineering to trick the victim into installing a malware keylogger. This type of hacker is also more likely to physically access a device to plant a physical keylogger or infect it with keylogger malware. 

Learn more about phishing and spear phishing

More legitimately, it’s perfectly legal for someone to install a keylogger on hardware they own. This includes devices given to children by their parents and laptops supplied to employees. 

Remote employees who use their own equipment are often required to install bossware keyloggers on their hardware as a condition of their contract. 

How to detect a keylogger

Malware keyloggers are by far the most common type of keylogger, so the most effective general defense against keyloggers is to use good antivirus software. 

If you use a public computer to do anything sensitive (for example, at an internet café), it’s always a good idea to quickly check that no strange devices are plugged into its USB ports. If you think you might be singled out for targeted surveillance, you should periodically give your computer a thorough physical examination. 

Other ways to protect yourself against keyloggers

All the usual precautions for protecting yourself against malware apply keyloggers:

• Use good antivirus software
• Don’t open emails from unknown sources
• Don’t click links you’re unsure about
• Don’t install software from untrusted websites

Using two-factor authentication (2FA) is always a good idea, but be aware that malware keyloggers can often steal the contents of your device’s clipboard. Even if you enter the 2FA code manually using your keyboard, a hacker might be able to see this and use the code to log in to your account while the code is still active. 

Additional precautions you can take include:

Use DNS filtering

DNS filtering blocks connections to blocklisted domains. This can help protect you against downloading malware keyloggers from domains that are known to be malicious. If you already have a keylogger on your system, DNS filtering can prevent it from sending your stolen keystrokes back to the hacker. 

Proton VPN offers a DNS filtering feature that’s available to anyone on a paid plan. In addition to filtering out malware, our NetShield Ad-blocker can block ads and trackers. 

Learn more about NetShield

Use a password manager

By far the most common use of keyloggers is to steal usernames and passwords. A password manager such as Proton Pass can autofill passwords, so there are no keystrokes or touchscreen taps for the keylogger to record. 

Final thoughts

Unless you are a person of particular interest to the police, government agencies, corporate hackers, or otherwise have access to valuable assets that could make you a target for cybercriminals, your primary area of concern should be malware keyloggers that opportunistic criminals randomly distribute.

Your best defenses against picking up such malware are using good anti-malware software and being very careful about phishing, which emails you open, and which links you click. 

The post What is a keylogger? appeared first on Proton VPN Blog.

We discuss how to change the IP address of your Windows 10 or Windows 11 device. This doesn’t change your IP address on the internet, although we’ll look at that as well. 

• Changing your IP address on Windows
• How to change your external IP address on Windows
• How to hide your external IP on Windows using Proton VPN
• Change your Windows IP address using a VPN router
• How to change your local IP address on Windows
• Why change your local IP address on Windows?
• Local IPv4 vs. IPv6 addresses
• How to change your IP address on Windows 10
• How to change your IP address on Windows 11
• Frequently asked questions

Changing your IP address on Windows

An IP address uniquely identifies every device connected directly to a network. Networks can be large or small. Large networks are known as wide area networks (WANs), the most notable example being the internet. 

Local area networks (LANs) are small networks that connect devices within a limited area, such as a home, office, or school. Devices connected to a local area network usually connect to the internet via a router and modem. 

Learn more about IP addresses

In this article, we look both at how to change your Windows device’s external IP address that websites, P2P peers, and apps see and also how to change its local IP address that other devices on your local area network use to identify it. 

• How to change your external IP address on Windows
• How to change your local IP address on Windows

How to change your external IP address on Windows

Your external IP address is the IP address you use to connect to the internet. It’s the IP address that anyone on the internet sees, including websites, P2P peers, and the backend servers that your apps connect to. Your external IP address is assigned to you by your internet service provider (ISP).

Most Windows devices connect indirectly to the internet via a WiFi or wired Ethernet connection to a router. The router then connects to a modem (these two are often combined into the same device), which connects to the internet.

In this scenario, your Windows PC’s external IP address that anyone on the internet can see is actually your router’sIP address. All devices that connect to the internet via that router will share the same external IP address (unless you somehow hide your IP address).  

There are several ways to hide your Windows device’s IP address when using the internet, including:

• Tor browser
• Proxy servers
• A virtual private network (VPN)

All of these methods route your internet connection to another computer so that you appear to access the internet from that computer’s IP address (in the case of Tor, your connection is routed through a series of “nodes”, so you appear to access the internet from the last “exit node” in the chain). This is known as proxying your connection. 

Of these ways to proxy your connection, the most effective, useful, and convenient method is to use a commercial VPN service such as Proton VPN. We are a 100% free VPN service with no logs, no data restrictions, and no artificial speed limits. 

We offer this free service because we believe privacy is a fundamental human right that should be available to everyone. If you want to support our mission and access a range of premium features, such as NetShield Ad-blocker, more than 3,000 servers in more than 65 countries, the ability to stream content from around the world, and more, you can sign up for a premium plan.

How to hide your external IP on Windows using Proton VPN

1 Sign up for a free Proton VPN account.

2. Download the Proton VPN Windows app

3. Open Windows Explorer, go to your Downloads folder, and double-click the ProtonVPN_win_vxxx.exe installation file you just downloaded.

• If a new window pops up asking Do you want to allow this app to make changes to your device?, click Yes.

• If installing for the first time, the OpenVPN TAP adapter installation windows will appear. Click Next. 
• The Windows .NET framework might also be required. If prompted, follow the instructions to install Windows .NET as well.

4. Select your preferred setup language, click Next, and follow the wizard to install the app onto your Windows system. 

5. Open the app and sign in using your Proton Account login details. 

6. Click Quick Connect to let the app pick the best server for your location. 

Alternatively, you can manually choose a country or server to connect to. If you are on our Free plan, you can connect to servers in Japan, the Netherlands, and the United States. If you are on one of our premium plans, you can connect to one of over 1700 servers in over 60 countries. 

Your real IP address is now hidden so that it cannot be seen by websites, P2P peers, or other observers on the internet. 

Learn more about VPNs

To make sure your IP address changed, visit a website such as ip.me with and without the VPN connection. 

Change your Windows IP address using a VPN router

Another way to change the external IP address of your Windows PC is to connect it to a VPN router. This is a router configured to route all devices connected to the internet through it (including Windows devices) through a VPN service such as Proton VPN.

Learn how to configure Proton VPN on your router

How to change your local IP address on Windows

Your local IP address is the IP address that your Windows device uses on your local area network (LAN). Your router uses it to send incoming data to the correct device, and other devices on the same local network can see your device’s local IP address. 

A common type of LAN is the home network, where all your household’s laptops, smartphones, tablets, smart devices, games consoles, smart TVs, and other internet-capable devices connect to the internet via a router and modem supplied by your internet service provider (ISP). 

Devices connected to a LAN do not connect directly to the internet, so no one on the internet can see their IP addresses. They see your modem’s IP address (unless it’s proxied — see above).

Below, we look at how to change your local IP address on Windows 10 and Windows 11. This changes your devices’ IP address on your LAN but doesn’t affect the IP address seen on the internet because that’s your modem’s IP address. 

Why change your local IP address on Windows?

By default, most routers dynamically assign IP addresses to devices on a local network using the Dynamic Host Configuration Protocol (DHCP). 

This means the IP address to your Windows PC may change depending on your network configuration (for example, when you take your Windows laptop out of the house and then return with it).

If other devices on your network access your Windows PC via its IP address, it’s a good idea to configure a static IP for it that your router will not change. For example, this would be useful if you use your Windows device as a media or LAN games server.

Local IPv4 vs IPv6 addresses

Windows 10, Windows 11, and most modern routers can use IPv6. Globally, Internet Protocol version 4 (IPv4) addresses are running out. To solve this problem, the much longer Internet Protocol version 6 (IPv6) address system is being rolled out, which vastly increases the number of addresses available.

However, the local IP addresses issued by your router are for private use only and are not affected by the IPv4 global shortage. So while it is possible to configure your Windows device to use an IPv6 address, there’s little point in doing so. 

Learn more about IPv4 vs. IPv6

How to change your local IP address on Windows 10

1. Go to Start → Settings

2. Select Network & Internet 

3. Select your internet connection (WiFi or Ethernet) and click on Properties.

4. Go to IP settings → IP assignment → Edit.

5. Click Automatic (DHCP) and select Manual from the dropdown menu.

6. Toggle the IPv4 switch on. 

7. Fill in the IP settings.

• IP address — This can be any numeric value in the 192.168.0.0 – 192.168.255.255 IP address range.
• Subnet prefix length — 24
• Gateway — Enter the IP address of the router or modem your PC is connected to. This is usually either 192.168.0.1 or 192.168.1.1
• Preferred DNS — Enter the IP address of a DNS server or DNS service (for example, 9.9.9.9 for Quad9).

Click Save when you’re done. 

8. You’ve successfully changed your IP address.

How to change your local IP address on Windows 11

1. Open the Settings app.

2. Go to Network & internet and select your network interface (Ethernet or WiFi).

3. If you have an Ethernet connection, click on IP assignment → Edit.

If you have a WiFi connection, click Hardware properties…

Followed by IP assignment → Edit.

4. Click Automatic (DHCP) and select Manual from the dropdown menu.

5. Toggle the IPv4 switch On. 

6. Fill in the IP settings.

• IP address — This can be any numeric value in the 192.168.0.0 – 192.168.255.255 IP address range.
• Subnet mask — If you know your subnet mask address, enter it. If not, enter 255.255.255.0.
• Gateway — Enter the IP address of the router or modem your PC is connected to. This is usually either 192.168.0.1 or 192.168.1.1.
• Preferred DNS — Enter the IP address of a DNS server or DNS service (for example, 9.9.9.9)
• Preferred DNS encryption — Choose the level of DNS encryption you prefer (if DNS server supports it).

Click Save when you’re done. 

7. You’ve successfully changed your IP address.

Troubleshooting

If you can no longer connect to the internet after making these changes, there are two possible reasons:

1. Two or more devices on your network have the same IP address

Check the IP addresses of all devices on your network and manually change any that have the same IP address using the instructions above.

2. Incorrect subnet mask

To find the name of your network’s subnet mask, Open the Command Prompt ap or Windows PowerShell app and enter the following command:

ipconfig

Look for the Subnet Mask entry under your Ethernet or Wireless LAN adapter Wi-Fi connection.

Frequently asked questions

The post How to change your IP address on Windows appeared first on Proton VPN Blog.

When you use a virtual private network (VPN), your device connects to VPN server run by a VPN service such as Proton VPN. The connection between your device and VPN server is encrypted.

This means your internet service provider (ISP) can’t see what you do on the internet (only that you’ve connected to a VPN server), and anyone on the internet (such as websites and P2P peers) can’t see your real IP address (only that of the VPN server).

Learn more about how a VPN works 

However, if your VPN connection fails for any reason, your ISP will be able to see any connections you make on internet, and websites, P2P peers, and anyone else you’re connected to on the internet, will be able to identify you through your unique internet protocol (IP) address. 

Learn more about IP addresses

A kill switch (if implemented correctly) prevents this. If you disconnect from a VPN server unexpectedly, a kill switch blocks all external network traffic to and from your device until either the VPN connection is reestablished or you disable the kill switch. 

How does a kill switch work?

There are basically two kinds of kill switches:

Reactive kill switches

A reactive kill switch monitors your device’s internet connection to ensure it is connected to a VPN server. If it detects that it isn’t, the kill switch closes down your internet connection. Reactive kill switches are not well regarded by security professions for two main reasons:

1. There is an inevitable delay between the VPN connection dropping, the kill switch detecting the drop, and then terminating your internet connection. This delay might be only milliseconds, but that’s enough time for your real IP address to be exposed to the internet.

2. Reactive kill switches are usually not good at detecting connections that your operating might make outside the VPN interface. They might, for example, monitor your IPv4 connection to ensure the VPN connection is active, while being completely unaware that your device is connecting to a server via IPv6, and thus exposing its IPv6 address. 

Fortunately, these limitations mean that reactive kill switches are rarely used these days.

System-level kill switches

A system-level kill switch uses firewall rules and other platform-specific mechanisms to ensure that no traffic can enter or exit your device outside the VPN interface.

On Windows, most VPN kill switches use the Windows Filtering Platform, while Android 8.0+ features a built-in Always-On VPN & Kill Switch setting. macOS and iOS devices have their own mechanisms, but these are flawed. We’ll discuss this later in this article. 

Properly-configured, a system-level kill switch makes it impossible to connect to the internet without an active VPN connection. Since no connections can enter or leave your device outside its VPN interface, if the VPN interface isn’t active, then no connections are possible.

System-level kill switches are passive, and therefore much more reliable than reactive kill switches. There is no need to detect if a VPN connection is working, so no need to close the internet connection. If the VPN connection isn’t active, then no internet connection is possible. 

The engineering required to build a good system-level kill switch also ensures that IPv6 leaks and DNS leaks are also impossible when the VPN is active. It also ensures that nothing is leaked during the connection process and when switching between VPN servers.  

Platforms

As noted above, system-level kill switches are built using platform-specific mechanisms. This means VPN services must develop separate kill switch solutions for each platform they support. The result is that some VPN services advertise that they offer a kill switch, but the feature is only available on some platforms.

Proton VPN offers a full system-level kill switch on all platforms that we support — Windows, macOS, iOS/iPadOS, Linux, Linux CLI (and, of course, Android). 

Kill switch modes

Usually, a kill switch only engages when you start a VPN connection, and is disabled when you manually disconnect the VPN or shut down your device. When the VPN is disconnected, you can access the internet as normal. 

It is also possible to run a kill switch so that all internet activity is disabled unless the VPN connection is active. This way of running a kill switch can be less convenient, as you can’t simply turn the VPN off without additional steps required to access the internet). However, it ensures that you never accidentally connect to the internet without the VPN enabled. 

This is especially effective when you boot up a device, as it prevents apps that load before the VPN client (for example, a torrent client) from establishing an internet connection before the VPN tunnel is created. 

At Proton VPN, we call this kill switch mode a permanent kill switch, which is available on our Windows and Linux apps. 

Learn more about our permanent kill switch

Who needs a kill switch?

A kill switch helps to ensure you never access the internet thinking that you’re protected with a VPN, when you aren’t. As such, a kill switch is an invaluable privacy and security tool for activists, journalists, anyone who uses a VPN to stay private on the internet. 

It’s worth noting that when simply surfing the web, your real IP address usually only becomes exposed when you actively click on a link or type in a URL. However, this is not true for P2P downloaders, who often leave their active connections to P2P peers unattended for long periods of time. This make using a kill switches particularly important for torrenters.  

A note on kill switches and Apple

A number of vulnerabilities have been discovered in how Apple implements VPN connections on its macOS, iOS, and iPadOS platforms. This includes routing traffic from Apple apps directly to Apple, regardless of whether a kill switch is enabled. 

This problem affects all VPN services, although Proton VPN has introduced a number of measures to mitigate against it.

Final thoughts

A kill switch ensures that if a VPN connection fails, your real IP address isn’t exposed to websites you visit, and the websites you visit aren’t exposed to your ISP. If privacy is even a small part of why you use a VPN, you should enable a kill switch. 

The post What is a VPN kill switch and when should you use one? appeared first on Proton VPN Blog.

Although run from the same router (which may also be your modem), a guest network operates as an entirely separate WiFi network, providing guests with internet access without giving them access to your main WiFi network or the devices connected to it. 

Guest networks offer several security, privacy, and network management benefits, which we’ll discuss in this article. 

What is a guest network?

A guest network is a WiFi network you run alongside your regular WiFi network. It has a completely different WiFi network name (SSID) and password and is (as the name suggests) intended for use by temporary guests.

Guest networks can be useful in your home but are invaluable for many businesses. Any public venue that offers guests WiFi access, such as a café, restaurant, bar, or hotel, will want guests using a different WiFi network than the one its staff uses to ensure staff members have sufficient bandwidth to perform their jobs. 

Similarly, an office may want to allow visitors to access the internet but not company resources such as printers, NAS drives, or confidential files shared among employees. 

Reasons to set up a guest network

There are many reasons to set up a guest network in a business or home environment.

1. Make guest access easy

Setting up a guest network allows you to set an easy-to-remember password for your guests and customers, while securing your “real” home or business network with a secure password. 

For the ultimate convenience, you could even offer a guest network with no password at all. This means neighbors and passers-by would be able to access your network without restrictions, but it might make sense under certain circumstances. For example, if you run a hotel in the countryside with few neighbors.

2. Protect shared resources on your network 

If you share folders, NAS drives, or printers across your home or office network, these will be accessible to anyone connected to your network. Creating a guest network allows you to safely provide guests and customers with internet access while reserving access to confidential resources to your own family or employees.  

Although you’re very unlikely to be hacked or be infected by malware simply from someone connecting to your WiFi, malware can easily spread (unintentionally or otherwise) through infected files that are shared across a network.

3. Manage guests’ internet access 

If you run a café or hotel, you probably don’t want guests using your WiFi to download copyrighted content, access inappropriate or illegal content, or take up your precious bandwidth to stream Netflix shows. 

On more sophisticated guest networks, you can restrict access to certain content, limit how long guests can connect to the internet, and turn the guest network off when you don’t want guests using it. You can also specify how much bandwidth is available to the guest network to ensure users o either the main network or the guest network have sufficient bandwidth.

4. Hide your real WiFi network from hackers

Once you’ve set up a guest network for visitors, you can hide your primary network’s SSID so that only people who already know it exists can access it. This isn’t a foolproof solution, but it will help protect you from more casual hackers who want access to your router.

5. Secure your network from IoT devices

Although the situation is improving, internet of things devices, such as smart speakers, Ring doorbells, smart security cameras, smart baby monitors, and smart fridges, are notoriously insecure and vulnerable to hackers. 

A guest network allows you to segment access to the internet for your IoT devices, connecting them to a separate network from your main network. This won’t prevent the individual IoT devices from being hacked, but it can deter intruders from exploiting weaknesses in your IoT devices to access your primary network. 

6. VPN access  

A creative way to use guest networks is to set up a VPN connection on your router for just the guest network.  

This allows for a kind of split tunneling effect, where devices that connect to the guest network benefit from the VPN while devices on your main network don’t. 

How to set up a guest network

Most modern routers support creating a guest network, although the details will vary by manufacturer and model. 

Routers designed for home networks typically provide only limited control over guest networks, but commercial routers often allow you to filter content, restrict bandwidth, and otherwise manage your guest network in granular detail. 

If your router doesn’t offer guest networks or provides too limited control for your liking, you could flash your router with more capable firmware, such as DD-WRT or OpenWRT. 

Another option is to plug a secondary router into your primary router and use it for your guest network. 

How to set up a guest network on a router

This guide uses a typical modern consumer router — the TP Link AX5400 Wi-Fi 6. Setting up a guest WiFi network is similar on most routers, but details will vary.

1. Log in to your router’s admin page. Typically, you can do this by entering the address 192.168.1.1 or 192.168.1.0 into your browser’s URL bar. Modern routers can often also be administered using a mobile app.

Many manufacturers print the router’s default admin password on a sticker attached to the router itself. Consult your router’s manual for additional details on how to log in to the admin panel.  

2. Locate your router’s guest network settings. These are typically found under the WiFi or Wireless tab.

3. Enable the guest network on whatever WiFi channels you wish, and give it a name. The 2.4 Ghz channel is the slowest option, but it has the greatest range. 5 Ghz and the new 6 Ghz bands are much faster but have less range.

On most modern routers, you can select a smart connect option that will automatically connect users to the best channel for their needs.

4. Select a password. Since this is not your primary network, it’s usually best to have a simple password that guests can quickly remember and enter. You can even leave the password field blank to create a truly open network. 

Regardless of whether you set a password, you should always set a WiFi encryption scheme to prevent hackers from snooping your guest’s unencrypted data.

Learn more about whether someone can see your internet history if you use the same WiFi

There is no reason to use anything less than WPA2/WPA3 to secure your WiFi. 

5 (optional). As a security measure, you can hide the SSID of your primary network so that visitors will only see your guest network when they scan for WiFi connections.

Save your settings when you’re done. 

Final thoughts

If anyone other than your close family uses your WiFi, it’s a good idea to set up a guest network for them. This is especially true for businesses. Amongst other things, guest networks prevent visitors from accessing confidential resources and hogging all your bandwidth.

The post Guest networks – What they are, why you need one, and how to set them up appeared first on Proton VPN Blog.

These cables have been largely replaced by WiFi, a family of protocols that allow you to connect to a router wirelessly over certain radio frequencies (the 2.4 GHz, 5 GHz, and now 6GHz bands). When you connect to a router over WiFi, it’s still useful to think of your connection as being like a wired Ethernet connection — discrete and completely separate from the connections of everyone else who is connecting to the router… until all connections converge on the router.  

This means that ordinary users who share the same WiFi cannot see what anyone else is doing on that WiFi network. However, whoever controls the router can see a great deal.

• What can a WiFi owner see? 
• Can WiFi owners see my search history? 
• Can public WiFi owners see my internet history? 
• Can parents see my internet history?
• Can my office, school, or college see my internet history? 
• Can a WiFi owner see what sites I visit on my phone? 
• What can WiFi hackers see? 
• How to protect your internet history when using WiFi 

What can a WiFi owner see?

Anyone with direct access to a router — usually its owner (or manager in commercial or educational contexts), but potentially also a hacker who has managed to compromise the router in some way — can see and log:

• Your entire browsing history while connected to the router
• How long you spend on each website
• The exact time you connect to a website
• The total time you are online
• Your device’s MAC address

The widespread adoption of HTTPS over the last few years means that a WiFi owner can see which websites you visit, but can’t see what individual pages you browse or any sensitive data you enter on that website — such as web forms and payment details.

However, in (thankfully now rare) cases where HTTPS isn’t used, a WiFi owner can see everything you do on a website. 

Learn more about HTTPS

The WiFi owner can also see the MAC addresses of all devices connected to the router, which they could potentially use to physically track you as you move between WiFi networks.

Learn more about what a MAC address is and what it can reveal about you

Can WiFi owners see my search history?

Search engines such as Google, Bing, and DuckDuckGo are secured with HTTPS, so while a WiFi owner can see that you’ve visited the search engine, they can’t see what you searched for once there.

But (and this a big but), as soon as you actually click on a link that takes you away from the search engine (like a website that’s listed in the search results), the WiFi owner can see that you’ve visited that site. 

Can public WiFi owners see my internet history?

Yes, and many sell this data to advertising and analytics companies, who use it to target you with ever more personalized ads. The reason you’re often required to sign in to “free” public WiFi networks using your email address and other personal details is so that your browsing can be tied to your real identity. 

You’re also likely to be required to agree to an opaquely long terms and conditions contract that allows the WiFi provider to do what it wants with your personal browsing data. This practice is especially common with commercial public WiFi providers who supply their third-party WiFi services to other businesses. 

Even when businesses don’t log or exploit your browsing history, they’ll often monitor and filter the websites you visit in real time so they can block access to illegal or inappropriate content.  

Can parents see my internet history? 

Yes, and it’s common practice to market routers with parental controls that allow parents to monitor their children’s browsing histories and block access to content they deem inappropriate for them to see. 

These logs and filters can usually be configured per device (based on the device’s IP address or MAC address), allowing parents, for example, to target different children with different levels of logging and filtering based on their age. 

Can my office, school, or college see my internet history?

Yes, and many organizations will use filters that actively flag and identify users who try to access content that is illegal, immoral, or which may otherwise be of concern. For example, many schools and universities will alert administrators if a student attempts to access websites relating to suicide or drug use. 

Can a WiFi owner see what sites I visit on my phone?

If your device connects to the internet via WiFi, then yes, a phone in this context is no different than any other device. 

However, with a phone, you can connect to the internet using your phone’s mobile (cellular) data connection, bypassing the need to use a WiFi network. Please be aware, though, that your mobile provider will be able to see your browsing history instead.

What can WiFi hackers see?

On almost all modern private WiFi networks, data traveling between your device and the router will be encrypted using the WPA (WiFi Protected Access), WPA2, or the new WPA3 wireless security protocols. These will prevent hackers from using packet sniffing tools to intercept your data as it is transmitted between your device and the router.

In theory, this is also true for public WiFi networks. But these can sometimes be misconfigured, use the old (and insecure) WEP (Wired Equivalent Privacy) wireless security protocol, or even not use any wireless security at all.

In these cases, a WiFi hacker might be able to intercept your data. However, the widespread use of HTTPS means that your data (what you actually do on a website) will probably be encrypted anyway and cannot be accessed by a hacker.

Similarly, if a hacker controls the router you connect to (either by hacking a public WiFi router or by tricking you into connecting to an evil twin hotspot), HTTPS will prevent them from being able to access your data. In this case, the hacker will be able to see your browsing history while connected to the router, but this is of little interest to most hackers.

Although once a problem, the widespread adoption of HTTPS means modern criminal hackers rarely target WiFi networks.

How to protect your internet history when using WiFi

 A virtual private network (VPN) encrypts all your data (including DNS queries) between your device and a VPN server run by a VPN service such as Proton VPN.

This prevents WiFi owners, hackers, internet service providers (ISPs), mobile internet providers, or anyone else sitting between your device and the VPN server from being able to access your data (in the unlikely event it’s not protected by HTTPS) or your browsing history.

Of course, if your parents see that you only connect to a single IP address (that of the VPN server) for hours at a time, they might ask some questions.

Proton VPN is an independently audited no-logs VPN service based in Switzerland, which has some of the strongest privacy laws in the world. 

Final thoughts

While other users on the same WiFi can’t see your internet history, the WiFi owner (or whoever has access to the WiFi router) can. However, it’s easy to protect your privacy from WiFi owners (and their ISPs) — just use a VPN!

The post Can someone see my internet history if we use the same WiFi? appeared first on Proton VPN Blog.

You can download Tor Browser here.

This article explains more about Tor, how Tor Browser works, why you might use it, and some of the browser’s limitations. The app is free to download and use as a service of The Tor Project, a nonprofit that promotes human rights through privacy technologies.

What is Tor Browser?

How does Tor Browser work?

A few limitations to consider

Why use Tor Browser?

Using Tor Browser to access Proton

What is Tor Browser?

Tor Browser is similar to other browsers like Firefox or Chrome that let you visit websites on the internet. When you enter a URL for a website, the browser looks up the location of that website on the internet and downloads the site content. 

But Tor Browser is unique because it has built-in privacy and anonymity safeguards. It also lets you access websites on the dark web that other browsers can’t take you to (more on that below). 

Tor browser has three important privacy features:

1. It blocks surveillance of your browsing activity

With a normal browser, at least one or two observers can potentially keep track of the websites you visit: your internet service provider and possibly your WiFi administrator (if you’re at work or a coffee shop, for example). While TLS encryption prevents them from seeing the information you provide on those websites, they can still see what websites you visit and when. 

Tor Browser prevents this. The only thing your ISP and anyone else on the local internet can see is that you’re connected to Tor.

2. It prevents websites from identifying you

The websites you visit can typically see your IP address. Website operators can use this information to see your general location and potentially to identify you. This piece of information is a critical part of the surveillance economy (along with cookies and other trackers) that give marketers the ability to profile and target you.

When you use Tor Browser, websites can only see the IP address of the last node your internet traffic passed through in the Tor network. 

3. It clears tracking cookies

Another way websites can track you is by planting cookies on your browser. These are small files that log your activities on the internet. Some cookies are useful, such as those that remember your website preferences or the items in your shopping cart. Tracking cookies, which monitor your behavior across other websites, are a threat to your privacy.

Tor Browser scrubs cookies after each session by default.

How does Tor Browser work?

By default, Tor Browser connects your internet traffic to three random relays (also called nodes) in the Tor network before connecting you to the website you want to access. Tor also uses three layers of encryption that get removed with each node — the so-called onion routing from which Tor (“The Onion Router”) derives its name.

The Tor Project depends on thousands of volunteers to operate relays in its network. Each of these nodes can only see the nodes behind them and in front of them. 

Therefore, only the entry node can see your computer’s IP address, but it can’t see what website you’re connecting to. The exit node can only see the IP address of the middle node, but it does know what website you’re connecting to. And the website can only see the exit node as the source of its traffic.

During the leap from the last node to the website, your web traffic is not encrypted and relies on the website’s HTTPS to protect your data. But by then your traffic looks pretty much like all the other traffic exiting the Tor network. It’s extremely difficult to identify you as the source. (Though not impossible — see the next section.)

A few limitations to consider

Tor Browser isn’t a magic invisibility cloak. You can’t use it and expect everything you do online to remain anonymous. In fact, maintaining anonymity on Tor requires a good bit of vigilance on your part.

Here are some limitations of Tor Browser you should keep in mind to increase your privacy:

• Information you give to websites can de-anonymize you. For example, if you log in to your Google account in Tor Browser, Google will know who you are. Any information you submit in forms could also identify you.
  
• A sophisticated attacker can monitor Tor network traffic. Governments may try to identify specific Tor users by watching internet traffic for patterns. This is expensive and probably not something most people need to worry about. Learn more about Tor vulnerabilities.
  
• Attackers and governments can compromise Tor nodes and monitor traffic. If an attacker can see the entry and/or exit nodes, they have a good chance of identifying you. But the odds of this are very low.
  
• File-sharing services aren’t very compatible with Tor. The nature of BitTorrent and other file-sharing sites makes it difficult to stay anonymous. It’s also extremely slow to torrent over Tor.
  
• Tor Browser is slower than other browsers. Because of the extra encryption involved in onion routing and because your connection is often routed across the globe to reach the volunteer-administered Tor nodes, Tor Browser is slower than browsers optimized for speed.
  
• Tor Browser only encrypts your browser traffic. Other internet traffic on your device, including your apps, will not be encrypted in the Tor network and could be used to identify you. If you’re concerned about that, Tor also offers an operating system called Tails that will encrypt all your traffic.

Why use Tor Browser?

The internet is full of marketing trackers, malware, and government surveillance. In some countries, whole parts of the internet are off-limits because of censorship. Tor Browser addresses all these problems.

Here are some of the main use cases:

• You don’t want websites to be able to track you. Tor Browser includes features that scrub cookies after each web session and clears your browsing history automatically. It also makes all traffic exiting the Tor network look the same, so device fingerprinting is much more difficult.
  
• You want to access censored content. A lot of the censorship online is fairly easy to circumvent with a VPN or by using Tor because it interferes with domain names at the level of your internet service provider. When you connect to the Tor network, you prevent your internet service provider from seeing your web traffic and bypass the block.
  
• You don’t want anyone to see your online activity. Tor encrypts your web traffic between your local network and the Tor entry node, preventing your internet service provider and/or your network administrator from monitoring your behavior. Websites can’t see the source of your traffic beyond the Tor exit node. And each of the three random nodes within the network can only potentially see your IP address or the IP address of the site you’re visiting, but not both. Therefore, when used properly, Tor prevents anyone from associating you with your online activity.
  
• You want to access onion sites. Tor offers Onion Services, which are websites that only exist on the Tor network. Sometimes called the dark web, these sites are almost impossible to censor. While some content on the dark web lives up to its seedy reputation, there are also many useful onion sites, including Proton. We’ve compiled a list of the best onion sites you can check out. You can only connect to onion sites through Tor.

If you’re familiar with VPN services, you might notice similarities between what Tor and VPN both offer. Each lets you unblock websites and prevents them and your ISP from watching your activity. The biggest difference is that a VPN can see your online activity (which is why it’s important to choose a VPN you trust). Tor, meanwhile, is a network in which no two nodes will ever know both your identity and your activity. 

When is it better to use a VPN rather than Tor? The clearest use cases are when you want to access blocked content on the internet where performance is also a priority, such as video streaming sites. Additionally, Tor Browser only protects your web traffic, while a VPN protects all the internet traffic on your device.

A good no-logs VPN is adequate to protect most people’s privacy in most situations. Proton VPN also allows you to access onion sites with our Tor over VPN feature.

Using Tor Browser to access Proton

Some countries see online privacy as a threat and try to block services like Proton that make it possible. Tor is a vital technology in the fight against censorship and surveillance. But it can only exist with the support of savvy volunteers to operate the Tor relays and donations in support of The Tor Project. 

This is why Proton is a Green Onion Member of Tor’s sustaining membership program.

And it’s also why we operate and maintain an official Proton onion site. Even if the government blocks Proton where you are, you can still access your Proton Account through our onion site.
We recently updated our onion site so you can use Proton Mail, Proton Calendar, and Proton Drive or sign up for a new account via Tor. You can access our Tor site through Tor Browser or by connecting to a Proton VPN Tor server.

The post What is Tor Browser? appeared first on Proton VPN Blog.

Every NIC is identified by a unique media access control (MAC) address, a 12-digit hexadecimal number assigned to it by the NIC’s manufacturer (for example, e0:6c:4f:8b:aa:d7). 

• What is a MAC address used for? 
• Do MAC addresses change?
• What can a Mac address reveal about you?
• Other vulnerabilities 
• How to find your MAC address
• How to hide your MAC address 
• Does a VPN protect your MAC address? 

What is a MAC address used for?

A MAC address identifies the hardware connected to a network. This is typically a local area network (LAN), such as those found in most modern homes and offices, where devices are connected via WiFi or Ethernet cables to a shared router. Devices that connect to each other using Bluetooth form another type of network that uses MAC addresses. 

When a device connects to a network, it sends the NIC’s MAC address to the router or Bluetooth receiver, which then assigns it an IP address. 

Learn more about IP addresses

Since each network interface on a network has a unique and unchanging MAC address, MAC addresses are very useful for identifying and diagnosing network issues. For example, they can provide a network administrator with a much more reliable way to identify where data packets are sent or received than dynamic IP addresses, which can change at any time.

Another common use of MAC addresses is for MAC address filtering. This is a security measure that restricts access to a network based on connecting devices’ MAC addresses. If a device without an authorized MAC address attempts to connect to a network, the connection will be refused.

A company, for example, might use MAC filtering to ensure that only employees’ verified laptops can join the office’s local area network (LAN). 

MAC addresses can also be used to track down and identify stolen devices. 

Do MAC addresses change?

No. Unlike IP addresses, which can routinely change, MAC addresses are hard coded into NICs by their manufacturer and never change. 

However, it is possible to deliberately “spoof” a device’s MAC address(es), which hides its real MAC address and displays a different address to networks that the device attempts to connect to. We discuss MAC spoofing in greater depth below. 

What can a MAC address reveal about you? 

NIC manufacturers often identify their chips using a special number sequence called the organizationally unique identifier (OUI). This makes up the first six hexadecimal digits of the MAC address. You can see a list of OUIs from well-known NIC manufacturers here.

Although not a major concern, knowing your device manufacturer could potentially provide hackers with clues to manufacturer vulnerabilities that they can exploit.  

MAC addresses and tracking

A MAC address uniquely identifies your device to each new network it connects to. MAC addresses can therefore be used to track your location as you move between WiFi networks and Bluetooth receivers. 

Most MAC address tracking is performed by retailers to deliver effective targeted advertising, but it can also be used for government surveillance. 

For example, documents released by NSA whistleblower Edward Snowden show that the Canadian spying agency CSEC illegally used MAC addresses collected from passengers who connected to the free internet service at a major Canadian airport to track the wireless devices of thousands of ordinary airline passengers for days after they left the terminal.

It should be stressed, however, that MAC addresses can only identify devices on a local network they are connected to, or within WiFi or Bluetooth detection range. They can’t be forwarded through the network gateway (for example a router), and so MAC addresses can’t be used to track you by someone on the internet.

Other vulnerabilities

MAC addresses are more of a privacy risk than a security risk. MAC flooding is an attack that targets network switches and can compromise the security of networks, but is a minimal threat to individual devices or their users. 

Networks that rely solely on MAC filtering to provide security are also vulnerable to being compromised by an attacker who spoofs the MAC address of an authorized user. But again, this affects networks, not your device. 

How to find your MAC address

On most computers, it’s easy to find the MAC address of all available network adapters (NICs). For this guide, we’ll concentrate on identifying the MAC address of the WiFi or LAN NICs, but it’s also easy to find the MAC addresses of Bluetooth adapters. 

Windows

Open the Windows PowerShell or Command Prompt (cmd) app and enter ipconfig /all. Under your WiFi or Ethernet interface, look for the Physical Address. 

macOS

To find the MAC address of your Mac’s WiFi, go to Settings → Wi-Fi → Advanced → Wi-Fi MAC address.

If your Mac has an Ethernet connection, you can find its MAC address by going to Settings → Network → Other Services → your LAN connection → Details → Hardware → Mac address.  

Linux

Open a terminal window and enter ifconfig. Under your WiFi or Ethernet interface, look for ether followed by your hexadecimal MAC address. 

Android

This guide uses a Samsung One UI device: details may vary depending on your Android version. 

Go to Settings → About phone → Status information. Here, you can see your real WiFi MAC address, Bluetooth MAC address, and Ethernet MAC address (if available). 

Note that the MAC address used on your WiFi network differs from your device’s real WiFi MAC address. We’ll discuss this below.

iOS and iPadOS

Go to Settings → General → About →Wi-Fi Address (you can also see your iPhone or iPad’s Bluetooth MAC address here).

Chromebook

Go to Settings → Network → Wi-Fi  → your WiFi network → MAC address.

How to hide your MAC address

As discussed above, retailers and governments can use your MAC address to track your movements. To defend against this, you can “spoof” your MAC address. Note that spoofing your MAC address doesn’t remove the “real” MAC address hard coded into your NIC but hides it and broadcasts an alternative MAC address instead.

Most major operating systems can now help protect your privacy by broadcasting randomized MAC addresses when searching for new WiFi connections. To help avoid networking issues and avoid problems on networks that use MAC address filtering, most desktop platforms will use your real MAC address when you actually make a connection.   

Although Apple supports MAC address randomization on all modern iPhones, iPads, and iWatches, this feature is not available on macOS. 

Windows

MAC address randomization on Windows 10 and 11 is turned off by default and may not work on all WiFi adapters (especially older ones). To enable it on Windows 11, go to Settings → Network & Internet → WiFi → toggle the Random hardware addresses switch on. 

To enable MAC address randomization on Windows 10, go to Settings → Network & Internet → Wi-Fi → Advanced options → toggle the Random hardware addresses switch on.

Linux

Support for MAC address randomization on Linux varies primarily by the desktop environment (DE) you use (rather than the distribution). However, it is supported by many DEs. For example:

On GNOME (the default desktop environment for Ubuntu, Fedora, and many other popular distros), go to Settings → Network, click the gear icon next to your connection →  Identity → Cloned Address → and select Random from the dropdown menu.

On KDE Plasma o KDE Neon, go to System Settings → Network → Connections → select your connection → Wi-Fi → Cloned MAC address and click the Random button,

Android

Android has supported MAC address randomization since Android 8, but with Android 10, it turbocharged the concept. Instead of just using MAC address randomization when scanning for new networks, Android 10+ devices issue a new random MAC address for each WiFi network that you connect to. 

This feature is enabled by default. To change it:

1. Go to Settings → About phone → Status information → WiFi MAC address → select your Current network or any Saved networks → View more. Here you can see the MAC address used for just this network.

2. Tap MAC address type and choose between Randomised MAC and Phone MAC. 

iOS and iPadOS

Apple only introduced MAC address randomization with iOS 14 and iPadOS 14, but Apple products apply it not just when scanning networks, but also for each new network that you join (similar to Android).

MAC address randomization is enabled by default on iOS and iPadOS 14+ devices. To disable (or enable) the feature, go to Settings → Wi-Fi → your WiFi network → and toggle the Private WiFi Address switch off (or on). 

Chromebook

Chrome OS automatically uses MAC address randomization, which can’t be disabled. However, it’s only used for network detection, so your real MAC address is used when you actually connect to a network. 

Does a VPN protect your MAC address?

No. A VPN protects your real IP address, but does nothing to hide your MAC address. By hiding your IP address with a VPN (such as Proton VPN), you prevent your internet service provider  (and by extension, your government) from seeing what you do online and websites from uniquely identifying you by your IP address.

Learn more about how a VPN protects your privacy

Final thoughts

MAC addresses play an essential role in connecting your device to any network (including the internet). Knowing your MAC address offers limited help to a malicious hacker who wants to access your device, but it can occasionally cause headaches for network administrators. 

MAC addresses can present a potentially serious privacy risk, as third parties can use them to track you as you move between (local) networks. However, most modern operating systems have introduced some form of MAC address randomization designed to counter this threat. 

The post What is a MAC address, and what can it reveal about you? appeared first on Proton VPN Blog.

At Proton, our security team is constantly monitoring for new types of cyberattacks. Most attacks fall into one of a few categories, and if you know what to expect, you can take the right steps to prevent them.

Below we’ll explain some of the most common attacks targeting individuals and businesses, followed by a few simple tips to keep your identity, financial accounts, and data safe.

Types of attacks:

Phishing

Malware

Spoofing

Insider threats

Social engineering

Man-in-the-middle attacks

Code injection attacks

DDoS

1. Phishing

Over 500 million phishing attempts were reported in 2022, making it one of the most common types of cyberattack. In a phishing attack, hackers try to get you to divulge sensitive information, such as your credit card details or username and password. It involves some form of deception. For example, they might send you an email designed to look like it’s from a familiar company, asking you to click a link to log in to your account. But the link will take you to a website the hackers control, built for the sole purpose of collecting login credentials.

Phishing attacks can also be used to deliver other attacks, like malware, and they can arrive anywhere: email, SMS, social media accounts, or even through a phone call. The attackers often try to capitalize on a sense of urgency to get you to click a link or download an attachment without thinking too much about it. Sometimes, just clicking or tapping a link or downloading a file is enough to install malware on your device.

Historically, phishing attacks have been fairly easy to spot because they contain low-quality email designs or grammatical errors. Recently, however, we’ve noticed an uptick in the quality of the deception. 

Learn more:

• You can see three examples of high-quality phishing attacks in our recent blog post.
  
• There are several types of phishing attacks, such as spear phishing and whaling. Learn how to spot phishing and prevent it.

2. Malware

Malware — malicious software — is a broad category that includes perhaps dozens of specific kinds of attacks. If the goal of most software is to help you, what defines malware is that it is designed to harm you, your device, or your network.

Different kinds of malware have different purposes, such as stealing sensitive information, holding data hostage, or causing damage to infrastructure. Hackers spread malware by various attack vectors, ranging from phishing attacks to drive-by downloads, in which you accidentally install the malware on your device simply by visiting a malicious website.

Learn more:

• We published a comprehensive guide to malware that explains the most common types of malware and attack vectors.

3. Spoofing

Spoofing attacks trick people by disguising an email address, website, or other form of identification as a trusted source to get what they want. They might use this deception to steal information, break into your network, or get you to download malware. Hackers often use spoofing to conduct other cyberattacks, such as phishing or man-in-the-middle. 

SMTP doesn’t have any authentication mechanism, which predictably made spoofing a common attack in the past. In response, email providers developed the SPF, DKIM, and DMARC authentication methods that allow them to mark spoofing attempts as spam or block them from reaching you. Unfortunately, not all email services have configured or deployed SPF, DKIM, and DMARC.

Domain name spoofing tries to trick you into thinking you’re on a familiar website to distribute malware or to get you to divulge information.

Learn more:

• Email providers such as Proton Mail prevent your email address from being spoofed. We have a support article explaining how to set up anti-spoofing for custom domains. Our articles on SPF, DKIM, and DMARC explain each of these countermeasures.
  
• Proton Mail also helps prevent phishing by displaying a “domain authentication failure” alert if an email appears to be from a spoofed sender.

4. Insider threats

For a business, the people in your organization or contractors with access to your systems are a serious risk to your security. They already have two things hackers try to take by force or deception: your trust and access to your computer systems.

Just like other hackers, insiders might attack you for financial gain, data theft, espionage, or to introduce malware on behalf of someone else. Many well-known examples of insider threats involve corporate espionage, like the Uber executive who stole trade secrets from his previous employer, Google. Others involve data breaches, and some are even committed by accident, such as the Microsoft employee who posted internal login credentials on GitHub.

Learn more:

• If you’re concerned about cybersecurity at your organization, we published a cybersecurity guide for small businesses that includes strategies to mitigate insider threats.

5. Social engineering

Social engineering is a scientific-sounding name for tricking people into doing what you want for the purpose of exposing data or gaining access to systems. In a social engineering attack, a hacker may pretend to be an IT worker asking for personal details to “confirm your account” or someone passing out free USB drives infected with malware.

Social engineering tactics are designed to exploit weaknesses of human psychology, so they prey on emotions that cloud judgment, such as fear or curiosity. These attacks have been implicated in some of the most high-profile hacks. For example, in 2020, hackers used social engineering to take over prominent Twitter accounts to promote a Bitcoin scam.

6. Man-in-the-middle attacks

As the name suggests, hackers use man-in-the-middle (MITM) attacks to position themselves between parties communicating online to eavesdrop on the exchange or alter the parties’ experience. The attacker might do this to steal sensitive information, trick the victim into taking some action, or censor content. Censorship can be done on an individual basis, such as a single hacker going after a specific victim, or on a mass scale, as in the case of authoritarian governments that redirect their citizens’ internet traffic.

Thanks to TLS, MITM attacks tend to be difficult to execute. Typically, the hacker has to successfully forge a public key certificate. At Proton, we mitigate the risk of MITM attacks through several methods, including Address Verification, which lets you pin trusted keys to your contacts.

They’re also a favorite of some regimes that try to spy on their citizens or restrict their access to information. Kazakhstan, for example, tried to MITM all the encrypted internet traffic in the entire country. And China uses MITM attacks against its citizens for censorship as part of its Great Firewall.

Learn more: 

• TLS certificates are a critical part of stopping MITM attacks. We explain how they work in depth.

7. Code-injection attacks

Hackers use code-injection attacks to insert new lines of code into computer systems that are poorly secured, causing them to execute malicious programs with sometimes disastrous consequences.

In 2012, Yahoo! lost hundreds of thousands of user credentials because hackers injected malicious code into the company’s database through search boxes and other forms on their websites. 

More recently, injection attacks have taken a new turn with large language models. Security researchers have been feeding them faulty data to show how easy it is to train the models in directions their developers didn’t intend. 

Learn more:

• Wired published a comprehensive explainer on SQL injection attacks, referring to the databases that websites often use to store sensitive information.

8. Distributed denial of service

A distributed denial of service (DDoS) attack is a kind of cyberattack that mainly targets businesses’ websites and networks. Hackers use multiple compromised computers to bombard a company’s servers with requests, effectively shutting down operations.  

Attackers typically use DDoS attacks to extort money from their victims, demanding payment to stop the attack. But sometimes amateur hackers will use DDoS as a form of activism or simply for bragging rights. 

DDoS attacks aren’t a major concern for individuals except to the extent they disrupt your ability to use a service you need. You should investigate a company’s service reliability and uptime guarantees if you’re concerned about downtime. Companies that have dealt with DDoS attacks in the past typically invest significantly in infrastructure to prevent them from happening again.

Learn more: 

• There have been a few famous DDoS attacks, including the largest on record that hit GitHub in 2018.

How to mitigate cybersecurity attacks

Mitigating cyberattacks often comes down to choosing security-focused web services and properly securing your accounts. Here are the most important things you can do to stay safe:

• Use strong passwords — Your login credentials are the first line of defense for your online accounts. Always use unique, long, and complex passwords. You can generate and store strong passwords with the help of a password manager.
  
• Use two-factor authentication (2FA) — If hackers obtain your password, your next line of defense is 2FA. Many online services allow you to enable 2FA so that you have to enter a second piece of information, usually a temporary passcode from an authenticator app on your smartphone.
  
• Keep your software up to date — cyberattacks often exploit weaknesses in the software you use. Whenever developers find out about such weaknesses, they build a fix and release a software update. Always promptly install updates to your devices and apps.
  
• Be alert for phishing attacks — Phishing and other types of deception are becoming harder to spot as hackers get more sophisticated. Never click links or download attachments in emails or text messages you weren’t expecting.
  
• Use security-focused services — It’s easier to steal data from systems that don’t use strong encryption and take aggressive prevention measures. At Proton, we develop products with a security-first mindset, meaning we protect as much of your data as possible with end-to-end encryption. Whether it’s your email, calendar events, passwords, files, or your internet connection, Proton never has access to the contents of your data because it’s encrypted on your device before being sent to our servers. Learn more about Proton security.

The post 8 common types of cyberattacks and how to prevent them appeared first on Proton VPN Blog.

• What is a dark web?
• What is I2P?
• How I2P works
• Is I2P safe?
• How to set up I2P
• How to use I2P
• Final thoughts: I2P vs. Tor

What is a dark web?

There are multiple dark webs that rely on different protocols and browsers to access them. Tor Onion Services is by far the most popular dark web (and is often considered synonymous with the term “dark web”). Other dark webs include I2P and Freenet.

Learn more about Tor Onion Services

A dark web is much like the regular World Wide Web. It is a collection of websites that are connected to each other via hyperlinks. The difference between a dark web and the World Wide Web is that you can only access dark websites using special software, configurations, or authorization.

Dark webs are often confused with the deep web, but they are not the same. The deep web, also known as the invisible web or hidden web, is simply every web page not indexed by standard search engines. 

What is I2P?

I2P started in 2003 as a fork of Freenet. It’s similar to Tor but has improved anonymity features. Like Tor, I2P can be used to browse the regular web privately via volunteer-run outproxies (similar to Tor exit nodes), but I2P itself recommends that “Tor Browser or a trusted VPN are better options for browsing the internet privately”.

I2P instead focuses on eepsites. Similar to Tor onion websites, these are websites with a .i2p domain name that you can only access from within the I2P network. 

Although I2P is designed to be faster than Tor, page loading times can still be very slow compared to regular web pages. I2P therefore typically uses simple HTML-only designs to minimize load times. 

How I2P works

I2P is designed to improve upon the onion routing system used by Tor. When using Tor, your connection is routed through at least three random nodes, with your data being re-encrypted each time it passes through a node.

The entry node can see your real IP address, but has no access to the content of your data or what you do on the internet. If you use Tor to access the regular internet, the exit node decrypts and encrypts your data (and can therefore see it) and can see which websites you visit. But it has no idea what your real IP address is. 

If you use Tor onion services (the dark web), there is no exit node — onion sites exist within the Tor network.

Instead of onion routing, I2P uses what is (loosely) termed garlic routing. Like onion routing, this uses multiple layers of end-to-end encryption. But it also offers some key improvements, the most important of which are:

1. Rather than being sent one by one (as they are in Tor), data packets are bundled together into cloves (hence the name “garlic routing”) before being sent through the I2P network as messages. Usually, each message contains one clove, but sometimes they contain two. This makes it harder for attackers to deanonymize you with timing attacks. 

In theory, this setup also brings network efficiency gains, which should result in faster page loading times.

2. Tor connections are bidirectional. That is, outgoing and incoming traffic use the same path through connected nodes. I2P, on the other hand, is unidirectional. This means that outgoing and incoming traffic use different paths, making it much harder to trace a connection back to a user.

3. The use of short-lived tunnels (instead of Tor’s much longer-lived tunnels) makes it harder for an attacker to target connections.

4. I2P uses packet switching instead of circuit switching, which allows for better load balancing and resilience. In theory, it also allows for better scaling, but Tor has solved some scaling issues that I2P has yet to address

Is I2P safe?

I2P has never been anywhere as popular as Tor, and has been in sharp decline over recent years. This has a couple of important security implications:

1. Far fewer people are actively working on developing I2P, which makes it more likely that security issues will go unnoticed and unpatched. The fact that (unlike Tor) I2p relies solely on donations for funding also contributes to this problem. 

2. Arguably, the biggest weakness of Tor is that an adversary could potentially control enough (ostensibly) volunteer-run nodes to threaten the anonymity of its users. With so many fewer nodes than Tor, this kind of attack would be much easier to perform on I2P.

It’s also worth noting that I2P has never undergone a formal third party security audit. 

How to set up I2P 

On the desktop

To use I2P, you must first install the I2P router software, which is available for Windows, macOS, and Linux (if installing on Linux, you’ll also need Java, if it isn’t already installed). It’s also available as a Docker image. 

Once the guided install process is complete, your default browser will open the I2P Router Console page on most desktop devices. You can also access this page by visiting 127.0.0.1:7657 in your browser when the I2P router service is running. 

This page allows you to manage and configure your I2P server, provides links to various I2P resources (such as FAQs, technical docs, and community websites), and allows you to access I2P’s built-in address book and email, BitTorrent, and web server apps. 

Some of the links are to I2P pages, which are good for testing that everything works as it should, but there are no links to third-party eepsites.

To actually access eepsites, you’ll need to configure your browser’s proxy settings. 

On Android

The Android app is available on the Google Play Store, F-Droid, and as an APK. As with the desktop router console, the app allows you to manage and configure your I2P server settings. 

You’ll also need to configure your browser’s proxy settings. Modern versions of Chrome and Firefox for Android don’t allow you to do this, but the I2P app includes instructions for configuring some open-source Android browsers that do.

How to use I2P

While it’s possible to use I2P to access regular websites, this isn’t what it was designed for, and we don’t recommend it. To access eepsites, you first need to find some. A good place to start is the clear web search engine, I2P Search. 

If an eepsite isn’t already in your Addressbook, you’ll probably need the help of a jump service to connect to it.

Once you find an eepsite, you can add it to your Addressbook.

However, be prepared to find that a great many eepsites links are now long dead.  

Final thoughts: I2P vs. Tor

In short, if you can access the dark web resource you’re looking for with I2P, you should use I2P. If it’s only available on Tor, then you should use Tor. You’ll most likely find that Tor gives you access to many more dark web sites.

It’s often said on the internet that Tor is better for accessing regular websites, as anonymously as possible, while I2P is better for accessing dark web content. On a technical level, there is some truth to this; I2P offers real security advantages over Tor and is faster. 

However, always a niche project within an obscure area of interest (the dark web), the I2P user base is clearly in serious decline. This is demonstrated by the sheer number of dead links found on any I2P search engine or eepsite directory and by the low level of traffic found on once-popular I2P forums.

In addition to a lack of content, this presumably also means that the development of I2P (including security patches) has slowed. And as discussed above, the relatively limited number of I2P nodes also makes it much more vulnerable to attack from a powerful actor.

Tor, on the other hand, is thriving. 

It’s worth noting that you can improve your security when using either I2P or Tor by connecting to a reputable no-logs VPN service (such as Proton VPN) before establishing an I2p or Tor connection. 

The post What is I2P and how does it work? appeared first on Proton VPN Blog.

• What is a VPN?
• Benefits of a VPN 
• Why you need a VPN – Privacy
• Why you need a VPN – Defeat censorship
• Why you need a VPN – Streaming
• Why you need a VPN – P2P file sharing
• A note on VPNs as security tools
• Frequently asked questions

What is a VPN?

A virtual private network (VPN) is a suite of technologies that primarily aims to improve your privacy when using the internet. It connects your computer, smartphone, or tablet to another computer, called a VPN server, via an encrypted “tunnel” that protects your data from prying eyes. 

• A VPN app connects your device to a VPN server run by a VPN provider (such as Proton VPN).
• The connection between your device and the VPN server is encrypted, preventing your internet service provider (ISP) from seeing the contents of your data as it travels between them.
• The VPN server sits between your ISP and the internet, blocking your ISP from seeing your online activity and preventing the websites you visit from seeing your real IP address.
• VPN providers (including Proton VPN, of course) maintain VPN servers located all over the world. This is great for bypassing censorship and “spoofing” your geographic location. 

Benefits of a VPN 

This deceptively simple setup is very useful. A VPN:

• Prevents your internet service provider from seeing your activity online.
• Prevents websites you visit from knowing your real IP address.
• Prevents public WiFi hosts from selling your browsing habits to advertisers.

The vast majority of mass surveillance systems in the world rely on ISPs logging their users’ browsing histories and making these logs available to government agencies. Because a VPN prevents your ISP from seeing the information you send and receive online, it also:

• Prevents untargeted mass surveillance by the NSA or your government.

Almost as a by-product of how VPNs work, using a VPN offers important additional advantages. Although these could be viewed as side effects, they’re also the main reason many people use a VPN:

• Defeats censorship, be it government censorship on political, social, or religious grounds or website blocking by your network administrator. 
• Allows you to securely access streaming services 
• Allows you to safely use P2P file sharing (BitTorrent).

A VPN is something of a Swiss army knife among internet tools that everyone should know how to use.

Why you need a VPN

Privacy

From your ISP and government

A VPN encrypts the connection between your device and the VPN server. This prevents your ISP from seeing the contents of your data, including destination data that can usually tell it which websites and other resources you connect to on the internet. 

Your VPN provider also handles DNS translation, which your ISP normally performs and logs. DNS is basically like a big phone book that translates the easy-to-remember URLs people use into the numbers computers use to identify websites and other internet resources.

DNS, for example, translates the URL www.protonvpn.com into its corresponding IP address of 185.159.159.142. Keeping logs of DNS translation is the main way that most ISPs keep tabs on what their customers do online. 

Learn more about DNS

The upshot of all this is that using a VPN prevents your ISP from knowing what you do on the internet. It can’t see your data, and it can’t see which websites you visit. 

As we have already touched on, what your ISP doesn’t know, your government and global surveillance bodies such as the NSA and GCHQ are also unlikely to know. A VPN prevents your browsing history from being caught up in untargeted dragnet mass surveillance programs that invariably rely on the logs kept by your ISP.

A VPN will not, of course, prevent targeted surveillance, where an adversary (such as your government) is willing to expend time and resources spying on you as a known individual.

From websites

The VPN server acts as a shield that blocks the “view” both ways. Your ISP can’t see which websites you connect to (just the VPN server), and websites you connect to can’t see your real unique IP address (again, they just see the IP address of the VPN server). 

Learn more about how a VPN protects you from tracking

This means a VPN stops the easiest-to-perform and most invasive kind of web tracking. Be aware, however, that preventing other common forms of web tracking, such as cookies and browser fingerprinting, is often beyond the scope of what a standard VPN can do.

However, Proton VPN offers NetShield ad-blocker, a DNS filtering feature that can block not only ads, but also trackers and malware. 

Learn more about NetShield Ad-blocker

Defeat censorship

VPNs are highly effective at defeating censorship efforts. If your country blocks content, you can simply connect to a VPN server located somewhere the content is not blocked. If your school, college, or workplace blocks content, connecting to any VPN server will bypass that block. 

If you use a VPN to bypass censorship, please carefully consider the risks involved if you’re caught. Using OpenVPN or WireGuard in TCP mode can be effective at hiding VPN traffic as regular HTTPS traffic, but it can be detected by the deep packet inspection (DPI) techniques used by some governments.

More effective is Proton VPN’s Stealth protocol, and our alternative routing feature is an effective way to bypass many censorship blocks. However, even these can be defeated by advanced DPI.

Learn more about deep packet inspection

It is also possible that your organization or government has blocklisted IP addresses known to belong to VPN services, in which case trying to connect to a blocked VPN server address could bring up a red flag. It’s also worth remembering that your boss might simply walk into your room at the wrong moment. 

Although VPNs can defeat most censorship efforts, a powerful enough adversary (such as the Chinese government) can implement blocks that even a VPN cannot overcome. In such cases, the most effective solution may be using the Tor network with unlisted Tor servers and Tor bridges that use pluggable transports to evade deep packet inspection techniques. 

Streaming

For all the freedom-enabling privacy benefits a VPN can offer, one of the most popular uses for VPNs is to securely stream videos that are only available in certain countries. This allows you to access content you’ve subscribed to (and paid for) when traveling abroad.

A VPN allows you to “spoof” your location and pretend to be in a certain country, thus giving you access to services only available in that country from anywhere in the world.

Proton VPN users with a paid plan can access a wide selection of popular streaming sites using our service.

P2P file sharing

As with websites you visit, a VPN will hide your real IP address from peers when file sharing using the BitTorrent protocol. This makes using a VPN an essential precaution for torrenters. A VPN is also useful for accessing torrent sites that may be blocked by your ISP.

A note on VPNs as security tools

A good VPN service will use strong VPN protocols, robust encryption standards with perfect forward secrecy, DNS and IPv6 leak protection, in addition to strong security practices, such as keeping no logs. 

This will ensure the VPN connection is secure, and your browsing is private. What it won’t do is protect your devices from hackers or malware or prevent your data from being stolen from online services you use. 

When VPNs first started becoming popular (in the early 2010s), they provided effective protection against being hacked when using public WiFi hotspots. However, in large part due to the EFF’s Let’’s Encrypt campaign, almost all connections are now secured using HTTPS. So VPNs are no longer really needed to protect you from hackers when using public WiFi. 

Learn more about HTTPS

A much greater threat these days comes from “legitimate” WiFi router hosts. Many public WiFi hotspots are commercial enterprises, something made clear when you are forced to agree to a lengthy set of terms and conditions before you are allowed to use the service. These terms and conditions often allow your WiFi host to monitor your internet activity and sell your browsing history to advertising and analytics companies.

There has also been growing concern about the possibility of Airbnb hosts and the like abusing their positions of trust to spy on guests’ internet activities. In all such cases, a VPN will protect you from these invasive practices.

Final thoughts

A VPN provides privacy while surfing the net: from your ISP, your government, and the websites you visit. Millions of people worldwide use VPN services as an invaluable tool to defeat censorship and access the open internet. It also protects you from “free” WiFi providers.

Proton VPN is a community-driven VPN service that places the privacy of our users first and foremost. We keep no logs, and what little data we do store is protected by Swiss data protection laws. All of our apps are open source and independently audited, and we support journalists and activists in the struggle for a free and open internet. 

FAQ

You can follow us on social media to stay up to date on the latest Proton VPN releases:

Twitter | Facebook | Reddit | Instagram

To get a free Proton Mail encrypted email account, visit proton.me/mail

The post What is a VPN? appeared first on Proton VPN Blog.