This rogue WiFi network is the “evil twin” of a legitimate network, designed to deceive you into connecting to it instead of the real network. 

Once you connect to this fake network, the attacker can intercept the unencrypted data you transmit over it, including sensitive information like your usernames and passwords, credit card numbers, and other personal data.

In this article, we’ll look at how evil twin attacks work and discuss why evil twin hotspots are, in reality, no longer a major threat.

• How an evil twin attack works
• Most connections are now encrypted
• You should still use a VPN on public WiFi
• Final thoughts

How an evil twin attack works

You can break down an evil twin attack into the following steps: 

1. Setup

The attacker sets up a WiFi hotspot with a name (SSID) that closely resembles a legitimate one in the area. For example, it might have a name that resembles that of the coffee shop you’re sitting in or something like “Free Airport WiFi” at an airport.

Learn more about SSIDs and how they can be faked

2. Deception

You unsuspectingly connect to the malicious WiFi network, thinking it’s legitimate.

3. Data Interception

Once you connect, the attacker can eavesdrop on your unencrypted internet activity (including capturing passwords and payment details as you enter them), potentially inject malware, or redirect you to phishing sites.

Most connections are now encrypted 

Until a few years ago, evil twin hotspots run by opportunistic hackers were a serious menace to anyone who used public WiFi networks. 

This was because most online connections (such as the connection between your device and a website) were unencrypted. Data was sent in plaintext, meaning that if you were tricked into connecting to an evil twin hotspot, the hacker running it could see everything you did on most websites you visited. The best defense against such attacks was to use a VPN (which we’ll discuss later). 

The dangers of a largely unencrypted internet went far beyond just those posed by public WiFi hackers, as it allowed pretty much anyone to see everything you did on the internet. To combat this pervasive threat, the non-profit Let’s Encrypt campaign started issuing free HTTPS certificates to anyone who asked for them in 2015. 

Now used by over 300 million websites, Let’s Encrypt quickly became the world’s largest certificate authority (CA) and kickstarted an encryption revolution on the web. As of January 2024, 85.1% of all websites use the HTTPS protocol (that figure rises to almost 100% for websites that deal with sensitive data, such as websites that process payments). 

When a website uses HTTPS, its connection to your browser or mobile app is securely encrypted. This prevents hackers and anyone else (such as your WiFi host, ISP, or government) from accessing your data or knowing what you did on a website. 

Learn how HTTPS keeps your connections safe (if not private)

As long as HTTPS is used, attackers can’t use evil twin hotspots to spy on your browsing, even if you’re connected to their network. All modern browsers clearly warn you when visiting a website not secured by HTTPS. 

There is still some theoretical danger from evil twin attacks if you visit the 15% of websites that don’t use HTTPS, but as these are mainly “trash sites” that are obviously insecure, the danger is minimal. Perhaps even more importantly, the chances of a hacker gaining valuable information through an evil twin attack are so low these days that there’s little reason for them to bother trying.

The same is also true of WiFi sniffing attacks that attempt to intercept unencrypted data sent over public WiFi networks, which used to be the other big danger for anyone using a public hotspot. The result is that using public WiFi is much safer than it used to be, and the chances of your data being stolen by a criminal hacker are now minimal.

You should still use a VPN on public WiFi

HTTPS keeps your connections secure — but not private. It prevents criminals from seeing what you do on a website (including any passwords or payment details you enter), but it doesn’t prevent your Internet Service Provider (ISP) or public WiFi host (the person or business who operates the WiFi hotspot you’re connected to) from seeing which websites and services you connect to. And in this age of ubiquitous surveillance capitalism, where everything we do online is monitored and used to target us with ever more personalized ads, this is valuable information. 

There is a reason many public WiFi networks (many of which are operated by commercial third-party companies) require you to provide a valid email address and agree to an intimidatingly long and impenetrable Terns of Service (ToS) agreement before allowing you to use the “free” WiFi. They are selling your browsing history to advertisers. 

Using a virtual private network (VPN) prevents this. It creates an encrypted tunnel between your device and a VPN server so no one else can see what you do online. This includes WiFi operators and your ISP. 

Learn more about how VPNs work

The VPN provider running the VPN server can see what you do online, but (unlike your ISP or public WiFi host) it’s in the business of protecting your privacy. A good VPN service (such as Proton VPN) keeps no logs of your online activity.

Final thoughts: how do you prevent an evil twin attack?

Thanks to the widespread adoption of HTTPS, you don’t really need to worry about evil twin attacks anymore. If they do still concern you, using a good VPN service will provide you with an extra layer of protection and ensure you can visit even non-HTTPS websites safely. 

More importantly, a VPN will protect your privacy when using public WiFi networks, ensuring the WiFi host can’t log your browsing history and sell it to advertisers.  

The post What is an evil twin attack, and should they worry you? appeared first on Proton VPN Blog.

You could think of ChaCha20 as a specialized, highly secure safe. When you encrypt data with ChaCha20, it’s like putting it inside a safe. This safe (ChaCha20) scrambles the contents (your data) so that it becomes unreadable to anyone who doesn’t have the key. This key is a secret code that only the sender and intended receiver know. If someone else tries to read the data without the key, all they see is gibberish.

Learn more about what encryption is and why it’s important

ChaCha20 performs a very similar function to the older and more established AES encryption cipher, and offers some (fairly minor) security improvements over it.

Learn more about AES encryption

ChaCha20 is often combined with the Poly1305 message authentication code to create the ChaCha20-Poly1305 encryption algorithm, which we explain a bit later in this article.

ChaCha20-Poly1305 and AES-GCM are the only symmetric key encryption ciphers recommended for use with TLS 1.3. While the secure but somewhat aging OpenVPN protocol uses AES to secure data, the new lightweight WireGuard protocol uses ChaCha20-Poly1305. 

• Learn more about OpenVPN
• Learn more about WireGuard

ChaCha20 was developed by American German mathematician, cryptographer, and computer scientist Daniel J. Bernstein in 2008, and is based on an earlier cipher also developed by Bernstein in 2005 — Salsa20. Bernstein also created the Poly1305 universal hash family that ChaCha20 is often combined with, and the Curve25519 elliptic curve used to secure the WireGuard key exchange. 

In 2014, Google deployed support for a TLS cipher suite using ChaCha20-Poly1305 in its Chrome browser, and this is now supported by all major browsers.

Notable features of ChaCha20

ChaCha20 is a symmetric-key algorithm

Like AES, ChaCha20 uses the same key to both encrypt and decrypt data (there may sometimes be a simple transformation between the two keys, but they are always derived from the same key). 

This is in contrast to asymmetric-key algorithms such as RSA, which use separate public and private keys. Also known as public-key cryptography, these allow you to securely share data over a distance by making the public key widely available for others to encrypt data with, but which can only be decrypted using the correct private key.

Asymmetric-key algorithms require a high level of computational power, which makes them relatively slow, and thus most useful for encrypting small amounts of data. RSA, for example, is used to perform the TLS key exchange that occurs when connecting to an HTTPS website.

WireGuard and modern TLS cipher suites use a newer approach to asymmetric-key encryption — elliptic-curve cryptography (ECC) — to secure key-exchanges. While more efficient than traditional algorithms such as RSA, it’s still relatively slow.

Symmetric-key algorithms such as ChaCha20, on the other hand, require much less processing power than asymmetric-key ciphers (often cited as being around 1,000 times faster). This makes them ideal for encrypting large volumes of data. 

Where large amounts of data need to be transmitted over a distance (such as over the internet), the data itself is encrypted using a symmetric-key algorithm, while the key exchange is secured using an asymmetric-key algorithm.

In the case of TLS (and therefore also OpenVPN), the symmetric-key algorithm is usually AES, with the key exchange certified using RSA. For WireGuard, ChaCha20 is used for symmetric-key encryption, and Curve25519 to secure the key exchange. 

ChaCha20 is often combined with Poly1305

Poly1305 is a type of cryptographic algorithm used to ensure the security and integrity of data — that is, to ensure data hasn’t changed during transit — using a secret key shared between a sender and recipient. It helps ensure that your secret messages remain private and unaltered during transmission, providing a way for both parties to trust the authenticity and integrity of their communication.

To use an analogy, Poly1305 is like putting a special seal on your message that only the person you’re communicating with can recognize. If the seal is intact when they receive it, they know the message is safe and from you. If someone tries to tamper with the message, the seal will break, and the receiver will know that something is wrong.

This is why, when used together, ChaCha20-Poly130 is referred to as an authenticated encryption with additional data (AEAD) algorithm. Although the math used is different, the concept is very similar to the Galois/counter (GCM) mode used by AES (which is also an AEAD algorithm). 

ChaCha20 vs. AES

As we’ve seen, ChaCha20 fulfills a very similar purpose to the older and much more prevalent AES (as ChaCha20-Poly1305 does to AES-GCM). So which is better?

Learn more about AES encryption

Security

Legendary cryptographer Bruce Schneier once explained that “cryptography is all about safety margins. If you can break n round of a cipher, you design it with 2n or 3n rounds”. Both AES and ChaCha20 encrypt data using rounds, each consisting of a series of mathematical operations. 

AES-256 uses 14 rounds, while ChaCha20 uses 20 rounds. The number of rounds itself cannot be usefully compared, but in the highly influential paper, Too Much Crypto, its authors set out to “propose numbers of rounds for which we have strong confidence that the algorithm will never be wounded, let alone broken”. Their conclusion recommends that AES-256 only needs 11 rounds (instead of the 14 it uses), while ChaCha20 only needs 8 (instead of the 20 it uses). 

This means ChaCha20 has a higher safety margin than AES-256. However, as the paper’s authors also note about the calculations from which their recommendations arise, “From these surrealist figures, it is obvious that such an attack is only a cryptanalysis exercise and does not have much to do with the real security of AES”. In other words, AES and ChaCha20 are both sufficiently secure mathematically.

But is AES vulnerable in other ways? AES has known vulnerabilities to timing attacks, where the number of combinations required to make a successful brute force attack can be reduced by looking at how long a computer takes to perform an operation (although there are a number of ways to protect against this). 

Thanks to its use of add-rotate-xor operations (a highly complex mathematical procedure that makes it very hard for unauthorized users to understand or modify the information operated on), software implementations of ChaCha20 are much more resistant to such timing attacks. But again, this is all very theoretical. Properly implemented AES and AES-GCM are widely regarded as being unbreakable by any known practical attack. 

Performance

AES performance is often boosted with AES-NI hardware support built into modern processors. However, even with this, ChaCha20 usually offers better performance than AES. 

The biggest gains with ChaCha-Poly1305 are on hardware that doesn’t support AES-NI acceleration, such as some ARM chips.

What is XChaCha20?

A cryptographic nonce is an arbitrary value used only once to make an operation (such as encryption or hashing) unique. eXtended-nonce ChaCa20 (XChaCha20) is a variant of ChaCha20 that uses a 192-bit nonce instead of a 96-bit nonce. This makes picking a random nonce notably safer, as there’s effectively no chance that it could be re-used. 

(“Bits” refers to the size or length of the cryptographic keys. In very simple terms, the higher the bit length, the more secure the key.)

However, there is no officially recognized standard for XChaCha20, and the last attempt to establish one failed in 2020. This has led to a slow uptake of the slightly more secure variant. 

Final thoughts

ChaCha20 is a secure and performant symmetric-key algorithm that is closely comparable to the more established AES (as ChaCha20-Poly1305 is to AEA-GCM).

It offers some advantages over AES, but these are negligible enough that most major industry players see little advantage in changing over from AES. For many, the main benefit of ChaCha20 is that it offers a “backup” algorithm in the highly unlikely event that a major weakness is discovered in AES (or AES-GCM). 

However, the choice of ChaCha20-Poly1305 over AEA-GCM to secure data transmitted using the WireGuard VPN protocol has given new prominence to the algorithm, which may yet have a very bright future. 

The post What is ChaCha20? appeared first on Proton VPN Blog.

Learn more about the different dark webs

• What’s in a name? 
• What is Hyphanet?
• Opennet and darknet
• Is Hyphanet safe?
• How to install Hyphanet
• How to use Hyphanet
• Final thoughts

What’s in a name? 

The original Freenet project dates back to 1999, but recently (March 2023) changed its name to Hyphanet. This is because Ian Clarke, creator of the original Freenet, has started to develop “a successor to Freenet” with “different design priorities”.

This new dark web platform was code-named Locutus, but in mid-2023, the board of Freenet Project, Inc., a non-profit organization that has managed Freenet since 1999, decided to rename the Locutus project to Freenet 2023.

In response, the Freenet community changed the name of the original Freenet to Hyphanet (a reference to underground mycorrhizal fungal networks). 

At the time of writing this article, Freenet 2023 remains firmly at the development stage. An alpha version is available for developers to experiment with, but it isn’t available for general use. This article will therefore focus on Hyphanet.

What is Hyphanet?

Freenet started as a student project by Ian Clarke. This resulted in the widely acclaimed 2001 paper, Freenet: A Distributed Anonymous Information Storage and Retrieval System, which became one of the most frequently cited computer science articles in 2002. 

Unlike other dark web technologies such as Tor and I2P, it’s a pure dark web in that it provides no access to the regular internet. Strictly speaking, it’s a fully distributed, peer-to-peer, anonymous publishing network that offers secure data storage. 

When you join the Hyphanet network, you agree to share a percentage of your local disk space. This space (referred to as a datastore) is securely encrypted, and other Hyphanet members download parts of files from it (similar to BitTorrent). 

However, on top of this basic file-hosting framework, volunteers have developed applications that allow for websites, message boards, and more. A limitation of this system is that websites can’t be dynamic (so they’re always simple static HTML pages). 

An advantage is that web pages (and other data) can be available long after the original host has disappeared. However, if no one accesses data for a long time, it can disappear (this works much like BitTorrent, where files that aren’t actively seeded become de-indexed over time). 

Opennet and darknet

Since 2007, Freenet has offered two “modes” — opennet and darknet. These terms can be somewhat confusing because Freenet’s definitions don’t align with how the public generally understands these terms. 

If you use Hyphanet in opennnet mode, you connect to random peers. As such, openenet mode is similar to Tor Onion Services in many ways. If you use it in darknet mode, you only connect to trusted friends who you’ve previously exchanged public keys and node references with.

It’s these darknets that make Freenet uniquely secure, as it completely blocks outside access to data shared within a darknet group. 

Is Hyphanet safe?

When setting up Hyphanet, you must configure an encrypted datastore on your local disk. This datastore stores fragments of files that other Hyphanet users have uploaded, and you have little or no control over what’s stored there. This prevents Hyphanet users from censoring content by deleting files in their datastore. 

The encryption Hyphanet uses makes it “hard, but not impossible” to determine which files are stored in your local datastore and serves primarily to provide plausible deniability about the nature of the material stored on your local disk. 

Hyphanet was designed to protect the anonymity of those who “insert” (upload) content into the network and “request” (download) it. As with Tor and I2P, you always connect to data stored on Hyphanet indirectly, with your connection first routed through several other nodes in the Hyphanet network. 

Hyphanet bundles packets together and routes them through a varying number of nodes to confuse timing attacks. 

Can Hyphanet be compromised? 

There are a number of reports of law enforcement agencies successfully tracking down Freenet/Hyphanet users, but none of these contain any technical details and have been disputed.

A 2017 paper titled Statistical Detection of Downloaders in Freenet claims to have developed “a passive technique for detecting Freenet downloaders”. But again, this claim is disputed. 

How to install Hyphanet

Hyphanet is available as a Windows .exe, Debian .deb, and Gentoo package. You can also install it on macOS or any Linux system as a .jar file (which requires installing Java). 

The installation wizard does a good job of guiding you through the  setup and then launches the Hyphanet portal in a tab on your default browser. However, you’re strongly advised to run Hyphanet with your browser in Private or Incognito mode, so it’s a good idea to copy the local Hyphanet URL, restart your browser in Private or Incognito mode, and then paste the URL.

The Hyphanet installer also offers to install desktop and menu icons on your system to make accessing Hyphanet easy. 

How to use Hyphanet

Unlike with I2P, Hyphanet doesn’t require you to manually configure your browser’s proxy settings. And unlike either I2P or Tor, its main screen provides a host of useful links to get you started, including an index of Hyphanet websites, a search engine, extensive documentation, developer blogs, plus various email, messaging, and chat tools. 

As noted, all web pages are static HTML, which prevents trackers and other privacy-invasive scripts from being embedded. These take from a few seconds to around a minute to download (in this reviewer’s experience), which is much faster than I2P pages (again, in this reviewer’s experience). 

Many of the utilities available on Hyphanet require the Web of Trust plugin. This attempts to reduce spam and address the fact that anyone can insert content into the Hyphanet network by providing you a cryptographically provable identity with a score value that other community members can assign positive or negative ratings to.

Final thoughts

With no access to the regular internet, a big problem with Hyphanet in opennet mode is that most content is either pointless (“Hi there!”) or illicit in some way. However, its indexes, such as The Filtered Index featured on Hyphanet’s front page, do provide links to potentially more interesting (and savory) content. 

When compared with other dark webs, Hyphanet will always be a niche alternative to Tor Onion Services. However, it is faster than I2P, and a much greater proportion of its links actually work. 

Of course, what really sets Hyphanet apart from other dark webs is the ability to create closed darknets with like-minded people that are almost impossible to detect. 

Because of their closed nature, it’s impossible to know how many people actually use these darknets or to provide any other kind of objective assessment about them. But that’s rather the point.

The post What is Freenet (now called Hyphanet)? appeared first on Proton VPN Blog.

In this article, we look at what keyloggers are, how to detect them, and how to remove them. 

• Keylogger definition
• Are keyloggers malware?
• How does a keylogger infect your system?
• How to detect a keylogger
• Other ways to protect yourself against keyloggers
• Final thoughts

Keylogger definition

A keylogger is any software or hardware device that records your keystrokes when using a computer. Note that “computer” includes mobile devices, as some keylogger software can record your taps and swipes on a touchscreen. 

Software keyloggers are by far the most common, and software keylogging viruses can replicate and infect other devices. 

Hardware keylogging devices might be installed by a manufacturer or government agencies that intercept hardware deliveries. However, the most common type of hardware keylogger is a USB device inserted between a computer’s USB port and its keyboard’s USB connector or dongle (for wireless keyboards). Currently, no known hardware keyloggers can log input from a target mobile device’s touchscreen.  

Most modern keyloggers send the information they collect over the internet to whoever developed or configured them, but some keyloggers (especially physical ones) may require manual retrieval. 

Are keyloggers malware?

Keyloggers are often a form of malware used by criminal hackers to gain illicit access to passwords, bank account details, credit card details, and other highly sensitive information. (Hackers also use hardware keyloggers — a good example is attaching a physical keylogger to the USB ports of computers at an internet café). 

In addition to simple criminal activity, keylogger malware is used for police surveillance,  state-sponsored cyber warfare, and corporate espionage. 

However, there are (more) legitimate uses for keyloggers:

• “Net nanny” software suites often include keylogging capabilities that allow parents to monitor their kids’ online activity and help keep them safe.
• Companies are increasingly using bossware surveillance software with keylogging capabilities (together with the ability to take screenshots and even webcam photos) to ensure employees don’t slack off. The use of this kind of software has skyrocketed as more and more people work remotely. 

How does a keylogger infect your system?

Malware keyloggers infect systems in the same way that other types of malware do.  

• Keylogger viruses self-replicate and spread from computer to computer across networks.
• Keylogger Trojans appear to be legitimate software (or hide inside legitimate software).
• Rootkits may contain keylogger capabilities and can be difficult to detect, even with good anti-malware software.

Learn more about malware

Attackers often distribute malware keyloggers via drive-by-downloads (scripts executed when you visit a malicious website) or phishing (where you are tricked into installing malicious software or clicking a link to a drive-by-download website). 

Corporate or state-sponsored hackers and the police often perform highly targeted attacks against individuals via personalized spear-phishing tactics that use social engineering to trick the victim into installing a malware keylogger. This type of hacker is also more likely to physically access a device to plant a physical keylogger or infect it with keylogger malware. 

Learn more about phishing and spear phishing

More legitimately, it’s perfectly legal for someone to install a keylogger on hardware they own. This includes devices given to children by their parents and laptops supplied to employees. 

Remote employees who use their own equipment are often required to install bossware keyloggers on their hardware as a condition of their contract. 

How to detect a keylogger

Malware keyloggers are by far the most common type of keylogger, so the most effective general defense against keyloggers is to use good antivirus software. 

If you use a public computer to do anything sensitive (for example, at an internet café), it’s always a good idea to quickly check that no strange devices are plugged into its USB ports. If you think you might be singled out for targeted surveillance, you should periodically give your computer a thorough physical examination. 

Other ways to protect yourself against keyloggers

All the usual precautions for protecting yourself against malware apply keyloggers:

• Use good antivirus software
• Don’t open emails from unknown sources
• Don’t click links you’re unsure about
• Don’t install software from untrusted websites

Using two-factor authentication (2FA) is always a good idea, but be aware that malware keyloggers can often steal the contents of your device’s clipboard. Even if you enter the 2FA code manually using your keyboard, a hacker might be able to see this and use the code to log in to your account while the code is still active. 

Additional precautions you can take include:

Use DNS filtering

DNS filtering blocks connections to blocklisted domains. This can help protect you against downloading malware keyloggers from domains that are known to be malicious. If you already have a keylogger on your system, DNS filtering can prevent it from sending your stolen keystrokes back to the hacker. 

Proton VPN offers a DNS filtering feature that’s available to anyone on a paid plan. In addition to filtering out malware, our NetShield Ad-blocker can block ads and trackers. 

Learn more about NetShield

Use a password manager

By far the most common use of keyloggers is to steal usernames and passwords. A password manager such as Proton Pass can autofill passwords, so there are no keystrokes or touchscreen taps for the keylogger to record. 

Final thoughts

Unless you are a person of particular interest to the police, government agencies, corporate hackers, or otherwise have access to valuable assets that could make you a target for cybercriminals, your primary area of concern should be malware keyloggers that opportunistic criminals randomly distribute.

Your best defenses against picking up such malware are using good anti-malware software and being very careful about phishing, which emails you open, and which links you click. 

The post What is a keylogger? appeared first on Proton VPN Blog.

We discuss how to change the IP address of your Windows 10 or Windows 11 device. This doesn’t change your IP address on the internet, although we’ll look at that as well. 

• Changing your IP address on Windows
• How to change your external IP address on Windows
• How to hide your external IP on Windows using Proton VPN
• Change your Windows IP address using a VPN router
• How to change your local IP address on Windows
• Why change your local IP address on Windows?
• Local IPv4 vs. IPv6 addresses
• How to change your IP address on Windows 10
• How to change your IP address on Windows 11
• Frequently asked questions

Changing your IP address on Windows

An IP address uniquely identifies every device connected directly to a network. Networks can be large or small. Large networks are known as wide area networks (WANs), the most notable example being the internet. 

Local area networks (LANs) are small networks that connect devices within a limited area, such as a home, office, or school. Devices connected to a local area network usually connect to the internet via a router and modem. 

Learn more about IP addresses

In this article, we look both at how to change your Windows device’s external IP address that websites, P2P peers, and apps see and also how to change its local IP address that other devices on your local area network use to identify it. 

• How to change your external IP address on Windows
• How to change your local IP address on Windows

How to change your external IP address on Windows

Your external IP address is the IP address you use to connect to the internet. It’s the IP address that anyone on the internet sees, including websites, P2P peers, and the backend servers that your apps connect to. Your external IP address is assigned to you by your internet service provider (ISP).

Most Windows devices connect indirectly to the internet via a WiFi or wired Ethernet connection to a router. The router then connects to a modem (these two are often combined into the same device), which connects to the internet.

In this scenario, your Windows PC’s external IP address that anyone on the internet can see is actually your router’sIP address. All devices that connect to the internet via that router will share the same external IP address (unless you somehow hide your IP address).  

There are several ways to hide your Windows device’s IP address when using the internet, including:

• Tor browser
• Proxy servers
• A virtual private network (VPN)

All of these methods route your internet connection to another computer so that you appear to access the internet from that computer’s IP address (in the case of Tor, your connection is routed through a series of “nodes”, so you appear to access the internet from the last “exit node” in the chain). This is known as proxying your connection. 

Of these ways to proxy your connection, the most effective, useful, and convenient method is to use a commercial VPN service such as Proton VPN. We are a 100% free VPN service with no logs, no data restrictions, and no artificial speed limits. 

We offer this free service because we believe privacy is a fundamental human right that should be available to everyone. If you want to support our mission and access a range of premium features, such as NetShield Ad-blocker, more than 3,000 servers in more than 65 countries, the ability to stream content from around the world, and more, you can sign up for a premium plan.

How to hide your external IP on Windows using Proton VPN

1 Sign up for a free Proton VPN account.

2. Download the Proton VPN Windows app

3. Open Windows Explorer, go to your Downloads folder, and double-click the ProtonVPN_win_vxxx.exe installation file you just downloaded.

• If a new window pops up asking Do you want to allow this app to make changes to your device?, click Yes.

• If installing for the first time, the OpenVPN TAP adapter installation windows will appear. Click Next. 
• The Windows .NET framework might also be required. If prompted, follow the instructions to install Windows .NET as well.

4. Select your preferred setup language, click Next, and follow the wizard to install the app onto your Windows system. 

5. Open the app and sign in using your Proton Account login details. 

6. Click Quick Connect to let the app pick the best server for your location. 

Alternatively, you can manually choose a country or server to connect to. If you are on our Free plan, you can connect to servers in Japan, the Netherlands, and the United States. If you are on one of our premium plans, you can connect to one of over 1700 servers in over 60 countries. 

Your real IP address is now hidden so that it cannot be seen by websites, P2P peers, or other observers on the internet. 

Learn more about VPNs

To make sure your IP address changed, visit a website such as ip.me with and without the VPN connection. 

Change your Windows IP address using a VPN router

Another way to change the external IP address of your Windows PC is to connect it to a VPN router. This is a router configured to route all devices connected to the internet through it (including Windows devices) through a VPN service such as Proton VPN.

Learn how to configure Proton VPN on your router

How to change your local IP address on Windows

Your local IP address is the IP address that your Windows device uses on your local area network (LAN). Your router uses it to send incoming data to the correct device, and other devices on the same local network can see your device’s local IP address. 

A common type of LAN is the home network, where all your household’s laptops, smartphones, tablets, smart devices, games consoles, smart TVs, and other internet-capable devices connect to the internet via a router and modem supplied by your internet service provider (ISP). 

Devices connected to a LAN do not connect directly to the internet, so no one on the internet can see their IP addresses. They see your modem’s IP address (unless it’s proxied — see above).

Below, we look at how to change your local IP address on Windows 10 and Windows 11. This changes your devices’ IP address on your LAN but doesn’t affect the IP address seen on the internet because that’s your modem’s IP address. 

Why change your local IP address on Windows?

By default, most routers dynamically assign IP addresses to devices on a local network using the Dynamic Host Configuration Protocol (DHCP). 

This means the IP address to your Windows PC may change depending on your network configuration (for example, when you take your Windows laptop out of the house and then return with it).

If other devices on your network access your Windows PC via its IP address, it’s a good idea to configure a static IP for it that your router will not change. For example, this would be useful if you use your Windows device as a media or LAN games server.

Local IPv4 vs IPv6 addresses

Windows 10, Windows 11, and most modern routers can use IPv6. Globally, Internet Protocol version 4 (IPv4) addresses are running out. To solve this problem, the much longer Internet Protocol version 6 (IPv6) address system is being rolled out, which vastly increases the number of addresses available.

However, the local IP addresses issued by your router are for private use only and are not affected by the IPv4 global shortage. So while it is possible to configure your Windows device to use an IPv6 address, there’s little point in doing so. 

Learn more about IPv4 vs. IPv6

How to change your local IP address on Windows 10

1. Go to Start → Settings

2. Select Network & Internet 

3. Select your internet connection (WiFi or Ethernet) and click on Properties.

4. Go to IP settings → IP assignment → Edit.

5. Click Automatic (DHCP) and select Manual from the dropdown menu.

6. Toggle the IPv4 switch on. 

7. Fill in the IP settings.

• IP address — This can be any numeric value in the 192.168.0.0 – 192.168.255.255 IP address range.
• Subnet prefix length — 24
• Gateway — Enter the IP address of the router or modem your PC is connected to. This is usually either 192.168.0.1 or 192.168.1.1
• Preferred DNS — Enter the IP address of a DNS server or DNS service (for example, 9.9.9.9 for Quad9).

Click Save when you’re done. 

8. You’ve successfully changed your IP address.

How to change your local IP address on Windows 11

1. Open the Settings app.

2. Go to Network & internet and select your network interface (Ethernet or WiFi).

3. If you have an Ethernet connection, click on IP assignment → Edit.

If you have a WiFi connection, click Hardware properties…

Followed by IP assignment → Edit.

4. Click Automatic (DHCP) and select Manual from the dropdown menu.

5. Toggle the IPv4 switch On. 

6. Fill in the IP settings.

• IP address — This can be any numeric value in the 192.168.0.0 – 192.168.255.255 IP address range.
• Subnet mask — If you know your subnet mask address, enter it. If not, enter 255.255.255.0.
• Gateway — Enter the IP address of the router or modem your PC is connected to. This is usually either 192.168.0.1 or 192.168.1.1.
• Preferred DNS — Enter the IP address of a DNS server or DNS service (for example, 9.9.9.9)
• Preferred DNS encryption — Choose the level of DNS encryption you prefer (if DNS server supports it).

Click Save when you’re done. 

7. You’ve successfully changed your IP address.

Troubleshooting

If you can no longer connect to the internet after making these changes, there are two possible reasons:

1. Two or more devices on your network have the same IP address

Check the IP addresses of all devices on your network and manually change any that have the same IP address using the instructions above.

2. Incorrect subnet mask

To find the name of your network’s subnet mask, Open the Command Prompt ap or Windows PowerShell app and enter the following command:

ipconfig

Look for the Subnet Mask entry under your Ethernet or Wireless LAN adapter Wi-Fi connection.

Frequently asked questions

The post How to change your IP address on Windows appeared first on Proton VPN Blog.

There are a few reasons they may do this:

• To improve the security of office networks
• To prevent customers, students at educational institutions, or anyone who uses a public WiFi hotspot from accessing illegal or undesirable content
• To improve productivity among staff members by restricting access to social media

In this article, we’ll dig deeper into why organizations use content filtering and how they implement it. 

• Why use content filtering?
• How does content filtering work?
• Other reasons for content filtering

Why use content filtering?

A business or organization may implement content filtering for a number of reasons. It’s commonly employed to enforce policies related to acceptable use, security, and compliance in various contexts, such as homes, schools, workplaces, and public networks.

Security

Content filtering helps to protect networks and systems from malware, viruses, and other security threats by blocking access to malicious websites and content. It can prevent employees from inadvertently downloading or accessing harmful files, and also protect them from phishing scams.

Acceptable Use

Many (if not most) organizations have acceptable use policies (AUPs) that govern how their network and internet resources can be used. For example, most companies don’t want staff using their office WiFi networks to access NSFW, offensive, discriminatory, or harassing  content.

Content filtering can enforce these policies by blocking access to websites and content that violate the AUP.

Public WiFi

Similarly, businesses that offer public WiFi services, such as cafés, airports, and hotels, use content filtering to ensure the security and safety of their customers, while preventing access to illegal or harmful content.

This is also true of universities, schools, and other educational establishments, which often impose stricter restrictions on their networks than commercial businesses do.  

Increased productivity

Organizations sometimes use content filtering to increase workplace productivity by restricting access to non-work-related websites, such as social media, gaming, and streaming platforms. 

The aim is to help ensure that employees stay focused on their tasks, but when everyone can trivially access such services on their smartphones, it’s questionable how effective such tactics are. 

Compliance

Businesses often use content filtering to ensure they adhere to industry regulations, legal requirements, and internal policies. This can include complying with data protection regulations such as HIPAA, GDPR, or CCPA by blocking staff from sharing sensitive information via email or other communication channels.

Content filtering can also be used to help ensure compliance with industry-specific regulations. For example, a financial institution might be subject to regulations such as the Sarbanes-Oxley Act or the Payment Card Industry Data Security Standard (PCI DSS), which require strict controls on data access and storage. Content filtering can help enforce these regulations.

Another aspect of compliance is record keeping and auditing. Content filtering solutions may provide logs and reports that can be used for auditing and compliance verification. These records can be critical for demonstrating that an organization is taking the necessary steps to meet its compliance obligations.

Bandwidth management

Content filtering can be used to manage network bandwidth more efficiently by prioritizing business-critical applications and limiting access to bandwidth-intensive activities such as video streaming.

How does content filtering work?

Content filtering can be implemented in various ways. The exact method used will depend on an organization’s needs (and it may use multiple content filtering techniques).

DNS filtering

The Domain Name System (DNS) maps human-readable domain names to their corresponding IP addresses (for example: protonvpn.com to 185.159.159.140). DNS filtering prevents DNS queries for blacklisted domains from being resolved. 

Learn more about how DNS works

In addition to web content filtering, DNS filtering can help protect organizations from malware and phishing threats by blocking access to known malicious domains. It can prevent users from inadvertently visiting websites that distribute malware or host phishing scams.

DNS filtering can also be used to block access to ad servers or domains known for delivering online advertisements. This helps reduce the number of ads displayed when browsing the web, thus providing a better experience for users.

Proton VPN offers a DNS filtering tool on all platforms called NetShield Ad-blocker that can block ads, malware, and trackers.

Learn more about NetShield Ad-blocker 

URL filtering

URL filtering is similar to DNS filtering, except that it blocks content based on its web address. This allows more fine-grained control than DNS filtering, as it can be used to block specific pages on a website, rather than the entire website. However, it’s less useful for blocking other content, such as malware and ads. 

Keyword filtering

Filtering content based on specific words or phrases is useful for blocking access to particular types or categories of websites, such as those which host gambling or adult content.

Whitelisting

Some organizations block access to all web content that can be accessed using company resources except for a predetermined list of “whitelisted” websites. This is usually done for security reasons. 

Content analysis

This is a fairly new type of content filtering that uses machine learning (AI) algorithms, such as natural language processing and image and video recognition, to analyze the content of websites and then implement blocks based on that analysis. 

Content analysis allows for much more nuanced content filtering than the traditional whitelist/blacklist approach. For example, AI content analysis filtering could tell the difference between an adult website and a website that offers sexual health advice.

However, there are numerous privacy and ethical concerns related to AI content analysis. These can be addressed with effective and responsible human oversight, but achieving the right balance between automated content analysis and human judgment remains a challenging issue. 

Other reasons for content filtering

Although the focus of this article is on organizations, such as businesses and educational facilities that use content filtering, it’s worth noting that content filtering is also used in other contexts.

Government censorship

Authoritarian governments around the world block their citizens’ access to content for political, social, or social religious reasons. As well as the kinds of content filtering listed above (often as the ISP level), governments use their power to execute additional types of content filtering.

Search engine blocks — Governments can pressure search engine providers to remove content they object to from search results.

Deep packet inspection (DPI)  — This is a method of examining data packets that pass through a network so that the traffic type can be identified. 

• Learn more about internet censorship and how it works
• Learn more about deep packet inspection

Parental control

A popular use of content filtering is by parents who wish to moderate what their children can access on the internet. Although traditionally performed by “net nanny” software, over recent years there has been a major shift toward using online software as a services (SaaS) solutions for this purpose. 

Final thoughts

There are many good reasons for organizations to perform content filtering. Moving forward, it’s likely that artificial intelligence will play an increasingly important role in this, so it’s important for companies to develop effective and ethical ways to safeguard the privacy of their staff, customers, or students. 

There is also the risk that authoritarian governments will abuse this power to restrict their citizens’ freedom. However, with Proton VPN for Business, you can evade such restrictions, allowing your organization’s staff unhindered to access the free and open internet. 

Learn more about how your business can benefit from using a VPN
[Get Proton VPN for Business]

The post What is content filtering? appeared first on Proton VPN Blog.

It’s a great improvement over its aging predecessor (WPA2), but there remain concerns over WPA3’s security. 

As a “standard”, WPA3 is not a specific piece of software. It’s not even a single algorithm or protocol. Rather, WPA3 is a collection of security methods specified by a certification organization and designated as the global “gold standard” for secure WiFi implementation.

With some 19.6 billion WiFi-capable devices currently in use, the need for secure WiFi is  clear. Let’s look at how your devices are designed to keep you safe.

• WPA3 — a history
• What is WPA3?
• WPA3 versions
• Related WiFi standards
• Known weaknesses
• How to use WPA3 on your router
• Final thoughts

WPA3 — a history

The Wired Equivalent Privacy (WEP) security algorithm, introduced in 1997, was part of the original IEEE 802.11 standard that defined how WiFi networks operate. Unfortunately, it quickly became clear that WEP was fatally flawed because of weaknesses in its encryption algorithm. 

In 2003, the nonprofit Wi-Fi Alliance®  officially announced the successor to WEP —  Wi-Fi Protected Access (WPA) standard, followed in 2004 by WPA2. This standard was considered secure until 2017, despite increasing concerns over its failure to provide perfect forward secrecy.

In 2018, researchers published a white paper showing that all WPA and WPA2 connections could be almost trivially hacked, exposing all data that wasn’t otherwise encrypted. For example, by using a VPN or HTTPS (which was much less common in 2017 than it is now). The only real limitation to this so-called KRACK attack was that the hacker had to be within physical range of the target WiFi network.   

The Wi-Fi Alliance rushed to patch the problem, but since a huge number of old routers remain in use, even WEP remains worryingly common more than 20 years after it was declared unfit for purpose, and billions of WPA2 routers remain in use that are unpatched. 

Fortunately (and much more successfully), Windows, macOS, Linux, Android, and iOS/iPadOS have all been patched to protect against KRACK.  

Nevertheless, few people were surprised when, in 2018, the Wi-Fi Alliance announced a new WiFi security certification, WPA3. 

What is WPA3?

WPA3 defines an amalgam of security standards. Some of these are mandatory and must be implemented for a device to display a Wi-Fi CERTIFIED™ sticker. Some standards are recommended for use with WPA3 but are not required for WPA3 certification. We’ll come to these later.

WPA3 includes many small improvements over WPA2 — far too many to detail here. However, the key improvements are:

Protected Management Frames (PMF)

Management frames play an important role in the underlying structure of wireless networking — notably in authenticating and deauthenticating devices. With PMF, these management frames are encrypted to provide protection against a number of threats, including:

• Disconnect attacks (also known as Wi-Fi deauthentication attacks) — A type of denial-of-service attack that disconnects a device from the WiFi network. Disconnect attacks are often used to facilitate other kinds of attack, such as…
• Honeypot and Evil twin attacks — These attacks attempt to trick you into connecting to malicious WiFi networks, so a hacker can snoop on your otherwise unencrypted browsing history. 

Improved password security

One of the central design goals behind WPA3 addresses the biggest problem with WiFi security — that people use weak, easily-guessed passwords to protect their WiFi networks. And with WPA2, even if you have changed your password to something genuinely secure, hackers can make an unlimited number of guesses as to what it is. 

Known as a dictionary attack (itself a form of brute force attack) hackers can use specialized software to throw thousands of passwords every minute at a route until the correct password is found. 

WPA3 mitigates against such attacks by using a Simultaneous Authentication of Equals (SAE) handshake, which prevents an attacker from guessing more than one password per attack.

This means every time an incorrect password is entered, the hacker must reconnect to the target WiFi network, making dictionary attacks impractical. SAE can also flag when a certain number of password attempts have been made. 

Perfect forward secrecy

A major problem with WPA2 is that it doesn’t use perfect forward secrecy. This means that if a router’s private key becomes compromised in some way, a hacker can compromise all otherwise unencrypted traffic passing through the router. In fact, it’s possible to collect encrypted data that doesn’t use PFS, to be decrypted at a later time if the key becomes available. 

The Simultaneous Authentication of Equals handshake used by WPA3 solves this problem.  Based on a Diffie–Hellman key exchange, WPA3 can implement perfect forward secrecy for WiFi connections, generating a new and unique private encryption key for each WiFi session. 

Learn more about perfect forward secrecy

WPA3 versions

There are two WPA3 standards tailored for different situations: personal and enterprise.

WPA3-Personal

Designed for home use, WPA3 Personal emphasizes convenience over security. Like WPA2, it uses AES-128 encryption in CCM mode, which authenticates the connection and encrypts it. But it additionally offers SAE to prevent brute force attacks (and therefore also perfect forward secrecy). 

Learn more about AES encryption

WPA3-Enterprise

Aimed at businesses, governments, and financial institutions, WPA3-Enterprise offers improved security at the cost of some convenience. For example, WPA3-Enterprise requires additional infrastructure to deploy, including an authentication server to handle device authentication and key management.

Unlike WPA3-Personal, the use of Protected Management Frames secured with 128-bit encryption is mandatory. 

For businesses that require additional security, WPA3-Enterprise offers an optional “192-bit security mode”, that uses AES-128 encryption in GCM mode to secure data and authenticate the connection. This is similar to CCM mode, but is arguably more secure and uses different mathematical equations.

The enterprise version also uses elliptic curve cryptography — a 384-bit ECDH or ECDSA key exchange — which is noted for being both fast and secure. And to validate encrypted connections, it uses HMAC SHA-385 hash authentication. Protected Management Frames must use a higher level of encryption: 256 bits. 

Related standards

In addition to PMF and SAE, the original WPA3 proposal included two standards that were dropped from the final WPA3 certification program. 

Wi-Fi Enhanced Open

Wi-Fi Enhanced Open uses Opportunistic Wireless Encryption (OWE) to greatly improve the security of public WiFi networks, mitigating many of the dangers associated with operating an open network. Wi-Fi Enhanced Open therefore allows for convenience of connecting to a WiFi hotspot without the need for authentication.

Wi-Fi Easy Connect 

A replacement to the wildly unsafe Wi-Fi Protected Setup (WPS), that allows you to connect to a router at the push of a button, Wi-Fi Easy Connect lets you to easily set up a device by scanning a QR code or NFC tag. As a nice bonus, this connection will persist, even if the WiFi password is changed. 

A missed opportunity?

Both these standards are available with their own certification schemes, but not including them in WPA3 was viewed as a mistake by some. This was made worse by the fact that WPA3’s increased encryption key standards are only an optional feature of WPA3-Enterprise certification.

As Mathy Vanhoef, the PhD researcher who discovered the KRACK vulnerability in WPA2 noted:

“Unfortunately, the WPA3 certification program only mandates support of the new dragonfly handshake. That’s it. The other features are either optional, or a part of other certification programs. I fear that in practice this means manufacturers will just implement the new handshake, slap a ‘WPA3 certified’ label on it, and be done with it”.

To be fair to the Wi-Fi Alliance, it wanted a quick uptake of the new standard from manufactures for security reasons, and was no doubt keen to make the transition as painless for them as possible.

To some extent, Vanhoef’s prediction has become true — there are many devices out there which only support the minimal WPA3 specification. However, there are also many higher-end devices that support the full range of Wi-Fi Alliance certifications.  

Known weaknesses

In 2020, Vanhoef published a group of five vulnerabilities, that he collectively termed Dragonsblood (referencing the Dragonfly Key Exchange of which SAE is a variant). These vulnerabilities exploit the fact that WPA3 is usually implemented with backwards-compatibility with WPA2, potentially allowing a hacker to perform a downgrade attack where they trick targets into connecting to a dummy router using WPA2. These WPA2 connections could then be hacked.

The Wi-Fi Alliance quickly announced the issue patched, but a paper published in 2020 (co-authored again by Vanhaoef) demonstrated that these patches were “insufficient”, because of the need for backward compatibility. 

It remains unclear if WPA3, when run in compatibility mode (see below), is still vulnerable in 2023 to Dragonsblood attacks, but devices set to use only WPA3-Personal or WPA3-Enterprise shouldn’t be vulnerable.  

How to use WPA3 on your router

To achieve a WPA3 connection, both the router and the device connecting to the router must use WPA3. Most routers built from around 2020 support WPA3, but people tend not to upgrade their routers often. 

There are consequently a huge number of older routers still in use that do not support WPA3. In addition to this, the huge popularity of IoT devices, many of which still use WPA2, has hindered the widespread adoption of WPA3. 

In theory, manufacturers can push firmware updates to older routers, allowing them to support WPA3. In practice, not all manufacturers do this (and certainly not for their whole back-catalog of router models). And even when they do, few people routinely update their router’s firmware.

To see if your router supports WPA3, log in to its admin page (typically by entering the local IP addresses 192.168.0.1 or 192.168.1.1 into your browser’s URL bar while connected to the router), and locating your router’s wireless security settings.

Most routers aimed at the domestic market default to a WPA3/WPA2 compatibility mode so that older WPA2-only devices can also seamlessly connect to them. Most domestic routers don’t support WPA3-Enterprise, as it’s not necessary for home use and requires additional hardware to deploy.

If your router doesn’t support WPA3, then it’s probably time to get another router. You can then connect it to the (likely low-quality) router/modem (set to run in modem-only mode) provided by your ISP. 

Final thoughts

WPA3 greatly improves on the WiFi security offered by WPA2, with no real downsides. However, nothing is perfect, and WPA3 is no exception. In particular, using WPA3/WPA2 compatibility mode offsets most of the advantages of using WPA3. 

Of wider concern is the fact that standards bodies such as the Wi-Fi Alliance are dominated by vendors who have a vested interest in preventing their unsold and recently sold hardware becoming obsolete. 

Fortunately, the almost ubiquitous uptake of HTTPS over the last few years provides a strong second layer of security when using WiFi to connect to the internet, making the dangers associated with using public hotspots largely a thing of the past. 

Learn more about HTTPS keeps you safe online

The post What is WPA3? appeared first on Proton VPN Blog.

Rebuilt from the ground up, the new Proton VPN Linux app is efficient, elegant, and modular in design, allowing us to easily add new features as we develop them.

An advanced Linux VPN app

Our new Linux app comes packed with a range of advanced VPN features:

• NetShield Ad-blocker — A DNS filtering feature that blocks ads, trackers, and malware
• Kill Switch — Ensures your real IP isn’t exposed if your VPN connection drops
• VPN Accelerator —  Can increase VPN speeds by up to 400% over large distance
• Moderate NAT — Can solve connection problems when playing multiplayer online games, or having video conversations using WebRTC
• Port forwarding — Greatly improves P2P performance
• Auto-connect at startup — Connect to your favorite VPN server on startup
• Pin servers to tray — Provides a convenient way to connect to your favorite servers
• OpenVPN DCO — Provides equivalent speed performance to WireGuard
• Secure Core — A double VPN security solution where the first server is located only in countries with strong privacy laws

Which Linux distributions are supported?

Going forward, we will officially support the Linux app on the latest versions of Debian, Ubuntu, and Fedora. This will allow us to concentrate our energies on delivering the best possible experience for our Linux community.

The app may work with many other Linux distributions (especially ones based on Debian and Ubuntu), but support for using the app on unsupported distros may be limited.

Roadmap

One of the big advantages of our new app is its modular design, which makes it easier for us to develop and implement new features. Current plans include:

• A command line interface — If you need this feature immediately, you can still use our old (v3) CLI tool.
• WireGuard — OpenVPN DCO produces identical speed performance to WireGuard, but we know this is a highly requested feature.

Become a Fedora package maintainer

We’re working on uploading the application to the official Fedora repositories, and are looking for community volunteers to support our mission to make privacy the default for everyone. If you’d like to be a Proton VPN package maintainer in the Fedora Project, please get in touch.

We’re excited about our new Linux app. It marks an important step forward in our support for Linux, an open-source operating system that respects your privacy. 

The post Introducing the new Proton VPN Linux app appeared first on Proton VPN Blog.

PFS is sometimes known simply as forward secrecy by those uncomfortable with the idea that any cryptographic feature might be “perfect”. It can also be more descriptively referred to as using ephemeral encryption keys.

• Public-key cryptography
• The problem
• How perfect forward secrecy solves this problem
• Perfect forward secrecy explained
• The current state of perfect forward secrecy
• Proton VPN uses PFS

Public-key cryptography

For two computers to securely communicate with each other, they must exchange encryption keys. This creates the problem of how to securely communicate the encryption keys, but this was solved in the 1970s with the development of public-key cryptography (also known as asymmetric cryptography).

With public-key cryptography, the encryption software program generates two keys — a public key and a private key. Together, these are known as a key pair. Data is encrypted with the public key, and can only be decrypted using its matching private key.

This solves the problem of how to send data securely over the internet: You make your public key widely available to anyone who wants it. They encrypt data they wish to send to you with your public key, and only you can decrypt it with your matching private key.

In practice, asymmetric cryptography is very slow compared to more conventional symmetric key cryptography (where the same key is used to encrypt and decrypt the data), and so is mainly used to transfer encryption keys (which are small). The data itself is encrypted using symmetric encryption.

Asymmetric cryptography is at the heart of the TLS key exchange used to secure your connection to HTTPS websites. Without it, you wouldn’t be able to perform online banking, securely pay for stuff on the internet, or enter personal information into an online form.

Learn more about HTTPS

Asymmetric cryptography is also used to establish a secure VPN connection between your device and a VPN server. Like HTTPS, the OpenVPN VPN protocol uses TLS for this. As its name suggests, the Internet Key Exchange (IKE) part of the IPsec/IKEv2 encryption suite handles this for IKEv2 connections. 

The problem

This is all great, but there’s a problem. If the same key pair is reused many times and the long-term encryption key (such as the private key of a server) becomes compromised in some way, then an adversary will be able to decrypt all communications that were encrypted using that key pair. All VPN sessions, for example. 

This private encryption key therefore becomes a “master key” that can be used to unlock all communications with a server or company.

How perfect forward secrecy solves this problem

The solution is (at least in principle) quite simple — don’t reuse the same key pair for each session. When developers use perfect forward secrecy, the program generates a new and unique key pair for each session. In fact, it’s even possible to regenerate keys within a session (for example, after a specified period of time). When PFS is used, there is no “master key”.

This means that even if a session is compromised in some way, only that session is compromised. Past and future sessions remain secure. Each and every session must be individually compromised, which is a highly arduous and impractical task against modern encryption schemes.

Perfect forward secrecy explained

Although the idea behind PFS is simple, the math required to achieve it is highly complex. All modern key agreement protocols capable of PFS use a version of Ephemeral Diffie–Hellman (DHE) or ephemeral Elliptic Curve Diffie-Hellman (ECDH) to generate new keys for each session.

The Diffie-Hellman key exchange is not without controversy. Its re-use of a limited set of prime numbers makes it vulnerable to being cracked by a powerful adversary (for example, the NSA). This means that a static (non-ephemeral) Diffie-Hellman key exchange isn’t very secure, but it’s fine when ephemeral keys are used (DHE). 

ECDH is a newer form of cryptography that uses the properties of a particular type of algebraic curve to encrypt a connection, instead of a large prime number. The different math used allows ECDH to be more secure at any given key length, which makes it much more practical to implement securley.  

The current state of perfect forward secrecy

Until 10 years ago, there was a pervading complacency across the technology industry about the need to secure TLS and other internet connections with PFS. 

However, the release of documents by Edwards Snowden in 2013 exposed the breathtaking scale, scope, and sophistication of the NSA and GCHQ’s mass surveillance programs. One of the most shocking revelations was that the NSA adopted a “collect it all” policy — storing vast amounts of encrypted communication data that it could not currently access, but which it hoped to be able to mass-decrypt and access at some future point in time. 

This was followed just a year later by the discovery of the Heartbleed bug, which could be used to compromise almost all HTTPS connections in the world.  Although now fixed, doing so was hugely expensive and multiple major data breaches occurred before any fix was implemented.

In both cases, the use of perfect forward secrecy would have severely mitigated the amount of damage done. Companies across the globe have since scrambled to implement forward secrecy on their servers to secure the privacy and security of their users.

Final thoughts

Perfect forward secrecy is an essential component of any secure communications over the internet. Thankfully, its use is now routine. 

Proton VPN uses perfect forward secrecy to secure all connections to our VPN servers. For example, the cipher suite used by our apps for OpenVPN includes a DHE key exchange, while WireGuard (and Stealth) uses ECDH with the Curve25519 elliptic curve.

To try out a VPN service that uses only the strongest VPN protocols, with strong encryption settings, and perfect forward secrecy, you can download Proton VPN for free.

The post What is perfect forward secrecy? appeared first on Proton VPN Blog.

A zero-day exploit (or attack) is a cyberattack that takes advantage of a zero-day to compromise a computer system. As with any cyberattack, they can be used to compromise systems, steal data, or execute malicious code without any prior warning or protection in place. 

• Why does software have security vulnerabilities?
• What is a zero-day exploit?
• Who uses zero-day exploits?
• How to prevent zero-day exploits
• Notable zero-day exploits

Why does software have security vulnerabilities?

No software is perfect. Even relatively simple apps and programs consist of many thousands of lines of highly complex code, and many popular software suites consist of tens of millions of lines of code. 

No developer, no matter how expert and security-focused they are, can guarantee that no mistakes have been made in their code, or can fully predict the security implications of their program’s interactions with the host operating system, with other apps installed locally on the same computer, with backend APIs and other cloud-based infrastructure, and more.

This means all but the simplest software has multiple vulnerabilities and weaknesses that can potentially be abused to comprise the software itself, the system it runs on, or even all systems connected to it over a network. 

To address this problem, developers routinely check their code for bugs and other issues that might be a security risk. They then write new code to fix or mitigate against the issues they discover, and release these fixes to the public as security updates or patches.

Unfortunately, developers and other legitimate security researchers aren’t the only people who scour software code with the aim of uncovering vulnerabilities. When a hacker discovers a vulnerability in a program before its developers do, it’s called a zero-day.

What is a zero-day exploit?

A zero-day exploit is malicious code written to leverage a zero-day vulnerability. The export can then be used to perform a cyberattack. They are particularly dangerous because the developer is simply unaware of the vulnerability, and therefore has no opportunity to write a patch or otherwise mitigate against the issue.

This often means that the only defenses against a zero-day exploit are routine security measures such as intrusion detection systems, behavior-based anomaly detection, and network monitoring.

Developers often first become aware of zero-days when they are actually exploited — that is, when they are used to attack a system or organization running the affected software. However, it is entirely possible for zero-days to be repeatedly exploited by many cybercriminals over long periods of time before developers even realize their software is under attack (the Pegasus zero-day discussed later in this article is a food example of this). 

Who uses zero-day exploits?

Cybercriminals

Criminal hackers routinely use zero-day exploits to steal data or implant malware (such as keyloggers or ransomware) on target systems.

Many hackers who research and discover zero-days don’t exploit the zero-days themselves. Instead, they sell them on the dark web, where there is a thriving market for zero-days. This can he highly lucrative for the discoverers of zero-days, while being less risky than performing the actual criminal attacks themselves.

It’s not uncommon for hackers to offer software developers the first chance to buy zero-days for their own software, and some “white hat” hackers will even voluntarily disclose zero-days to developers without asking for compensation.

Cyber warfare

State-level actors particularly value zero-days that can be exploited to target networks and systems relating to national infrastructure and national security. They often hoard such knowledge as powerful weapons in their cyber warfare arsenals. 

Corporate espionage

Commercial companies sometimes use zero-day exploits to steal information or otherwise gain an edge over their competitors.

Government agencies

It has been largely documented that government agencies such as the United States’ National Security Agency (NSA), and the UK’s GCHQ use zero-days exploits to gain backdoor access to domestic companies. Companies that provide communications or internet access and infrastructure hardware that allow for mass surveillance are particular targets.

How to prevent zero-day exploits

Since zero-day attacks exploit vulnerabilities that are unknown to the developers of the software you use, there’s no reliable way to prevent them. However, there are steps you can take to enhance your personal cybersecurity, reduce the risk of falling victim to such attacks, and to mitigate against the damage these attacks can cause.

1. Keep your software updated

Regularly update your operating system, web browsers, and software applications to ensure you have the latest security patches. Zero-days are often exploited in outdated software, and when a zero-day is discovered and developers patch it, you’ll be protected against it. 

2. Use a reputable anti-malware program

Install and maintain a trusted antivirus or anti-malware app on your computer, and keep it up to date. This can help detect and block known malware and suspicious files. Software capable of performing heuristic analysis are particularly useful against zero-days and other unknown threats (such as virus variants in the wild).

3. Use a firewall

Firewalls allow you to monitor and control network traffic as it enters and exits your computer. Enabling your computer’s built-in firewall or using a third-party firewall can help block unauthorized access to your system.

4. Use strong, unique passwords

Create strong, unique passwords for your online accounts and avoid using the same password across multiple sites. A good password manager, such as Proton Pass, can generate and store complex passwords securely, remembering them so you don’t need to. 

5. Enable two-factor authentication (2FA)

Whenever possible, enable two-factor authentication for your online accounts. This provides an extra layer of security by requiring a second authentication method, such as a one-time code from a mobile app or a text message. Proton Pass has a built-in two-factor authenticator.

Learn how to use 2FA in Proton Pass

6. Be cautious with email links

Zero-day attacks can often begin with phishing emails. Be skeptical of unsolicited emails and links in emails, especially if they come from unknown sources. Don’t click on suspicious links or download attachments from untrusted senders. 

7. Regularly back up your important data

Regularly back up your important data to an external drive or cloud storage. This can protect your files in case of a ransomware attack or other data loss.

8. Regularly review your app permissions

On your mobile devices, review the permissions you give to the apps you install. Ensure your apps only have access to the data and features they truly need.

9. Disable features and services that you don’t need

Any code ruining in your device can be exploited, so features, apps, and services that you don’t use are an unnecessary security risk that are often targeted by hackers. For example, a zero-day in Apple’s iMessage app allowed the Israeli NSO Group to hack into at least one Bahraini activist’s iPhone.

Notable zero-day exploits

The Zero Day Initiative recorded a single vulnerability in 2005. By 2016, this had risen to 700 vulnerabilities, and as of November 2023, the organization recorded over 1,550 zero-day vulnerabilities. 

Some of the most infamous zero-day exploits include:

EternalBlue

A powerful zero-day exploit developed by the US National Security Agency (NSA) sometime around 2011, EternalBlue exploits a vulnerability in Windows’ Server Message Block (SMB) protocol, allowing attackers to run code on target computers. 

The NSA knew about this Windows vulnerability for around five years, and allegedly only warned Microsoft about the exploit once EternalBlue had fallen into the wrong hands. Microsoft released a patch for the vulnerability, but many Windows users don’t update their systems. 

Since escaping the NSA, the EternalBlue exploit has been used in many high-profile cyberattacks, notably being used by hackers to spread the notorious WannaCry ransomware in 2016.

Stuxnet

In 2010, a self-replicating computer worm caused the gas centrifuge motors at a number of nuclear facilities around the world to self-destruct without triggering the alerts and safeguards that should be in place. 

Although never conclusively proved, it is widely speculated that Stuxnet was developed by Israel, working in collaboration with the United States, to impede Iran’s nuclear program at its Natanz nuclear facilities. However, once “in the wild”, Stuxnet infected numerous nuclear facilities around the world. 

Yahoo! data breach

Yahoo has been victim to a number of high-profile data breaches in recent years, but the first of these, which occurred in August 2013 as a result of a zero-day attack, is notable for its sheer scale.

Now considered the largest known breach of its kind, in 2016 Yahoo! revealed that some three billion of its user accounts containing sensitive information, including passwords and unencrypted security questions and answers, were compromised.

Verizon was in the process of acquiring Yahoo! When the news broke, resulting in about $350 million being wiped from the purchase price. A zero-day exploit in Yahoo!’s code caused the breach.

Pegasus

A spyware tool developed by the Israeli company NSO Group, Pegasus has been used to target journalists, activists, and politicians around the world. Pegasus exploits zero-day vulnerabilities in iOS and some Android devices to gain access to sensitive data, including passwords, contact lists, calendar events, text messages, and live voice calls.

Pegasus has been targeted at numerous politicians and human rights activists around the world, including the Egyptian prime minister, French President Emmanuel Macron and 14 of his ministers, and political opponents of Hungarian Prime Minister Victor Orbán.   

Final thoughts

Zero-day exploits are often devastating because it’s all but impossible to prevent or effectively mitigate against something you don’t even know exists. However, individuals, companies, and software developers can minimize the risk by respond effectively to security breaches by being vigilant, staying informed, and following best practices

The post What is a zero-day exploit and why are they dangerous? appeared first on Proton VPN Blog.