IP addresses are not infinite, and the majority of the currently most popular Internet Protocol IPv4 IP addresses are being exhausted in combinations. As such, IPv6, the next generation Internet protocol was introduced to replace the IP version 4, allowing more users and devices to generate more complex IP addresses.
Although majority of the Internet users are using the IPv4 Internet protocol, a few Internet providers have started to provide IPv6 support as well. As such, many VPN providers are faced with a challenge to ensure that a person who has IPv6 is made aware that their protocol might not be compatible with the VPN service that mainly supports IPv4 servers, while switching from one to another seamlessly. NordVPN is proud to say that all the platforms currently supported by NordVPN have an IPv6 Leak Protection.
In a nutshell, if a NordVPN customer were to have an IPv6 IP address, their IPv6 interface would be blocked and only IPv4 traffic would be rerouted and encrypted with NordVPN, which ensures that your real IP address never leaks.
How to send an anonymous email
What the governments and tech companies used to tell us is that we’re increasingly safer and more secure online. That our privacy is paramount. That they have our best interest at heart. Our emails are safe from all prying eyes.
But when Edward Snowden released the secret NSA documents to The Guardian US, Der Spiegel and The Washington Post, we found out that was a lie. The businesses that we had entrusted with our information had been given up to the government. None of our information was secure.
At least, that is, if we choose to only depended on the goodwill of these organizations.
There are many people who would like to keep their information private. They can be political activists being clamped down on by the government. Whistleblowers like Snowden. Or it could just be average people who want to know that no one is watching them.
One of the most important ways we communicate is by sending and receiving emails. Most of us have a lot of sensitive information in there, and the idea that someone is potentially viewing all that information, or has the ability to, is unsettling.
There are generally three steps to send anonymous, untraceable emails so that you can be comforted in knowing your information is safe.
Step 1: Use a VPN and/or Tor
Screen Shot 2016-09-22 at 4.24.35 PM
Tor (The Onion Router) anonymizes your communications online by relaying your traffic through nodes all over the world. They bounce it around before it reaches its final destination, making it complicated to figure out where the communication originally came from. The system is great and is improving constantly, as the governments try to find ways to track down Tor users.
A VPN (Virtual Private Network) hides your IP address by creating a secure connection to a server of your choosing. All information is encrypted when you browse the web, as a secure tunnel is created from your computer to the internet.
NordVPN has great features, along with a Strict No Logs policy, meaning no record of your communications exists.
But even better, for extra security, NordVPN offers Tor over VPN, so that instead of choosing whether to use Tor or VPN, you can just use both.
Step 2: Use anonymous emails
Now that your communications in general has been anonymized, let’s focus on the actual email part. First of all, you do not want to use your primary email (i.e. Gmail) or workplace account to ensure your information is not traced on a network level.
Instead, you can use “burner” email accounts or encrypted email services. There is a wide list of options to choose from nowadays.
Some of the more popular secure temporary emails include Tor Mail (you’ll need to have Tor to use it), Guerrila Mail (all mail is deleted after an hour), The Anonymous Email, or even more short term option- 10 Minute Mail, a service that begins the clock immediately when you visit their page and you only have ten minutes to use the unique email address.
Screen Shot 2016-09-22 at 4.25.27 PM
An alternative for using your regular mailbox is setting up an encrypted email service. Some of the more popular ones include ProtonMail, Hushmail or Tutanota. Email encryption services are becoming increasingly user friendly. Read more about specific encrypted email provider option in our earlier blog about email encryption cryptography.
Step 3: Be smart
Now that you’ve hidden your IP address and use anonymous email services, you’re safe, right?
No matter how many layers of security you’re using, if you engage in certain internet behaviors, you’ll be traced. For example, if you log into your primary Gmail or work account, or check in at your cousin’s house on Facebook, you’ll be found out.
If you post regularly on social media, you are probably giving up your personal information willingly.
Related: Going beyond a VPN – what behaviour can render your VPN useless
The last best defense against having your information snooped, stolen or worse is you and your style of communication while on the internet.
When Your Email Gets Hacked, Follow These Steps
When your email gets hacked, it’s likely you don’t even know it until you get strange calls from your friends and family telling them they got a strange email from you.
Although most people are by now aware of what kind of emails appear authentic and what kinds do not, you shouldn’t take this lightly. A compromised email means that the hacker is one step closer to stealing a lot of your personal information.
Think about what kind of information you usually store in your emails: passwords, personal photos and videos, sensitive work details, sometimes even passwords to other sites. If your email account has been hacked, you should act quickly to make sure they don’t get your other important information.
Follow these steps to keep yourself safe and ensure it won’t happen again.
#1: Get back into your email
When your email has been hacked, there’s usually two options: either the hacker left your password unchanged, or you’re now blocked out of your own account.
For the most part, hackers leave the passwords unchanged, so the first important step for you to do is to log inside your own email account. For the second choice, simply click on ‘Forgot Password’ and reset your password.
Now that you’ve got your own account, immediately change your password. It shouldn’t be ‘password’ or ‘mommylovespuppy.’ Your password needs to be strong. Try this trick: if you agree with the statement “I love to take my dog for a walk every morning” and can remember it, turn it into 1l2tmd4awEVm (replacing I with 1, to with 2, and for with 4). Or you can use any variation thereof that mixes uppercase, lowercase and numbers.
Even more, use two-step authentication, so that whenever you enter a site from a new location, your email client will send you a code by text message or through an app. That way, if you’re in Chicago and someone tries to log in from Moscow, they won’t get in without your code.>
#2: Make sure nothing else has been compromised
Immediately after you get control back of your hacked email account, change the passwords on all your other accounts. That includes Facebook, Amazon, Twitter, LinkedIn, and of course your banking accounts. This is especially important considering that the hacker can use your email account to gain access to your other accounts. They just use the ‘Forgot Password’ feature on those accounts, which will send a verification to your email account.
In order to check this, go through your Spam and Trash folders on your hacked email account and see if there’s been any password reset emails.
#3: Check your email settings for spam
It’s possible that, even after you’ve recovered your email, hackers altered your settings in various ways. One way is to automatically forward your emails to another account, so that the hacker can see what emails you’re receiving. You’ll need to go through your forward settings and see if anything has been altered.
Another thing hackers may do is change your signature or out-of-office reply. They may have added a link to your signature or out-of-office reply, so that anyone you send emails to will click on the links and visit those malicious sites.
#4: Ensure it won’t happen again
Now that you’ve recovered your hacked email account, you want to make sure it doesn’t happen again. As I mentioned above, the first good defense is a really strong password. The best passwords are a random string of characters totaling 16 or more—but of course, they are extremely hard to remember. For great security with not much memory required, get a password manager like LastPass or 1Password.
Besides that, you should use only private networks. Many people get their information stolen while on holiday. They log in into the free wifi in the hotel lobby or at a coffee shop, library, or other public places and get compromised. Read our earlier blog post here about how to protect yourself from what’s known as Evil Twin Hotspots, fake wifi hotspots set up to steal your data.
Related: How to send an anonymous email
Another option, instead of avoiding all free wifi, is to use a VPN, such as NordVPN’s. It has great features with flexible pricing. It works by creating a secure connection to a server in a location of your choice, so that all your communications go through there. That means, even if someone is snooping to catch your data, seeing as all your information is encrypted, they’ll just end up getting gibberish.
IP addresses are necessary for communication to take place across the internet. However, anyone can see what city you’re connecting from and find out even more personal information by just looking at your IP address.
Your IP address is like your physical address. Just by knowing it, someone can’t attack you directly, but with enough time, efforts and motivation, hackers can try to break in.
That’s why it’s best to always be cautious. You wouldn’t go around giving your real address to random people on the street. In the same way, you shouldn’t be giving your IP address to every site you visit.
Hiding your IP address is a basic step for many privacy-conscious internet users. Especially, it is necessary for journalists working on sensitive topics, or anyone else who’s concerned with their location being discoverable online.
So today we’ll look at the three best ways to keep your location hidden.
1. Use a Proxy
The first and possibly the fastest option is to use a web proxy. When we normally connect to a site, it’s pretty straightforward. A connects to B, and that’s it. A proxy is like a middleman that connects your A to website B, and you can picture it as A→Proxy→B and back.
However, there’s only one hop separating you from the site you’re visiting, and your data isn’t always secured. Out of the three options to hide your IP address, proxies are the least secure and they may not provide adequate stability or reliability for long-term use.
Nonetheless, NordVPN’s proxy extension for Chrome does encrypt your browsing data.
2. Use Online VPN
VPN (Virtual Private Network) is perhaps the best option to hide your location.
In general, it works similarly to a proxy. The only problem with a proxy is that the Internet traffic to and from a proxy remains unprotected. Any snooper, hacker or a government body can intercept that information through various means and read the content of your communications.
VPN establishes a secure connection to a server in a location of your choice, which then connects to a website you want to visit. All encrypted information is sent through this server and then back to you. This one we can think of as: A-?→VPN-?→B and back.
Because of that extra layer of security, your information is protected so snoopers would only see an incomprehensible jumble.
VPN services offer more features. NordVPN, for example, adds an extra layer of security with its’ Double Data Encryption. It also has a Strict No Logs policy (no records of your communications), an automatic Kill Switch (so no accidental leaks of your data) and many, many other features.
3. Use Tor
Screen Shot 2016-08-26 at 4.49.04 PM
Another good option is to use Tor (The Onion Router), which works by sending your communications through a number of nodes throughout the globe, bouncing it around. It’s great because one node only knows the node that came before it and the one after it, so it’s extremely difficult to trace the original connection back to you. Think of this one as A→T→P→X→J→B.
Although Tor is a good option, it does have its drawbacks. It isn’t the easiest thing to set up for a regular user, nor does it provide practically what is offered theoretically, although they are constantly working on fixing and improving their limitations.
Hackers are getting creative to get access to our private data. They know it’s valuable and they are eager to exploit it. This is seen in the global rise of identity theft and Ransomware cases. No one’s data is immune.
Ingenuity and diversification in methods of snooping ones private data has advanced faster than we adapted to using the web. It is time to learn where dangers lurk and exercise due diligence if you are to keep your data out of harm’s way.
Let’s begin by going over one of the most popular data extraction techniques – phishing emails. Every year statistics show an alarming rate at which this tactic is continuing to trap people into revealing their personal data.
What is a phishing email?
An email that employs various tactics to trick you into clicking on a malicious link, or revealing your personal information. You’d think over time, less people would fall victim to this cyber crime, but ‘phishing tactic’ is relentless and catches more people off guard one would expect. But alas, many of us notice something is off too late, where realization sets in after too much info has already been divulged.
How to avoid and spot them?
1. Don’t rely on spam filters alone. Most email providers managed to block users who send phishing emails by just sending them to the spam folder, but then there several cleverly crafter alternatives that might penetrate this protection.
2. Check: Whose name is on the email address? First of all, you should flag a suspicious email just by looking at the name of the email address. Typically we have a list of contacts we expect to receive an email from once in a while. So if you see that Johnny Depp or David Hasselhoff is emailing you – chances are the email might be a click-bait. If you don’t trust the name on the email address, then don’t go any further. For clarity, email the person you doubt has send you something with a suspicious headline – to verify if indeed they sent it, or was their mailbox compromised to send fake emails.
3. Ask yourself: Do I need to click the link? If by any chance curiosity got the better of you and you decide to open the email, beware that clicking on the links in the email might infect your internet enabled device with malware. A lot has changed from the first malware examples when you’d get an email from a Nigerian prince, who has money stored in a bank but can’t access it because he needs $20,000 to activate his account… fact checking that there is no such thing as a Nigerian prince saved people from falling pray to scammers. Nowadays phishing emails are more elaborate with each passing day. Some pretending to be from your tax refund service, others from your friends. Just remember to be wary of the links – they could lead to look’a’like websites and mislead you to enter your personal details, or download a virus or hold your computer for ransom.
4. Are there spelling mistakes in the email? Brands that send emails to their customers focus on the details and triple check for errors. Cyber criminals in their haste to steal often neglect these things. If there are spelling mistakes in the email, then it’s a good reason to doubt its authenticity. Stop and don’t go any further
5. Who is the email addressed to? Companies that ask for more of your personal details typically address you by full name. If an email has an odd or incomplete information in addressing you, then there is a reason to get suspicious.
6. Double check the product being advertised
If by any chance a link seems to excite you and you are curious as to what is on the other side, you should search the net for the deal you are being offered. If the deal is too good to be true, its almost certainly a scam. Ticket giveaways, expensive trips.. all should be verified.
If you have any examples to share with the rest of the community – let us know in the comments section below. Thank you!
It can be worrisome to continuously hear reports on major online security and data breaches. The biggest recent cybersecurity stories include the Dyn DDoS attack, the massive Yahoo! breach and the continuous LinkedIn problems. We continue learning that large businesses and consumers alike are targets to threats associated with cybercrime and online security violation, as information we share and transmit is valuable and can easily be exploited.
One particular growing online security concern we wanted to cover is mobile device security. Recent studies show, that an average mobile user spends over 2.5 hours online via a mobile each day. The convenience of a mobile device has quickly made it the choice for social interaction, news sharing and even shifted our preferences in ways we conduct certain business and financial transactions.
With the increased use of mobile devices, one must be cautious of possible security threats, including but not limited to theft of sensitive data, theft of intellectual property, personal data hacking, cyber bullying and more. When shopping, banking, or sharing personal information online, take the same precautions with your smart phone or other mobile device that you do with your personal computer, plus beware of unique threats mobile device users face.
Using public Wi-Fi. While online data access and international data roaming fees remain generally expensive or limited around the world, Wi-Fi connection is often sought by mobile device users. Threats include access to the data on your device and luring the sensitive information from you by misguiding you to use malicious web or data services. Phishing is very common when mobile device user are traced and vulnerable using a public hotspot.
Charging your phone. Be careful when charging your mobile device at an unknown source, such us public charging station. When charging your mobile device via USB, make sure to use a trusted computer, otherwise a malicious device could gain access to your sensitive data or install new software.
Using bluetooth. Turn off bluetooth when not in use – leaving your bluetooth connection unsecured can lead to unwanted hacker attacks. An attacker may be able to infect your cell phone with a virus, steal your phone or wireless service, or access the data on your device.
Leaving device unattended. Protect your device and do not leave it unattended. Always use a password to protect your device – don’t fool yourself into thinking it is easier not to have a password, because you’ll also make it easier for criminals to exploit your data.
Software is outdated. Keep your software up to date. Security glitches are often resolved in app updates.
Downloading new apps. Be careful when downloading new apps. Exercise caution to make sure you are not receiving any unwanted and malicious software (malware) hidden within the new game or other application that you are purchasing/downloading. Mobile malware is designed to either steal your data as you use your device or to charge money to your accounts without you knowing it.
Getting exposed to cyber bullying. If one’s device is hacked, photographic, video or web-cam data may often become targets of online theft. Sensitive information can later be used in cyber bullying and/or harassment. This is a growing concern for teenage mobile users where mobile device usage is surpassing over 80%. Some examples of cyber bullying include breaking into someone’s email or social media account to send harsh or untrue messages while posing as that person, tricking someone into revealing personal information and sending it to others, or using the stolen private information to threaten or blackmail someone. Neither kids, adults or celebrities are immune to cruel ridicule if personal information is leaked. Severe consequences are prevalent among teenage population who often lack the necessary support once the sensitive information is leaked and personal security is breached.
Access is given to minors. Make sure you monitor and secure the online behavior of a child using a mobile device. Some threats include gross overspending on games, access to inappropriate content, being targets of aggressive advertising, or being led to revealing sensitive information via careless or misinformed conduct.
Remember: once someone has access to your data, they can use it to access your online accounts, buy things with your credit cards or even pretend to be you online. Protect yourself in the increasingly hyper-connected world, where online security breaches are more frequent that you think.
Subscribing to a VPN (virtual private network) such as NordVPN could help tackle some of the concerns listed, with features like no log keeping, double encryption and more. Protecting your identity in the virtual world is key if you want to protect your private data. Remember: as mobile device use is on the rise, so are the online security risks.
VPNs and proxy servers are used by people all over the world – both for protecting their identities from being discovered and for accessing geo-restricted content. Since both of these services can get this job done, people tend to believe they are essentially the same and speak of them interchangeably. However, there are a number of differences between the two services. Let’s have a look at each of them separately and then compare the two.
A Virtual Private Network connects you to the internet through an alternative path from the one offered by your ISP (internet service provider). It encrypts all the traffic flow between the internet and your device. Furthermore, it prevents your ISP from monitoring your internet activity and collecting data about you. The only information visible to them is the fact that you are connected to a VPN server – nothing else. All other online data is encrypted with the VPN security protocol.
NordVPN offers a number of other features for security and entertainment, such as the automatic kill switch, DNS leak resolver and SmartPlay for accessing hundreds of streaming services around the world.
It is important to note that some VPN providers store information about user IP addresses, DNS requests and other details. In order to keep your activity online truly private, you need to choose a trustworthy VPN that does not log usage data.
Related: NordVPN no-log policy
Proxy servers are no more than relays between the host server and your system. All packets exchanged between the internet and your device go through a remote machine used to connect to the host server. The IP address of the proxy server appears to be that of the remote machine (in some cases, computers of other proxy users are used for this), which enables the user to hide their true IP address. Proxies do not encrypt the traffic between the internet and user’s device. There are two types of proxy servers:
HTTP Proxy Servers – These cater only to webpages, i.e. traffic that begins with http:// or https://. They are useful for web surfing or accessing blocked sites. This is because there is no slowdown in the connection speed due to encryption. However, they only work for accessing websites and need to be configured separately for each browser.
SOCKS Proxy Servers – These do not interpret network traffic at all, which makes them lower-level filtering proxies. Although they can handle all kinds of traffic, they are usually slower than HTTP proxy servers because they are more popular and often have higher load.
Proxy vs VPN
Here is a quick comparison between the two:
VPNs encrypt all traffic between the internet and your system while proxy servers do not.
VPNs are slower because of the encryption, while proxy servers are faster.
VPNs are usually paid and the available free ones either have multiple limitations, or sell their users’ data. Many proxy servers available for free.
Connection drops on VPNs are less frequent than on proxy servers.
Every time you connect to VPN, your real IP address is replaced with another one, generated from the remote VPN server you select. If you connect to a server from the countries list or let the NordVPN app choose the best server by using auto-connect, you may end up in a different server every time, effectively appearing as a different person every day. If you have a specific favorite server on the server list and connect to it daily, then your IP address will remain the same.
All these IP addresses are static-shared. That means that everyone connected to the same server will receive the same IP. Such configuration adds additional security benefits, particularly because no Internet activity can be traced back to an actual user. However, in some cases it might cause problems. Shared IP addresses may get blacklisted by some webpages, various sites may ask you to enter ‘captchas’, and so on.
The shared IP addresses work for most VPN users just fine. However, some customers need a personal static IP to access certain websites, databases, servers, and more. To accommodate them, NordVPN offers a number of dedicated IPs for an additional fee. This way, users can enjoy the benefits of full encryption without the risk of other users with the same IP address jeopardizing their access rights.
The dedicated IPs are available in the United States (Buffalo), Germany (Frankfurt), the United Kingdom (Milton Keynes) and the Netherlands (Amsterdam).
If you are a NordVPN customer and wish to purchase a dedicated IP address, please contact us here, and our support team will assist you with further instructions.
Benefits of using dedicated IPs:
You are not sharing IP address with anyone. Your favorite websites will never be blocked because of inappropriate activity of your “IP colleagues”, as you simply won’t have any.
A dedicated IP address guarantees a stable access to major websites such as Gmail, Ebay, Paypal, etc. These websites have implemented an IP limit for accessing your account. That’s why accessing these services from different IPs may lead to your account being blocked.
Running an FTP server on a dedicated IP helps you transfer your files from one device to another without a need to upload files to a third party like Dropbox, Google Drive, etc.
Reliable 2048-bit SSL encryption guarantees total security.
Please note that in order to use the dedicated IP feature, you need to have an active NordVPN account. Of course, you will still have access to the regular service. Increase your cyber security with advanced features like Double VPN, military-grade encryption, no logging and many more!
As time goes on and technology increases, we are becoming more and more tethered to our phones. In fact, we use our phones more for everyday tasks and socialization than for actual calling.
In fact, our phones in general are heading more in the direction of a personalized assistant than a way to communicate by voice to people in far locations. This is not a bad thing. However, as there are two sides to every story, there is some caution we should practice.
The sensors tracking everything you do
The problem comes with the increase of sensors in our phones. Sensors are any physical components in your phone that measures physical aspect and then converts that into a signal—data.
These sensors come in various purposes and themes.
First of all are the sensors of movement: accelerometer and gyroscope. The accelerometer measures your physical movement and orientation. The gyroscope measures your angular rotation across the three axes and, coupled with the accelerometer, gives a very accurate picture of your movements in general. With this, anyone reading the data can tell whether you are sitting, standing still, walking, bending forward enough, etc.
There’s also the proximity sensor which can recognize when your phone is moved toward or away from your face when you make a call (which is why your screen is off when you’re talking on it). Beyond that, there’s the ubiquitous GPS chip to plot your exact location on a map and a magnetometer to detect magnetic North. And of course, there’s the camera’s array of sensors and the microphone.
The sensors also include the environmental type that measure temperature, pressure and light. The newest type of sensor is the fingerprint sensor first popularized with the iPhone 6S and Samsung Galaxy S7. And it is more common for new phones to have sensors related to health and fitness, such as a pedometer to measure your steps, a heart rate monitor, and more.
With data from just one sensor, the amount of information that any program or company can tell about you is limited. However, the problem comes into play when you combine the data from all these sensors—and the story they tell is pretty accurate.
For example, Tony Beltramelli, a Computer Science Master’s student at the IT University of Copenhagen, showed how software on a smartwatch could use the sensors available to determine the wearer’s passwords and PINs.
Even scarier is the fact that many of these apps are recording data about you constantly, whether you are aware of it or not. For example, Google keeps your voice searches for a long time after you’ve initially made them. The same company also records all your steps and movements (which I’m sure you’ve experienced with a few ads or suggestions from the company). Apple Health tracks all your movements, even though you may have another app for that.