A 5-post collection

Padlocks, Phishing and Privacy; The Value Proposition of a VPN

I want a "secure by default" internet with all the things encrypted all the time such that people can move freely between networks without ever needing to care about who manages them or what they're doing with them. I'm a massive proponent of Let's Encrypt's and Cloudflare's missions to secure the web and of browser paradigms such as HSTS [] and upgrade-insecure-requests via content security policies [

I'm Partnering with NordVPN as a Strategic Advisor

I love security. I love privacy. Consequently, it will come as no surprise that I love tools that help people achieve those objectives. Equally, I have no patience for false promises, and I've been very vocal about my feelings there: > But one of them is literally called “Secure VPN”, how is this possible?! “Are You Using These VPN Apps? Personal Info Of 20 Million Users Leaked: That’s 1.2TB Data” — Troy Hunt (@troyhunt) July 20, 2020 [

Mandatory ISP data retention and the law of unintended consequences

Well, good one Australia, UK and whoever else has embarked on this hare-brained scheme, you've just made things a whole lot worse. Our respective governments (in all their ivory-towered wisdom), have decided that because one of us could one day decide to become a terrorist, they'd better keep a big whack of our internet browsing history just in case. The theory these genius policy makers have is that if they can probe into all our lives far enough, they'll be able to see when we're doing terrori...

The importance of trust and integrity in a VPN provider (and how MySafeVPN blew it)

I went to Helsinki a couple of years ago. I was there running a security workshop for a local company and whilst in town, I caught up with Mikko Hypponen []: > Troy Hunt (@troyhunt []) in Helsinki today. Troy's service is highly recommended! Use it. [] — Mikko Hypponen (@mikko) May 28, 2015 [] Now Mikko is a very inter...

Get Cloak. Go Dark. VPN’ing out from the Great Firewall of China

Let’s go through just some of the ways you can hand your valuable datas over to people that want to get somewhere in between you and whatever service it is you want to talk to at the other end. You can get pineappled [] and certainly that’s been a favourite of mine to demonstrate because it’s just so damn easy (it’s also kinda cool, if I’m honest). The router you connect through can be pwned and its DNS changed to hel...