Mullvad app 2019.8

The Mullvad app version 2019.8 for Windows, macOS, and Linux has been released offering you more control over bridge connections and WireGuard key management.

None of use here at privacynow.eu use the bridge function per default, but if you do you’ve got a nice new feature in the 2019.8 release as you now in a very convenient way can choose both entry and exit node.

For Linux and macOS users, the WireGuard key management has been improved. The WireGuard performance over 4G networks has been improved.

Mullvad say a number of Windows users were suffering from DNS issues with the app. This issue has been resolved, and as a result, most Windows users should experience noticeably quicker connection times.

Other notables

  • Servers are now listed using natural sorting.
  • The list of countries and cities is now sorted alphabetically according to your app’s language setting.
  • Unavailable servers are now shown in the list rather than hidden from view.
  • (CLI users) The mullvad status command now returns only your current VPN status. If you also want your location, add –location to the command.
  • (macOS) Uninstallation is now much cleaner.

Read the full blog post about the 2019.8 release here.


Most Cyber Attacks Focus on Just Three TCP Ports


Small to mid-sized businesses can keep safe from most cyber attacks by protecting the ports that threat actors target the most. Three of them stand out in a crowd of more than 130,000 targeted in cyber incidents.

A report from threat intelligence and defense company Alert Logic enumerates the top weaknesses observed in attacks against over 4,000 of its customers.

Top TCP ports attacked

According to the report, the ports most frequently used to carry out an attack are 22, 80, and 443, which correspond to SSH (Secure Shell), the HTTP (Hypertext Transfer Protocol), and the HTTPS (Hypertext Transfer Protocol Secure).

Full article


Innocent Users Have the Most to Lose in the Rush to Address Extremist Speech Online

Elecgtronic Frontier Foundation

Internet Companies Must Adopt Consistent Rules and Transparent Moderation Practices

Big online platforms tend to brag about their ability to filter out violent and extremist content at scale, but those same platforms refuse to provide even basic information about the substance of those removals. How do these platforms define terrorist content? What safeguards do they put in place to ensure that they don’t over-censor innocent people in the process? Again and again, social media companies are unable or unwilling to answer the questions.

Full article


Yet another crap article from ZDNet

A few days ago we realised that ZDNet published an article mentioning a VPN provider, StrongVPN, in terms like “more respectful”, “great”, “simple” and “does well with its protocol options”.

The problem is that for each sold account when the user is coming from from ZDNet the magazine gets a kickback. Do you need to be a rock scientist or brain surgeon to understand that words can’t be trustworthy if a kickback is involved?

ZDNet claims to “support you need to make the right IT decisions for you”. What a joke!

Now they’ve done it again. In an article about The 10 best smartphones you can buy right now every link to Amazon ends with ?tag=zdnet-deals-20 or an equivalent. Then Amazon can track who is coming from this article and in case they buy a new cell phone Amazon can pay the kickback.

Behaviour like this is crap!


Android app released by Mullvad

The Swedish VPN provider Mullvad has released their first Android app in a beta version according a blog post published on September 20th, 2019.

Much can be said about VPN providers and their security and we recommend that you choose a supplier that meets the following requirements:

  • let you pay by cash as this probably is the most secure payment method
  • don’t log DNS requests
  • let you create an account without any information about you (name, e-mail address, phone number etc)
  • giving money back to privacy causes
  • offers WireGuard protocol

Maybe the most important thing off all – choose a VPN provider not offering an Affiliate Program as kickback is the easiest thing to offer to get higher ranking on obscure sites.


Stay away from DNS over HTTPS

In a blog post on ungleich.ch you can read why you should stay away from DoH, DNS over HTTPS, now being rolled out by both Google in their Chrome browser and by Mozilla in their Firefox browser.

DoH means that Firefox will concentrate all DNS traffic on Cloudflare, and they send traffic from all their users to one entity. So what does that mean? It means people outside the US can now be fully tracked by US government: now some of you might wonder if this is actually in line with GDPR (The EU General Data Protection Regulation). It is indeed very questionable if DoH is rolled out as default, since users do NOT opt in, but have to opt out.

Quote from the blog post on ungleich

The author asks if DoH is bad only for EU citizens.

No, it’s bad for the US citizens too. Because whether you trust Cloudflare or not, you’ll end up directly supporting centralisation by using DoH in Firefox. Centralisation makes us depend on one big player, which results in fewer choices and less innovation. Centralisation affects everybody by creating a dangerous power and resource imbalance between the center and the rest.

Have you deactivated DoH in your Firefox browser yet?


Mozilla to gradually enable DNS-over-HTTPS for Firefox US users later this month


Mozilla plans to enable support for the DNS-over-HTTPS (DoH) protocol by default inside the Firefox browser for a small number of US users starting later this month.

The browser maker has been testing DoH support in Firefox since 2017. A recent experiment found no issues, and Mozilla plans to enable DoH in the main Firefox release for a small percentage of users, and then enable it for a broader audience if no issues arise.

“If this goes well, we will let you know when we’re ready for 100% deployment,” said Selena Deckelmann, Senior Director of Firefox Engineering at Mozilla.

What is DoH?

DoH (IETF RFC8484) allows Firefox to send DNS requests as normal-looking HTTPS traffic to special DoH-compatible DNS servers (called DoH resolvers). Basically, it hides DNS requests inside the normal deluge of HTTPS data.

By default, Firefox ships with support for relaying encrypted DoH requests via Cloudflare’s DoH resolver, but users can change it to any DoH resolver they want.

When DoH support is enabled in Firefox, the browser will ignore DNS settings set in the operating system, and use the browser-set DoH resolver.

By moving DNS server settings from the OS to the browser level, and by encrypting the DNS traffic, DoH effectively hides DNS traffic from internet service providers (ISPs), local parental control software, antivirus software, enterprise firewalls and traffic filters, and about any other third-party that tries to intercept and sniff a user’s traffic.

Full article


Facebook’s Dating Service is Full of Red Flags


If you open Facebook’s mobile app today, it will likely suggest that you try the company’s new Dating service, which just launched in the U.S. after a rollout in 19 other countries last year. But with the company’s track record of mishandling user data, and its business model of monetizing our sensitive information to power third-party targeted advertising, potential users should view Facebook’s desire to peek into our bedrooms as a huge red flag.

Full article