We have updated our web browsers. Have you?
The Mullvad app version 2019.8 for Windows, macOS, and Linux has been released offering you more control over bridge connections and WireGuard key management.
None of use here at privacynow.eu use the bridge function per default, but if you do you’ve got a nice new feature in the 2019.8 release as you now in a very convenient way can choose both entry and exit node.
For Linux and macOS users, the WireGuard key management has been improved. The WireGuard performance over 4G networks has been improved.
Mullvad say a number of Windows users were suffering from DNS issues with the app. This issue has been resolved, and as a result, most Windows users should experience noticeably quicker connection times.
- Servers are now listed using natural sorting.
- The list of countries and cities is now sorted alphabetically according to your app’s language setting.
- Unavailable servers are now shown in the list rather than hidden from view.
- (CLI users) The mullvad status command now returns only your current VPN status. If you also want your location, add –location to the command.
- (macOS) Uninstallation is now much cleaner.
Read the full blog post about the 2019.8 release here.
A few days ago we realised that ZDNet published an article mentioning a VPN provider, StrongVPN, in terms like “more respectful”, “great”, “simple” and “does well with its protocol options”.
The problem is that for each sold account when the user is coming from from ZDNet the magazine gets a kickback. Do you need to be a rock scientist or brain surgeon to understand that words can’t be trustworthy if a kickback is involved?
ZDNet claims to “support you need to make the right IT decisions for you”. What a joke!
Now they’ve done it again. In an article about The 10 best smartphones you can buy right now every link to Amazon ends with ?tag=zdnet-deals-20 or an equivalent. Then Amazon can track who is coming from this article and in case they buy a new cell phone Amazon can pay the kickback.
Behaviour like this is crap!
Much can be said about VPN providers and their security and we recommend that you choose a supplier that meets the following requirements:
- let you pay by cash as this probably is the most secure payment method
- don’t log DNS requests
- let you create an account without any information about you (name, e-mail address, phone number etc)
- giving money back to privacy causes
- offers WireGuard protocol
Maybe the most important thing off all – choose a VPN provider not offering an Affiliate Program as kickback is the easiest thing to offer to get higher ranking on obscure sites.
In a blog post on ungleich.ch you can read why you should stay away from DoH, DNS over HTTPS, now being rolled out by both Google in their Chrome browser and by Mozilla in their Firefox browser.
DoH means that Firefox will concentrate all DNS traffic on Cloudflare, and they send traffic from all their users to one entity. So what does that mean? It means people outside the US can now be fully tracked by US government: now some of you might wonder if this is actually in line with GDPR (The EU General Data Protection Regulation). It is indeed very questionable if DoH is rolled out as default, since users do NOT opt in, but have to opt out.Quote from the blog post on ungleich
The author asks if DoH is bad only for EU citizens.
No, it’s bad for the US citizens too. Because whether you trust Cloudflare or not, you’ll end up directly supporting centralisation by using DoH in Firefox. Centralisation makes us depend on one big player, which results in fewer choices and less innovation. Centralisation affects everybody by creating a dangerous power and resource imbalance between the center and the rest.
Have you deactivated DoH in your Firefox browser yet?
After a fairly busy week the number of verified e-mail addresses on keys.openpgp.org has doubled. From approx. 2000 addresses to roughly 4000.
Have you uploaded your key to keys.openpgp.org and verified your e-mail address? Have you abandoned the vulnerable servers like sks-keyservers.net? If not – we recommend you to do so now!
On June 12th 2019 we wrote a blog post about a new GnuPG server being launced (keys.openpgp.org).
Yesterday Robert J Hansen published a text about vulnerabilities in the widely used SKS keyserver network. As far as we understand the new key server at keys.openpgp.org will solve many of the vulnerabilities found in the SKS keyservers.
We guess we will publish more posts on this subject the coming days! Until then it is up to each and one to read the text by Robert and to take action acordingly! If you are not subscribing to the firstname.lastname@example.org e-mail list we strongly recommend you to do so now to get updates on the subject!
Insufficient vetting of parameters passed with the
Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user’s computer.
- All platforms
- Pick up fix for Mozilla’s bug 1544386
- Update NoScript to 10.6.3
- Bug 29904: NoScript blocks MP4 on higher security levels
- Bug 30624+29043+29647: Prevent XSS protection from freezing the browser