Virtual private networks (VPNs) have been household technology for a while now, but there’s still a lot of uncertainty around them. This is partly due to the fact that they can conceal online activity that local or national governments deem illegal — up to and including, say, circumventing ID checks for age verification. Consumers aren’t helped by the sheer amount of duds sold in app stores right next to the best VPNs, especially when they’re purposefully exploiting moments that have people rushing to shore up their online anonymity. If you’ve almost decided to start using a VPN, you may be wondering if the services you’re looking at are actually safe.

Unfortunately, the answer is a hard “it depends.” VPNs are technology that can work well or poorly, just like they can be used for good or evil. There’s nothing intrinsically dangerous about using a VPN — whether or not one is safe comes down to who built it and how they’re running it. The good news is that there are easy ways to tell whether you’re using one of the good ones.

The question “Are VPNs really safe?” can also mean something else — “Is using a VPN enough to keep me safe online?” I’ll get into that too, but to spoil the ending: VPNs are important security tools, but they aren’t enough to protect against all digital threats by themselves. Also, to be clear, I’m talking here about commercial VPNs like Proton VPN and ExpressVPN, not commercial VPNs like NordLayer or Cisco AnyConnect.

What makes a VPN unsafe?

There are two main things that can make me call a VPN unsafe: negligence and malice. A negligent VPN doesn’t protect against the dangers it’s supposed to ward off, leaving you more exposed than if you weren’t using a VPN at all. A malicious VPN is designed to make you less safe so the people behind it can profit.

Some ways a negligent VPN might endanger its users:

• Using outdated protocols with cracked encryption, like PPTP, or homebrewed protocols with insufficient security. A weakly secured protocol might expose your search activity.

• Allowing leaks by using public DNS servers rather than setting up their own system to resolve requests. This risks revealing what websites the VPN’s users are visiting.

• Leaking the user’s real location by failing to block or properly manage IPv6.

• Leaving its servers in the hands of unvetted third parties, who might let them get hacked.

• Failing to include a kill switch, which puts users at risk of connecting to false servers.

Some ways a VPN can be malicious:

• Making its money from in-app ads, especially if those ads contain trackers.

• Harvesting the user’s residential IP address and selling it as a proxy.

• Tracking the user’s activity and selling it to advertisers.

• Planting malware on the user’s device.

I want to stress again that none of these risks are inherent to how a VPN works. VPNs aren’t required to be dangerous in any way. There are plenty of good ones, which makes it all the more important to pick the bad ones out of the lineup. In the next section, I’ll discuss how to do that.

How to tell if a VPN is safe

The process of checking up on a VPN starts before you buy it. Before you consider downloading any VPN app, do your research and learn as much as you can. Read review sites like Engadget, but also try to get reports from regular users on social media and app stores. Be suspicious of five-star reviews that are light on specifics — the more positive reviews from actual users, the better.

While researching, look for any cases in which the VPN failed in its mission to protect customers. Did it ever turn information over to police, despite having a no-logs policy? Were any of its servers ever breached by hackers in ways that put other users in danger? Is it cagey about key information, like where it’s based or who its parent company is?

You can also close-read the VPN’s privacy policy, like I do in my VPN reviews. A privacy policy is a legal document that can invite lawsuits if the provider ignores it outright, so most companies prefer to plant vague loopholes instead. Read the policy and decide for yourself if it makes any unacceptable exceptions to “no logs ever.”

If the answer to all those questions is no, your next step is to download the VPN and test it. Every worthwhile VPN has a guaranteed refund within a certain period, so you can use that time to test the factors below. If you like the results, you can subscribe for longer; if not, you can cancel and get your money back. Here’s what to look for during the refund period:

• Check which VPN protocols are available. The best expert-verified protocols are OpenVPN, IKEv2 and WireGuard. If the VPN uses a protocol other than these three, make sure it’s using an unbreakable encryption cipher like AES-256 or ChaCha20.

• Test for leaks. You can run a simple leak test using a website like ipleak.net or whatismyipaddress.com. Just check your normal IP address, connect to a VPN server, then check again. If the IP address you see is the same as before, the VPN is leaking.

• Find the kill switch. A kill switch prevents you from accessing the internet while you’re not connected to its associated VPN. This is critical to prevent certain types of hack that rely on fake servers to work. Most top VPNs have a kill switch or a similar feature with a different name (such as Windscribe’s Firewall).

• See if the apps are open-source. A VPN making its services available for viewing on Github states powerfully that it has nothing to hide. Anonymity is an inalienable right for individuals, but VPN apps aren’t people — the more transparent the code, the better.

• Test its other security features. If the VPN has a blocker for ads, malware or trackers, see if it prevents banner ads from loading. Try connecting to a test malware site like www.ianfette.org or httpforever.com and check if the VPN blocks it.

There’s one more factor that generally denotes a safe VPN: paid subscriptions. I’m not going to claim that all free VPNs are dangerous, but if a service claims to be always free with no need whatsoever to pay, you have to ask how it makes money. VPNs that don’t charge for subscriptions usually turn their users into the product, selling their data to advertisers or for use as residential proxies.

Is a VPN enough to keep you safe online?

Another way in which VPNs aren’t totally safe is that they aren’t, by themselves, a total solution for cybersecurity. A VPN does one specific task: it replaces your IP address with an anonymous server and encrypts communication with that server so your real device can’t be seen. This means you won’t reveal your identity or location in the normal course of using the internet.

However, if you reveal information another way, then all bets are off. If you click a sketchy link that downloads malware onto your computer, that malware doesn’t care that your IP address is concealed — it’s already where it needs to be. Similarly, if you leak critical information in a social post, or privately give it up to a phishing scammer, a VPN won’t help.

I put together a list of 12 cybersecurity habits that’ll keep you safe from nearly all threats online. Getting a VPN is one of them, but there are 11 others, including strengthening your passwords, immediately installing updates and conditioning yourself to spot social engineering hacks. Don’t fall into the trap of thinking you’re untouchable just because you use a VPN.

The safest VPNs

It can be a lot of work to figure out whether a VPN is safe and trustworthy. If you just want to pick one you can use without having to open a federal case, check out my best VPN roundup or best free VPN list — or just use one of the suggestions in this section.

Proton VPN, my favorite VPN, is majority-owned by the nonprofit Proton foundation, has open-sourced its entire product family and has never suffered a serious hack or breach. Despite some controversy around its parent company, ExpressVPN remains secure; its servers have been confiscated at least once and found to hold no information.

NordVPN suffered a hack in 2018 and learned the right lessons from it, doubling down on security at its server locations. Similarly, Surfshark was criticized for using a weak authentication method and deprecated it entirely in 2022. Often, a VPN responding correctly to a security breach looks better than one which has never been attacked at all — sometimes strength can only be known in adversity.

This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/vpn/are-vpns-really-safe-the-security-factors-to-consider-before-using-one-130000539.html?src=rss

An anonymous reader quotes a report from Forbes: Gatik, a Silicon Valley startup developing self-driving delivery trucks, says its commercial operations are about to scale up dramatically, from fewer than a dozen driverless units running in multiple U.S. states now to hundreds of box trucks by the end of the year. CEO Gautam Narang said it’s also booked contracts with retailers worth at least $600 million for its automated fleet. “We have 10 fully driverless, revenue-generating trucks on public roads. Very soon, in the coming weeks, we expect that increase to 60 trucks,” he told Forbes. “We expect to end the year with hundreds of driverless trucks — revenue-generating — deployed across multiple markets in the U.S.”

Though the Mountain View, California-based company hasn’t raised as much funding as rivals, including Aurora, Kodiak and Canada’s Waabi, Gatik said it’s actually scaling up faster than any other robot truck developer. Unlike those companies, it focuses on smaller freight delivery vehicles, rather than full-size semis, supplied by truckmaker Isuzu that operate mainly between warehouses and supermarkets and other large stores. The company’s focus has been on so-called middle-mile trucking, which, like long-haul routes, has a severe shortage of human drivers, according to Narang. Currently, its trucks are on the road in Texas, Arkansas, Arizona, Nebraska and Ontario, Canada.

The company has been generating revenue since shortly after its founding in 2017, hauling loads for customers like Walmart in trucks with human safety drivers at the wheel. Beginning late last year, it began shifting to fully driverless units and is getting more trucks from Isuzu built specifically to incorporate its tech, Narang said. “The hardware that we are using, this is our latest generation, has been designed to enable driver-out across thousands of trucks.”

Read more of this story at Slashdot.

DJI just revealed the RS 5 camera gimbal, a new entry in its long-standing Ronan Series. The RS 5 is lightweight, at around three pounds, with a maximum payload of nearly seven pounds.

This gimbal offers what DJI calls “enhanced intelligent subject tracking.” The tracking was already impressive with some of the company’s older offerings, so any improvement will be icing on the cake. A new tracking module lets videographers frame live footage and follow subjects directly from an included touchscreen, all without having to fiddle with the actual camera.

DJI

The tracking module also offers the ability to follow more than people. It can track pets, vehicles or just about any other object. It can also help maintain a locked focus on a human subject up to 10 meters away.

The RS 5 includes the company’s latest stabilization algorithm, which DJI says lets videographers “effortlessly achieve complicated camera movements, such as surround shots, reverse tracking or single-person fixed-camera tracking.” It’s also great for when the cameraperson is capturing footage while walking or running.

It’s been designed to carry a wide range of mainstream mirrorless cameras and lens combinations and can switch to vertical shooting without additional accessories. There’s a nifty little briefcase handle for capturing footage from above or below.

The RS 5 delivers up to 14 hours of use per charge and can be fully charged in just an hour. Video shoots can take forever, so this is a welcome bit of news. For true marathons, there’s a separate enhanced battery grip accessory that extends the runtime to 30 hours.

DJI

The standard DJI RS 5 includes the gimbal, a quick-open tripod, quick-release plates, a regular battery grip and some other useful accessories. That pack costs around $680. The combo pack includes all of the above, plus the enhanced tracking module, a carrying case and an electronic briefcase handle. That costs around $859.

Now for the bad news. We don’t have a US release date or even any information as to if it will be available here. Engadget has reached out to DJI for more information. The company’s drones were recently banned from being imported to the US. This only impacts newly-released models and shouldn’t impact gimbals or anything like that.

This article originally appeared on Engadget at https://www.engadget.com/cameras/dji-launches-the-lightweight-rs-5-camera-gimbal-for-video-creators-120056173.html?src=rss

When the James Webb Space Telescope sent its first high-definition infrared images back to Earth, astronomers noticed several tiny, glowing, crimson stains. These objects, quickly named “Little Red Dots,” were too bright to be normal galaxies, and too red to be simple star clusters. They appeared to house supermassive black holes that were far more massive than they had any right to be.

But now a new study published in Nature suggests a solution to the Little Red Dots mystery. Scientists think young supermassive black holes may go through a “cocoon phase,” where they grow surrounded by high-density gas they feed on. These gaseous cocoons are likely what the JWST saw as the Little Red Dots.

The overmassive black hole problem

The first explanation scientists had for the Little Red Dots was that they were compact, distant galaxies, but something felt off about them right from the start. “They were too massive, since we saw they’d have to be completely filled with stars,” says Vadim Rusakov, an astronomer at the University of Manchester and lead author of the study. “They would need to produce stars at 100 percent efficiency, and that’s not what we’re used to seeing. Galaxies cannot produce stars at more than 20 percent efficiency, at least that’s what our current knowledge is.”

Read full article

Comments

joshuark shares a report from BleepingComputer: The FBI has seized the notorious RAMP cybercrime forum, a platform used to advertise a wide range of malware and hacking services, and one of the few remaining forums that openly allowed the promotion of ransomware operations. Both the forum’s Tor site and its clearnet domain, ramp4u[.]io, now display a seizure notice stating, “The Federal Bureau of Investigation has seized RAMP.”

While there has been no official announcement by law enforcement regarding this seizure, the domain name servers have now been switched to those used by the FBI when seizing domains. If so, law enforcement now has access to a significant amount of data tied to the forum’s users, including email addresses, IP addresses, private messages, and other potentially incriminating information. In a forum post to the XSS hacking forum, one of the alleged former RAMP operators known as “Stallman” confirmed the seizure.

Read more of this story at Slashdot.

Apple TV+ has landed the screen rights to Cosmere, the sprawling literary universe created by Brandon Sanderson. “The first titles being eyed for adaptation are the Mistborn series, for features, and The Stormlight Archive series, for television,” reports the Hollywood Reporter. From the report: The deal is rare one, coming after a competitive situation which saw Sanderson meet with most of the studio heads in town. It gives the author rarefied control over the screen translations, according to sources. Sanderson will be the architect of the universe; will write, produce and consult; and will have approvals. That’s a level of involvement that not even J.K. Rowling or George R.R. Martin enjoys.

Sanderson’s literary success and fan following helped pave the way for such a deal. One of the most prolific and beloved fantasy authors working today, he has sold over 50 million copies of his books worldwide, collectively across his series. […] While the Cosmere books are set in various worlds and eras, the underlying premise concerns a being named Adolnasium who is killed by a group of conspirators. The being’s power is broken into 16 shards, which are then spread out throughout many worlds by the conspirators, spreading many kinds of magic across the universe.

Read more of this story at Slashdot.

Scientific American’s Elizabeth Anne Brown recently “polled the great art houses of Europe” about whether they’d had any recent experiences with mold in their collections. Despite the stigma that keeps many institutions silent, she found that extremophile “xerophilic” molds are quietly spreading through museums and archives, thriving in low-humidity, tightly sealed storage and damaging everything from textiles and wood to manuscripts and stone. An anonymous Slashdot reader shares an excerpt from the article: Mold is a perennial scourge in museums that can disfigure and destroy art and artifacts. […] Consequently, mold is spoken of in whispers in the museum world. Curators fear that even rumors of an infestation can hurt their institution’s funding and blacklist them from traveling exhibitions. When an infestation does occur, it’s generally kept secret. The contract conservation teams that museums hire to remediate invasive mold often must vow confidentiality before they’re even allowed to see the damage.

But a handful of researchers, from in-house conservators to university mycologists, are beginning to compare notes about the fungal infestations they’ve tackled in museum storage depots, monastery archives, crypts and cathedrals. A disquieting revelation has emerged from these discussions: there’s a class of molds that flourish in low humidity, long believed to be a sanctuary from decay. By trying so hard to protect artifacts, we’ve accidentally created the “perfect conditions for [these molds] to grow,” says Flavia Pinzari, a mycologist at the Council of National Research of Italy. “All the rules for conservation never considered these species.”

These molds — called xerophiles — can survive in dry, hostile environments such as volcano calderas and scorching deserts, and to the chagrin of curators across the world, they seem to have developed a taste for cultural heritage. They devour the organic material that abounds in museums — from fabric canvases and wood furniture to tapestries. They can also eke out a living on marble statues and stained-glass windows by eating micronutrients in the dust that accumulates on their surfaces. And global warming seems to be helping them spread. Most frustrating for curators, these xerophilic molds are undetectable by conventional means. But now, armed with new methods, several research teams are solving art history cold cases and explaining mysterious new infestations…

The xerophiles’ body count is rising: bruiselike stains on Leonardo da Vinci’s most famous self-portrait, housed in Turin. Brown blotches on the walls of King Tut’s burial chamber in Luxor. Pockmarks on the face of a saint in an 11th-century fresco in Kyiv. It’s not enough to find and identify the mold. Investigators are racing to determine the limits of xerophilic life and figure out which pieces of our cultural heritage are at the highest risk of infestation before the ravenous microbes set in.

Read more of this story at Slashdot.