Tag Archives: VPN

Weekly output: VPN guidance, new Verizon plans, Supreme Court rules on content moderation, Dish Wireless, Mark Vena podcast

Posted on by
1

The weather outside is as good as spring gets around D.C., and it was made even more pleasant by catching up with friends at the Nats game this afternoon and seeing our rebuilding team go on a hitting spree and beat the Detroit Tigers 6-4.

Screenshot of the U.S. VPNs guide as seen in Safari on an iPad mini 6, with a VPN connection active as indicated at top right.5/15/2023: 10 Best VPN Services of 2023, U.S. News & World Report

My first writing for U.S. News since last May was once going to consist of updating a few comparisons of virtual private network services, but then another freelancer backed out and my editor asked if I could take on some extra work. (Cardinal rule of freelance writing: Try to be the person who solves an editor’s problems, especially if the editor can offer more money for a rush delivery.) So my contributions here wound up including profiles of seven VPN services–Hotspot ShieldPrivate Internet AccessPrivateVPNPureVPNTunnelBearVyprVPN, and Windscribe–plus guides to cheap VPNs and VPNs for streaming video and four of those comparisons (Surfshark versus ExpressVPNNordVPN versus IPVanishNordVPN versus ExpressVPN, and Surfshark versus NordVPN).

This VPN immersion left me with a real dislike of the marketing tactics many of these services employ, so I unpacked those trust issues for Patreon readers this week. They also got my own picks for VPN service.

5/16/2023: Verizon ‘myPlan’ Condenses Wireless Menu to 2 Plans, Plus Optional Perks, PCMag

Verizon solved one problem with its old spread of unlimited plans by paring them down from six to two, but in the bargain it left potential customers with as much of math exercise as before–and, if they had appreciated the streaming-media freebies of the old plan, a sense of getting shortchanged.

5/18/2023: Supreme Court: Lazy Content-Moderation Doesn’t Mean Platforms Aided Terrorists, PCMag

I suspected that the Supreme Court would decide that Twitter, Google and Facebook overlooking some of the ISIS terrorist cult’s abuse of their platforms did not amount to aiding and abetting that abomination, but I didn’t expect a unanimous opinion. Or one written by Justice Clarence Thomas, who in 2021 suggested that social platforms needed stricter regulation.

5/19/2023: Dish Wireless: We’ll Meet June Deadline to Cover 70% of Americans With 5G, PCMag

I was going to write up this Wednesday-afternoon session from the wireless trade group CTIA’s 5G Summit on Thursday, but then the Supreme Court upended my plans.

5/19/2023: S03 E54 – SmartTechCheck Podcast, Mark Vena

We talked at some length about the court’s opinion on this episode of my analyst friend’s podcast (also available in video form) before turning our attention to car and smart-home security.

Advertisement

Weekly output: network security (x2), election security, Google finding Apple’s bugs

Posted on by
2

Now it can be told: I spent all of the last two weeks on the West Coast, with my stay in Las Vegas for Black Hat and DEF CON sandwiched inside time with my in-laws in California. That let me have a much shorter trip to and from Vegas and then segue from WiFi security to a little wine tasting and, more important, a lot of napping.

8/12/2019: WiFi can be a free-for-all for hackers. Here’s how to stop them from taking your data, USA Today

I e-mailed this to my editor with the following note: “I’m sending this over the DEF CON conference WiFi, so if you only see pirate-flag emoji I trust you’ll call or text to warn me.” If you don’t want to read all 600-ish words in this piece, the top three are “encryption is your friend.”

8/12/2019: This tech could secure voting machines, but not before 2020, Yahoo Finance

One of the big reasons I decided to stick around Vegas for DEF CON–even though it meant I’d have to pay $300 in cash for that conference badge–was the chance to see the exhibits and presentations at its Voting Village. The proceedings did not disappoint, even if a DARPA demo from a project with the delightful acronym of SSITH is far from yielding shipping voting hardware.

8/12/2019: Google got Apple to fix 10 security flaws in the iPhone, Yahoo Finance

Black Hat offered a two-course serving of Apple-security news. Its first day featured a briefing from Google Project Zero researcher Natalie Silvanovich about how her team uncovered 10 serious iOS vulnerabilities, and then its second day brought a talk from Apple security-engineering head Ivan Krstić that ended with news of a much more open bug-bounty program.

8/14/2019: This Morning with Gordon Deal August 13, 2019, This Morning with Gordon Deal

I talked about my USAT column on this business-news radio program; my spot starts just after the 13th minute.

Here’s my Web-services budget

Posted on by
9

The annual exercise of adding up my business expenses so I can plug those totals into my taxes gave me an excuse to do an extra and overdue round of math: calculating how much I spend a year on various Web services to do my job.

The result turned out to be higher than I thought–even though I left out such non-interactive services as this domain-name registration ($25 for two years) and having it mapped to this blog ($13 a year). But in looking over these costs, I’m also not sure I could do much about them.

Google One

Yes, I pay Google for my e-mail–the work account hosted there overran its 15 gigabytes of free storage a few years ago. I now pay $19.99 a year for 100 GB. That’s a reasonable price, especially compared to the $1.99 monthly rate I was first offered, and that I took too long to drop in favor of the newer, cheaper yearly plan.

Microsoft Office 365

Getting a Windows laptop let me to opting for Microsoft’s cloud-storage service, mainly as a cheap backup and synchronization option. The $69.99 annual cost also lets me put Microsoft Office on one computer, but I’ve been using the free, open-source LibreOffice suite for so long, I have yet to install Office on my HP. Oops.

Evernote Premium

This is my second-longest-running subscription–I’ve been paying for the premium version of my note-taking app since 2015. Over that time, the cost has increased from $45 to $69.99. That’s made me think about dropping this and switching to Microsoft’s OneNote. But even though Microsoft owns LinkedIn, it’s Evernote that not only scans business cards but checks LinkedIn to fill in contact info for each person.

Flickr Pro

I’ve been paying for extra storage at this photo-sharing site since late 2011–back when the free version of Flickr offered a punitively-limited storage quota. This cost, too, has increased from $44.95 for two years to $49.99 a year. But now that Yahoo has sold the site to the photography hub SmugMug, the free tier once again requires serious compromises. And $50 a year doesn’t seem that bad, not when I’m supporting an indie-Web property instead of giving still more time to Facebook or Google.

Private Internet Access

I signed up for this virtual-private-network service two years ago at a discounted rate of $59.95 for two years, courtesy of a deal offered at Techdirt. Absent that discount, I’d pay $69.95, so I will reassess my options when this runs out in a few months. Not paying for a VPN service, however, is not an option; how else am I supposed to keep up on American news when I’m in Europe?

LastPass Premium

I decided to pay for the full-feature version of this password manager last year, and I’m already reconsidering that. Three reasons why: The free version of LastPass remains great, the premium version implements U2F two-step verification in a particularly inflexible way, and the company announced last month that the cost of Premium will increase from $24 a year to $36.

Combined and with multi-year costs annualized, all of these services added up to $258.96 last year. I suspect this total compares favorably to what we spend on news and entertainment subscriptions–but that’s not math I care to do right now.

Weekly output: Data Privacy Day, PBS digital strategy, trust in traditional media, Huawei charges, Trump’s DoJ on Facebook, VPN reality check

Posted on by
2

This week featured a personal record of sorts: three stories published in a day, each at a different outlet and one at a first-time client.

1/28/2019: Big tech firms still don’t care about your privacy, The Washington Post

I wrote most of this essay about the fauxliday that is “Data Privacy Day” in an hour or two on Friday of the previous week.

1/28/2019: PBS’ most-of-the-above digital-video strategy, FierceVideo

This piece started with my researching streaming-TV options for a relative and discovering that none included the local PBS station. Fortunately, it ended with Boston’s WGBH telling me that it expects to be one or two “over the top” video services by this fall.

1/28/2019: New study finds trust in traditional media (mostly) transcends partisanship, Columbia Journalism Review

This is my first byline at CJR. This publication offering an exceptionally author-friendly contract encourages me to make sure that it’s not the last.

1/29/2019: Huawei allegations, Al Araby

i made a quick appearance on this Qatar-based news channel, overdubbed live into Arabic, to recap two new rounds of federal charges against the Chinese telecom-hardware giant.

2/1/2019: Why Trump’s DOJ doesn’t want to break up Facebook, Yahoo Finance

I wrote up assistant attorney general Makan Delrahim’s talk at the State of the Net conference Tuesday, outlining why he seems uninterested in revisiting the Department of Justice’s approvals for Facebook’s acquisitions of Instagram and WhatsApp.

2/1/2019: Why VPNs won’t always keep you safe online, Yahoo Finance

The immediate motivation for writing this reality-check reassessment of virtual-private-network services came from a comment a reader left on Monday’s Washington Post story, but I’ve had the idea floating around my head for a while.

Black Hat priorities: don’t get pwned, do get work done

Posted on by
3

LAS VEGAS–I took my own phone and laptop to the Black Hat USA security conference here, which is often held out as a bad idea.

Before I flew out to Vegas Tuesday, I got more than a few “Are you bringing a burner phone?” and “Are you leaving your laptop at home?” questions.

Black Hat backdropBut bringing burner hardware means dealing with a different set of security settings and doesn’t address the risk of compromise of social-media accounts. And writing thousand-word posts on my phone risks compromising my sanity.

So here’s what I did with my devices instead:

  • Put my laptop in airplane mode, then enabled only WiFi to reduce the PC’s attack surface to that minimum.
  • For the same reason, turned off Bluetooth and NFC on my phone.
  • Set the Windows firewall to block all inbound connections.
  • Used a loaner Verizon hot spot for all my data on both my laptop and phone–I even disabled mobile data on the latter gadget, just in case somebody set up a malicious cell site.
  • Connected only though a Virtual Private Network on both devices, each of which were set to go offline if the Private Internet Access app dropped that encrypted connection.
  • Did not plug in a USB flash drive or charge my phone through anything but the chargers I brought from home.
  • Did not download an update, install an app, or type in a password.
  • Did not leave my laptop or phone alone in my hotel room.

Combined, this probably rates as overkill–unless the National Security Agency or a comparable nation-state actor has developed an intense interest in me, in which case I’m probably doomed. Using a VPN alone on the conference WiFi should keep my data secure from eavesdropping attempts, on top of the fact that all the sites I use for work already encrypt their connections.

But for my first trip here, I figured I’d rather err on the side of paranoia. (You’re welcome to make your case otherwise in the comments.)

Then I showed up and saw that everybody else had brought the usual array of devices. And a disturbing number of them weren’t even bothering to use encryption for things as basic as e-mail.

Another part of the world where I need to use a VPN

Posted on by
2

I spent last week in London with my family–yes, actual vacation-esque time! It was great, except for when I was trying to keep up with news from back home.

My first stay across the Atlantic since the European Union’s General Data Protection Regulation went into force May 25 brought home the unpleasant reality of some U.S. sites’ continued struggles with this privacy law. And instead of experiencing this only briefly in a Virtual Private Network session on my iPad, I got a full-time dose of it.

The biggest problem is sites such as the Chicago Tribune and the Los Angeles Times that have blocked all European access instead of providing the privacy controls required by the GDPR.

That’s not the fault of the GDPR–its provisions were set two years ago–but is the fault of Tronc, the long-mismanaged news firm formerly known as Tribune Publishing. Tronc could afford to pay $15 million to former chairman Michael Ferro after he quit facing charges of sexual abuse but apparently couldn’t afford to hire any GDPR-qualified developers. I hope the LAT can fix that now that Tronc has sold the paper, but it may be a while before I can link to any Tribune stories without annoying European readers.

With my client USA Today, the issue isn’t as bad: It provides EU readers with a stripped-down, ad- and tracking-free version of the site, which you can see at right in the screenshot above. What’s not to like about such a fast, simple version? Well, I can’t see comments on my own columns, and simply searching for stories requires switching to Google… by which I mean, Bing, since right-clicking a Google search result doesn’t let you copy the target address, and clicking through to a Google result will yield an EU-specific USAT address.

The simplest fix for these and other GDPR-compliance glitches was to fire up Private Internet Access on my laptop and connect to one of that VPN service’s U.S. locations–yes, as if I were in China. It seems a violation of the Web’s founding principles to have to teleport my browser to another continent for a task as simple as reading the news, but here we are.

Bandwidth battles in China

Posted on by
2

SHANGHAI–Crowded gadget trade shows like CES and Mobile World Congress usually entail connectivity complaints. But when you put the gadget show in China, you level up the complexity, thanks to the need to run a Virtual Private Network app to preserve access to U.S. sites blocked by China’s Internet filters.

In theory–and in every PR pitch from a VPN service advertising itself as the surefire way to stop your ISP from tracking your online activity–that should add no difficulty to getting online. You connect, the VPN app automatically sets up an encrypted link to the VPN firm’s servers, and then you browse as usual.

PIA VPN exit-server menu

The reality that I’ve seen at CES Asia this week while using the Private Internet Access Windows and Android apps has been a good deal less elegant.

  • Often, the PIA app will connect automatically to the best available server (don’t be like me by wasting selecting a particular U.S. server when the app usually gets this right) to provide a usable link to the outside world. But it’s never clear how long that link will stay up; you don’t want to start a long VoIP call or Skype conference in this situation.
  • On other occasions, the app has gotten stuck negotiating the VPN connection–and occasionally then falls into a loop in which it waits increasingly longer to retry the setup. Telling it to restart that process works sometimes; in others, I’ve had to quit the app. For whatever reason, this has been more of a problem on my laptop than on my phone.
  • The WiFi itself has been exceedingly spotty whether I’ve used my hotel WiFi, the Skyroam Solis international-roaming hotspot I took (a review loaner that I really, really need to send back), the press-room WiFi or, worst of all, the show-floor WiFi. Each time one of those connections drop, the VPN app has to negotiate a new connection.

If you were going to say “you’re using the wrong VPN app”: Maybe I am! I signed up for PIA last year when the excellent digital-policy-news site Techdirt offered a discounted two-year subscription; since then, my client Wirecutter has endorsed a competing service, IVPN (although I can’t reach that site at the moment). Since I don’t have any other trips to China coming up, I will wait to reassess things when my current subscription runs out next April.

Also, it’s not just me; my friend and former Yahoo Tech colleague Dan Tynan has been running into the same wonkiness.

To compound the weirdness, I’ve also found that some connectivity here seems to route around the Great Firewall without VPN help. That was true of the press-room WiFi Thursday, for instance, and I’ve also had other journalists attending CES Asia report that having a U.S. phone roam here–free on Sprint and T-Mobile, a surcharge on AT&T or Verizon–yielded an unfettered connection.

At the same time, using a VPN connection occasionally left the CES Asia site unreachable. I have no idea why that is so.

What I do know is that I’ll very much appreciate being able to break out my laptop somewhere over the Pacific in a few hours and pay for an unblocked connection–then land in a country where that’s the default condition.

Weekly output: Internet-provider privacy (x2), net neutrality, online privacy advice

Posted on by
Reply

I spent the first two days of the week commuting to Reston (by Metro and then Bikeshare) for a fascinating conference on drone policy issues. That hasn’t yielded a story yet, but it should soon.

3/28/2017: Congress votes to roll back internet privacy protection, Yahoo Finance

The speed with which Congress moved to dispatch pending FCC regulations that would have stopped Internet providers from selling your browsing history to advertisers without your upfront permission is remarkable, considering how our legislators can’t be bothered to fix actual tech-policy problems that have persisted for decades. It’s also remarkable how blind many people in Washington are to the immense unpopularity of this move.

I’m told this post got a spot on the Yahoo home page, which may explain the 2,796 comments it’s drawn. Would anybody like to summarize them for me?

3/29/2017: Internet providers and privacy, WTOP

The news station interviewed me about this issue. I was supposed to do the interview live, but after I got bumped for breaking news, they recorded me for later airing. How did I sound?

3/31/2017: Trump is going after the open internet next, Yahoo Finance

I have to admit that I missed White House press secretary Sean Spicer using part of his Thursday briefing to denounce the idea of the FCC classifying Internet providers as “common carriers,” which he compared to them being treated “much like a hotel.” That would be because I’ve never made a habit of watching White House press briefings live; it’s a little concerning to see alerts about them splashed atop the Post’s home page.

4/2/2017: Take these 5 steps to help protect your privacy online, USA Today

This story benefited from some fortuitous timing. When I wrote it, USAT’s site had not yet switched on encryption, and so the copy I filed had to note its absence. I asked my editor if she’d heard anything about a move to secure the connection between the site and a reader’s browser. She made some inquiries and learned that this upgrade would go into effect Sunday, my column’s usual publication day.

Weekly output: MLB regional blackouts, Sprint and T-Mobile “unlimited” plans (x2), Tech Night Owl

Posted on by
Reply

This week brought the unusual experience of a story getting taken down a few hours after its appearance. The post in question covered the regional blackouts that prevent MLB.tv subscribers from watching their home team online and my use of an alternative domain-name service called Unlocator.com to work around them. I’ve expressed my annoyance at the fan-hostile nature of regional blackouts before, but this story was my first to document how to defeat them… and Yahoo Finance’s editor-in-chief thought it went too far in telling people just how to break the rules, so he decided to take it down.

Facebook share of Yahoo Finance postBefore you ask, I don’t know what Major League Baseball thinks of the story, as I haven’t heard anything from anybody there since the background conversation I had with a publicist Monday afternoon in which I recounted my Unlocator use. I do know that I’m nowhere near the first person to write a how-to about beating blackouts–see, for example, this April piece from the Los Angeles Times’ Chris Erskine. I’m going to chalk this up to my not reading my client correctly.

8/19/2016: T-Mobile and Sprint’s new unlimited plans aren’t exactly unlimited, Yahoo Finance

As part of August’s stubborn refusal to act like the slow news month it’s supposed to be, Sprint and T-Mobile each introduced new, cheaper “unlimited” data plans that each contain significant limits (like an absence of usable tethering at T-Mo). Most subscribers should avoid these offers, but many may find them tempting because their own phones make it difficult to track how much data they use.

8/20/2016: August 20, 2016 — Rob Pegoraro and Jeff Gamet, Tech Night Owl

I talked with host Gene Steinberg about those new price plans, the state of municipal broadband, and Windows 10’s first anniversary. I would have sounded less positive about Win 10 had I known before the recording of this podcast that the Windows 10 Anniversary Update broke many third-party webcams.

8/21/2016: Unlimited plans at Sprint, T-Mobile have limited appeal, USA Today

My editors at USAT wanted me to compare these two new offerings to the unlimited-data deals they replaced and to the other plans available at each carrier. Sprint’s all-you-can-browse deal came out of this exercise looking a good deal better than T-Mobile’s.

Weekly output: drones (x2), White House Maker Faire, proxy servers and online video

Posted on by
2

I went to the White House this week for the first time since visiting it as a tourist sometime in high school–this time around, with a press pass. That was kind of neat.

6/17/2014: Regulations Could Ground Drones Before Takeoff, Yahoo Tech

I wrote about the completely inconsistent regulatory climate around drones–recreational use is essentially wide open below 400 feet altitude, but commercial use is banned outright. The fearful if not paranoid nature of many readers’ comments bugged me, as you may tell from the tone of my replies. Thought I had afterwards: “I’ve been around drones enough, and all of the drone users I know play by the rules. Is this what it’s like to be a responsible gun owner and have strangers see you as a loon like Wayne LaPierre?”

6/17/2014: 4 Ways to Use Drones for Good (None of Which Is Amazon Delivery), Yahoo Tech

I talked to a few people–including my long-ago Washington Post colleague Dan Pacheco, now a journalism professor at Syracuse–about peaceful, profitable uses for drones that tend to get overlooked as people throw around the specter of snooping in people’s backyards.

Yahoo Tech White House Maker Faire report6/18/2014: White House Hosts Its First Maker Faire, with Robotic Giraffe in Attendance, Yahoo Tech

I covered the White House’s debut Maker Faire–somehow, also the first story I’ve written around a presidential speech–with this photo gallery. There’s more in my Flickr album.

6/22/2014: Geo-fakeout: Use a proxy for online video, USA Today

A neighbor wanted to know how he could have watched Netflix during a recent trip to Morroco; answering that also allowed me to give a tutorial in using proxy servers to watch World Cup coverage online. There’s also a tip about checking for “TLS” encryption at your mail service (something I covered at greater length at Yahoo Tech the other week), making this one of the more technically involved columns I’ve written for USAT.