post

Why My New VPN is ProtonVPN

The team of scientists and engineers that came out last year with the wildly successful end-to-end encrypted email service, ProtonMail, has now officially made public their new highly secure (and very fast!) virtual private network (VPN) called ProtonVPN.

As a ProtonMail user I’ve been incredibly pleased with the service and its security and this morning I signed up for their newest offering, ProtonVPN. I did so mainly because of the features, but also because it’s from a company I trust and, as a beta user, found it to be fast, robust, secure, and rock-solid.

I’m also stunned by how quickly they’ve nailed the key features needed in both email and VPN to keep us private and secure. A big plus also is that the company, Proton Technologies AG, is based in Switzerland, a country whose laws favor privacy, security and non-disclosure which is the perfect place to headquarter the firm:

“ProtonMail was founded in 2013 by scientists who met at CERN and were drawn together by a shared vision of a more secure and private Internet. Since then, ProtonMail has evolved into a global effort to protect civil liberties and build a more secure Internet, with team members also hailing from Caltech, Harvard, ETH Zurich and many other research institutions.

Today, we help our community of millions of users secure their private data online. More than 10,000 supporters have assisted us in this mission by donating to make this project possible. Thanks to your support, we are continuing to develop state of the art email privacy and security technology from our home base of Geneva, Switzerland.”

ProtonVPN has several key features that are a bit geeky, but have turned my head as someone who is deep in to cyber security:

  • Secure Core: This architecture gives their secure VPN service the unique ability to defend against network based attacks. Secure Core protects your connection by routing your traffic through multiple servers before leaving our network. This means an advanced adversary who can monitor the network traffic at the exit server will not be able to discover the true IP address of ProtonVPN users, nor match browsing activity to that IP.
  • Strong Encryption: All your network traffic is encrypted with AES-256, key exchange is done with 2048-bit RSA, and HMAC with SHA256 is used for message authentication which means it is VERY secure.
  • Forward Secrecy: The encryption cipher suites they use only include ones that have Perfect Forward Secrecy. This means that your encrypted traffic cannot be captured and decrypted later if the encryption key from a subsequent session gets compromised. With each connection, ProtonVPN generates a new encryption key, so a key is never used for more than one session.
  • Strong Protocols: They exclusively use VPN protocols which are known to be secure (OpenVPN and IKEv2). Though I’m not a cryptographer, every one that is whom I follow online swears by both of those protocols which have been examined and certified secure by top cryptographers all over the world.
  • Physical Security: The company has gone to extreme lengths to protect ProtonVPN’s Secure Core servers to ensure their security. Critical infrastructure in Switzerland is located in a former Swiss army fallout shelter 1000 meters below the surface. Similarly, our Iceland infrastructure resides in a secure former military base. Our servers in Sweden are also located in an underground datacenter. By shipping our own equipment to these locations, we ensure that our servers are also secure at the hardware level.

Other Key Features Include:

  • Open Source: Goes without saying that their transparency level is very high and having their software reliant on open source software examination and certification is a big selling point for any of us.
  • No Logs Kept: Under Swiss law they don’t have to keep them so they do not.
  • DNS Leak Protection: They ensure that your browsing activity cannot be exposed by leaks from domain name service (DNS) queries.
  • Kill Switch: Their desktop and mobile applications come with a built-in Kill Switch feature which will block all network connections in the event that the connection with the VPN server is lost.
  • Tor VPN: ProtonVPN comes with Tor support built-in. Through their selected Tor servers, you can route all your traffic through the Tor anonymity network and also access dark web sites. This provides a convenient way to access Onion sites with just a single click.

Take a look at their pricing page. They have a free offering (which is currently shutdown due to the overwhelming response and signups this week) and I signed up for the “PLUS” level today since, as a current ProtonMail user, I got a bit of a larger discount on both ProtonMail and ProtonVPN as a bundle.

I need to end with this: I’ve analyzed more than a dozen of the top VPN providers and previously chose Private Internet Access (which I still have active since I’m paid through April of 2018) and, especially for the non-geeks out there, it’s still the easiest to use, they keep no logs, have the most data centers, and still has my strong recommendation.

But if you’re extra-serious about your VPN — or have specific needs to be highly secure when online — I’d absolutely recommend you immediately go and signup for ProtonVPN.

post

A Few Ideas About Staying Safe and Anonymous Online

My daughter sent me an email last night asking me if an app called Disconnect might work to help keep her safe online, especially since she has experienced her virtual private network (VPN) connection slowing down her online activity.

Here is some of what I emailed to her and thought I’d expand it a bit and post it as it might help you too.

A VPN’s encrypted tunnel does have overhead so it will slow down your internet connection. No way around that and there are always trade-offs like this in order to have good security. A VPN’s encrypted “tunnel” through your internet connection — for your traffic to travel through — typically requires using 10-15% of your internet connection’s bandwidth, but it’s worth it almost all of the time.

One tradeoff many of us make is using good, hard to remember, and always different passwords for every website and app we use. Doing so is very challenging as is keeping track of them (which is why using a password manager like LastPass is so important).

That Disconnect app is just a tracking blocker, but it does offer a VPN in their Premium version for both blocking trackers and keeping traffic encrypted and somewhat anonymous (and it’s good to see that Disconnect does not keep logs of your VPN traffic and use). Disconnect’s VPN will slow down your internet connection just like any VPN does, but I haven’t done a side-by-side comparison between Disconnect’s VPN and the one we use.

Our chosen VPN is Private Internet Access (PIA), a provider that also keeps no logs and has 3,194 servers in 36 locations across 24 countries. Our entire family (and our business) uses PIA. Unless one uses the Disconnect Premium with their built-in VPN, your ISP and trackers can still know where you go and what your iPhone’s apps do (i.e., websites you visit; connections your phone makes through apps; etc.).

My preference is to use best-in-class tracking blockers and a VPN, but want to keep them separate (e.g., Disconnect’s Premium product is $5 per month or $50 per year  for only 3 devices while PIA’s is $6.95 per month or $39.95 for a year but they allow up to 5 devices).

Just know that, even with all of the measures I’m going to outline below, you always, always want to use a VPN when you connect to public Wifi (as well as a few other things) regardless of whether you are only concerned about being tracked while online.

Also, understand that there isn’t anything that is 100% foolproof. Cyber security is an “arms race” and as the good guys build better defenses, the bad guys are building better hacking/cracking and tracking tools. For example, the tech news site Ars Technica had this comprehensive article about how sites can still fingerprint you online even when you use multiple browsers so do your best to stay untracked and anonymous as you can.

[Read more…]

post

Self-Driving Cars by 2030 Will Decimate the Auto Industry BUT Will Save Consumers $1 Trillion & Grow The Economy!

A new research report by the think-tank RethinkX was just published today and has some startling forecasts (my bold and in red):

We are on the cusp of one of the fastest, deepest, most consequential disruptions of transportation in history. By 2030, within 10 years of regulatory approval of autonomous vehicles (AVs), 95% of U.S. passenger miles traveled will be served by on-demand autonomous electric vehicles owned by fleets, not individuals, in a new business model we call “transport- as-a-service” (TaaS). The TaaS disruption will have enormous implications across the transportation and oil industries, decimating entire portions of their value chains, causing oil demand and prices to plummet, and destroying trillions of dollars in investor value — but also creating trillions of dollars in new business opportunities, consumer surplus and GDP growth.

The impacts of TaaS they predict will be both exciting and frightening — if you’re in the transportation business — but the savings for the rest of us (and increased GDP growth) is amazing (again, my bold):

  • Savings on transportation costs will result in a permanent boost in annual disposable income for U.S. households, totaling $1 trillion by 2030. Consumer spending is by far the largest driver of the economy, comprising about 71% of total GDP and driving business and job growth throughout the economy.
  • Productivity gains as a result of reclaimed driving hours will boost GDP by an additional $1 trillion.
  • As fewer cars travel more miles, the number of passenger vehicles on American roads will drop from 247 million to 44 million, opening up vast tracts of land for other, more productive uses. Nearly 100 million existing vehicles will be abandoned as they become economically unviable.
  • Demand for new vehicles will plummet: 70% fewer passenger cars and trucks will be manufactured each year. This could result in total disruption of the car value chain, with car dealers, maintenance and insurance companies suffering almost complete destruction.

Besides all of the obvious downsides to the Trump Administration opening up National Parks and federal lands to oil drilling and mineral exploration —all while decimating the Environmental Protection Agency and labeling climate change a hoax — the positive economic impacts of using solar for energy production, having autonomous vehicles (especially those that are electric) is just smart (which likely explains why the Trump Administration is against those…but I digress).

There is so much more detail in this report that it is definitely worth your time to go and download it:

Go to the RethinkX Website
Read the Press Release
Download the Report Here
post

The NSA is *Not* Securing Our Nation...On Purpose

By now you should have heard at least something about the WannaCry ransomware attack that’s been going on over the last few days. When I ask people about it and what they know, most have vague responses like, “those computers must be old or not updated” or “people were stupid and did something wrong.”

While both have some truth in it, this analysis by Richard Clarke* about an ABC News story on WannaCry had one of the best paragraphs that describe the #1 problem I’ve been mad about for years which was the root cause of this cyberattack, namely that the NSA is not disclosing so-called zero-day vulnerabilities (zero-days are ones that aren’t yet known so companies can fix them):

First, America’s own National Security Agency (NSA) found the vulnerability in Microsoft Windows that would permit a hacker to gain control of a device. When the agency found that vulnerability, it should have told Microsoft right away, so that the error could have been fixed as part of the regular monthly “patching” program without calling attention to it.

Yep. The NSA should have told Microsoft right away so they could patch the vulnerability but then the NSA couldn’t use it themselves. The NSA has a long history of not disclosing vulnerabilities though the NSA chief claims they do disclose 91% of them (which means they likely keep the good stuff, the other 9% that are devastating like WannaCry has been when leaked, to themselves).

Clearly there needs to be a balance, as this Georgetown Security Studies article suggests, between national security and actions that cause national weakness, which I would argue the NSA is doing by keeping vulnerabilities to themselves. The NSA could go a long way toward protecting the American people by disclosing vulnerabilities that are obvious to them and potentially crippling to our nation, as well as not being breached and having their tools stolen.

That Georgetown article had these words to say about the United States’ Vulnerabilities Equities Process (VEP) that should compel the NSA to be more forthcoming, but it contains a loophole that anything before 2014 doesn’t have to be disclosed (which is millions upon millions of computers and servers running older versions of operating systems and software):

Established under President Barack Obama in 2014, the Vulnerabilities Equities Process (VEP) is an interagency framework used to determine whether the US government and its contractors should disclose software and hardware vulnerabilities to the public and private sector or foreign allies.

The public and private sector have increasingly called for full transparency of the VEP and disclosure of all known exploits. According to the National Security Agency (NSA) Director Admiral Michael Rogers, the NSA shares more than 90% of the vulnerabilities it discovers. However, the VEP currently provides a loophole that exempts any vulnerabilities discovered before 2014 from the vetting process. This is problematic for transparency given the long shelf life of a zero-day.

Sadly, I don’t think the current White House administration will do anything to thwart the NSA’s runaway, do-anything-they-want agenda. Transparency is certainly not their forté so my expectations are low.

Let’s hope Congress steps-in and helps drive national cyber security a little harder when it comes to the NSA actually caring about national internet security vs. just performing signals intelligence while the nation’s I.T. infrastructure is hacked.

This WannaCry ransomware attack is a wakeup call to this nation (and the world) that all of the intelligence agencies (we’re looking at you too, CIA) had better start helping the world instead of acting like a bunch of high school hackers exploiting whatever weakness they can before they are found out and get caught.

FURTHER READING

post

Net Neutrality is B.S. and John Oliver Calls It Out

Humor is a great way to point out why net neutrality is such bullshit and John Oliver does it better than anyone.

Do you like the internet? Or would you rather have it “owned” by corporations (e.g., Comcast, Verizon)? If you care to comment and let your views known, use Oliver’s custom URL to go directly to the page where you can make a comment: http://gofccyourself.com

UPDATE at 10:12am CDT

Here is the text I just submitted to the FCC comment form here:

The global internetwork is one of the most important advances in all of human history. As someone who has worked in the internet space since the 1990s (e.g., Vignette) and covered startups and innovators in Minnesota (e.g., Minnov8.com), as well as building dozens upon dozens of websites with one of our businesses (Innov8Press.com), it is clear net neutrality must remain and be enhanced, not deregulated to the point where ISPs are free to turn it in to a metaphorical toll road with incredible analytical and tracking capabilities built-in.

I believe that internet service providers (ISPs) and governments regulating the internet should treat ALL data on the Internet the same. They should not discriminate or charge differentially by user, content, website, platform, application, type of attached equipment, or mode of communication.

ISPs, like all corporations do and should, work in their own self-interest. While leaders within those organizations live and work in their communities, they have a fiduciary duty to their shareholders and thus work toward outcomes that maximize their competitive advantage and shareholder value over all other considerations. In short, they must focus strategically on their company instead of any other greater good while the FCC must focus on the latter and mitigate unintended consequences.

Consumer privacy *must* be protected. Entrepreneurs and innovators must be completely free to invent, disrupt, and even replace existing methods, processes, services and other areas that ISPs would inherently block in order to preserve and defend their businesses.

Unless compelled to do so through regulation, ISPs will erode a neutral internet, slowly-but-surely infringe upon the private online behaviors of consumers, and sway internet usage toward their paid services. It is in their best interest to do so and it will happen.

I urge the FCC to reclassify internet service providers (ISPs) as common carriers under Title II of the Communications Act of 1934. Title II classification would allow the FCC to protect net neutrality by regulating against paid prioritization and other self-interest behaviors that are not in the best interest of America.

post

One Word Describes the Trump Administration: Uncertainty

Image of Trump by DonkeyHotey under a CC-by-2.0 License 

There is an old adage used by investors, strategists and market watchers that “markets hate uncertainty” and the Donald Trump presidency is all about throwing grenades in to everything and creating that uncertainty. As I read, talk with senior leaders, venture capitalists and even small business owners like myself, everyone is unsure what to do next when it comes to healthcare insurance, investments, and more.

In my view Trump’s creation of uncertainty is negatively impacting markets, innovation, investment (both domestic and foreign) and is only going to get worse as his presidency continues.

Here are a few examples that have come up from the beginning of April until today:

That last bullet point is about uncertainty in healthcare, especially after the House passed the repeal of Obamacare, and how insurers, hospital and clinic systems, physicians, business leaders, and so many others are just not sure what to do next. They see how horrifically bad the GOP direction would be if passed by the Senate — and how it leaves out millions of our fellow Americans — and are on-hold until Trump and the GOP figure out what to do themselves.

Virtually everything under Trump is uncertain and his administration’s falsehoods (i.e., lies) about even small details means that any initiatives or policies Trump and his minions put forth are treated with uncertainty.

Uncertainty is my reason #2,445 why Trump is the worst thing that has ever happened to America.

post

My Podcast Archives

A family listening to the radio in the 1940sIn the CTD Podcast Archive, which I just cleaned up and posted, you’ll find 47 podcast ‘shows’ that I recorded from May of 2005 through March of 2007. Yes, I still podcaster after 2007 but did it over at Minnov8.com and, as of this writing, we’ve done 400 shows and just ended that podcast as of April 8, 2017.

I’m pretty certain, however, that I’ll be podcasting again since I enjoy it so!

One of the reasons for this archive is that I’m a family historian and I love storytelling. The more I’ve learned about my ancestry in the late 1700s to early 1900s, the greater my desire is to have heard any of them tell me stories about what was on their mind. Though my podcasts vary greatly and aren’t always stories, one can still get a good sense of what was on my mind while I was recording them.

Hope you enjoy these and let me know if you think I should start podcasting again!

post

The Mystery of the Lexar SSD

It was a dark and stormy evening as I walked the aisles at our local Eden Prairie, MN Costco store. Imagine my delight at discovering a display selling a Lexar 512GB solid state drive (SSD) for only $124.99! Not only was this an unheard-of price for such a tiny little drive with a big capacity, the next-closest competitor last week was Samsung’s T3 500GB for close to $200 (available here at Amazon for $197.99).

When I got home I immediately tried it out and experienced the amazing write-speeds from my SSD iMac to this external SSD (44GBs transferred in just over 4 minutes). My wife took one look at it and said, “I want one!” so I went back the next day to buy one and they were all gone (and there were at least 50 available when I bought mine the night before).

No worries,” I thought. Figuring I’d find them online I searched and searched and searched. The only place I could find them were on eBay from some miscellaneous seller with lukewarm reviews (at a higher price too) and I’m not about to do that.

This is the smallest, high capacity external SSD drive I’ve seen yet.

Unable to find any of these drives anywhere but eBay, I finally tweeted to @LexarMemory to see if they could solve the mystery of these apparently unavailable SSDs and point me in a direction where I could buy one:

I connected with tech support and essentially received an “Um…I dunno” but a bit more information was revealed about these SSDs being available “in a limited number of stores.” With my experience working as a manufacturer’s rep in consumer electronics in the late 70s and 80s, it is highly likely that this SSD’s Costco appearance was a dry-run to see how this drive, at this price-point, would sell.

Based on how quickly these drives sold out this test was most certainly a success. That said, I’d strongly suggest that LexarMemory get a move-on rolling these drives out at retail since Western Digital just announced this tiny SSD drive (in three capacities: 256GB; 512GB; and 1TB) and they are a much more recognizable hard drive brand than Lexar.

post

Is PharmacyChecker Worth Using?

UPDATE on Wednesday, April 5, 2017
Previous Updates
My wife and I are self-employed U.S. citizens and, as someone with individual insurance, we pay retail U.S. pricing for our prescriptions and definitely want to save money! Every year we expend literally hundreds of dollars more per prescription than Canadians do and we intend to shift our purchasing to a legitimate Canadian pharmacy.

One of the online checkers, one that apparently Google and Yahoo use for results, is PharmacyChecker. But I’m not sure I can rely on PharmacyChecker for due diligence on our behalf. Let me explain why.

After coming across posts at PharmacyCheckerBlog I went to PharmacyChecker and put in one of our prescriptions. Up came a listing of “PharmacyChecker Approved” outlets along with pricing which looked amazing.

I randomly chose to go to one of the sites and clicked on GlobalCare Rx. Examining all of their FAQs and poking around the site I grew suspicious (as I always do when there is no “About Us” or who is behind a website) but kept poking around…until I saw on their homepage that step #3 said, “Recieve your medication” with the word “receive” misspelled. There is NO way a legitimate site would allow a misspelled word like that on their homepage (at least my 250+ website clients would not!) so I poked around some more and discovered that:

  • GlobalCareRx registered this site with Privacy Hero, Inc. in NA whom I called…but they wouldn’t divulge who is behind the site.
  • Global Care Rx hosts their website (with thousands of others, no doubt) at Websavers in Canada.

​Having done supply chain software work in a past corporate life, I am VERY aware of the sensitivity to temperature ranges of shipped pharmaceuticals. Not only do any of us need to trust that an online pharmacy isn’t shipping something from some guy’s garage where he put milk powder in some capsules, I need to know that care is given to HOW something is shipped…so it isn’t sitting in some truck overnight freezing and, by the time it’s delivered, the prescription drug is now actually inert and of no use. Fortunately there are some smart people addressing this exact issue.

While the percentage I agree with what Trump doing is about 0%, this is one area where I hope his disruptive-grenade-throwing tactics make an impact.

I just reached out to Henry Harvey at Pharmacy Checker and asked him to please inform me as to why I should trust PharmacyChecker.com for displaying legitimate, trusted and “verified” sources.​ Hopefully he will reply and/or comment here on this post.

post

The Greatest Technology Invention in Human History

Can’t recall when I first heard this, but was listening to some tech pundits at a show and the moderator asked the panel, “So what do you think is the greatest technology invention in human history?” Each panelist answered until it got to the last guy who said, “the toilet.”

This conference was just after my family and I had returned from London and had toured a castle. In it was a room that, during the 1300s, royalty went in to and sat down on an outhouse-like hole to perform their bodily functions. The hole went all the way down several stories to who-knows-where. Even the tour guide helped us appreciate how important have a waste-collection system was and to the kids said, “Imagine if you didn’t have a toilet in your house today!”

The Bill and Melinda Gates Foundation believes in the importance of sanitation in saving lives (and giving a quality of life!) and sponsored this delicate video to stress the importance of this device and the sanitiation systems it leverages: