Category Archives: Internet

VPNs: AVOID “Hotspot Shield” and “Hotspot Shield Elite”

OK, a piece of advice regarding VPNs: AVOID Hotspot Shield, that means every version, the “free”, “elite”, “VPN”, and “proxy” version. It’s hard enough to find concensus on which commercial VPN is best or which are safe or not, but this one has had some bad press, some damning evidence, and I’ve personally caught it injecting advertising data into my web traffic when I used it a year or so ago. I saved the proof somewhere, it’ll be published when I come across it again or take another in depth look. I observed this happening by analysing a long capture of traffic with Wireshark.

Hotspot Shield interferes with and modifies your web traffic.

Take a quick read of this, too:

Hotspot Shield was named in a research paper for “actively injecting JavaScript codes using iframes for advertising and tracking purposes” with their Android VPN app. Furthermore, analysis of Hotspot Shield VPN’s source code revealed that they “actively use more than 5 different third-party tracking libraries.” Hotspot Shield was also found to be redirecting user traffic to e-commerce domains, such as and through partner networks.

In 2017, Hotspot Shield was officially named in an FTC complaint for alleged traffic interception. In 2018, Hotspot Shield was again in the news for a security flaw that revealed user locations. The company behind Hotspot Shield is AnchorFree, which runs other free VPN services as well.


One link is to this slightly more in depth article and also this one here.

And I thought Facebook scored badly for privacy

After seeing Facebook scoring a C for privacy, which actually was surprisingly high, I just saw a D; in the web interface for Gmail. Yeah, Google is bad too, shame they got the best webmail out there.

The rating comes from an extension called ‘DuckDuckGo Privacy Essentials” for the Firefox browser.

What I find most disturbing is the way it’s worded there, and because it’s a very accurate way of wording what is going on and the possible ramifications of it. Google will keep records of you visiting, from where, what computer, etc, FOREVER. They track, or try to track, you across most of the internet, and can use content that you have created in their own products without a second thought; and they can keep doing it into the future with whatever new widgets they come up with.

Bye bye privacy, welcome to 2019.

Are You Safe Online ? (Online privacy & security tests)

A partial copy from my page here:

How safe is it for you to be online right now? (Online 10 second tests!)

This easy to remember site is a quick way to check your IP address. Or at least, what is showing to the public as your IP address. DNSLytics is a more in depth service that analyses the structure of the internet.

BadSSL gives you a quick overview of how much modern security your web browser supports and is implementing.The more green on the screen, the safer you are. More red, less safe.

SSL Labs has a similar test. They also can test the security supported by a web server/website itself, just enter the address and let it go. And a third choice is How’s My SSL?

More tests (more specific or expert-oriented):

DNS Leak Check checks for DNS leaks, which can give away your identity even if you’re using a VPN. IP Leak also checks for them, as well as WebRTC leaks.

Can you see this site? Is your browser loading it? If so, your browser is being fooled by a forged security certificate/digital signature. You’re open to having your information stolen by phishing sites and other nasty things, and will be none the wiser. If you’re getting a security error, you’re safe.

More links to browse (tests, writing, and advice):

SSL Labs Projects & Homepage and their full list of (expert) assessment tools

G-Sec list of downloadable tools (mostly Windows)

Cipher List’s of downloadable tools and a test or two

SSL Decoder lets you check to security configuration of a website or server, just enter the address

Ivan Ristic’s writing about web security and encryption

Bruce Schnier’s writing, well known encryption expert

COMODO’s online server/site tester, just enter the address (currently not working)

Website reputation checker URLVoid is here. Close friend IP void which checks the server IP address is here.

Webmaster Tips has a list of site checking tools (like safety and reputation), same story with Google’s Transparency Report, the McAfee Site Advisor, whereas VirusTotal checks sites and downloaded files for viruses and threats.

DNSLytics is a great site, server, or IP address research and investigation tool. MXToolbox is similar and quite good too, as is Talos Intelligence.

More tools you can use to keep yourself safe and protect your privacy are over on this page:

Shame on Facebook, Shame, Shame, Shame

These three following screenshots sum it up; they’re from the Firefox browser privacy extension DuckDuckGo Privacy Essentials. This is the tip of the iceberg, and I’m dropping it off here without much explanation (for now.) Facebook does not care about your privacy of security whatsoever. Even their so called “secret messaging” which they claim is encrypted, actually has a backdoor in it that allows Facebook to access messages from the past when asked by law enforcement.