Here’s the thing about protecting your privacy: If someone tries to take your data, and you take steps to protect it, that’s rarely the end of the story. They’ll usually keep trying. For example, as soon as the Online Safety Act became law, predictably, VPN use spiked. Now, UK government officials want age verification for VPN providers, which those providers refuse to add, because keeping data on subscribers is generally not something you want a VPN to do.
Trust is extremely important when it comes to a VPN, and the best ones don’t log user data at all. They’re privacy tools after all, and the less they know about you, the more private they are. You should only ever use a VPN that you trust and that is well-regarded by independent reviewers (like us!). For example, this week we reported that a bunch of free VPNs were actually leeching bandwidth from Windscribe, a provider we love for its commitment to privacy.
Speaking of VPNs, this week we highlighted seven persistent VPN myths you should disabuse yourself of, and showed you the best way to use one VPN to protect all of your devices, including your phones, game consoles, or anything else. That said, there are some times when a VPN isn’t necessary, or may even make accessing certain sites or services more difficult. That’s where a feature called split tunneling comes in, where you can choose which apps use the VPN and which ones don’t. It’s pretty neat, and all the best VPNs have it, even the best ones for you-know-where.
Next, let’s roll back the tape for a moment. A few weeks ago, at Black Hat, we covered an EV charger hack that could cause a fire. Well, it’s actually much scarier than we thought: The hack, which we initially thought required physical access to the charger, can be performed remotely, which is especially frightening.
Elsewhere in security news, we reported that the transcription tool Otter is being accused of recording meetings to train AI without user consent, which is always fun. Oh, and if you have an Apple device, you should probably update it now to avoid a new zero-day exploit. Before you laugh, Microsoft users, keep an eye out for an upcoming update to Microsoft Teams to avoid that platform being used to spread ransomware. Additionally, this week we reported that UK officials, who have long targeted encryption in apps like WhatsApp, Signal, and iCloud, have at least decided to drop their demand for access to encrypted iCloud user data on American users, at least.
That’s a lot of news! But it’s not everything that caught the attention of the PCMag security team this week. Here are some more stories we think are important and interesting, but we didn’t get a chance to cover.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Instagram Map: What Is It and How Do I Control It?
If you’re an Instagram user, you may have noticed that the app recently added a map that shows you where all of your friends and followers are located when they post to their feed or to their stories. What you may not know is that you’re on the map too when you use the feature, and others can see your location. Thankfully, MalwareBytes has a great explanation of the new feature on its blog, along with instructions on how to turn your own location off to protect your privacy.
The feature was very quietly introduced and works largely like Snapchat’s “Snap map,” which does effectively the same thing. And predictably, Meta introduced the feature as opt-out, not opt-in, which means you’re sharing your personal data by default. Of course, you can also turn the feature off by stripping Instagram of its location permissions (on Android, at least), which is something else I recommend if you don’t think the instructions in MalwareBytes’ article go far enough. Personally, I recommend doing both, because the former applies to your account, and the latter to your device. Better to have all of your bases covered.
Smishing in the Amazon
Watch out for this one. If you’re not familiar with the term “smishing,” it’s a portmanteau of “SMS phishing.” It just describes attacks like this one, reported by IT Security Guru, where you get a text message purportedly from Amazon, claiming that your order has been either damaged, delayed, or returned, and you should tap the link in the text message for a full refund. Of course, tapping the link takes you to a convincing-looking login page that is definitely not Amazon. Once you’ve given the site your credentials, the scammers make off with your Amazon account, potentially racking up huge charges under your name and using your stored payment methods before you can do anything about it. And no, the refund never shows up, because it was never real.
Recommended by Our Editors
These types of attacks are on the rise, and luckily, we have tips to avoid phishing scams of all kinds, including this one. But the biggest tip I can offer is this: If you ever get an email, text message, or anything else from a company you normally do business with that you weren’t expecting, don’t click anything in it. Go directly to the retailer or company’s website on your own, in your browser, and only then log in to see if there’s a problem with your order, your account, or anything else.
Italian Hotels Breached en Masse Since June, Government Confirms
If you’ve taken a summer trip to Italy or are planning one in the immediate future, keep a close eye on your bank account and credit report. The Register reports that since June, a hacker (or potentially a group of hackers) called mydocs has breached a booking system used by several hotels in Italy, making off with sensitive data like passports, IDs, and more for close to 100,000 individuals. So far, ten different hotels have reported the hack, and authorities believe that number is just the beginning.
So while the Italian authorities investigate the matter, their public statement warns the public to watch out for the usual scams that result from breaches like this, like identity theft. Of course, if you’ve been hit by scammers before, we also have tips to prevent it from happening again, even if you’re not planning a trip to Italy.
About Alan Henry
Managing Editor, Security
