Air India data breach exposes personal information of 4.5 million people

Around four and a half million Air India customers have had their personal data compromised, the airline has confirmed in a statement.  The notice comes a full two months after a reported cyberattack on SITA’s Passenger Security System.  [[post-object type=”divider” /]] What happened? SITA is a data processor that works…

Around four and a half million Air India customers have had their personal data compromised, the airline has confirmed in a statement

The notice comes a full two months after a reported cyberattack on SITA’s Passenger Security System. 

What happened?

SITA is a data processor that works on behalf of Air India as well as several other airlines. The company says that they first received a notification of the breach on 25 February 2021, but that the identity of the subjects affected by the breach was provided on 25 March and 5 April 2021. 

According to the statement, “The breach involved personal data registered between 26th August 2011 and 3rd February 2021, with details that included name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data as well as credit card data”. No data pertaining or related to account passwords was reportedly affected, nor were CVV/CVC numbers from the back of credit cards. 

News of the breach broke in early March, but details were vague. Other airlines involved in the breach have been notifying customers over the past two to three months. 

A widespread attack

Air India was one of several airlines to have passenger information exposed during the SITA breach, Others include:

  • Lufthansa 
  • Air New Zealand 
  • SAS – Scandinavian Airlines 
  • Cathay Pacific 
  • Malaysia Airlines
  • Singapore Airlines 
  • Finnair 
  • Jeju Air

Several of these companies are the flag carrier airlines for countries such as New Zealand, Finland, and Malaysia. Right now, it is unclear what organization or individual is behind the attack, and what their true motivations were. 

How did SITA and Air India respond?

SITA, the company responsible for securely processing this data, said that “By global and industry standards, we identified this cyber-attack extremely quickly. The matter remains under active investigation by SITA”. 

Each affected airline has been provided with the details of the exact type of data that has been compromised, including details of the number of data records within each of the relevant data categories, including some personal data of airline passengers.

Air India, on the other hand, were a lot more apologetic in their statement, saying that “The protection of our customers’ personal data is of highest importance to us and we deeply regret the inconvenience caused and appreciate continued support and trust of our passengers”. 

Air India has also encouraged all passengers who signed up with the airline between the dates specified to change their passwords “wherever applicable” to secure their personal data. 

A running trend

Data breaches involving airline companies have been an all too common fixture of the news over the past few years. In 2020, for instance, British Airways were handed a £20m fine for a data breach that compromised the data of 400,000 customers two years before. 

EasyJet are another company to fall victim to a breach in recent times; the data of over nine million customers was exposed in what was dubbed a “highly sophisticated” attack. 

Airports have also come under fire for mishandling passenger data. Heathrow Airport was fined £120,000 in 2018 after a staff member misplaced a USB stick containing sensitive information about customers, including the exact travel plans for the Queen. 

Cathay Pacific, one of the airlines involved in the SITA data breach, were charged £500,000 by the ICO for a 2018 data breach, too. They failed to disclose that the breach had happened for a whole six months after it took place.

Why are airlines always involved in data breaches?

Of all the sectors, it seems airlines have a particular problem with cybersecurity. We’re forever hearing about the latest leak, breach, or compromised data. This isn’t necessarily just because the industry has poor cybersecurity standards at all – it’s actually a combination of factors. 

As sectors go, companies working in aviation store much more personal information about customers than sectors like retail, for example, including passport information that is directly linked to financial data. And it’s that first kind of data that makes them so different from other companies and so ripe for targeting – who else has passport information en masse? 

However, the sheer diversity of technology used in the flight process – from electronic check-in software to in-flight entertainment modules and Wi-Fi connectivity systems – means there are many more exploit points for hackers to capitalize on than might be found in another sector. 

Airlines also represent one node in a massive, interconnected web of data exchanges between governments, credit card companies, banks, hotels, baggage handlers, and so forth. Data is constantly moving through these organizations at speeds rarely seen elsewhere and can have multiple destinations at once. 

The best free VPNs for iPhone and iOS users

Are you new to VPNs? Why not head over to Hannah’s blog to find user friendly guides and reviews.   [[post-object type=”best-buy-table” condensed=”right” title=”These are the best free VPNs for iPhone”/]] Paying for a VPN is always the best way to get a secure, fast service with all the bells…

Are you new to VPNs? Why not head over to Hannah’s blog to find user friendly guides and reviews.

Paying for a VPN is always the best way to get a secure, fast service with all the bells and whistles. However, for iPhone users there are some free VPNs on the app store that are trustworthy. So, if you are short on cash, you don’t have to miss out on the privacy, freedom, and security that a free iOS VPN can provide.

What are the Best Free VPNs for iOS?

Given just how many iPhone VPNs are on the App Store and the potential problems that come with them, finding the right provider can be difficult. Thankfully, our experts have compared the market to find the five best free VPNs for iPhones.

ProtonVPN is the best free VPN for iPhones. It’s reliable, trusted, and can be used on an unlimited basis.

  • Available on

    • Windows
    • macOS
    • iOS
    • Android
    • Linux
  • Unblocks

    • Netflix
    • iPlayer
    • Amazon Prime
    • Hulu

ProtonVPN is an excellent free VPN for iOS that lets people use it on an unlimited basis. Admittedly, this free VPN is slower than the best premium VPNs for iOS, but for free it is extremely impressive. The VPN only caps speeds to avoid congestion, and you can connect to servers in Japan, the Netherlands, and the US – all for free. This makes it good for bypassing censorship and gaining privacy on your iPhone.

When it comes to privacy and security, this VPN is highly secure. It provides a kill-switch and OpenVPN encryption, and it has a no-logs policy to ensure what you do online stays completely private. Perhaps the only drawback is that you will need to pay to access Netflix US (but this is true of all services).

For free, you can only use ProtonVPN on one device. However, you could get multiple subscriptions using various email addresses to get around that restriction. A trusted and reliable free VPN from Switzerland brought to you by the developers of ProtonMail. By far the best and most trusted free VPN for iOS devices.

Hide.me buckles down with privacy and security, even on its free version.

  • Available on

    • Windows
    • macOS
    • iOS
    • Android
    • Linux
  • Unblocks

    • Netflix
    • iPlayer
    • Amazon Prime
    • Hulu

Hide.me is a trustworthy provider that has an outstanding free VPN for iPhones and iPads. For free, users are limited to just five server locations (US East, US West, Singapore, the Netherlands, and Canada). This means you will need to try a different service if you require a server in the UK – or elsewhere. However, for many people this choice of countries will be ideal. 

What’s great about this free VPN is that it provides the same level of privacy and security for free as it does on its full premium subscription plans. Without paying a cent, you will get 10GB of usage per month – with lightning fast connection speeds up to 80Mbps. Plus, this VPN provides strong privacy and encryption, making it a superb free VPN for iOS.

AtlasVPN is a useful VPN that provides privacy and the ability to bypass censorship – all for free.

  • Available on

    • Windows
    • macOS
    • iOS
    • Android
  • Unblocks

    • Netflix
    • iPlayer
    • Amazon Prime
    • Hulu

AtlasVPN is a US-based VPN provider that I found to be surprisingly good considering it is such an unknown service. During my tests, I found it t provide good speeds for streaming, and it worked well even on the free version. Admittedly, the VPN doesn’t provide OpenVPN encryption, which did disappoint me slightly. 

That said, it offers IKEv2 instead, which is still a secure encryption protocol. Plus, the VPN has a robust no logs policy that ensures what you do online remains completely private, which makes it a reliable service from where I am standing. I was also happy to see that it provides a kill switch, so you can use it for torrenting if you want to.

I enjoyed using its apps on all platforms, and the iOS app was excellent and easy to use – making it good for beginners. For free you get access to servers in three countries, and you can use the VPN on an unlimited basis. This is extremely generous considering this is a trustworthy no logs VPN. The only real downside is that the free servers are about 5 times slower than on the paid plans, and it won’t unblock Netflix US unless you pay. That said, this is an extremely good option for getting privacy and security when using the internet, and for gaining added freedom for free. 

Windscribe is a superb free iOS VPN. It’s secure, and provides access to 10 server locations for free.

  • Available on

    • Windows
    • macOS
    • iOS
    • Android
    • Linux
  • Unblocks

Windscribe is a popular free VPN for iOS that you can trust without concerns. The privacy policy is strong, and the VPN provides the same level of encryption and security on both the paid and free versions. For free, iOS users can enjoy 10GB of data allowance per month, which is a hefty amount compared to most. Free users can connect to servers in the US, Canada, France, Germany, the Netherlands, Norway, Romania, Switzerland, the UK, and Hong Kong. That is a lot of choices, making this a free iOS VPN worth considering!

Hotspot Shield might only offer one server for free, but being in the US is perfect for iOS users

  • Available on

    • Windows
    • macOS
    • iOS
    • Android
    • Linux
  • Unblocks

    • Netflix
    • iPlayer
    • Amazon Prime
    • Hulu

Hotspot Shield is a famous US-based VPN provider that allows customers to use their iOS VPN for free on the US server. Having just one server location is quite restrictive, but it is pretty darn useful being the most coveted location. Admittedly, this free VPN does serve some adverts. However, it is a service that has proven its worth in war-torn and totalitarian nations that are blocking vital websites and services. A free VPN that gets the job done on any iOS device.

Are free VPNs for iOS safe?

There are a number of considerations you need to make before picking a free VPN. There are, of course, good free VPNs available, but there are also hundreds of bad ones too. So it’s important to do your research first. Here are some things that you should look out for.

Security issues

There are hundreds of free services on the market, and the vast majority of those are dubious services with poor privacy policies.

Many free VPNs have been found to lie about the level of encryption they provide – and studies have revealed that many of them have no encryption at all!

In addition, a CSIRO study carried out in 2017 revealed that out of 234 free VPN apps studied, more than a third contained malvertising and malware. For this reason, choosing a free VPN at random can be extremely dangerous.

To stay safe, we encourage you to stick to the providers featured on this page.

Privacy issues

Running a VPN is an expensive enterprise with a large number of outgoings. This makes it almost impossible to provide a good free service. Many cowboy VPN providers pull it off by collecting their users’ web data and browsing habits, selling it onto third parties such as data brokers.

A VPN that collects your data and sells it for a profit is the exact opposite of what they are supposed to do. A VPN is supposed to protect your privacy by encrypting your data and making it inaccessible to anybody but you. We urge you not to settle for this kind of free VPN when there are perfectly good ones on the market.

Limitations of free services

Some premium VPNs provide a free plan designed to advertise what they are capable of. The VPNs we have recommended in this article are both 100% safe to use and 100% free. However, these free plans do come with certain limitations.

Reputable VPN companies only provide a free version of their service to advertise the full premium VPN. In the long run, these companies hope that users will enjoy the limited free version of the VPN enough to upgrade to the full unrestricted version. It is for this reason that free plans have some or all the following restrictions:

  • Limited server locations
  • Data limitations
  • Bandwidth restrictions (speed cap)
  • Inability to access certain services (such as Netflix)

Please bear in mind that download limitations and connection speed restrictions make free VPNs unsuitable for streaming. Streaming will cause you to use up your data allowance extremely quickly, and slower VPN speeds will result in buffering.

If you require a VPN for streaming, we recommend checking out our list of the best cheap VPNs.

Free VPNs iPhone users should avoid

There are many dodgy free VPNs on the market. Even some of the VPNs that appear high on the Apple app store – and have been given high star ratings by consumers – are actually very concerning when it comes to privacy and security.

Sticking to the advised free iPhone VPNs only will allow you to make use of cost-free VPNs without any concerns. However, to help we have included a list of iOS VPNs that have been found to have poor privacy policies, a lack of encryption, or apps that contain spyware to help you know what to avoid:

WhatsApp punishes users for not accepting update

WhatsApp is trying to pressure its users into accepting a new privacy policy. Even if you don’t use the app yourself, this is a worrying development. If people can be bullied into submitting to questionable user agreements, the practice could become widespread among social media companies. Here’s why that’s bad news….

WhatsApp’s new privacy policy

In early 2021, WhatsApp announced a relatively inconsequential update to their privacy policy. While the changes were minimal, they prompted users and journalists to take a closer look at what the Facebook-owned app had already written into their fine print.

The backlash intensified as the public realized just how much data the app was gathering about them and sharing with Facebook. In response, WhatsApp delayed the update until May, when the changes finally came into effect.

Now WhatsApp users are being offered a choice. They can either agree to the new privacy policy, or start losing essential app features.

What happens is you don’t accept the changes?

If you don’t agree to the new WhatsApp privacy policy, you will begin to notice a steady decline in the app’s functionality. Ultimately, it will become unusable.

You’ll lose access to your chat list, and will no longer be able to initiate conversations. The app will stop giving you notifications. Then, if you’ve still not caved after several weeks, calls and messages will cease to function completely.

In essence, if you don’t play along, you won’t be able to continue using WhatsApp.

A new precedent in data gathering

Even if you’re not a WhatsApp user yourself, the fallout from this development could still impact you. Giving people this kind of ultimatum sets a precedent for tech giants and software vendors elsewhere.

Will other companies start using similarly aggressive strategies to punish users who don’t accept their T&Cs? Almost certainly. Facebook could view this as a trial-run for how they enforce their own privacy policies. Since they also own Instagram, we may see these tactics used there as well.

The problem is that, after years of intensifying social media integration, most people are just too dependent on services like WhatsApp and Facebook to walk away. Facebook is expanding into health data, IoT devices, and cryptocurrency: their privacy policies impact the lives of billions of people around the globe.

How can you protect your privacy?

The struggle of private citizens to control their own data is one of the defining challenges in this century. The more dependent you are on the products of private corporations — from WhatsApp and Facebook to Amazon and other data-driven enterprises — the more effective these aggressive approaches will be.

However, there are still some steps that individuals can take to enhance personal privacy and strengthen data protection. Big tech is demanding access to every detail of your life; here’s how to say no.

Identify your own red lines.

How much information are you really happy to give away? Companies like Facebook rely on people putting convenience over privacy, so it’s important to work out what your personal red lines are. Are you willing to have your data sold to third parties? Are you comfortable giving a corporation access to your contact list? If the answer is no, a little inconvenience might be worth your own peace of mind.

Diversify your apps.

Don’t rely solely on one service for messages and calls. If WhatsApp is the only way you can contact family and friends, it will be much easier for the company to pressure you into accepting their terms. There are a range of secure communication apps that you can turn to instead. When a tech giant monopolizes part of your life, you’ve lost half the battle.

Read through privacy agreements.

While it’s easy to skim over privacy agreements and T&Cs, we really recommend that you take the time to read them. Agreeing to give away any degree of legal control over your data should never be a snap decision. If you’re unsure what to look out for in the fine print, check out our interview with an expert on terms of service agreements.

Protect your data with encryption.

Your internet service provider (ISP) is probably monitoring and selling information on your browsing habits to advertisers. To combat this, start using a VPN, or virtual private network. Services like NordVPN can keep your data out of the hands of corporations, as well as protecting you against hackers and other cybercriminals.

Online security starts with a click.

Stay safe with the world’s leading VPN

This app has been blocked for your protection — what does it mean?

Hackers have always liked Windows because of its popularity and poor security. Windows users are among the most affected by malware, ransomware, or phishing. One of Microsoft’s responses was Windows Defender, which blocks suspicious programs. But what if you want to decide for yourself which programs to install? What is Windows…

What is Windows Defender SmartScreen?

Windows Defender SmartScreen, first introduced in Windows 8, protects users against malware and phishing websites, and prevents malicious software downloads. Here’s how Windows Defender SmartScreen works:

  • Analyzes websites and looks for suspicious behavior (you don’t need to block websites yourself, it’s done automatically);
  • Checks websites you visit against a list of reported phishing and malware sites;
  • Checks files you download against a list of unsafe programs;
  • Checks files you download against a list of files that are known and downloaded by many Windows users.

You can also report suspicious programs to Microsoft if you think they have malicious intentions.

What does the “This app has been blocked for your protection” error means?

When Windows detects suspicious behavior, it immediately warns the user that the application might be unsafe. A pop-up appears with the message “This app has been blocked for your protection” and Windows 10 blocks it from launching.

However, you might have encountered a different message — “Windows protected your PC” or “An administrator has blocked you from running this app”. They all mean that Windows Defender SmartScreen prevented an unrecognized app from starting.

But as always, there is a workaround that allows you to install and launch any app you like.

Why would I want to disable Windows Defender SmartScreen?

We don’t recommend disabling Windows Defender SmartScreen unless you really know what you’re doing. Otherwise, you can expose yourself to malware and infect your computer.

With that said, not all the applications that SmartScreen blocks are harmful. They can come from reliable developers and have no malicious intentions despite lacking Microsoft’s approval. Sometimes, it can prevent users from installing printers or scanners, and updating their drivers. Especially when trying to connect an older device to a computer.

Windows Defender can overreact, but it has good intentions.

If Windows warns you that an app you want to install might be malicious, do your research before you continue. There are tons of harmful websites that might look very legitimate and professional. If you disable Windows Defender, you might end up with a fake app or malware (our “What is malware?” article will explain this in detail).

Related articles


Before disabling Windows Defender SmartScreen

Disabling Windows Defender SmartScreen will leave you naked on the internet, so we recommend taking extra security measures.

Install antivirus software. Windows has native antivirus protection software, but if you want to enhance your security, we recommend installing a dedicated antivirus. It will also provide you with extra features that are not available on Windows Defender.

Use a VPN. A virtual private network encrypts your traffic, thus reducing the risk of getting hacked. NordVPN is an easy-to-use app that works across different platforms and lets you secure up to 6 devices with one account. The CyberSec feature also blocks annoying ads, which are a common way to deliver malware. With cyber crimes on the rise, you need VPN protection more than ever.

A VPN also hides your IP address, which is tied to your online activities. With NordVPN, however, you can connect to one of more than 5400 servers and change your IP. Your digital identity will be masked and your location can stay private.

Online security starts with a click.

Stay safe with the world’s leading VPN

Encrypt your files. If you keep your files on your PC unencrypted, hackers can steal them or you might send them to the wrong person by accident. When your sensitive data is encrypted, nobody will be able to view it. We recommend using NordLocker, which lets you encrypt files and store them on your computer or the cloud.

Keep all your software up-to-date. Windows updates its software for a reason: developers fix bugs and known vulnerabilities, thus improving security. If you skip updates, you’re putting your system at serious risk.

How to turn off Windows Defender SmartScreen

You can disable Windows Defender SmartScreen, avoid the “This app has been blocked for your protection” error, and install any program you like. Here’s how to change your Windows 10 privacy settings:

  1. Go to Settings > Update & Security.
  2. Windows Defender SmartScreen

  3. Choose Windows Security in the left menu.
  4. Windows Defender SmartScreen

  5. Click on App & browser control.
  6. Windows Defender SmartScreen

  7. Click Off in the Check apps and files section.
  8. Windows Defender SmartScreen

  9. Toggle off SmartScreen for Microsoft Edge.
  10. Windows Defender SmartScreen

  11. Click Off in the SmartScreen for Microsoft Store apps section.
  12. Windows Defender SmartScreen

After you’ve successfully installed your third-party app, we strongly recommend turning Windows Defender SmartScreen back on again using the same process.

If you haven’t enabled a VPN already, now is a good time to do it. Remember, underestimating the risk of cybercrime is dangerous; you can never be sure where the threats are coming from. NordVPN lets you take control of your digital security.

Online security starts with a click.

Stay safe with the world’s leading VPN

Online gaming: How to stay safe from hackers and vicious opponents

Just because online games take you to an imaginary world doesn’t mean that they can’t have real-life threats. Continue reading to find out what to expect in the gaming world and how to protect yourself from hackers or vicious opponents. Contents Why would anyone want your gaming account? How do hackers…

Why would anyone want your gaming account?

Whether you play a free or paid online game, hackers can get plenty of value from your account. Remember all those crates unlocked over several years of collecting? There’s potentially hundreds of dollars worth of cosmetics across your Fortnite, PUBG Lite and Overwatch accounts. Hacking most accounts isn’t too difficult because many players fail to employ basic cybersecurity precautions. Once they take over your account, they might be able to:

  • Listen to your gaming conversations and read your chats;
  • Reuse your login details to break into other accounts (for example, social media);
  • Use your details in phishing attacks to get even more information out of you;
  • Sell your details on the dark web;
  • Use your payment details to purchase virtual currencies, send them to the attacker’s account, then resell them on the gaming platform or the dark web;
  • Use your account to launder money.

How do hackers break into your account?

1. Weak passwords

One of the biggest mistakes you can make when creating your gaming account is to use a weak password. The one that consists of just one word anyone could find in a dictionary or using common passwords such as ‘password1234.’ That Minecraft or Roblox account you made years ago before you had a decent knowledge of cybersecurity is probably protected by a weak password. If you don’t want to lose the progress across those games, it’s time to update your passwords. Hackers have large databases of common passwords that come in handy when performing brute force attacks.

To complete a brute force attack, the hacker only needs your user name or your email address. They will then use a bot that will try all passwords on their database until they succeed or until they go through the whole list with no luck.

2. Data breaches

Data breaches and leaks are another password goldmine for hackers. Unfortunately, there’s not much you can do to protect yourself as this depends on the cybersecurity of the company that stores your data. If they keep your passwords unencrypted, it’s very likely that they will end up on the dark web and in the hands of a hacker.

Data breaches seem to be a pretty widespread threat. In its research the cybersecurity company KELA discovered nearly 1 million compromised accounts associated with gaming clients and employees. 50% of them were offered for sale in 2020. KELA also found out over 500,000 leaked credentials of gaming sector employees.

3. Credential stuffing

If you reuse passwords on multiple accounts, you may also be vulnerable to credential stuffing attacks. If your login details have been previously leaked or a hacker breached any other account of yours, they will probably try to reuse the same login details on other platforms. If you used the same password for your gaming account and your online banking, you might be in huge trouble.

Credential stuffing is another common threat. Akamai, a cybersecurity company, published a report revealing that the video game industry experienced almost 10 billion credential stuffing and 152 million web application attacks between 2018 and 2020. The attacks especially peaked during Covid lockdowns.

4. Cross-site scripting

Cross-site scripting is another type of attack widely used by hackers to steal your login details. How does it work? Some website servers do not reconfirm authentication every time they exchange information. Hackers use this vulnerability to inject scripts into the website’s UI, which can then be used to steal the information you entered into that website.

Related articles


Other threats

Online gaming and security threats

Even though someone stealing your account is a scary thought, but it’s not the only threat looming in the online gaming world.

1. DDoS attacks

If you are serious about gaming and do it professionally or competitively, you may become a victim of a Distributed Denial of Service (DDoS) attack. Using a botnet with hundreds or thousands of infected devices create a botnet, a hacker could flood your router (if the IP is known) or the game server you’re connected to with requests. This creates a system overload and shuts it down. As a result, your game is disrupted or you get disconnected. Your League of Legends teammates won’t be happy with the blackout your system will suffer from a DDOS attack.

2. Malware

Hackers can also try to trick you into downloading malware. For example, if you want a game not released in your country of residence, you may decide to download it from a P2P website. Hackers know what games are popular, and they can use them as bait. Don’t get tempted to download malware masquerading as a new game release.

3. Phishing

Phishing can also be used to trick you into clicking on malicious or spoofed links. For example, Fortnite players have been tricked into clicking on links posted in gaming forums offering them discounted or free virtual tokens and other accessories. In reality, the links were part of a cross-site scripting attack that helped hackers breach players’ accounts.

They can also send you phishing emails using the information they already have (i.e., your email address). It will trick you into thinking that they are from a legitimate company. This way, they may steal even more information from you like your passwords, payment details, home address, etc.

4. Cyberstalking or cyberbullying

Cyberstalking and cyberbullying can also make your online and offline lives very bitter. Toxic behavior can be common in some video games. Opponents can look up your IP address, find out your location or even your identity, and then bully you on social media and other gaming platforms. By knowing your preliminary address, they can stalk you in real life too. Who said that gaming isn’t dangerous?

How to protect yourself

play

You can take simple precautionary measures to make hackers’ (and your most vicious opponents’) lives more difficult. This is how:

  • Use strong passwords. Read these tips on how to create a unique password or use the automatic NordPass password generator.
  • Enable 2 Factor Authentication. This way, getting into your gaming account or your email account will be twice as hard. What would happen if someone were to hack into your Origin account? They could gift themselves games until the card linked to your account is maxed out. Hackers will now need physical access to your phone to get a second verification code.
  • Use an antivirus and update it regularly. It will help you to catch the most common viruses before they infect your device.
  • Familiarize yourself with phishing techniques. The easier it is for you to recognize them, the bigger the chance that you won’t fall for them.
  • Familiarize yourself with cyberstalking and cyberbullying. Learn what to do if you become a victim of either.
  • Use VPN for gaming. It will encrypt your traffic and will hide your IP address from any hackers and snoopers. It will also protect you from DDoS attacks and ISP bandwidth throttling.

To learn more about cybersecurity, subscribe to our monthly blog newsletter below!

Are governments using zero-day exploits?

Can cybercriminals spy on you through unsecured apps on your phone? Absolutely. By taking advantage of zero-day exploits, hackers can infiltrate our devices and monitor our actions. But what if government agencies did the same thing? What is a zero-day attack? A zero-day attack takes place when someone exploits a zero-day…

What is a zero-day attack?

A zero-day attack takes place when someone exploits a zero-day vulnerability. In such cases, perpetrators outrun the developers in finding loopholes in their products and exploit them for their own needs. Developers have zero days to patch it; hence the name.

Basically, the severity of such an attack depends on how fast developers manage to fix the loophole. However, things can get more complex when powerful external parties such as government agencies get involved.

Zero-day exploits in China

China’s recent exploitation of the iPhone’s vulnerability is an example of how governments can use zero-day hacks to further agendas of oppression and surveillance. An iPhone loophole discovered in the country’s hacking competition was used to spy on Uyghur Muslims, a minority experiencing severe oppression by Chinese government.

The exploit (nicknamed Chaos) targeted the iPhone’s kernel, the core of its operating system. Using this backdoor as a starting point, a remote attacker could take over even the newest iPhones. Apple has patched the vulnerability since it was found, but it’s alleged that the Chinese government was able to use it in surveillance operations for at least some time.

Then, months later, Google researchers announced that iPhones were also being massively compromised by five different exploits, which were very similar to Chaos. It was later revealed that the Chinese government used them to target Uyghur Muslims, an ethnic minority that has faced extreme oppression in China.

Related articles


Zero-day as a government tool

While the Chinese government’s use of zero-day vulnerabilities seems to be one of the most extreme examples, they may not be the only administration employing these methods. Other governments also tend to exploit zero-day breaches for data hoarding, national cybersecurity, and surveillance. Worse still, they’ll often avoid informing developers about these loopholes.

Finding potential exploits but not reporting them is called vulnerability stockpiling. Stockpiling takes place when a government starts collecting vulnerabilities for future use instead of encouraging developers to patch them. Officials can inject their own encryption backdoors or hire independent contractors, who actively look for these vulnerabilities and sell them to a government.

Here are a few examples of governmental exploitation of zero-day loopholes:

  • Stuxnet is one of the most famous examples of the exploitation of zero-day attacks on the geopolitical level. Equation Group, the hacker organization suspected for its links with NSA, used four zero-day vulnerabilities to initiate attacks against Iran’s nuclear program.
  • In 2016 a group called Shadow Brokers publicized a set of vulnerabilities allegedly stockpiled by the NSA and affecting security products such as Cisco, Juniper and Fortinet, which protect US infrastructure.
  • In 2014 Bloomberg news reported on Heartbleed, a vulnerability the NSA allegedly knew about for two years and used for intelligence gathering.

Stockpiling may give governments a chance to monitor certain targets, detect potential threats, and even sabotage their opponents’ infrastructure. However, it also poses a huge threat to their own citizens. Other parties can discover such vulnerabilities and use them against the state, its businesses, and its people.

The Solarwinds attack is a prime example of such a case. While we still don’t know for sure how hackers acquired the code, some claim that the attack was caused by an encryption backdoor installed by the NSA.

How to protect yourself

While no one can guarantee a full protection against the state-level threat factors and encryption backdoors, there are some steps you can take to reduce the risk.

Firstly, always update your software, so your device has the latest security patches. Developers usually fix the vulnerabilities once we discover it, so make sure to have the newest patches available.

Secondly, use a VPN. While a VPN won’t protect you from backdoors lurking in your software, it will encrypt your traffic and nobody will be able to stalk you. Snoopers won’t be able to see what you do online, and your location information will be hidden.

How to Use a VPN and Tor together

Although in many ways very different, both VPN and the Tor anonymity network use encrypted proxy connections in order to hide users’ identities they can be used together. Using a VPN and Tor together can provide an extra layer of security and mitigate some drawbacks of using either technology exclusively. In…

Although in many ways very different, both VPN and the Tor anonymity network use encrypted proxy connections in order to hide users’ identities they can be used together. Using a VPN and Tor together can provide an extra layer of security and mitigate some drawbacks of using either technology exclusively. In this guide, we show you how to use both Tor and a VPN together.

If you are new to Tor browser or maybe you want more information about it, then take a look at the guides listed below:

  • What VPN to use? – if you don’t already have a VPN service and you aren’t sure where to start, check out our Tor VPN article for a list of recommendations and some helpful tips on using them together.
  • What is better? – if you are looking to see what software is better and the pros and cons of using each service, then check out our Tor vs VPN guide for more information about this.
  • Everything about Tor Browser – if you want details on how Tor works, how to install it, how to use it (without a VPN), and more, take a look at our ultimate Tor browser guide.

Tor through VPN

In this configuration you connect first to your VPN server, and then to the Tor network before accessing the internet:

Your computer -> VPN -> Tor -> internet

Although some of the providers recommended in our best VPNs for Tor article offer to make such a setup easy, this is also what happens when you use the Tor Browser or Whonix (for maximum security) while connected to a VPN server, and means that your apparent IP on the internet is that of the Tor exit node.

Pros:

Cons:

  • Your VPN provider knows your real IP address
  • No protection from malicious Tor exit nodes. (Non-HTTPS traffic entering and leaving Tor exit nodes is unencrypted and could be monitored.)
  • Tor exit nodes are often blocked
  • We should note that using a Tor bridge such as Obfsproxy can also be effective at hiding Tor use from your ISP (although a determined ISP could in theory use deep packet inspection to detect Tor traffic).

Important note: Some VPN services (such as NordVPN, Privatoria and TorVPN) offer Tor through VPN via an OpenVPN configuration file (which transparently routes your data from OpenVPN to the Tor network). This means that your entire internet connection benefits from Tor through VPN.

Please be aware, however, that this is nowhere near as secure as using the Tor browser, where Tor encryption is performed end-to-end from your desktop to the Tor servers. It is possible that with transparent proxies your VPN provider could intercept traffic before it is encrypted by the Tor servers. The Tor Browser has also been hardened against various threats in a way that your usual browser almost certainly has not been.

VPN and Tor

For maximum security when using Tor through VPN you should always use the Tor browser

VPN through Tor

This involves connecting first to Tor, and then through a VPN server to the internet:

Your computer -> encrypt with VPN -> Tor -> VPN -> internet

This setup requires your VPN client to be configured to work with Tor, and the only VPN service that we currently recommend for doing this is the Swedish provider PrivateVPN.

The great thing about using PrivateVPN’s VPN through Tor feature is that the VPN provider is unable to detect your home IP address when you connect to its servers.

As a result, it becomes impossible for the VPN to track who you are and what you are doing in real-time.

This is a useful additional layer of protection against the potential for the VPN to be served a warrant that forces it to begin monitoring traffic. (PrivateVPN is already a no logs service, so it would have no existing connection records or usage logs to hand over to the authorities if it was approached.) 

Admittedly, this is an additional privacy measure that most users probably do not require. However, depending on your personal threat model, it is a useful addition if you want high levels of privacy and anonymity online.

Another benefit of using VPN through Tor (Tor over VPN) is that your apparent IP on the internet is that of the VPN server. This allows you to prevent websites and online services from detecting a Tor exit node (which stops them from blocking you). And allows you to pick the country that you get your outbound IP address in; depending on your needs (to access geo-restricted services, for example).

Visit PrivateVPN  

Pros

Cons

  • Your VPN provider can see your internet traffic (but has no way to connect it to you)
  • Slightly more vulnerable to global end-to-end timing attack as a fixed point in the chain exists (the VPN provider).

This configuration is usually regarded as more secure since it allows you to maintain complete (and true) anonymity.

Remember that to maintain anonymity it is vital to always connect to the VPN through Tor (if using AirVPN or BolehVPN this is performed automatically once the client has been correctly configured). The same holds true when making payments or logging into a web-based user account.

Malicious Exit Nodes

When using Tor, the last exit node in the chain between your computer and open internet is called an exit node. Traffic to or from the open internet (Bob in the diagram below) exits and enters this node unencrypted. Unless some additional form of encryption is used (such as HTTPS), this means that anyone running the exit node can spy on users’ internet traffic.

Tor-onion-network exit node

This is not usually a huge problem, as a user’s identity is hidden by the 2 or more additional nodes that traffic passes through on its way to and from the exit node. If the unencrypted traffic contains personally identifiable information, however, this can be seen by the entity running the exit node.

Such nodes are referred to as malicious exit nodes, and have also been known to redirect users to fake websites.

SSL connections are encrypted, so if you connect to an SSL secured website (https://) your data will be secure, even it passes through a malicious exit node.

bestvpn https

End-to-end Timing Attacks

This is a technique used to de-anonymize VPN and Tor users by correlating the time they were connected to the timing of otherwise anonymous behavior on the internet.

An incident where a Harvard bomb-threat idiot got caught while using Tor is a great example of this form of de-anonymization attack in action, but it is worth noting that the culprit was only caught because he connected to Tor through the Harvard campus Wi-Fi network.

On a global scale, pulling off a successful e2e attack against a Tor user would be a monumental undertaking, but possibly not impossible for the likes of the NSA, who are suspected of running a high percentage of all the world public Tor exit nodes.

If such an attack (or other de-anonymization tactic) is made against you while using Tor, then using VPN as well will provide an additional layer of security.

So which is better?

VPN through Tor is usually considered more secure because (if the correct precautions are taken) it allows true anonymity – not even your VPN provider knows who you are. It also provides protection against malicious Tor exit nodes, and allows you to evade censorship via blocks on Tor exit nodes.

You should be aware, however, that if an adversary can compromise your VPN provider, then it controls one end of the Tor chain. Over time, this may allow the adversary to pull off an end-to-end timing or other de-anonymization attack. Any such attack would be very hard to perform, and if the provider keeps logs it cannot be performed retrospectively, but this is a point the Edward Snowden’s of the world should consider.

Tor through VPN means that your VPN provider knows who you are, although as with VPN through Tor, using a trustworthy provider who keeps no logs will provide a great deal of retrospective protection.

Tor through VPN provides no protection against malicious exit nodes and is still subject to censorship measures that target Tor users, but does mean that your VPN provider cannot see your internet traffic content…

How to change DNS on Fire TV stick

Using a VPN is the easiest and most effective way of spoofing your location on an Amazon Fire TV Stick (aka Firestick, but this also includes all Fire TV devices).  For more information on using a VPN on the Firestick, please see Best VPN for Fire Stick. How to change…

Using a VPN is the easiest and most effective way of spoofing your location on an Amazon Fire TV Stick (aka Firestick, but this also includes all Fire TV devices). 

For more information on using a VPN on the Firestick, please see Best VPN for Fire Stick.

How to change DNS on Fire TV Stick

It might be possible, however, to evade geographic restrictions on content, or even avoid throttling by your ISP, by changing the DNS settings of your Fire Stick.

Note you do not need to do this if using a VPN, as DNS requests are sent through the VPN tunnel to be handled by your VPN provider.

  1. Go to Settings -> My Fire TV -> About -> Network and make a note of all the settings there (taking a photo with your phone is an easy way to do this).

    fire stick Network

  2. Go to Settings -> Network and select your Wi-Fi network. Click the remote’s menu button (☰) to forget this network.

    how to change network on fire stick

  3. Click on the connection again and enter your network password (SSID). Instead of clicking Connect, click Advanced.

    enter wifi password fire stick

  4. Enter the “IP address“…

    enter IP address fire stick

  5. … and “Gateway” values you noted in step 1.

    enter fire stick gateway

  6. For Subnet Mask there can be a few options: enter 24 if the Subnet Mask value you noted in Step 1 was 255.255.255.0, or 32 if the “Subnet Mask” value was 255.255.255.255. For any other Subnet Mask values, use this tool to calculate the number. The value listed after Mask Bits is the one you are looking for.

    enter network prefix length on firestick

  7. Enter the primary (DNS 1) and secondary (DNS 2) DNS settings.

    enter DNS 1 fire stick

How to verify the DNS changes is working

Once you have changed your DNS settings, you might want to check that the change is working. To do this, download the Firefox for Fire TV browser and visit ipleak.net. You should see your new DNS server settings under “DNS Address detection”.

But what DNS setting should I enter?

If you use a commercial smart DNS service, it will tell you what DNS settings to use. If you want to use a public DNS service, then see A Complete Guide to Changing your DNS Settings for a discussion on your options.

As previously mentioned, a VPN is the best way to alter your DNS settings because a VPN automatically redirects your DNS requests so that they are handled by a VPN server in your preferred location. This provides you with high levels of privacy.

Being able to change your DNS settings on a Firestick without needing to connect to a VPN can be extremely useful, and some VPN providers understand this.

Using Smart DNS allows you to alter the location of your Firestick device, without needing to install a VPN onto it, which inevitably uses up space and internal memory. It also allows you to do location spoofing without needing to install a VPN onto your router, or by sharing your internet connection from the firestick to a VPN-enabled device.

That is why ExpressVPN has opted to include a smart DNS service called MediaStreamer for free with every subscription. MediaStreamer is available via the member’s area of its website; where it provides you with the DNS address you need to enter the menu on your Firestick (using the instructions above).

For the price of a subscription with ExpressVPN, you get full use of a VPN on up to 5 devices and access to its MediaStreamer. This allows you to get complete privacy online and the ability to unblock international services like Netflix (it unblocks 24 international Netflix catalogs in total) in addition to a Smart DNS service.

Try it for yourself!

Click the button below to give ExpressVPN a test risk-free, and take advantage of its no-quibbles 30-day money-back guarantee.

Visit ExpressVPN

Image credit: By Steve Heap/Shutterstock.

What is a VPN and Why use one? A Non-Technical Beginner's Guide to Virtual Private Networks

What is a VPN? A Virtual Private Network, or VPN, is a piece of software that changes your IP address and encrypts all of your internet traffic. This improves online privacy, security, and helps users to bypass online censorship imposed by the government, ISPs or any other organization or…

What is a VPN?

A Virtual Private Network, or VPN, is a piece of software that changes your IP address and encrypts all of your internet traffic. This improves online privacy, security, and helps users to bypass online censorship imposed by the government, ISPs or any other organization or person blocking websites.

Benefits of using a VPN

Using a VPN service will give users several benefits. These are as follows:

  1. Prevents your internet provider (ISP) from seeing what you get up to on the internet

    This also makes it very good at preventing blanket government surveillance of kind performed by the NSA.

    In addition to this, websites cannot see either your real IP address or who your ISP is. All they can see is the IP address of the VPN server, which is usually shared among many VPN users to further protect each individual user.

    Unlike ISPs, though, reputable VPN services do not keep logs of this information for later retrieval. Indeed, a good deal of privacy-focused VPN services go further, and also make of point of deleting all metadata connection logs which might be able to indirectly link customers to their activity on the internet.

  2. Prevents websites from seeing your IP address

    Your Internet Protocol Address or IP Address is how you are identified online. when Using a VPN this is replaced with the IP address of your VPN provider, making it more difficult for websites to identify you.

    This goes a long way towards protecting your privacy when surfing the web. And it also makes it more difficult for advertisers to target you with adverts.

  3. Defeat censorship

    A VPN lets you bypass censorship, be it by a repressive regime, or your college or office Wi-Fi administrators.

    By connecting to a VPN, you can access blocked websites, simply by connecting to a VPN server located somewhere where the content is not censored.

  4. Allows you to access streaming services such as Netflix

    A VPN lets you access foreign streaming services that are blocked in your country – no matter where you are really located. Just connect to a VPN server in the country, and as far as the internet is concerned, you are there!

    For example, by connecting to a VPN server in the United States you can stream US Netflix content. The American version of the service has more TV shows and movies than any other countries Netflix catalog. If you want to find out if another country’s version of Netflix has a show you are looking for, check out StreamCatcher tool. As well as streaming Netflix content not available in your location, you can also use a VPN to unblock YouTube videos. This works by enabling you to get around regional restrictions by pretending to be in a country the video is available in.

    Or, if you connect to a VPN server in the UK, you can watch BBC iPlayer abroad for free.

  5. Protects you from hackers

    How do you know the Wi-Fi at your local coffee shop is secure? Answer… you don’t. This goes for free public Wi-Fi everywhere. And using insecure Wi-Fi is an open invitation for criminal hackers to steal your sensitive data.

    A VPN will protect you when using all forms of public Wi-Fi because your data is securely encrypted.

  6. Protects you when P2P torrenting

    When you use a VPN for torrenting your real IP address is shielded from peers downloading the same torrents. It also hides the content of what you download from your ISP and is handy for accessing blocked websites.

    When you use a VPN for torrenting your real IP address is shielded from peers downloading the same torrents. It also hides the content of what you download from your ISP and is handy for accessing blocked websites.

How to use a VPN

The mechanics of using a VPN are simple, and no matter which platform you use should go something like this:

  1. Sign-up for a VPN plan.
  2. Download and install the software. VPN software on desktop computers is often referred to as a VPN client while software for mobile devices is called a VPN app. In reality, they are the same thing and we treat the terms interchangeably.
  3. Run the app or client and sign in with the login details you used when you purchased the subscription. 
  4. Many VPN apps feature a big friendly “Connect” button. Simply click on or tap it to connect to a nearby VPN server selected by your VPN provider. This will almost certainly provide the fastest VPN connection available.

Need more control?

If you want to use a server in a different country, some VPNs have a map so you can simply click the country to want to connect to on the map. If your VPN doesn’t have this, click the menu button and this will show you the list of VPN servers the VPN has.

How does a VPN work?

When you install and run a VPN app, it connects to a VPN server run by a VPN provider. All data into and out of your device is securely encrypted and routed through this “VPN tunnel“.

How a VPN works

The VPN server, therefore, acts as a gateway between you and the internet. It prevents your ISP from seeing what you get up to on the internet, and it prevents websites on the internet from seeing who you are.

Your ISP is still needed to connect you to the VPN server, but because all data passing through the VPN tunnel to the VPN server is encrypted, it cannot see the contents of your data.

This deceptively simple setup provides lots of advantages…

VPN FAQs

Does a VPN make me anonymous?

No matter how a service advertises itself, VPNs provide privacy, not anonymity. This is mainly because the VPN server can see everything that your ISP normally can.

However, unlike your ISP, good VPNs do not log this information and therefore provide much higher levels of privacy than you normally have when surfing the internet. Even these, however, will start to log information if subpoenaed or issued a binding court order.

No VPN staff are going to risk jail for you! Does this mean VPNs are useless for privacy? Not at all. Such legal moves are highly targeted against individuals of interest, so are not a threat to the privacy of most ordinary VPN users.

The Edward Snowden’s of this world, however, who require very high levels of true anonymity, should use the Tor Network rather than VPNs to protect their identity.

How to configure your VPN?

VPN software is designed to be easy to use, and should “just work” without the need for any additional configuration. Unfortunately, this is not always the case. This is especially true if you have an IPv6 internet connection as many VPN apps struggle to handle the new internet standard correctly. It is therefore always a good idea to check that your VPN is correctly configured to protect you as it is supposed to.

What is a kill switch?

Thanks to the vagaries of the internet, VPN connections sometimes fail. In the normal course of events, when this happens you will remain connected to the internet but without the protection of the VPN.

A kill switch protects you against this by preventing connections into and out of your device unless the VPN connection is active.

Will a VPN slow down my internet?

A VPN routes your data an extra leg to a VPN server, which must then spend processing power encrypting and decrypting the data. It is therefore inevitable that using a VPN will slow down your internet connection at least a little.

The two biggest factors at play are the distance to the VPN server and how loaded the VPN server is. If you connect to a server near to you which is not overloaded, then you can expect to lose around 10 percent of your base internet speed. However, the Fastest VPNs invest heavily in high-speed servers so you don’t have to deal with a slow internet connection.

Do I need an ISP if I use a VPN?

Yes.

An ISP, or Internet Service Provider, supplies your internet connection and is required to connect you to the VPN server.

Can I use a VPN on all my devices?

Every VPN provider allows you to install its software on as many devices as you like. Most, however, limit how many devices you can use at the same time with a single account. We refer to the number of devices a VPN allows you to use at once as the number of “simultaneous connections” it permits. 

VPNs typically allow up to five simultaneous connections, although this number can vary considerably.

The majority of VPN services offer iOS VPN apps as well as VPNs for Android users, however, it may be difficult to find support for less popular mobile operating systems. When it comes to computer clients, most VPN services support Windows and Mac users, but Linux VPN clients can be more difficult to find.

Can I get a free VPN?

For a long time, it was something of a truism that “if you don’t pay for a product then you are the product”. At best you could use a very limited free service that was little more than a taster for a paid-for service that might actually want to use.

This situation has changed over the last couple of years, and there are now at least a couple of free VPN services out there which are actually quite good. Even these are limited in various ways, though, compared to more premium services. We have found that cheap VPN services are among the best on the market. VPNs with the most sought after features can be found for less than $2 a month.

Does a VPN make me safe?

In short, Yes.

A VPN will make you safe from:

Looking for the best VPNs?

Here’s a quick summary of our top picks for VPN services:

  1. ExpressVPN – Fast connections | Apps for all platforms | 24/7 live chat support
  2. NordVPN – No logs | Budget-friendly | Advanced features
  3. CyberGhost VPN – Easy to use | Great for streaming| Strong encryption
  4. Private Internet Access – Based in the USA | Lots of customization | Robust and secure
  5. Surfshark – Fast speeds for streaming | Apps for all platforms | 24/7 live chat support

Digital rights activists file legal complaints against Clearview AI

A group of digital rights organizations have filed a series of legal complaints against the facial recognition company Clearview AI for its practice of scraping public data from the internet to power its invasive biometric identification systems. [[post-object type=”divider” /]] The leading group of activists includes Privacy International, Hermes Center…

A group of digital rights organizations have filed a series of legal complaints against the facial recognition company Clearview AI for its practice of scraping public data from the internet to power its invasive biometric identification systems.

The leading group of activists includes Privacy International, Hermes Center for Transparency and Digital Human Rights, Homo Digitalis and noyb, and the European Center for Digital Rights.

Those organizations contend that Clearview AI’s use of an “automated image scraper” tool is an abuse of people’s right to data privacy and is resulting in the formation of an illegal biometric database that has very serious ramifications for those citizens.

Clearview AI has long been considered a highly controversial company, due to the way that it can leverage its systems to identify just about anybody. It developed its sophisticated tracking technology using public images scraped from the internet without the consent of those individuals.

On top of this, Clearview now claims to have “the largest known database of 3+ billion facial images”.

This is concerning because the company has already entered into contracts with private companies and law enforcement agencies in the US and around the globe. What’s more, the advanced facial recognition tech can even be used in combination with Augmented Reality glasses, to give police agents the ability to identify people in real-time as they walk through public spaces.

Shady past

Clearview AI’s history is without a doubt extremely shady. News of the company and its sophisticated tools first broke in January 2020, when the New York Times uncovered its services being sold to government agencies and private corporations for identification purposes.

Until that point, the company had worked within a purposeful shroud of secrecy – compiling publicly available photos to train up its algorithms and become a leading provider of facial recognition tech. 

Now, the company’s secretive operations and far-reaching influence is being brought into question by a number of leading organizations, which claim that its service was created in a highly immoral way that puts citizens at risk, and flies in the face of existing privacy protections.

Speaking about the legal challenges that have now been brought against the company, Ioannis Kouvakas, Legal Officer at Privacy International said:

European data protection laws are very clear when it comes to the purposes companies can use our data for… Extracting our unique facial features or even sharing them with the police and other companies goes far beyond what we could ever expect as online users.

Ioannis Kouvakas

Against the spirit of the net

The coalition of organizations that have brought the legal complaints against Clearview contends that the work the company has engaged in to create its services, and the capabilities it is now selling, are in direct conflict with the very nature of the internet. Lucie Audibert, Legal Officer at Privacy International, summed it up perfectly:

Clearview seems to misunderstand the Internet as a homogeneous and fully public forum where everything is up for grabs. This is plainly wrong. Such practices threaten the open character of the Internet and the numerous rights and freedoms it enables.

Lucie Audibert

Alan Dahi, Data Protection Lawyer at noyb concurred with this opinion, stating that:

Just because something is ‘online’ does not mean it is fair game to be appropriated by others in any which way they want to – neither morally nor legally. Data protection authorities need to take action and stop Clearview and similar organizations from hoovering up the personal data of EU residents.

Alan Dahi

Long-lasting repercussions

Hoovering up people’s online photos for the purposes of creating technologies that can then identify those people in real-time while out in public is an extremely concerning and invasive practice that no citizen would ever have thought possible when uploading their images to the internet. 

The public nature of the internet results in people’s faces being constantly uploaded, not just by themselves but also by others, and it’s vital that this process cannot be undermined to create far-reaching privacy and security risks for individuals in the name of profit.

The idea that global police forces can leverage tools created in a shroud of secrecy to engage in surveillance is extremely concerning – particularly when that technology was developed using sensitive biometric information taken from people without their knowledge or consent.

Facial recognition technology creates a biometric map of a subject’s face that can be used to identify that person both in photos and in public for the rest of their life, allowing them to be tracked in real-time in any public space by any private corporation or government agency. 

This level of tracking, and the biometric information it involves, creates overwhelming privacy and security risks for all data subjects involves – resulting in a highly sensitive cache of biometric data that is at risk of data leaks and breaches. Privacy International stated:

Due to its extremely intrusive nature, the use of facial recognition systems, and particularly any business model that seeks to rely on them, raise grave concerns for modern societies and individuals’ freedoms.

Privacy International

Regulators now have 3 months to respond to the complaints, and we can only hope that regulators will rule that Clearview’s practices are in breach of citizens existing rights within Europe. This would result in “meaningful ramifications” for Clearview’s global operations according to PI. 

In the meantime, anybody in the EU who is concerned that their face and biometric data is being held and processed by Clearview AI can make a formal request to have their information removed from the results of searches made by its many clients. To do this, simply send an email to [email protected] (more information about making this request is provided by PI here.)