How To Change Your Wifi MAC Address In MacOS

Simple steps to spoof your wifi MAC address in MacOS:

  • Disconnect from current wifi network
  • Open Terminal
  • Check current MAC address by typing: ifconfig en0 |ether
  • Type: sudo ifconfig en0 xx:xx:xx:xx:xx:xx (replace xx with new address)
  • Check new address by typing: ifconfig en0 |ether
  • Connect to wifi network

How To Change Your Wifi MAC Address In Windows 10

Simple steps to change / spoof your wifi MAC address in Windows10:

  • Press Windows Key + X
  • Click Device Manager
  • Expand Network adapters
  • Right click on your wireless adapter
  • Click Properties
  • Select the Advanced tab
  • Select Locally Administered Address
  • Select Value
  • Enter a new MAC address (without spaces, colons or hyphens)
  • Click OK
  • Restart your PC

Over half the top free VPN apps on iOS and Android are linked to China

Over half the top free VPN apps on iOS and Android are linked to China

A report published by Top10VPN indicated that a great deal of “Free” VPN apps for mobile device (phones & tablets) owned by or are housed in China. Considering China moved to ban all VPN’s being used there by 2018; that statistic might sound curious.

The key findings of the report are :

  • 59% of apps have links to China (17 apps)
  • 86% of apps had unacceptable privacy policies, issues include:
    • Lack of important detail around logging policies that could lull people into false sense of security
    • Generic policies with no VPN-specific terms
    • No policy at all
    • Tracking user activity or sharing with third parties
    • Several privacy policies explicitly stated that they share data with China
  • 55% of privacy policies were hosted in an amateur fashion
    • Free WordPress sites with ads
    • Plain text files on Pastebin
    • Text files on Amazon servers
    • Text files on raw URLs, such as IP addresses
  • 64% of apps had no dedicated website – several had no online presence beyond app store listings.
  • Vast majority of companies make it very difficult to find out where they are based and who is involved – for a minority it was impossible to track down the provider.
  • Over half (52%) of customer support emails were personal accounts, ie Gmail, Hotmail, Yahoo etc
  • 83% of app customer support email requests for assistance were ignored

—

Sensitive internal Facebook emails published by UK parliament detail use of its free iOS ‘spyware’ VPN and more

9to5mac reports – Sensitive internal Facebook emails published by UK parliament detail use of its free iOS ‘spyware’ VPN and more.

The full document includes hundreds of pages of emails and data. A summary includes six main “key issues” from the documents.

  • White lists
  • Value of friends data
  • Reciprocity
  • Android
  • Onavo
  • Targeting competitor apps

Onavo was an interesting effort from Facebook. It posed as a free VPN service/app labeled as Facebook’s “Protect” feature, but was more or less spyware designed to collect data from users that Facebook could leverage. Apple pulled the app six months after it landed on the App Store.

Facebook used Onavo to watch which apps users were using on their phones then records and transmit data back to Facebook. The data included what apps were used, how often, where you used them, when you used them, which websites you visited and what data was sent including text messages. Exactly the same details people look to secure from observation when they choose and use VPN’s.

—

The VPN Market Will Reach $36 Billion by 2022

The VPN industry grows by billions of dollars each year. New entrants, changes in advertising, and other market factors are turning the space into one of tech’s most hotly competitive markets.

Virtual private networks (VPNs) have become a necessary tool for many internet users around the world. Regardless of the primary reasons consumers use VPNs, whether to access entertainment content or to maintain anonymity and security while browsing, VPN usage has skyrocketed over the past several years and is trending nowhere but up.

— Read on

Bypass Cloudflare CAPTCHA

Ever get annoyed with the constant CAPTCHA challenges that come up while you are using a VPN or Tor ?

The reason you see so many of them is down to the VPN provider you use. The IP address of the VPN services exit node will be the same for all other customers using it; so when websites see large amounts of traffic coming from a particular single IP address it deploys defences because it thinks that the traffic could be coming from bots. This is further confirmed when it tries to identify you – and because you are using a VPN that strips most common characteristics – if they use the Cloudflare DDoS service, it will then put up a CAPTCHA challenge to test if you are a bot or just a very busy human.

Annoying, yes, but also fixable.

Browser Extension

Cloudflare are smart enough to recognise this problem and have written a browser plugin that bypasses the CAPTCHA challenge for VPN & Tor users.

Cloudflare Privacy Pass

Install Privacy Pass:

Privacy Pass is a Chrome/Firefox browser extension to make browsing Cloudflare-protected websites a better experience for users. In particular, if a user IP address is designated to have a poor reputation then the user may have to solve a Cloudflare CAPTCHA page before they can gain access to such websites.

Privacy Pass uses elliptic curve cryptography to generate ‘anonymous’ tokens after a single CAPTCHA page is solved. These tokens can be used in future engagements with Cloudflare websites to prevent having to solve more CAPTCHAs. The extension generates 30 tokens for each CAPTCHA solution and thus can be used to reduce CAPTCHA pages for each user by a similar factor. 


How To Change Your IP Address

Your IP address is your identifier on the internet. It can identify which continent, country, state and city you are in. It can also identify who your Internet Service Provider is; which means it’s possible for companies or law enforcement to contact them and request details about you (name, address, phone number & billing details).

Changing your IP address is relatively difficult, but fortunately its pretty easy to trick internet services into thinking you are using a different one.

Using A Proxy

When you use a proxy server, you redirect all your internet traffic through an intermediary server. Depending on the service you use, it’s possible to select the location of the proxy server (country or city).

When you use a proxy server to connect to a website, the website sees the IP address of the proxy server – not your real IP address in your home country & city. This is very useful if you were looking to use services that were geographically restricted to certain countries:

  • TV broadcasts
  • Lottery websites
  • Youtube videos
  • Video streaming services

We have a list of free web proxy services here.

Using a VPN

The concept of using a Virtual Private Network (VPN) is very similar to using a Proxy server. Your internet traffic is directed through a specific server in a country you choose and websites you visit thereafter see the IP address of the VPN server; not your real home IP address. The important difference in using VPN is that all your data is encrypted and cannot be intercepted / spied on by hackers, your Internet Service Provider (ISP) and Governments. 

We list a number of VPN service providers here for you to look at and choose.

Whichever you choose; before and after connecting – you need to confirm what IP address you appear to be displaying to servers. 

Check Your IP Address

Orbot – Proxy With Tor

Orbot is a free Android proxy app developed by the Tor Project that secures all browsing and mobile app traffic on your device.

Orbot uses Tor to encrypt your Internet traffic and then hides it by bouncing through a series of computers around the world. Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis. Orbot creates a truly private mobile internet connection.

Tor Project

Unlike Tor itself, Orbot does have the ability for you to manually select the exit node country you want (just like a proxy or VPN) from a short but fairly well represented list.

In the very detailed settings menu, you have the option to enable Orbot to start automatically when you reboot your phone or table, as well as a sleep option when no internet traffic is detected. Another very important feature Orbot has, is the VPN function. When this is enabled, all internet traffic from the apps on your Android phone or tablet will be rerouted through the encrypted connection. This is especially useful when you need to use online banking while out  and connected to a public wifi network or anywhere you can’t fully trust the hotspot or network you are using.

Orbot is free and available on the Google Play store and also directly from The Tor Project.

Tor Browser 8.0: Changelog

The Tor project rolled out a major update to its desktop browser this week. Here is the changelog:

Tor Browser 8.0 — September 5 2018

  • All platforms
  • Update Firefox to 60.2.0esr
  • Update Tor to
  • Update OpenSSL to 1.0.2p
  • Update Libevent to 2.1.8
  • Update Torbutton to 2.0.6
    • Bug 26960: Implement new about:tor start page
    • Bug 26961: Implement new user onboarding
    • Bug 26962: Circuit display onboarding
    • Bug 27301: Improve about:tor behavior and appearance
    • Bug 27214: Improve the onboarding text
    • Bug 26321: Move ‘New Identity’, ‘New Circuit’ to File, hamburger menus
    • Bug 26100: Adapt Torbutton to Firefox 60 ESR
    • Bug 26520: Fix sec slider/NoScript for TOR_SKIP_LAUNCH=1
    • Bug 27401: Start listening for NoScript before it loads
    • Bug 26430: New Torbutton icon
    • Bug 24309: Move circuit display to the identity popup
    • Bug 26884: Use Torbutton to provide security slider on mobile
    • Bug 26128: Adapt security slider to the WebExtensions version of NoScript
    • Bug 27276: Adapt to new NoScript messaging protocol
    • Bug 23247: Show security state of .onions
    • Bug 26129: Show our about:tor page on startup
    • Bug 26235: Hide new unusable items from help menu
    • Bug 26058: Remove workaround for hiding ‘sign in to sync’ button
    • Bug 26590: Use new svg.disabled pref in security slider
    • Bug 26655: Adjust color and size of onion button
    • Bug 26500: Reposition circuit display relay icon for RTL locales
    • Bug 26409: Remove spoofed locale implementation
    • Bug 26189: Remove content-policy.js
    • Bug 26544: Images are not centered anymore
    • Bug 26490: Remove the security slider notification
    • Bug 25126: Make about:tor layout responsive
    • Bug 27097: Add text for Tor News signup widget
    • Bug 21245: Add da translation to Torbutton and keep track of it
    • Bug 27129+20628: Add locales ca, ga, id, is, nb, da, he, sv, and zh-TW
    • Translations update
  • Update Tor Launcher to
    • Bug 23136: Moat integration (fetch bridges for the user)
    • Bug 25750: Update Tor Launcher to make it compatible with Firefox 60 ESR
    • Bug 26985: Help button icons missing
    • Bug 25509: Improve the proxy help text
    • Bug 26466: Remove sv-SE from tracking for releases
    • Bug 27129+20628: Add locales ca, ga, id, is, nb, da, he, sv, and zh-TW
    • Translations update
  • Update HTTPS Everywhere to 2018.8.22
  • Update NoScript to
  • Update meek to 0.31
    • Bug 26477: Make meek extension compatible with ESR 60
  • Update obfs4proxy to v0.0.7 (bug 25356)
  • Bug 27082: Enable a limited UITour for user onboarding
  • Bug 26961: New user onboarding
  • Bug 26962: New feature onboarding
  • Bug 27403: The onboarding bubble is not always displayed
  • Bug 27283: Fix first-party isolation for UI tour
  • Bug 27213: Update about:tbupdate to new (about:tor) layout
  • Bug 14952+24553: Enable HTTP2 and AltSvc
    • Bug 25735: Tor Browser stalls while loading Facebook login page
  • Bug 17252: Enable TLS session identifiers with first-party isolation
  • Bug 26353: Prevent speculative connects that violate first-party isolation
  • Bug 26670: Make canvas permission prompt respect first-party isolation
  • Bug 24056: Use en-US strings in HTML forms if locale is spoofed to english
  • Bug 26456: HTTP .onion sites inherit previous page’s certificate information
  • Bug 26561: .onion images are not displayed
  • Bug 26321: Move ‘New Identity’, ‘New Circuit’ to File, hamburger menus
  • Bug 26833: Backport Mozilla’s bug 1473247
  • Bug 26628: Backport Mozilla’s bug 1470156
  • Bug 26237: Clean up toolbar for ESR60-based Tor Browser
  • Bug 26519: Avoid Firefox icons in ESR60
  • Bug 26039: Load our preferences that modify extensions (fixup)
  • Bug 26515: Update Tor Browser blog post URLs
  • Bug 26216: Fix broken MAR file generation
  • Bug 26409: Remove spoofed locale implementation
  • Bug 25543: Rebase Tor Browser patches for ESR60
  • Bug 23247: Show security state of .onions
  • Bug 26039: Load our preferences that modify extensions
  • Bug 17965: Isolate HPKP and HSTS to URL bar domain
  • Bug 21787: Spoof en-US for date picker
  • Bug 21607: Disable WebVR for now until it is properly audited
  • Bug 21549: Disable wasm for now until it is properly audited
  • Bug 26614: Disable Web Authentication API until it is properly audited
  • Bug 27281: Enable Reader View mode again
  • Bug 26114: Don’t expose navigator.mozAddonManager to websites
  • Bug 21850: Update about:tbupdate handling for e10s
  • Bug 26048: Fix potentially confusing “restart to update” message
  • Bug 27221: Purge startup cache if Tor Browser version changed
  • Bug 26049: Reduce delay for showing update prompt to 1 hour
  • Bug 26365: Add potential AltSvc support
  • Bug 9145: Fix broken hardware acceleration on Windows and enable it
  • Bug 26045: Add new MAR signing keys
  • Bug 25215: Revert bug 18619 (we are not disabling IndexedDB any longer)
  • Bug 19910: Rip out optimistic data socks handshake variant (#3875)
  • Bug 22564: Hide Firefox Sync
  • Bug 25090: Disable updater telemetry
  • Bug 26127: Make sure Torbutton and Tor Launcher are not treated as legacy extensions
  • Bug 13575: Disable randomised Firefox HTTP cache decay user tests
  • Bug 22548: Firefox downgrades VP9 videos to VP8 for some users
  • Bug 24995: Include git hash in tor –version
  • Bug 27268+27257+27262+26603 : Preferences clean-up
  • Bug 26073: Migrate general.useragent.locale to intl.locale.requested
  • Bug 27129+20628: Make Tor Browser available in ca, ga, id, is, nb, da, he, sv, and zh-TW
    • Bug 12927: Include Hebrew translation into Tor Browser
    • Bug 21245: Add danish (da) translation
  • Windows
  • Bug 20636+10026: Create 64bit Tor Browser for Windows
    • Bug 26239+24197: Enable content sandboxing for 64bit Windows builds
    • Bug 26514: Fix intermittent updater failures on Win64 (Error 19)
    • Bug 26874: Fix UNC path restrictions failure in Tor Browser 8.0a9
    • Bug 12968: Enable HEASLR in Windows x86_64 builds
  • Bug 26381: Work around endless loop during page load and about:tor not loading
  • Bug 27411: Fix broken security slider and NoScript interaction on Windows
  • Bug 22581: Fix shutdown crash
  • Bug 25266: PT config should include full names of executable files
  • Bug 26304: Update zlib to version 1.2.11
  • Update tbb-windows-installer to 0.4
    • Bug 26355: Update tbb-windows-installer to check for Windows7+
  • Bug 26355: Require Windows7+ for updates to Tor Browser 8
  • OS X
  • Bug 24136: After loading file:// URLs clicking on links is broken on OS X
  • Bug 24243: Tor Browser only renders HTML for local pages via file://
  • Bug 24263: Tor Browser does not run extension scripts if loaded via about:debugging
  • Bug 22794: Don’t open AF_INET/AF_INET6 sockets when AF_LOCAL is configured
  • Linux
  • Bug 22794: Don’t open AF_INET/AF_INET6 sockets when AF_LOCAL is configured
  • Bug 25485: Unbreak Tor Browser on systems with newer libstdc++
  • Bug 20866: Fix OpenGL software rendering on systems with newer libstdc++
  • Bug 26951+18022: Fix execdesktop argument passing
  • Bug 24136: After loading file:// URLs clicking on links is broken on Linux
  • Bug 24243: Tor Browser only renders HTML for local pages via file://
  • Bug 24263: Tor Browser does not run extension scripts if loaded via about:debugging
  • Bug 20283: Tor Browser should run without a /proc filesystem.
  • Bug 26354: Set SSE2 support as minimal requirement for Tor Browser 8
  • Build System
  • All
    • Bug 26362+26410: Use old MAR format for first ESR60-based stable
    • Bug 27020: RBM build fails with runc version 1.0.1
    • Bug 26949: Use GitHub repository for STIX
    • Bug 26773: Add –verbose to the ./mach build flag for firefox
    • Bug 26319: Don’t package up Tor Browser in the mach package step
    • Bug 27178: add support for xz compression in mar files
    • Clean up
  • Windows
    • Bug 26203: Adapt tor-browser-build/tor-browser for Windows
    • Bug 26204: Bundle d3dcompiler_47.dll for Tor Browser 8
    • Bug 26205: Don’t build the uninstaller for Windows during Firefox compilation
    • Bug 26206: Ship pthread related dll where needed
    • Bug 26396: Build libwinpthread reproducible
    • Bug 25837: Integrate fxc2 into our build setup for Windows builds
    • Bug 27152: Use mozilla/fxc2.git for the fxc2 repository
    • Bug 25894: Get a rust cross-compiler for Windows
    • Bug 25554: Bump mingw-w64 version for ESR 60
    • Bug 23561: Fix nsis builds for Windows 64
    • Bug 13469: Windows installer is missing many languages from NSIS file
    • Bug 23231: Remove our STL Wrappers workaround for Windows 64bit
    • Bug 26370: Don’t copy msvcr100.dll and libssp-0.dll twice
    • Bug 26476: Work around Tor Browser crashes due to fix for bug 1467041
    • Bug 18287: Use SHA-2 signature for Tor Browser setup executables
    • Bug 25420: Update GCC to 6.4.0
    • Bug 16472: Update Binutils to 2.26.1
    • Bug 20302: Fix FTE compilation for Windows with GCC 6.4.0
    • Bug 25111: Don’t compile Yasm on our own anymore for Windows Tor Browser
    • Bug 18691: Switch Windows builds from precise to jessie
  • OS X
    • Bug 24632: Update macOS toolchain for ESR 60
    • Bug 9711: Build our own cctools for macOS cross-compilation
    • Bug 25548: Update macOS SDK for Tor Browser builds to 10.11
    • Bug 26003: Clean up our mozconfig-osx-x86_64 file
    • Bug 26195: Use new cctools in our macosx-toolchain project
    • Bug 25975: Get a rust cross-compiler for macOS
    • Bug 26475: Disable Stylo to make macOS build reproducible
    • Bug 26489: Fix .app directory name in tools/dmg2mar
  • Linux
    • Bug 26073: Patch tor-browser-build for transition to ESR 60
    • Bug 25481: Rust support for tor-browser and tor
    • Bug 25304: Update GCC to 6.4.0
    • Bug 16472: Update Binutils to 2.26.1

What Your IP Address Reveals About You

Your IP address is what ties you to all of the websites, videos, emails and social media posts you view, send and receive on the internet.

It can reveal some very detailed information about your location:

  • City
  • Country
  • State/Province
  • ZIP/Postal code
  • Who your ISP is

It’s possible to identify where you are, the websites you regularly go to, you’re interests, what streams you watch, any files you’re torrent, who you email, contents of your emails. Google for example uses all of this and more from tracking cookies to present you with targeted content and advertisements.

The websites you visit gather even more information about you. By combining your IP address with other information gleaned from metadata, cookies, trackers, and browser-fingerprinting tactics, website owners, marketers, and advertisers can build quite a thorough profile about you. Most ISP’s make a LOT of money selling your internet activity data on to data brokers.

And because you are a customer; your ISP already knows a whole lot more about you…

  • Your Name
  • Your Address
  • Your Phone Number
  • Your Credit Card & Number
  • Your Bank Account Details
  • Your Credit Rating & History
  • How Many Internet Connected Devices (PC’s, Laptops, Tablets, Phones, Games, SmartTV’s Consoles, Smart Watches, all other Internet of Things devices)
  • How Many People Live In Your House
  • What Car You Drive
  • Your Car Insurance, Accident & Speeding Fine History
  • Your Internet Browsing History
  • What Time You Use The Internet
  • What Apps You Use
  • The Make & Model Of Each  Devices You Use
  • Who You Send Email To (and their contents)
  • Who You Receive Emails From (and their contents)
  • What Kind Of Music You Like
  • What Films You Like
  • Your Favourite Fast Food

If you bundle your TV and Mobile packages with your internet connection – this list grows dramatically longer !


Because you are a customer, your ISP knows your name, address, phone number, credit card number, bank account details, credit history, browsing history, busy and active times on the internet, which devices you own and how many friends and family live & visit you.

In some countries, ISPs are required by law to keep detailed logs of customers internet activity, these can be requested and seized by law enforcement at any time without a warrant.

When you visit websites that are not secured with HTTPS, your ISP can see every single unencrypted page, its contents and how long you spend looking at it.

Even if you’re browsing websites that are secured with HTTPS, your ISP can still monitor the URL you’re visiting (but not the individual pages).

You can prevent ISP’s and hackers from seeing your internet habits and activity by using a Virtual Private Network (VPN). This encrypts your connection out to the internet – blocking your ISP from seeing this information.

Take a look through our lists and reviews of free and paid VPN services and secure your online privacy today.