Connect with us


Yes, VPNs Can Be Hacked: What That Means for Your Privacy



We thought VPNs were secure, but with an increasing number of secure services reporting server breaches, that seems not to be the case. But how do these secure services get hacked in the first place, and how do hackers capitalize on it?

Here’s how VPNs get hacked and what it means for your privacy.

The VPN’s (Seemingly) Unbreakable Security

A diagram showing how a VPN works
Image Credit: vaeenma/DepositPhotos

If we take a brief look at how a VPN works, it looks unhackable. This is the primary draw of a VPN, as people feel they can trust the service to maintain their privacy.

For one, your computer encrypts the connection before it leaves for the internet. This encryption makes a VPN a solid layer of defense against spying, as anyone snooping on the connection can’t read what you’re sending. Hackers can use public Wi-Fi connections to steal your identity, but a VPN can protect you from all attacks bar someone looking over your shoulder.

Even your ISP can’t see the packets you send, which makes VPNs useful for hiding your traffic from a strict government.

If a hacker manages to break into a VPN’s database, they may leave empty-handed. Many top VPNs hold a “no-logging policy,” which states that they won’t save records of how you use their service. These logs are a potential goldmine for hackers, and refusing to keep them means your privacy is maintained even after a database leak.

From these points, it’s easy to assume that a VPN is “unhackable.” However, there are ways that hackers can breach a VPN.

How VPNs Are Susceptible to Hacking

A hacker’s best point of entry is near the outer reaches of the VPN network. VPN companies sometimes opt not to set up servers in all the countries they want to support. Instead, they’ll hire out data centers established within the target country.

This plan often doesn’t introduce any complications and the VPN service adopts the servers without any issues. However, there is the rare chance that there is a hidden oversight in the data center that the VPN company isn’t aware of. In one reported case, a server that NordVPN rented out had a forgotten-about remote connection tool installed.

This tool was insecure and hackers used it to break in.

From there, the hacker found some additional files. The Register reports that this includes an expired encryption key and a DNS certificate. The key didn’t allow the hacker to snoop on traffic, and if they did, NordVPN says they’d only see the same data an ISP would see.

How Hackers Can Capitalize on a VPN Attack

This flaw is the main weakness that a hacker will try to exploit. Because the VPN doesn’t store logs of connections, a hacker’s best bet is to watch the data flow in real-time and analyze the packets.

This tactic is called the “man-in-the-middle” (MITM) attack. It’s when a hacker gets their information from monitoring data as it passes through.  It’s not easy to pull off, but it’s not impossible to achieve. Should a hacker get their hands on an encryption key, they can reverse the VPN’s protection and peek at the packets as they pass through.

Of course, this doesn’t give hackers free rein over the traffic. Any data encrypted with HTTPS won’t be readable, as the hacker won’t have the key for it. Anything that’s plaintext, however, will be readable and potentially editable, which would be a severe privacy breach.

Should You Be Concerned About Your VPN Privacy?

While this does sound terrifying, don’t worry just yet. Before you panic, consider why you use or would use a VPN service. At the base level, a hacker monitoring a VPN connection would only see what an ISP would see. For some, this kind of breach doesn’t affect them at all; for others, it’s a severe breach of trust.

On one end of the spectrum, let’s assume you use a VPN so you can get around geo-blocks. You don’t boot up the VPN often, and when you do, it’s to watch shows on Netflix that aren’t available in your home country. In this case, do you mind that a hacker knows you’re watching the newest Labyrinth series?

If not, you may not want to protect yourself further—although some would argue that surrendering any part of your privacy is never right!

On the other side, VPNs are more than just a way to watch TV shows from overseas. They’re a way to browse the internet and speak freely without intervention from the government. For these people, a breach of their privacy could have severe ramifications.

If the thought of your privacy leaking in an attack is too much to bear, it’s worth taking the extra steps to protect yourself.

How to Protect Your Privacy With Additional Security

To start, it’s essential to realize that these breaches aren’t commonplace. Also, the hacker in the NordVPN case only gained access to one of the 5000+ servers. This means that the majority of the service was safe, and only a small section of users was under threat. As such, a VPN is still a useful way to protect your privacy.

However, if you’re very serious about staying anonymous, a VPN shouldn’t be your only line of defense. The attacks on VPNs have shown that they do have flaws, but that doesn’t mean that they’re entirely useless. The best way to maintain your privacy is to add another layer of privacy to what the VPN provides. That way, you’re not wholly dependent on your VPN service to protect you.

For instance, you can boot up your VPN, then use the Tor browser to browse the web. The Tor browser connects to the Tor network, which uses triple-encryption for its traffic. This encryption is applied before your computer sends it, much like a VPN.

If a hacker performs a MITM attack on your VPN connection, The Tor network’s encryption keeps your data safe. On the other hand, if your connection is compromised on the Tor network, the trail leads back to the VPN. If the VPN doesn’t store logs, the trail back to you goes dead.

As such, using two layers of security is an effective way to protect your privacy. Regardless of which side suffers a breach, the other one will pick up the slack.

How to Use a VPN Properly

VPNs can help secure your connection, but they’re not impenetrable. As we’ve seen from these incidents, hackers can infiltrate a VPN server and use keys to initiate a MITM attack. If you’re concerned about your privacy, it’s worth backing up a VPN with another layer of defense. That way, if one layer falls, the other is there to back you up.

Invulnerability behind a VPN service is one of the common VPN myths you shouldn’t believe, so it’s worth knowing what’s true and what’s fake.

Read the full article: Yes, VPNs Can Be Hacked: What That Means for Your Privacy

Source link

قالب وردپرس


Use This Trick to Post to Instagram With Chrome



While you can browse Instagram on your desktop or laptop, the website doesn’t offer a way to upload photos to Instagram. Because Instagram is a mobile-focused service, it wants you to upload your photos through the mobile apps.

However, there is a workaround which lets you post to Instagram with Chrome. Here’s how it works.

Step 1: Visit Instagram and Open Developer Tools

To start, open in Google Chrome and make sure you’re logged into your account. Right-click anywhere on the page and choose Inspect to open the Developer Tools panel. You can also use the keyboard shortcut Ctrl + Shift+ I on Windows or Cmd + Option + I on a Mac.

This will open a panel on the right-side with a bunch of HTML and other page details. But you don’t need to worry about any of that.

Chrome Inspect

Step 2: Switch to Mobile View

In the top-left corner of the new Developer Tools window, you’ll see an icon that looks like a phone next to a tablet. Click on this to switch to mobile view—you can also use the keyboard shortcut Ctrl + Shift + M on a PC or Cmd + Shift + M on a Mac.

Chrome Toggle Mobile View

This mode tells the website that you’re using a mobile device. You’ll thus see the interface switch to something that’s a lot like you’re used to seeing on Android or iOS. Keep the Developer Tools open to continue to use the mobile interface, as closing it reverts to the desktop version.

Step 3: Upload Your Photo to Instagram

At the bottom of the screen, you should see the various icons for Instagram’s different tabs. If you don’t see this row of icons, refresh the page and it should appear. Click the Plus icon to upload any photo from your computer using File Explorer or Finder.

Chrome Instagram Post

By default, Instagram only lets you upload a few image types, including JPEG. If you want to upload a PNG or something else, you’ll need to make a small change first.

On Windows, click the Custom Files box in the bottom-right corner of File Explorer and change it to All Files. If you’re on a Mac, click the Options button at the bottom-left of Finder and change the Format box from Custom Files to All Files.

Mac Change Uploaded File Type

Step 4: Edit Your Image

After you select your image, you have some options on the Edit tab. You can drag it around to to frame it as you wish. Use the Rotate button to spin it 90 degrees at a time. Click the full-size button in the bottom-left to toggle between the full width or a square size.

Swap to the Filter tab at the bottom of the screen to apply one of Instagram’s many filters. As you’ll notice, you don’t have access to all of Instagram’s editing tools using this method. We recommend using a photo editing app on your computer to make any adjustments before uploading your photos to Instagram.

Instagram Chrome Edit Photo

From here, click the Next button and you can enter a caption, set the photo’s location, and tag people if you want. Then you’re all set to post your photo.

Alternative Option: Use the Windows 10 Desktop App

Instagram offers an official Windows 10 app on the Microsoft Store. It’s essentially a barebones port of the mobile app, so it works in the same way as the above process. If you post to Instagram often and don’t want to use the trick in Chrome every time, give the Windows 10 app a try instead.

Download: Instagram for Windows 10 (Free)

How to Post to Instagram From Your PC or Mac

This trick isn’t perfect, but it’s a handy way to post to Instagram from any desktop device. It’s great if you prefer to edit photos on your computer instead of doing so on your phone.

For more methods, here’s how to post to Instagram from your computer.

Read the full article: Use This Trick to Post to Instagram With Chrome

Source link

قالب وردپرس

Continue Reading


When’s the Right Time to Leave the App Store?



Apple’s Worldwide Developers Conference used to be the stuff of legend. We waited with bated breath for groundbreaking innovation. But… this year’s WWDC didn’t feature the significant product launches of yesteryear. Instead, the crowds watched the unveiling of Apple Arcade – the games subscription service.

On the one hand, it indicates the growing importance ‘services’ business hold is for Apple. Services – which includes app store revenues – has steadily grown and accounts for 20% of the revenue. But here’s the kicker – for the first time since 2015, app downloads are on the decline. What’s more, the need for them is being called into question by companies like Spotify.

So what about software developers? Is there still value in the App Store, or should they risk gaining independence by going direct?

Why go to an app store at all?

Developers starting out must choose between selling directly or using a third-party app store, who can do the discovery and back-end for them.

App stores gain from delivering the best experience for the buyer and why they keep coming back or more. Estimates of app store values go as high as $34.4 billion for 2018 sales though Apple and Google’s stores.

The appeal of a captive audience

Consumers are exposed to emerging apps by them being in the store – a clear advantage of an app store. Fortnite’s developer, Epic Games, and Spotify gained fame through a relationship with the app store initially. An emerging app to who sells direct, without being first established, requires a lot of marketing first.

So when growing a user base is everything, it makes sense to go where the audience is. Selling within an app store builds up the app’s presence and saves valuable time and effort in the back-end systems and processes. This is highly desirable as it allows developers to build out the process over time, ultimately removing the burden of selling and managing the sale process at the initial release stage.

There’s no debate that the app store delivers value. It’s just whether this value is geared towards emerging apps rather than established brands that have a loyal fanbase.

It’s worth mentioning that Apple has acknowledged this to some extent.  They’re dropping their fee in the second year of subscription purchases from 30% – 15%. At that point, the customer is exclusively paying for the infrastructure provided, since the product is already discovered.

The other side of the coin

App stores are not the ultimate oasis for developers. Firstly, you’re building a dependence on the platform to handle a variety of tasks. However, the more significant issue is the cut taken for sales/recurring subscriptions limits further growth.  And now we’re seeing the introduction of bundled subscription services – an ‘all-you-can-eat’ plan to consume as many apps as consumers want.

The Spotify/antitrust investigation is an interesting one. Spotify’s video has called out Apple for its 30% cut when selling subscriptions on its App Store (which has led to an antitrust investigation which could alter how the app store serves its customers). The reason Spotify cited the threat of leaving was that Apple’s cut of its profits didn’t justify the value it offered anymore.

Growing disillusionment among developers

While app stores have focussed on delivering value to buyers, like Apple’s new games subscription service, it is neglecting developers.

So why software providers don’t love the app store like they used to. Well, the figures don’t stack up thanks to the lack of control over pricing and the risk of being bundled with more prominent players at a cheap monthly fee. Spotify may be a big name challenging the status quo with its antitrust case, but they’re not the only ones. The last few years have seen a steady stream of independent software developers choosing to leave app stores, citing the lack of flexible pricing options and weak incentives to stay.

This criticism casts light on the point at which big-name apps (like Realmac and Rogue Amoeba) no longer need to use the app store to sell.

Leaving the app store

Once your app has become a recognized brand with a sustainable amount of loyal customers, you may start to question if the app store’s cut is worth it. If the app store gets money doing something you already subsidize through your direct offering, you may ask, ‘why are we still on the app store?’

Spotify has found itself in this situation.  Apple’s App Store had brought them the early benefits of infrastructure and eyes on its product. However, Apple’s recurring cut of subscription sales after the initial sale undercuts the growth they could have long-term.

Another reason established brands want to gain independence is to bypass the bureaucratic process of getting your update approved by an app store. This is something that developers have to take into consideration when considering dates of release. The delays in getting updates approved slow Spotify down heavily, according to their video.

When you’ve reached the sales of an app like Spotify, you don’t have to rely on app stores for those initial eyes on your app. So, what else should you consider to go it alone successfully?

Key points of going direct

Selling an app direct sustainably is a huge hurdle. Success requires a loyal customer base, a marketing plan with a sufficient budget, and the necessary backend features to power it all.

Loyal customers are the foundation for selling direct, but you need to do more to survive it alone. Mobilizing that loyal audience is crucial because they’ll be more likely to purchase a direct offering.

How can you gauge customer loyalty?

Having a high retention rate is one way, but another is measuring Net Promoter Score (NPS), which plots the percentage of promoters minus the percentage of detractors. Understanding your NPS allows you to measure how satisfied your existing customers are with the service, and help you anticipate how likely they would be to churn.

If the website visits organically coming from search are on the rise, but you are still pushing those visitors to the app store, you should consider selling direct.

The best possible outcome would be that your word-of-mouth is so good that your organic customers grow. Then you don’t need the app store anymore. Alternatively, through the people you’ve previously acquired through the app store, you gain enough credibility and happiness with the service that you can start doing it yourself.

You need the kind of customers that will flock to your latest release. Take a company like King, who produces Candy Crush. If King released outside of the app store, using an in-app interstitial, they’d still receive millions of downloads without the app store. So, staying within the app store is like being a small fish in a big pond.

Agenda, an Apple design award winner in 2018, focuses on a direct offering first, complemented by an option to go to the App Store.

Don’t forget the backend capabilities

One final consideration will be your backend capabilities since the app stores will have previously done the heavy lifting of product delivery, currency conversion, and tax. A Merchant of Record model handles all these areas and more.

What if it all goes wrong?

There may not be an immediate increase in sales as you’ll need to start from scratch to gain your independence. This may be a case of launching campaigns to mobilize your audience and find new ways to generate awareness. Just remember you’re competing in a fragmented marketplace outside of the app store. You need to find ways to stand out if you’re to find your footing independently.

The future relationship between developers & the app store

Don’t expect their dominance to diminish anytime soon. While app downloads are declining, people still use the app store to get what they want, when they want it.

But this is changing.  The debate about pricing and control over developer’s apps rages on, and developers talk with their feet, leaving the stores to go independent. Thanks to the Spotify antitrust case, we expect to see many debates in the coming months about how Apple and other app stores conduct themselves with developers.  This isn’t going to slow down progress, as WWDC showed. We expect to see the replication of Apple Arcade in other forms as consumer hunger for subscription services continues to grow.

What we can expect to change is how developers use app stores. App stores still provide the best immediate platform for discovery to build up an audience. However, more developers will take the plunge into independence as they recognize the value of leaving the app store. It allows for more significant growth and sustainability by working on keeping customers loyal to your app.

The post When’s the Right Time to Leave the App Store? appeared first on ReadWrite.

Source link

قالب وردپرس

Continue Reading


Jubilee: A Toolchanging Homage to 3D Printer Hackers Everywhere



I admit that I’m late to the 3D printing game. While I just picked up my first printer in 2018, the rest of us have been oozing out beautiful prints for over a decade. And in that time we’ve seen many people reimagine the hardware for mischief besides just printing plastic. That decade of hacks got me thinking: what if the killer-app of 3D printing isn’t the printing? What if it’s programmable motion? With that, I wondered: what if we had a machine that just offered us motion capabilities? What if extending those motion capabilities was a first class feature? What if we had a machine that was meant to be hacked?

One year later, I am thrilled to release an open-source multitool motion platform I call Jubilee. For a world that’s hungry for toolchanging 3D printers, Jubilee might be the best toolchanging 3D printer you can build yourself–with nothing more than a set of hand tools and some patience. But it doesn’t stop there. With a standardized tool pattern established by E3D and a kinematically coupled hot-swappable bed, Jubilee is rigged to be extended by anyone looking to harness its programmable motion capabilities for some ad hoc automation.

Jubilee is my homage to you, the 3D printer hacker; but it’s meant to serve the open-source community at large. Around the world, scientists, artists, and hackers alike use the precision of automated machines for their own personal exploration and expression. But the tools we use now are either expensive or cumbersome–often coupled with a hefty learning curve but no up-front promise that they’ll meet our needs. To that end, Jubilee is meant to shortcut the knowledge needed to get things moving, literally. Jubilee wants to be an API for motion.

When it comes to precisely moving tools around in three-space, I’ve got you covered. As for defining what Jubilee can do, that’s up to you.

An API in Hardware

Playing with 3D printers can happen at all levels of the stack. Some folks build their own hardware from scratch. Others play with the software to generate a specific physical output. I’d loosely bin the hardware design as infrastructure as everything else as application. These days, creating a custom application often requires a bit of expertise in both domains. In designing Jubilee, I wanted to encapsulate the motion infrastructure into one platform so that others could readily build applications.

In object-oriented programming, there’s a design pattern called separation of concerns. The idea is that software should be written in modular form in such a way that one part doesn’t need to know the dirty details of another in order to invoke it. This principle is how software libraries are built. Libraries hide the complexity of the work that their doing and instead expose a clean application programming interface, or API, from which they can be invoked. Don’t get me wrong. The idea of modular hardware has existed for generations in engineering, but object-oriented programming does an excellent job of making these ideas explicit.

Building on Jubilee’s “API” is a matter of adding both custom tools (like this extruder, pen, and syringe) and bed plates.

To apply separation of concerns to Jubilee, I needed to a way to decouple infrastructure from application. To do that I put kinematic couplings on both the machine carriage and the Z axis. Doing this makes both the bed platform and the tools removable. What’s more, since they are kinematically coupled, they can be removed and replaced over-and-over again without losing registration to the machine. The notion of an extremely repeatable system is what makes tool changing possible.


On Jubilee, tools are laid out in a rack on the front of the machine. When a task using one tool completes, Jubilee parks its current tool into the respective parking post and the picks up the tool for the next task automatically. All software logic for changing tools is handled by a script at the firmware level, making the slicer command as easy as invoking the number of the next tool you want to use, like T0, T1, etc. Like the separation of concerns pattern above, I did this to ensure that Jubilee’s hardware was as slicer-agnostic as possible.

My first toolchanging setup was inspired by this tweet from E3D back in 2018. In the months that followed, E3D kindly released the CAD files to their coupling system, and I modified the dimensions of my original design to be compatible with their tool plates. I’ll touch on how my setup differs in another post. But for now, what’s important to know is that the API is the same. In other words, an E3D plate and a printed Jubilee tool plate will both work.


Here on Hackaday, we’ll catch ourselves describing hardware as “mostly-printed” and “self-replicating.” These words stem from the early days of RepRap, where the idea behind the RepRap 3D printer was that it could self-replicate. I personally love this narrative, but it has limits. Some machines, like lathes, have limited degrees of freedom, which limits the geometric features they can produce. Other machines, like 3D printers and laser cutters, can only produce parts from a limited range of materials. But what resonates so deeply with me is an underlying idea of bootstrapping our own personal fabrication capabilities from scratch. And through this narrative comes the notion of empowerment and self-reliance when individuals can transform raw materials into finished goods.

Even with minimal machining process, we can produce high-fidelity parts, like this early version of the toolchanger carriage.

To take this narrative and turn it into something actionable, we needed a new word, a new design criteria. So our lab made one up. We call it fabricatability. Fabricatability is a qualitative word to describes a design’s ability to be fabricated by a single person without specialized tools and expert knowledge.  Fabricatability is like manufacturability. But the difference is while manufacturability presupposes an understanding of the available manufacturing resources, fabricatability presupposes an understanding of the person, their access to tools, and their knowledge of how to use them. Similarly, design-for-fabricatability is like design for manufacturing where the manufacturer is one person with limited resources and minimal training.

The big idea is that, if we really understand the person, we can give anyone the capability to bootstrap their own infrastructure if we do a few extra things in our design that puts the person first. With Jubilee, I did my best to lay out the prerequisite knowledge up-front in the wiki. Jubilee’s off-the-shelf parts can all be purchased in low volumes without a pricey minimum-order quantity. Most of Jubilee’s fabricated parts use a 3D printer to avoid requiring skilled machine operation knowledge. Similarly, the design is intended for hand assembly by someone without expert hand crafting skills

Nothing’s perfect, though! While I tried to design Jubilee to eliminate machined parts, three parts must be machined. But to fill the gaps, some community machinists have kindly stepped up to make these parts for us in single quantities.

Instructions that hat-tip our brick-building heydays

I grew up with a healthy dose of LEGOs. At the time, I took for granted the instructions; they were just a means-to-a-spaceship. Looking back, though, I’m blown away by how cleanly they make the assembly process of a 500+ piece kit. Their style is both succinct and explicit. All required parts are called out up-front per page. Heck, if you’re building with a friend or loved one, you can even parallelize the process where one person does the brick-laying while the other scoops out parts for the next step. (Anyone else have a fond LEGO date night in their past?) The style translates to many languages–because there are no words! Heck, I’m pretty sure I could read LEGO manuals before I could read books! And it’s consistent. Once you’ve built your first set, you’ve got a pretty clear idea of how the format of the instructions go for the next one.

Jubilee’s instructions are inspired by my brick-building heydays. First off, in the design, parts need to have fully-constrained attachment points as much as possible. What that means is that parts need to seat together in only one way. They can’t slide back-and-forth in a range of movements, or different people will assembly Jubilee in different ways, some of which wont work! That’s where the instructions come in. Steps are called out visually in step-by-step fashion to minimize words. Tuning instructions that use special tools are also detailed visually. My hope is that anyone, not just a seasoned machine builder, can build Jubilee following the assembly process in the docs. Finally, to help folks along the way, I made a Discord channel for folks to ask assembly questions and joing the community discussion at large. Feedback on Discord is also most welcome! I’m doing my best to channel it into improvements in the instructions and wiki docs.

Pushing the Limits

While a one-machine-fits-all CNC-machine-for-everything sounds cool, it’s not Jubilee. Rather, Jubilee is intended for non-loadbearing applications only. These days, I’ve put the most effort into transforming Jubilee into a rock-solid multitool printer–but even then I’m still twiddling print settings to find a middle-ground that I like.

Dear World, may your finest Benchies of 2020 be multicolor.

So even though Jubilee can’t juggle heavy cutting tools, it turns out that the space of what Jubilee can do is still quite rich. Apart from 3D printing, my labmates and I have played with multitool liquid handling with syringes, mulitcolor pen plotting, an image-stitching with a USB microscope.

Finally, I have too many things to say in one post, but I promise I’ll cover some of my favorite hardware details soon.

Research Findings for All

A year ago, I packed up my garage machine shop and took the leap into grad school. For me, a PhD has been the final major roadblock to becoming a teacher. Like it or not, I would need to face it. Bur rather than make grad school a 5-year holding pattern for a future in teaching, I wanted to find some way to make the experience meaningful others, not just myself, now, not after I graduated. One year into this misadventure, I am thrilled to say that Jubilee is both for and inspired by you, fellow hackers. It’s a piece of me out there in the world that I hope is meaningul to you. It’s not perfect, but it’s functional, something we can all build on.

When I started this project nearly a year ago, I’d occasionally post a progress video to document the good-and-bad. It’s crazy to think that a year ago we went from this:

to this:

Admittedly, as far as grad school labs go, I lucked out. I met a professor, Nadya Peek (at a Supercon!), who helped establish the first FabLabs in the early days of the open source hardware movement. It’s through her efforts that my hands are free to tackle projects like Jubilee. And it’s through her shrewd negotiating that our lab is able to release all of our designs as open source for you, fellow hacker–no strings attached!

And with an open design, we can start riffing off of each other’s ideas and expanding the toolchanging ecosystem for everyone. In the last month, a few folk have already kicked off their own Jubilee build. Some are already changing tools!

video credits to @Danal (via Discord) showcasing a successful tool lock

But why let us have all the fun? Jubilee’s docs, BOM, and CAD files are in the wild for you to enjoy. Now has never been a better time to jump into a world of ad hoc automation. So go forth and create your own personal adventure into toolchanging. Share your whoops and woes on the Discord. And, of course, write to us on Hackaday if you get Jubilee to do something awesome.

(Finally, if you think grad school is cool, why not come hang out with us?)

Source link

قالب وردپرس

Continue Reading