Author Archives: Miriam Cihodariu

Facial Recognition Software 101: Current Debates and How to Elude It

Facial recognition software is a relatively new technological development that is becoming adopted on a large scale by law enforcement agencies and national intelligence agencies worldwide.

Theoretically, the adoption of facial recognition software and other biometric identification methods could help identify attacks before they occur and generally lead to a faster capture of criminals. Practically, many citizens and digital privacy advocates are fighting back against the use of facial recognition software.

So why is facial recognition software such a charged topic?

To help anyone understand exactly why people don’t like it, I’ll first dive into the current debates surrounding it and on the main controversies about facial recognition software. Then, I’ll continue by explaining how the technology works and how you can confuse it or resist it.

While I wouldn’t encourage anyone to do anything illegal or resist legitimate info requirements made by public authorities, the truth is that facial recognition software is still, in many ways, a wild west. The laws are being debated and subject to change.

Innovators and authorities are still exploring what the technology can do and discover new functionalities. Meanwhile, the public tries to catch up and debate whether the functionality should be used in the first place.

Therefore, attempts to resist facial recognition software and to confuse it are a vital part of current negotiations and debates, in a new landscape where the right to a private life can’t be taken for granted anymore.

But before we dive in deep into the intricacies of facial recognition software, we need to look a bit to the history of developing facial recognition software.

A short history of facial recognition software:

  • Mid-1960s: American mathematician Woodrow Wilson Bledsoe and his team develop a simple device which records facial features using a stylus and a tablet. His efforts helped pave the way towards modern facial recognition software and his intelligence team members are considered pioneers of AI and pattern recognition.
  • Between the 1980s and 1990s: MIT, Rhode Island, and Brown University scientists develop the technology further, leading to Eigenfaces. Eigenfaces are two-dimensional facial structures generated through algebraic formulae. They laid the foundation for contemporary facial recognition software.
  • After 2001: The 9/11 terrorist attacks highlighted the need to strengthen border security with better personal identification, via facial recognition software. This led to a wide-scale adaptation of this software, which continues to be improved to this day. Applications of the software were quickly picked up by the commercial sector as well (see below).
  • 2005: The first personal phone with facial recognition software is unveiled at the Security Show Japan. The technology was named OKAO Vision Face Recognition Sensor and it was developed by the OMRON Corporation.
  • 2005 – present: Facial recognition software is increasingly adopted by most smartphones but also perfected for the use of law enforcement and military groups. Machine learning and AI are employed for taking its accuracy to new heights and to vary its applications.

Why Is Facial Recognition Software So Debated Today?

As you can see, facial recognition software also has some consumer applications which are pretty popular (like the ones for smartphones).

Since security experts have long decried single-factor authentication (like security measures consisting only of passwords) as being too vulnerable to hacking (through credential stuffing attacks, for example), two-factor authentication is increasingly recommended and implemented. Some voices say even two-factor authentication is not as secure as previously thought.

In this context, methods of biometric authentication seem like a more secure way of accessing your accounts. Signing in with your face, your fingerprint, your iris scan or other bodily-related identity factors, which are (theoretically) accessible to no one buy you is the next level.

So why then are people against facial recognition software?

First and foremost, because facial recognition software started being employed in mass surveillance programs at nation-wide levels. People may not be against facial recognition software per se, but the way it started being used by law enforcement and state intelligence agencies are making most citizens uncomfortable.

Secondly, it’s not just the matter of privacy infringing: facial recognition software is also prone to errors and bias which cause people further discomfort.

Thirdly, as people become more educated in cybersecurity matters, with news of new data breaches making headlines every month, everyone is realizing that the safest bet is to have as little of your data collected as possible. If you allow devices to record even your most personal and private biometric data and store it for recognition and authentication, sooner or later the data might fall into the wrong hands.

Thor Foresight makes sure that link is safe!
Your parents and friends will click any suspicious link, so make sure they're protected.
Thor Foresight Home anti malware and ransomware protection heimdal security
Thor Foresight provides: Automatic and silent software updates Smart protection against malware Compatibility with any traditional antivirus.


Get Thor Foresight

There are other ways of being safe or employing multi-factor authentication methods; you don’t need to hand over your intimate bodily data. Besides, some biometric data is very easily faked by hackers just by seeing a photo of their victim where the hands are visible. In a famous case, a German minister’s fingerprints were replicated by hackers using just public photos.

Countries Which Are in the Spotlight for Facial Recognition Software

But the first reason for which people are outraged by facial recognition software lately is the way some public authorities started employing it. In the past half-year, some countries have been more under the spotlight for using facial recognition software in a way equated by people to a dystopian-like mass surveillance campaign.

These countries are:

#1. The US

In most American cities, unless explicitly banned due to public backlash and protests, police authorities have adopted the use of facial recognition software.

Since the technology behind facial recognition software is rather new and unprecedented, laws haven’t managed to catch up with it. Therefore, it’s still akin to the wild west: police are using the tech liberally and gathering as much data as they can, just thinking that it might be useful in the future or in order to train the programs to be more accurate.

As of 2016, it was estimated that 50% of the population was in the databases of police-owned facial recognition software, and that was 3 years ago.

If laws concerning the collection of private data without consent are in place, they are targeted at companies and advertisers, not at law enforcement. However, digital rights advocacy groups started speaking out against the rights of law enforcement to gather and make use of such data without a just reason. The following year will probably bring significant changes, one way or the other, as the matter is settled towards one pole or the other. More details on debates and protests below.

#2. The UK

bansky mural against cctv

“One Nation Under CCTV,” 2007 mural by Banksy (Flickr/ogglog).

In the UK, the use of facial recognition software by law enforcement seems to be even more pervasive than in the US, raising deeper concern over citizen rights and dystopian potential. To say that the use of this tech by police forces is contested would be an understatement.

First of all, as the use of this tech is yet unregulated, the police are apparently using it without permission. Privacy rights advocates such as the Big Brother Watch NGO are campaigning against the use, calling it unlawful and abusive towards privacy rights. Other studies report numerous ways in which surveillance via facial recognition software infringes on multiple citizen rights.

The UK police is also taken to court over its use of facial recognition software, in a first case. Until the matter is settled via legislation, more trials and protests will probably follow.

The fact that the use of the software is not even particularly effective doesn’t help improve its public perception either.

#3. China

China is facing an international outrage over its treatment of the Uighur minority in the Xinjiang region, who are under constant surveillance through various technological means, including facial recognition, voice recording and spying (even when not talking on the phone and so on). Chinese police forces even have smart glasses with built-in facial recognition systems, so the potential of the tech is very high.

#4. Germany

Germany tested out using facial recognition software for checking the people who cross through a train station, on the basis of volunteers and completely consensual ceding of biometric photos. However, it didn’t take long for privacy advocates to raise alarms. Considering the country’s history to mass surveillance by the government, I think the quick response, even if the trigger was ‘softer’ than the practices adopted by other countries, is a healthy exercise in democracy.

Other countries (less concerning cases):

Facial recognition software is also employed by law enforcement in the United Arab Emirates (for border control and such).

In Japan, the tech is being used for some controversial things like checking whether employees are smiling enough and so on, but since it’s not controversial in how police forces are using it, I won’t be including Japan in the list of really concerning countries.

Singapore, the tech capital of Asia, also employs facial recognition software widely for fast check-ins and such, but no reports of abuse have come through. Of course, it’s very possible that the West is experiencing more public protests about this kind of tech because of cultural differences and a greater awareness of privacy rights.

How People Are Fighting Back against Facial Recognition Software and Why

While for their part, law enforcement forces are defending their use of facial recognition software by highlighting the positive effects it has, people are not convinced.

In the US and UK, regular protests were held against the police use of facial recognition software without probable cause, as well as against storing the data obtained through this software without consent. If we look at some of the recent and non-recent protests, it’s pretty clear that many citizens see facial recognition software as having the potential to lead to a dystopian world, at least when it is in the hands of public forces.

  • In Washington, DC, people made a logo from the Eye of Sauron (from the Lord of the Rings trilogy) and the campaign message ‘Stop Watching Us, Sauron’ in order to protest surveillance;
  • An NSA program which uses machine learning to identify probable terrorists has been dubbed Skynet, in a reference to the machine turned mad which ultimately takes control of humans in the Terminator series.

Recently, San Francisco registered a huge win in this fight: due to citizen backlash, it became the first city to ban the use of facial recognition software by police and municipal authorities. Reports say that Oakland may soon follow in its trail.

New York Brooklyn tenants are protesting the plans of a landlord to install facial recognition software in their building. If the protest is successful, it will serve as a useful precedent to fight future potentially unethical uses of this software.

In other parts of the world, like China, protests were obviously not held against this tech, but the Uighur minority members who manage to get away (usually to Turkey as a preferred asylum destination) are complaining about the all-controlling digital surveillance tech back home.

Protesting facial recognition software is not all political; there are also economic ways of sanctioning the use of technologies which are perceived as infringing people’s privacy.

Advocacy groups blend their efforts in order to exert pressure on big tech companies like Google and Microsoft in order to prevent them from selling facial recognition software to the government. Google agreed to the requests and said it will not release such software for now, until it finds good ways to ensure its ethical use.

amazon protest against facial recognition software

Amazon protestors using printed masks of Jeff Bezos in order to condemn facial recognition software, via NYTimes. 

Amazon acknowledged the tech’s potential for abuse but continued seeking partnerships with federal forces. As a result, it is now facing investor pressure in order to determine the company to stop selling facial recognition tech to law enforcement. Its employees are protesting it as well, though with little success so far. Luckily, investors stepped in to call an ethics check on the practice, with a greater potential of obtaining results.

Regular citizens are also fighting the use of facial recognition software through social media shares of incidents they are subjected to. In the digital age, this disclosure can gain quite the traction. Thanks to these small but significant ways to fight it, several new problems were revealed, beyond the privacy infringement and potential to lead to a totalitarian rule.

Apparently, facial recognition software can also be racist and gender biased. Because it was fed biased photos (in the hunger of authorities to just push images into it indiscriminately, including celebrity photos and everything they could get their hands on from private citizens without consent), facial recognition software has trouble correctly identifying women and black people. Women of color are a particularly targeted category since they are subjected to a double bias.

Facial Recognition Software Tech Details: How It Works

Just like photo cameras were in a way designed to crudely imitate the human eye, so was facial recognition software emulated on the way people recognize faces.

Step 1: At least one picture of your face is captured by the software, from public sources or from CCTV video, whatever.

Step 2: The facial recognition software ‘reads’ the geometry of your skin and measures out proportional distances between the main features, the depth, and 3D shapes and so on.

Step 3: All this is compiled into a set of mathematical data – your face’s formula.

Step 4: This string of numbers is then compared to the database of millions of other faces captures, and the likeliest match is drawn.

example of facial recognition software fails

Two examples of facial recognition software fails, via PopularMechanics.

This is the basic way it works. Is it accurate? Not really, several sources attest, but it does seem to get better and better thanks to more data being fed into it (with or without consent) and artificial intelligence algorithms.

How to Confuse Facial Recognition Software

Since the use of facial recognition software, even by law enforcement, is not yet regulated, resisting it does not constitute a crime. Harsher climates may impose charges, but this only leads to greater publish backlash. A recent case of a UK man being fined after covering his face to elude facial recognition software has sparked an even more energetic opposition to police using this tech.

The interesting part is that since there are no laws yet regulating the use of facial recognition software (in the UK), not only resisting is not illegal, but the use of it (by police) is not yet legal, too.

Still, until the matters are settled and each country negotiates its own limits on the use of this controversial tech, let’s take a look at how facial recognition software can be confused.

There are at least 3 ways, but it’s debatable for how long they will continue to work.

#1. Wear a partial mask:

The old cover-up method is by far the most effective, but in some places, it can get you in trouble, as in the case of the UK man discussed above. Since you’re wearing a face mask, it’s pretty clear that you’re trying to hide your identity and that can draw unwanted attention from the police.

#2. Wear special clothing items for confusing facial recognition software:

There are several clothing items with confusing patterns on them which were specially designed to prevent cameras using facial recognition software from being able to tell where your face is. For example, a pair of psychedelic glasses, or this scarf by Hyphen-Labs, or an anti-surveillance coat, or a baseball cap with projects tiny laser dots on your face invisible to the human eye but confusing for the software.

anti face makeup surveillance art

Anti-Face, the art project by CVDazzle.

#3. Wear irregular make-up designed for confusing facial recognition software:

Other creative ways to confuse facial recognition software is through make-up. The CVDazzle group has developed a series of looks which make your face untrackable, but their efforts aim to be a form of artistic protest and not a practical everyday solution for eluding recognition.

Positive Examples of Facial Recognition Software Applications

Since I want to maintain a non-biased overview of everything related to facial recognition software, I feel we should also note some of its applications which can make a positive difference in the world.

I won’t include crime prevention in the list, even though it is often mentioned by authorities as the main reason for a wide-spread employment of facial recognition software methods. While it may indeed have a positive impact on preventing or reducing crime, I stand with those who believe individual freedom is more important than collective security.

Here are a few cool applications of facial recognition software:

Final Words

Facial recognition software, especially the advanced types used at the state level, are based on powerful machine learning technologies. Thus, unfortunately, even if you manage to successfully confuse it through creative means, the algorithms are bound to catch up and improve. Perhaps digital artists will be able to keep up and find new ways to confuse the software in a cat and mouse game, for a while.

But the real target of those concerned about facial recognition software should still remain the political debate and negotiation. The recent victory of citizens over local authorities in San Francisco has proved that where there’s a will, there’s a way. Nonetheless, no one should ignore the positive aspects which may come from facial recognition software.

Still, being more careful about what data we share and with whom should be a must for all of us. How about you? Who logs into their cell phone with facial recognition?

The post Facial Recognition Software 101: Current Debates and How to Elude It appeared first on Heimdal Security Blog.

Duckduckgo vs Google: A Security Comparison and How to Maximize Your Privacy

Preoccupied with privacy? You’ve come to the right place. In today’s guide, I’ll go through everything you should know about Duckduckgo vs Google, how each of them works and how you can make the switch work for you (or not). You’ll also get performance comparisons, pros and cons for each product and advice on how to make the most of your privacy.

Should you decide in the end to switch to the Duckduckgo search engine over Google (I won’t tell you what to do, the decision is entirely yours after getting all the info below), I’ll also share extra advice on how to make the most out of your Duckduckgo products. Since the software suite is not limited to the search engine, there are also some software products to consider. But first thing’s first, let’s check out the Duckduckgo vs Google competition, comparison, and in-depth analysis.

Duckduckgo vs Google: The Competition Between Them and the Shift of Users

Usually, when people think of the Duckduckgo vs Google competition they are immediately thinking of the search engine Duckduckgo vs the search engine Google. Namely, this debate is about whether to use Duckduckgo or Google as your default browser search engine and / or homepage.

Even though Duckduckgo has other tools and apps besides its search engine, as I’ll get into below, for now let’s keep referring strictly to the search engine. This way, you’ll understand better what all the fuss is about with the Duckduckgo vs Google debate. Here’s an overview of public perception on it and everything you need to know about the context of this competitive comparison.

As the tools and techniques used for data gathering have slowly turned into more and more comprehensive algorithms tracking scores of information, both consumers and businesses have become more preoccupied with privacy. The rise of the so-called big data and big tech conglomerates has led to an increased level of surveillance which makes most people uncomfortable.

The fact that all the search history of users is tracked by Google (even in incognito browser mode) has contributed to the growing discomfort of concerned users.

If they’re not particularly concerned with how Google itself manages their personal data, then they’re concerned about data breaches.

Nowadays, with so many breaches making the headlines, it’s hard to trust that your data will remain as private as you’d like. Even if the entities you’re willing to share that data with have your confidence, no one is truly unhackable.

So How Are Duckduckgo and Google Competing?

Google doesn’t compete with Duckduckgo so much, in the grand scheme of things. Google is the big guy in the industry and while they are certainly aware of their smaller competitors catching up, it’s not really the same league. Yet.

Virtually all internet users tend to be Google search engine users, by default. The main strategy for Google is to try to hold on to the users it has by implementing better security and privacy protection measures. This is something definitely on their agenda, but the issue still remains that user data is tracked. Therefore, Google is leaking some users who are leaving its boat in order to climb aboard that of Duckduckgo.

For their part, Duckduckgo are directly positioning themselves as an alternative and competitor to the Google search engine. Their very blog is aiming to answer the very direct question of ‘Why You Should Use Us Instead of Google’.

So, why do some users prefer switching to Duckduckgo from Google? Here’s our unbiased comparison.

Duckduckgo Search Engine at a Glance: Pros and Cons

Obviously, since many users (exact number unknown) are switching to Duckduckgo from Google, the product is a great one, for people who are more concerned with privacy.

Why is the number of Duckduckgo users unknown?

Well, that’s the beauty of it: not even Duckduckgo knows exactly how many users it has, precisely because they do not track them. Nice, right?

However, according to their official approximations based on the number of searches they get each month and based on the fact that each user makes 1 search per day, on average (so 30 per month), their total user pool should be around 25 million people. That’s pretty impressive.

As a side note, I’d like to point out that my intuition says people make more than 30 searches per month if they are active internet users. And if they heard about Duckduckgo enough as to use it, they are probably tech-savvy and active enough online to use their devices almost daily. Therefore, I’d say that there’s a good chance that some users only switch to Duckduckgo when they are doing searches which they would rather keep truly private. Funny thought.

As you can see, the main advantage, unique selling point and promise of the Duckduckgo search engine is its utter privacy. Here’s the entire picture of my Duckduckgo review, broken down in pros and cons.

Pros of Duckduckgo as a search engine:

  • Perfect privacy. No data on your online searches collected or stored. (If you want this privacy to extend further than searches and to all your browser activity, you need to install the complementary Duckduckgo products, which I described below).
  • No ads targeting you based on your searches.
  • No social engineering techniques used on your based on your searches and other interests.
  • You can be sure you are getting the same search results as all other users (no targeting or profiling).
  • 1-page search results. Infinite scroll: as long as you keep going down, more search results keep loading. It’s a well-known fact that many users don’t make it to the second page of Google search results, but Duckduckgo just presents to you more info on the same page so you never have to click next and lose the initial results from sight.

Cons of Duckduckgo as a search engine:

  • Has a few nice extra perks and features, but still not as many as Google. Just think of Google Maps, Google Flights, Google Finance, Google Books, etc.
  • Less personalization: Duckduckgo doesn’t remember your search history, which is technically an advantage for privacy, but it can also be less convenient sometimes.

screenshot with duckduckgo search

For example, here’s a Duckduckgo search I did for ‘Aviatorilor’, a place in Bucharest, the city I live in. Normally, with Google, I would also get the option of quickly checking out on the map where that place is and how to get there from my location, how long will this take and so on.

In terms of privacy, Duckduckgo clearly wins. But if privacy is not your pet peeve, Google is an incredible product as well, and not one to reject without careful consideration. Here’s how things look like from the other side, too.

Google Search Engine at a Glance: Pros and Cons

Google is not the immediate loser in this competition, however. Not only because it’s still leagues away from Duckduckgo and because most internet users still use the Google search engine.

But it also has unique advantages when compared to Duckduckgo, advantages which derive precisely from its data collecting practices. After all, even if your personal data is used by Google to make money, you still get a few benefits too.

It all comes down to whether you prefer privacy or personalization. Since personalization requires data storing, you can’t have both.

So, here are the pros and cons of the Google search engine, very briefly.

Pros of Google as a search engine:

  • Displays unique content (including advertising content) tailored for your preferences and history
  • Offers built-in features which can be of help (like Google Maps, or help with calculating your trajectory to a place you’re searching for, or search results filters like Books or Flights, etc.)
  • Remembers your search history (this also counts as a con, but it can be helpful in some cases when you want to revisit a web page you forgot to save elsewhere)
  • It’s integrated with your other Google accounts and products, which can sometimes be rewarding.

Cons of Google as a search engine:

  • Remembers your search history (also counts as a pro if you need it, see above).
  • Not even incognito browsing is truly private (read the fine print the next time you open an incognito browser tab in Chrome – or Mozzila, for that matter).
  • Sells your data to third parties and offers them sophisticated tools of tracking you across the web so you can be bombarded with tailored ads.
  • Pulls data from your private emails in order to spam you with ads. Google representatives say this is an automatic process and that no human employee sees your personal emails but it can still be uncomfortable for some users. Imagine, for example, that you and your partner are surprised with an unexpected pregnancy and you’re considering abortion, only to be spammed with baby carriage ads all of a sudden.

How to Protect Your Privacy with the Duckduckgo Search Engine

If you decide to go for Duckduckgo as a way to protect your privacy a bit more, here is everything you need to know in order to make the most of it. The goal is to increase your privacy while also making sure you understand all the ways you can use the Duckduckgo technology to your fullest potential and, if possible, to preseve some of the convenience we are used to from the Google days.

Frequently asked questions about Duckduckgo

Q: Can you browse dark web websites with Duckduckgo?

A: Indeed, you can. But we’d recommend using the go-to browser for the deep and dark web, which is the Tor browser. Many users browse the darker regions of the internet by using the Duckduckgo search engine on the Tor browser.

That still doesn’t mean that doing illegal things on the dark web or on the deep web will stay secret if you do, however. Law enforcement can still track illegal things taking place there (as they should). But as far as privacy goes (and if you don’t want the other users lurking around the creepy corners of the web to see you), Duckduckgo is a great tool.

Q: What browser is better for privacy, Tor or Duckduckgo?

A: First of all, let’s make something clear: there is no Duckduckgo browser on computers. There’s just the Duckduckgo extension to be added to Chrome. But you can use Duckduckgo as a search engine on the Tor browser and that is, indeed, a much more private option than using Duckduckgo in Chrome (even with the extension installed).

On the other hand, there are Duckduckgo browsers for mobile devices (more on those in the products section below). Still, mobile devices also have the option of using the Tor browser for Android. Both are just as safe, privacy-wise.

Q: How does Duckduckgo make money if it blocks ads?

A: One of the major things that puts people off regarding Google is that it makes money selling their data to advertisers. You know what they say – when a product is free of charge, it’s because you are the product.

So, in search of more privacy and less misuse of their data (or less risk of data breaches), people switch to Duckduckgo. But then they think ‘wait, but Duckduckgo is also free’. So how do they make money, then, if they don’t store and sell data?

Just because they offer you complete privacy, it doesn’t mean Duckduckgo has no advertising ties. The Duckduckgo business model is still based on advertising and affiliate revenue. The ads are displayed on the right of your search results, based on the exact keyword of the search. But unlike Google, those ads are not personalized (as in, based on your search history, demographics, shopping history, etc.), because your data is not tracked.

Other Duckduckgo Products to Consider

Mainly, Duckduckgo is a search engine and that’s their core product offering. A search engine with a focus on privacy much above Google privacy practices, which is great for the users who are concerned about this. In today’s digital landscape, we should all be a little more watchful of our private data and what happens to it.

So the privacy aspect of the Duckduckgo search engine is what makes people use them.

The search engine is their main product, and you can access and use it as an URL here. It’s simple and clean and comes with no other product required for its use.

On the other hand, you can also access this search engine from the Duckduckgo products which complement it. Here are the options:

  • The Duckduckgo extension for Chrome: As far as security goes, this is a great Chrome extension to add*. It’s great if you want to keep using Google Chrome (it’s not like you want to reject the brand altogether) but still make sure that the Duckduckgo search engine is used everywhere in your browser by default, and that your data is not collected or stored. Using the Duckduckgo extension for Chrome will also block advertising trackers.
  • The Duckduckgo Privacy Browser (Android app): This is a privacy browser meant to be used on tablets and smartphones using the Android OS.
  • The Duckduckgo Privacy Browser (Apple app): This app is the same, but issued for Apple mobile devices (like iPhones).

You will notice that there is no Duckduckgo browser for computers or laptops. That’s because it isn’t needed: the Duckduckgo extension for Google Chrome effectively turns your browser into a Duckduckgo browser.

Of course, you can still use the Duckduckgo search engine with other browsers as well, such as Mozilla Firefox, or Opera and so on.

Some users who really want to maximize their privacy protection use the Tor browser with the Duckduckgo search engine. Duckduckgo is actually the default search engine for the Tor browser, especially desirable for users who want to browse the deep web or the dark web safely.

Important note: you will notice many other sources and blogs saying Duckduckgo is a ‘safe browser’ or ‘secure browser’. This safety and security they are referring to only extends to the privacy aspect. Using Duckduckgo will not keep you safe from viruses, malware, ransomware, and other internet dangers. Only a full security solution (based both on an anti-virus component and a traffic filtering, proactive component, like our Thor Premium Home) can protect you from cyber-attacks.

*You can also check out other great Google Chrome extensions for increased security (all hand-picked by us and devoid of any ulterior motive like compensation or whatever).

Bonus: 15 Extra Duckduckgo Features which Google Doesn’t Have

#1. Seeing social media bios

You can have links to the social media profiles featured on a website directly from the search results. If you want to connect to an author or customer support for a specific business and so on, Duckduckgo will point you directly to those profiles, no need to enter the website and manually search for them.

#2. App store alternatives to apps

You can search for apps in the app stores just as you would do in any other search engine, but Duckduckgo will also present you with alternatives for the same thing. No more time wasted on scout work.

#3. The Duckduckgo bangs

This is a very cool feature that allows you to search within a specific website for the words you want. Here is the entire list of Duckduckgo bangs.

#4. Weather data available instantly

You can search for simple things like ‘Is it raining in [town name]?’ and you’ll find out what you need to know instantly.

#5. Keyboard shortcuts

Macros and other cool keyboard shortcuts are just a few settings away in Duckduckgo.

#6. Emoticon ‘translations’

Not sure what an emoticon like ‘;;)’ means? Just ask Duckduckgo. (P.S: It’s something from the ancient times of Yahoo Messenger and I know it because I’m old. No, I’m not serious about the last part).

#7. Quick stopwatch

Just what the name says.

#8. Drink recipes

If you search for stuff like ‘how to make a mojito’, the recipe will be displayed right in the search results, no click required. Cheers!

#9. Password generator

Just like other browsers, Duckduckgo will help you generate stronger passwords. (This is important because of credential stuffing attacks and so on). But unlike other browsers, it won’t store them in any way. That’s up to your memory, password manager tool, etc.

#10. Finding rhymes

Troubled by some poetry writing and you just can’t find the rhyme? Or you’re unsure whether two words actually rhyme? No worries, ask Duckduckgo and it will tell you. Yes, seriously.

#11. Calendar as an instant answer

Google also has a calendar feature, but with Duckduckgo it’s an instant answer. You can just search for ‘March 2021’ and you will instantly see the month calendar laid out right in the search results.

#12. Loan calculators

Need help figuring out interest rates and stuff? Duckduckgo has you covered with this too.

#13. Cool features for developers

Plenty of nice things. Here’s just a few:

  • Generate lorem ipsum text quickly and automatically
  • Encode links to machine-readable text
  • Convert binary code to decimal code
  • Convert content to ASCII texts
  • Show a list of special characters and their HTML values
  • Show HTML value for any special character
  • Convert colors to their universal numeric code
  • Show colors based on hexadecimal values

#14. Anagram solver

If you have a poetry writing assistant built-in, why not also an anagram solver assistant? Yes, it really works.

#15. Instant text converting for lower-case, upper-case and capital letter

This is super-useful whenever you need to modify a text in this regard, and it’s a feature currently supported nowhere else.

Final words

If you think these Duckduckgo features look good, rest assured that there are many, many more. Some are downright useful, others just cute, but there’s no denying that Duckduckgo is heading on the right track when it comes to popularity.

This surge isn’t limited to the geek community. More and more users are making their choice in the Duckduckgo vs Google battle, and it’s not in favor of the Google giant.

The post Duckduckgo vs Google: A Security Comparison and How to Maximize Your Privacy appeared first on Heimdal Security Blog.

Security Alert: Mass Credit Card Stealing Campaign Detected in Online Shops

Security researchers unveiled a still-ongoing mass credit card stealing campaign, which started collecting data from unsuspecting online shoppers sometime in October 2018.

The target of this campaign was a pool of over 100 online shops, all of them otherwise deemed legitimate and trustworthy. Six of the targeted websites were even listed in the one million websites Alexa Top.

Moving forward with reporting on this, we’ll dub the mass credit card stealing campaign Magento Analytics, since that’s the name of the domain used for injecting malicious scripts into the code of the online shops.

How Does the Magento Analytics Mass Credit Card Stealing Campaign Operate?

The domain was first picked up by the radars of cybersecurity researchers back in October 2018, when they noticed something seemed off about it. Even though the traffic was pretty low, there seemed no purpose to the domain and its traffic was increasingly stealthily, via other portals.

Thor Foresight makes sure that link is safe!
Your parents and friends will click any suspicious link, so make sure they're protected.
Thor Foresight Home anti malware and ransomware protection heimdal security
Thor Foresight provides: Automatic and silent software updates Smart protection against malware Compatibility with any traditional antivirus.


Get Thor Foresight

The name seemed innocent enough at a first glance. Magento is a major e-commerce platform and its engine is used by countless online shops around the world. It would make sense for something called Magento Analytics to be spotted running through these websites from time to time. But the domain didn’t actually contain anything if you tried to access it directly.

Another dubious thing which tipped off the security researchers who looked into it was the fact that the registration address & IPs for the domain was ever changing. While initially the domain was registered in Panama, the IP from which it was operating changed a lot. Initially, it seemed to be located in Arizona, US, but then it moved to Moscow, Russia for a while, before heading to Hong Kong, China. This alone warranted a second look from the cybersecurity researchers on the case.

But shifting IPs were not the only thing wrong with this domain, by far. While the domain itself returns just a 430 error page if you try to access it directly (not recommended, though), the researchers were seeing various pages (sub-domains) of the domain with nothing meaningful on them, either. Instead, all of these contained JS scripts.

Through continuous traffic monitoring, the security researchers realized that the Magento Analytics was actually injecting these malicious scripts into the code of 3rd party websites. These websites (online shops) had no idea that the Magento Analytics mass credit card stealing campaign was actually collecting the credit card info of their users.

trysend function in magento analytics malware

As soon as the JS code is loaded, a timer is set and the TrySend function is called every 500ms. This function attempts to try to get input data from credit cards

What Were the Losses Incurred by the Magento Analytics Malware Campaign?

Data revealed by the security researchers showed that the TrySend function called by the JS scripts collected the following information from users: card number, name of the cardholder, expiry date, and the CVV code. Basically, it’s everything a hacker would need in order to steal your money afterward.

For now, no one came through to complain explicitly about losing money to the Magento Analytics campaign. But this doesn’t mean that there have been no losses yet. Most likely, the losses were small, or the legitimate card owners managed to annul the transactions, or they just haven’t been able to connect the loss with this particular campaign yet.

We will keep you updated on reports about the losses incurred through Magento Analytics as more is revealed.

The scary part about the Magento Analytics mass credit card stealing campaign is precisely the fact that the injected JS codes weren’t even that sophisticated. All in all, it amounts at a pretty rudimentary online scam. It just shows how disastrous it can be for online stores to allow security holes in their systems, since there will always be malicious 3rd parties interested in exploiting them.

Data provided in this analysis was obtained by Netlab 360.

The post Security Alert: Mass Credit Card Stealing Campaign Detected in Online Shops appeared first on Heimdal Security Blog.

GDPR and Data Breach Risks: An Interview with Bogdan Manolea of ApTI

May 2018 brought on the mandatory implementation of GDPR regulations for Europe, but, de facto, for the entire world since European users can freely roam across the internet of pretty much all countries.

Much to the fretting of virtually everyone else around the world, lots of companies and websites located outside of EU had to review and restructure not just the text from their privacy policies, but their actual data collection practices.

GDPR One Year Later: An Interview with Bogdan Manolea

Now, a year later, on the law’s 1st anniversary since its implementation, I decided to have a talk with someone who understands much more about it than me, namely with Bogdan Manolea from the Romanian Association for Technology and Internet (APTI) and from (the 3rd party seal of approval for e-commerce websites, vouching for their safety and honesty following independent tests).

bogdan manolea from apti

Bogdan Manolea delivering a conference talk. Photo credit:

He doesn’t like the word expert, but I don’t really know how to introduce him avoiding the word. Let’s just say he’s the first person who comes to my mind whenever I have some issues and doubts regarding digital rights in general (not just the very recent GDPR).

Here’s what we talked about and what his answers were. [The interview was a bit edited for length and clarity.]

1. As a GDPR expert, what’s your take on how this law was implemented in Europe and beyond, now, almost one year later since its principles became enforced?

First, I hate the words “GDPR expert”. I don’t understand how you can be an expert in a law that was adopted three years ago and it started to be implemented one year ago. This is just marketing bullshit, IMHO.

Moreover, the truth is that data protection existed for a long time in Europe as a specific domain and the Council of Europe Convention 108 on automatic processing of personal data exists from 1981. Even the first EU directive exists from 1995.

So, the fact that some media picked up the subject only recently or that companies have become much more aware since the huge fines from GDPR were advertised, that is just their problem.

But the concern for privacy and personal data protection, including specific legislation on the matter, have existed in Europe for decades. Even the principles are almost the same from 1981.

The need for a law more in line with the digital processing of personal data has been discussed for years and the digital rights groups from Europe (including myself from APTI in Romania) have been active in pinpointing the limits of the previous directive from 1995 and asking for a better legislation that is unique at the entire EU space level. This is why GDPR was adopted in 2016 and it started being applied in 2018.

So the principles should have been enforced for some time, actually. The fact that we are still discussing how companies are implementing the data protection principles after decades of laws in this domain shows us that the legislation was basically inefficient, to a large extent.

2. Do you think companies have mostly adapted to this new framework, by and large? Have you noticed a great array of differences between various categories of businesses implement GDPR? For example, companies from a certain niche versus others in a different niche, or based on company size, or on their location?

It would be almost impossible for one person to have a pan-European overview of how GDPR was implemented so far. The situation depends on so many factors – size, niche, location, country, compliance with previous legislation, the quantity of data collected, etc.

From my empiric evidence, there is a huge wide range of compliance – from a high level of compliance in multinationals that are more used to compliance mechanisms and new regulations, especially if they come from countries with traditional strong data protection regimes (e.g. Germany) to no compliance at all in SMEs [n. a – Small to Medium Enterprises] that do not use digital tools and are in one of the countries where the DPA (Data Protection Authority) is very weak in its enforcement.

3. So what would be in your opinion the good and bad in GDPR implementation so far?

The good thing with GDPR is that it forced companies to think more (in depth) about the personal data they are collecting in order to answer the basic questions posed by GDPR (What data? How do we collect it? For what purposes? For how long? Etc.)

There are several bad things that are worrying me:

  • The risk of missing the purpose and scope of GDPR. Instead of protecting the personal data of European citizens, we might create a layer of bureaucracy which does little for achieving this aim;
  • The absolute need for simplification and guidance for SMEs in understanding the exact steps to be done for compliance on data protection;
  • The crucial role of the DPAs in implementing the GDPR. With a dormant DPA, all the while GDPR seems like just a nice story, with no real effects.

4. What’s the no #1 mistake companies can do when it comes to preventing data breaches?

There are a lot of actions that can be done and it depends on the size of the company and the importance of the data that is being processed.

But one thing that strikes me personally, in almost all companies, as a measure that is easy to do and could save a lot of hassle later, is disk encryption by default (before booting the OS) of all mobile devices (laptops, mobile phones, and tablets).

I mean, these types of devices are being lost or stolen regularly all over the world. This is just human nature and it is very possible to happen to your company sooner or later. It’s almost impossible not to have any personal data on them. But still, very few companies have a mandatory policy of having all their mobile devices encrypted by default.

bogdan manolea from Gpec and apti

Bogdan Manolea delivering a conference talk. Photo credit:

5. How about the no #1 mistake they may do once a data breach already occurs?

Probably to panic. 🙂

This is why it is helpful to have a data breach procedure and to test it from time to time. Especially in big companies, this should be a must.

6. I don’t mean to sound fatalistic, but do you think there’s a certain unavoidable component to data breaches in this new law framework? Can a company avoid penalties with a certainty of 100% through preparation? I, for one, certainly hope so & think so, but I think there are a lot of defeatist voices among company reps having a hard time adapting to the new rules.

Of course, it is unavoidable. The question about data breaches is when it will happen, not if it will happen. If it never happens, then you’re very, very lucky or you just don’t know about it.

But this is why if you report a data breach, it doesn’t automatically mean that you will be fined. Look at the numbers compiled by our colleagues from civil society (based on FoI requests to DPAs) from all over the EU and you will see this is true. But it also shows that probably the level of reporting is very different from one country to another.

You can see the table of facts and figures here.

So, in Romania, for example, by March 2019 there were reported 414 data breaches and, as far as we know, there wasn’t any fine yet.

7. Do you know if the position of Data Protection Officer was actually created within companies, on a significant scale? As in, did companies really hire a person to fulfill this role alone, without other ‘merry weather’ responsibilities?

First, let me emphasize again that not all companies need a DPO. The art 37 of the GDPR makes it clear that only in two situations private companies must employ a DPO:

(b) the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or

(c) the core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 or personal data relating to criminal convictions and offenses referred to in Article 10.

Also, the DPO can be external, you don’t have to have an internal staff role for this.

Moreover, GDPR doesn’t say that it must do only that – however, it is worth emphasizing that a DPO may have other tasks that are in a conflict of interest with this position – for details see Art 29 with regards to DPOs – Chapter 3.5.

8. What do you think of the new laws the US authorities are striving to adopt soon regarding data protection? I know there are some debates within the US to adopt new laws, but EU representatives are a bit critical of American efforts so far.

I haven’t followed the topic too closely, but I can point out is that EU is actually the most advanced globally in the field of data protection legislation, so it starts to “export” this legislation in several other areas, not just to the US.

Also, I think that California, with this act, may be more advanced than other US states in these activities.

9. What’s your no #1 advice to companies trying to navigate the post-GDPR framework of digital consumer rights?

From a privacy advocate perspective, I think there are two basic things all companies should do:

  • Do an analysis on what data you collected and if you can live without it (thinking about your users and their rights, not with the idea “it might be helpful in the future, who knows?”). This is part of the “data minimization” direction within GDPR and if you do it properly you can actually collect less data (renouncing those bits that might have been collected for an unclear purpose anyway.)
  • Keep your users informed about what you do with their data. Article 29WP has a pretty simple table as an Annex to their Opinion on transparency, which is a great guide.

For Romanian readers, I’ve written a very user-friendly guide here, on the topic of protecting yourself from conflicts with your consumers over data privacy.

10. Finally, do you have a remarkable data breach story to share, one which we could all learn a bit from? What’s the most interesting/crazy/serious/impressive case of data breach fulfilled (or averted) that you heard of?

What is remarkable for me is the long history of Facebook data breaches from the past couple of years (see the latest), some with ridiculous mistakes (Plaintext passwords? Really?) and how they got away with it. So far, at least…

Thank you, Bogdan, for your time and answers.

The post GDPR and Data Breach Risks: An Interview with Bogdan Manolea of ApTI appeared first on Heimdal Security Blog.

Is Pornhub Safe? How to Browse Adult Websites Securely

This is a question we get asked a lot and one which is floating all over the internet too, especially on discussion forums where people can stay anonymous if they want: Is Pornhub safe? Is it a safe site to enter? We decided to address it here since we’d rather let people get their facts straight on cybersecurity directly from the industry instead of scraping for half-truths around the web.

So, is Pornhub safe to browse? What should you do and not do when browsing Pornhub? What are the cybersecurity risks associated with browsing Pornhub? Can you get viruses into your computer? How about malware? What about other adult websites, how safe are those?

What can you do to protect your computer when accessing Pornhub or other adult content websites? How about your privacy, who can see what sites you are browsing and how can you hide your activity?

We’ll answer all these questions and more, right below. Keep scrolling and learn how to stay safe when browsing Pornub and other adult websites.

Is Pornhub safe to browse for your cybersecurity?

The short answer is that no, Pornhub is not completely safe to browse, however, whenever, without taking some necessary precautions. That doesn’t mean that Pornhub is a malware or cybercriminal hub bent on causing its users harm on purpose, quite the contrary. However, there can be risks associated with browsing Pornhub which go beyond the website’s control.

Given that its popularity is so high (there were over 33.5 billion visits to Pornhub last year, according to the website’s official data) and that in many cases its visitors are not necessarily tech-savvy, it’s no wonder that Pornhub can attract cybercriminals bent on using this opportunity.

As we said, Pornhub in itself is safe and strives to stay that way, as a huge business employing lots of tech people tasked to keep the website primed. But you can still become a target for cybercriminal groups and hackers while visiting Pornhub and other adult-themed websites (especially less popular ones, with less developed security policies). This is mostly due to the ads displayed on the porn website, over which the website has little control.

Unfortunately, the prevalence of malware on porn websites is very high. According to security researcher Conrad Longmore, there’s a 53% chance of encountering malware while browsing Pornhub. Of course, security employees from Pornhub and similar websites are doing their best to keep it safe for their users and catch malware as fast as possible. But the truth remains that porn sites are still one of the most popular destinations for hackers and uploaders of malicious code.

What Are the Main Cybersecurity Risks of Pornhub?

What can these cybercriminals targeting the visitors of porn sites be after? What are the main risks you are exposed to while browsing?

#1. Computer viruses (Trojans)

Well, for one, to infect your computer with viruses. While the vast majority of viruses you can contract this way are mostly harmless, they can still slow your system significantly, as well as serve as a gateway for more dangerous stuff. These very common viruses to be found on ads displayed on porn websites can be Trojans, for the most part.

Such viruses don’t pose a huge security risk but they can make your computer slower, as well as create more vulnerabilities into your system, which can then be exploited for more dangerous malware to enter.

#2. Adware

Other viruses you can get from the ads displayed on Pornhub or similar websites are adware. This means that once they take root into your computer, they will cause more ads and spammy content to be displayed to you even if you’re not browsing Pornhub anymore.

This is not just annoying since it can also slow down your system, but it can also be privacy-infringing since the ads can be adult content related. If you share your computer with other family members, you probably don’t want indecent ads popping up when other people are using the device.

#3. Malware or Spyware

Other types of malware which you can contract from clicking ads on Pornhub or similar sites are more dangerous. The cybercriminals behind them can be after your data, and considering the nature of the content you are browsing, this can be very sensitive data related to the type of adult content you are interested in, your online behavior and so on.

Sextortion scams are very common. This is when you get an email from hackers claiming to have installed spyware into your computer and filmed you while you were browsing adult websites, recording also everything you have watched and so on. They will also tell you that unless you send them money, they will send this data to your employer, family, friends and so on.

For the most part, these claims are bogus and the hackers are just fishing for the users gullible or scared enough in order to make some easy money. But in some cases, they may be real. Don’t take that chance and make sure you stay safe, first and foremost by having your device protected by a reliable anti-malware solution.

How Safe Are Other Adult Content Websites?

What about other adult websites, besides Pornhub? Are their security risks the same?

Well, for the most part, we should stress again that Pornhub is still overall safe-ish. It’s the content from third parties (ads) that you need to be wary of. The same risks from ads are also true for every other adult-themed site out there, especially those who allow publishers to stream their own content (the ‘tube’ type of porn websites).

This is because such websites make money from allowing advertisers to run embedded ads from traffic networks. In many cases, this embedded content has malicious code included in it. While the host website (the porn website running these ads) removes all ads containing malicious scripts, it can take a while for these risky ads to get detected.

But in the case of lesser-known websites, with fewer employees and less of a security network in place, the risks may actually be greater than with Ponhub. If another website you’d like to browse is also a huge one, well-known and with millions of users, the risks are probably about the same.

If we’re talking about obscure porn websites, then not only they are more likely to get infected with malware from third parties (advertisers) but they may be a front for cyber-criminality in themselves.

How to Protect Your Privacy when Browsing Pornhub?

The issue of safety has two aspects: protecting yourself from viruses, extortion, hackers, and so on, rounded up under the umbrella term ‘cybersecurity’ and the second issue of protecting your privacy from everyone around you.

Let’s start by addressing privacy first.

You may be tempted to browse Pornhub incognito to make sure no one but you knows about it. While this can be a partial solution (not to store search history, cookies and so on), incognito browsing is not really private.

Major browsers like Google Chrome and Mozilla are very upfront about it whenever you open up a new incognito browser window.

browser incognito message

If your main concern is to prevent the people you live with or share a computer with from finding traces of your online activity, then incognito browsing is ok. But your internet service provider or your employer (if you ever get the bright idea of accessing such websites from your workplace’s network) can still find out the list of domains which got accessed from your computer. If people with access to your home network are a bit tech-savvy, they can figure it out too.

Also, as mentioned above, ads are one of the main sources of malicious code on porn websites. While a Chrome extension that works like an ad blocker can keep some of the risk at bay, you should know that ad blockers tend to be automatically disabled once you enter incognito browsing mode. You can manually set exceptions to ensure ad blockers work for incognito browser tabs too, but you need to do a bit of tinkering with it.

What else should you remember about your privacy when browsing Pornhub or other porn websites?

Even while browsing incognito, the website you are browsing will still collect some data about you via cookies. This is entirely normal and, in theory, protects your anonymity (they just store data about user statistics but without personally identifiable information). But if they ever get hacked, or if you install malicious software by clicking on ads while browsing, this data could be at risk of being misused or used to identify you.

The only thing which can completely protect your anonymity while browsing Pornhub and other adult websites is a VPN service. Lots of users opt for one in order to stay more anonymous online.

As for the issue of cybersecurity on adult websites as a whole, beyond privacy, here’s how you can make Pornhub browsing safe.

How to Access Pornhub Safely: 5 Tips

First and foremost, learn more about the dangers of the internet and about strengthening your online safety as a whole. It’s never too late to start educating yourself in cybersecurity for laymen. Just being here and reading this guide to Pornhub safety is a great start.

But beyond being simply aware of online risks, here’s what else you can do to stay safe while browsing Pornhub or other adult websites.

#1. Up your protection with a good anti-malware solution

This should be obvious, but to make sure you stay safe from any malware danger, you need to have an active next-generation anti-virus software. A product like our Thor Vigilance is trained to prevent the latest type of intelligent threats and protect your privacy as well.

#2. Go for a traffic filter-based security product (it’s a must!)

Next, and definitely, more importantly, traffic filtering is the advanced type of protection you most definitely need. This is especially true if you sometimes browse potentially risky websites like adult-themed ones.

Thor Foresight makes sure that link is safe!
Your parents and friends will click any suspicious link, so make sure they're protected.
Thor Foresight Home anti malware and ransomware protection heimdal security
Thor Foresight provides: Automatic and silent software updates Smart protection against malware Compatibility with any traditional antivirus.


Get Thor Foresight

In today’s cybersecurity age, when the methods of hackers are getting more and more sophisticated, traditional anti-virus is not enough anymore. An anti-virus, no matter how good it is, reacts to known threats once they already reach your system. If you’re dealing with an APT (advanced persistent threat) this may be too late.

But a traffic filtering solution, like our Thor Foresight, is based on AI and can intelligently detect threats before they reach your system. Such protective software actively scans incoming traffic and blocks malicious code before it gets a chance to target you. This way, even if you accidentally click on a malicious ad while browsing Pornhub, you’re still safe.

#3. Don’t click on ads while browsing Pornhub

Speaking of ads on Pornhub or other adult websites, don’t click them. While some may be harmless, this is where the dangers associated with porn websites are usually hidden. If you really wish to support your favorite porn website, you can find other ways to do that (like signing up for a premium subscription, for example).

#4. Don’t download anything from adult websites or related pop-ups

If the ads displayed on Pornhub and porn websites, in general, are truly malicious, they will probably try to convince you to download something. They will promise you some more HD content completely free of charge or something similar, on condition that you install some no-name video player, etc. Don’t fall for this trap!

The software such ads are asking you to install is most likely spyware or malware. Don’t install anything and close all browser windows immediately if you are prompted to start a download.

#.5 Don’t buy anything (or enter credit card info) from 3rd parties

Under no circumstances should you enter your credit card info while browsing less-known, shady porn websites. You can buy a subscription from the major adult website you are browsing (like Pornhub and similar sites) if you want, this is safe.

But if you start browsing the independent websites of publishers or other websites you reached starting from your initial browsing, be mindful not to enter any sensitive information like credit card data. You may be tempted by a special access offer (either for a major discount or completely free, but only if you create a member account, which also asks for credit card info). Don’t fall for it!

The post Is Pornhub Safe? How to Browse Adult Websites Securely appeared first on Heimdal Security Blog.