Kerry Wan/ZDNETNearly everything you do on your desktop, laptop, phone, and tablet begins with a Domain Name System (DNS) query. Essentially, DNS turns domain names (such as ZDNET.com) into an IP address so web browsers and apps know where to get the information you want. Also: Your Android phone is getting 4 big upgrades for free, thanks to Android 16Without DNS, you’d have to type 34.149.132.124 every time you wanted to go to ZDNET.com or 74.125.21.102 to go to Google.com. Even by simply running a Google search, DNS is at work. The problem is that standard DNS isn’t encrypted, meaning all your queries are sent over the network as plain text.Why is non-encrypted DNS a problem?Let’s say you’re on a public network  — like a coffee shop — and you start searching for things on your Android device. Or maybe you have to access a CMS or another work tool, and you don’t want the public to know the address you’re typing. If someone else is on the same network and has the skills, they could intercept your non-encrypted search queries (or the URLs you visit) and know exactly what you’re looking for.That’s where Private DNS Mode comes into play. Once you enable this feature, all of your DNS queries are encrypted, so bad actors won’t be able to view them (even if they capture those packets). In other words, Private DNS Mode should be an absolute must for anyone who values their privacy and security.Also: I test dozens of Android phones every year: Here’s how the best models stack upBut how do you enable Private DNS Mode on Android? It’s actually pretty simple. Let me show you how.How to enable Private DNS mode on AndroidWhat you’ll need: The only thing you need to enable Private DNS Mode is an Android device running at least Version 9 of the operating system (released in 2018). I’m using a Pixel 9 Pro; pretty much every modern Android phone is capable of enabling Private DNS. More

Jada Jones/ZDNETYour AirPods can be your best friend, small enough to stay in your pocket or bag until you need them. But if you like to work out with your AirPods, pushing your slippery earbuds back into your ear can become a particularly intense workout. I’ve found three products to help with this problem — a few dollars spent can revitalize your AirPods experience.Also: Best AirPods 2025: I’ve tested every pair of Apple headphones and earbudsUnfortunately, some people’s ear anatomy simply isn’t compatible with certain earbuds, and the best option may be purchasing from another brand. But if you’re determined to make your AirPods stay in your ear, try these tips first.1. Detachable ear hooks More

Image: Tony Lee

In one of the weirdest arrests of the year, at least five bar and cafe managers from the French city of Grenoble were taken into custody last week for running open WiFi networks at their establishments and not keeping logs of past connected users.
The bar and cafe owners were arrested for allegedly breaking a 14-year-old French law that dictates that all internet service providers must keep logs on all their users for at least one year.
According to local media reports [1, 2, 3], the bar and cafe owners claimed they were not aware that such a law even existed, let alone that it applied to them as they had not received notifications from their union, which usually sends alerts of industry-wide legal requirements.
Nonetheless, French media pointed out that the law’s text didn’t only apply to internet service providers (ISPs) in the broad meaning of the word — as in telecommunications providers — but also to any “persons” who provide internet access, may it be free of charge or via password-protected networks.
The bar and cafe owners were eventually released after questioning.
According to French law number 2006-64, they now risk up to one year in prison, a personal fine of up to €75,000, and a business fine of up to €375,000.
Connection logging is a feature supported on most commercial routers and has been added for this specific reason, as countries around the world began introducing data logging laws for their local ISPs.
Law enforcement agencies often rely on these logs to track down malicious behavior or details about suspects using public WiFi networks to commit crimes. More

Image: Mozilla
Mozilla has released today Firefox 85 to the stable channel, a new version of its beloved browser that removes support for the Adobe Flash Player plugin but also boosts privacy protections by adding more comprehensive defenses against “supercookies.”

The removal of the Flash plugin comes after Mozilla announced its intention to drop Flash in July 2017 as part of a coordinated industry-wide Flash deprecation and End-of-Life plan, together with Adobe, Apple, Google, Microsoft, and Facebook.
The EOL date was set to Dec. 31, 2020, a date after which Adobe agreed to stop providing updates for the software.
Firefox now joins Chrome and Edge, both of which removed support for Flash earlier this month with the release of Chrome 88 and Edge 88.
Network partitioning and supercookies protection
But even if Firefox 85 is the first version that ships without the much-maligned Flash plugin, the bigger feature in this release is “network partitioning.”
First reported by ZDNet last month, the network partitioning feature works by splitting the Firefox browser cache on a per-website basis, a technical solution that prevents websites from tracking users as they move across the web.
In a blog post today, Mozilla said this new feature has effectively blocked the use of supercookies inside Firefox going forward.

“Supercookies can be used in place of ordinary cookies to store user identifiers, but they are much more difficult to delete and block,” Mozilla said today.
“Over the years, trackers have been found storing user identifiers as supercookies in increasingly obscure parts of the browser, including in Flash storage, ETags, and HSTS flags.
“The changes we’re making in Firefox 85 greatly reduce the effectiveness of cache-based supercookies by eliminating a tracker’s ability to use them across websites,” the browser maker said.
Mozilla said that while they expected a big impact on website performance after splitting the Firefox cache, internal metrics show that the impact was minimal.
“Our metrics show a very modest impact on page load time: between a 0.09% and 0.75% increase at the 80th percentile and below, and a maximum increase of 1.32% at the 85th percentile,” Mozilla said.
The browser maker viewed this performance impact as acceptable for improving overall user privacy.
Other changes
But other features shipped with Firefox 85 today. The first is a change in how bookmarks are saved inside Firefox.
Starting with this version, Firefox now remembers where users saved their last bookmark and saves all other bookmarks to the same location. 
Furthermore, Firefox has also added a bookmarks folder to the bookmarks toolbar. This last feature caused some problems last week, when some Firefox users saw it in their browsers, but without an easy way of disabling it. With Firefox 85, removing that folder from the bookmarks toolbar is possible via a right-click menu option.
In addition, Firefox 85 also ships with a button to remove all saved credentials, which could be a very useful feature in case users need to clear a Firefox installation and make it available for other users.
Other changes are detailed in the Firefox 85 changelog here, while security updates are listed here. More

special feature

Securing Your Mobile Enterprise
Mobile devices continue their march toward becoming powerful productivity machines. But they are also major security risks if they aren’t managed properly. We look at the latest wisdom and best practices for securing the mobile workforce.
Read More

The US Department of Justice announced charges today against a Russian citizen who traveled to the US in order to recruit and convince an employee of a Nevada company to install malware on their employer’s network in exchange for $1,000,000.
According to court documents unsealed today, Egor Igorevich Kriuchkov, a 27-year-old Russian, was identified as a member of a larger criminal gang who planned to use the malware to gain access to the company’s network, steal sensitive documents, and then extort the victim company for a large ransom payment.
To mask the theft of corporate data, Kriuchkov told the employee that other members of his gang would launch DDoS attacks to keep the company’s security team distracted.
Kriuchkov and his co-conspirators’ plans were, however, upended, when the employee they wanted to recruit reported the incident to the FBI.
FBI agents kept Kriuchkov under observation during his stay in the US, and eventually arrested the Russian national on Saturday after they had gathered all the evidence they needed to prosecute.
Below is a chronological timeline of Kriuchkov’s time in the US and his attempts to recruit the insider, along with additional commentary, where needed. All events took place in 2020.
July 16: Kriuchkov contacts the employee working at the Nevada company via a WhatsApp message and informs him of his plans to visit the US. The employee, identified in court documents as CHS1, told the FBI he knew Kriuchkov from contact the two had years before, in 2016.
July 28: Kriuchkov arrives from Russia in New York, travels to San Francisco, and then to Reno.
August 1: Kriuchkov makes contact with CHS1 via phone.
August 2 and August 3: Kriuchkov, CHS1, and friends travel to Emerald Pools and Lake Tahoe, where Kriuchkov pays for everyone’s expenses while also trying to avoiding having his picture taken.
August 3: During the last day of the trip, at a bar late at night, Kriuchkov tells CHS1 he works for a group on “special projects” through which they pay employees for installing malware on their employers’ networks. Kriuchkov then details the entire scheme to CHS1 and says that the malware could be provided on a USB thumb drive or sent to him via email. Initially, Kriuchkov told the employee he’d be paid only $500,000 for installing the malware, and that his gang would launch a DDoS attack to disguise the data exfiltration process.
Following this proposal, CHS1 reports Kriuchkov to the FBI, and future meetings are kept under surveillance.
August 7: Kriuchkov has another meeting with CHS1. During this meeting, Kriuchkov attempts again to convince CHS1 to participate in the scheme, this time claiming that his group has been orchestrating these “special projects” for years and that all other employees who cooperated were never caught and still work for their employers. Kriuchkov also suggests that his gang can make the malware infection appear as it originated from another employee if CHS1 had anyone in mind they wanted “to teach a lesson.” During this meeting, CHS1 also asks for a $1,000,000 payment, including $50,000 upfront.
August 17: In another meeting, Kriuchkov reveals more details about the gang he works, including the fact that they handle payments using escrow via “Exploit,” the name of a well-known hacking forum. Kriuchkov also reveals he recruited at least two other employees, with one of the previous victim companies paying a $4 million ransom following a successful hack. Kriuchkov and CHS1 also had a WhatsApp call with a member of Kriuchkov’s gang and talked payment and escrow details. Kriuchkov also claimed that a member of the group is an employee at a government bank in Russia and that the group paid $250,000 for the malware, which was written specifically for CHS1’s company. Kriuchkov left a phone with CHS1 so he could get in contact in the future.
August 18: In a subsequent meeting, Kriuchkov tells CHS1 that the gang refused to pay him an upfront fee, as they have never done so before; however, they agreed to the $1,000,000 payment. Kriuchkov said his own cut was reduced to $250,000 following CHS1’s demands. Kriuchkov also told CHS1 that he would need to provide details about his employer’s network to the gang in order to customize the malware.
August 19: Kriuchkov met with CHS1 and said the gang eventually agreed to an upfront payment of 1 bitcoin.
August 21: Kriuchkov meets with CHS1 to inform him the “special project” was delayed due to another ongoing “special project” for which the gang expected a huge payout and needed to focus their efforts. Kriuchkov also told CHS1 he was leaving the US and then left instructions with CHS1 detailing how he would be contacted by gang members in the future.
Following this meeting, an FBI agent contacts Kriuchkov by phone, who then attempts to hastily leave the country and is eventually arrested the next day in Los Angeles.
Kriuchkov was charged on Monday and faces up to five years in prison for his role in the scheme, if found guilty. More