Networking

Big changes are afoot in the ad-sponsored web, and the browser has become a key battleground for end-user privacy. While Chrome is by far the most widely used browser in the world, there are alternative browsers and ways to improve your privacy when using Chrome. Unfortunately, there’s no easy way yet to ensure total privacy through browsers, according to Dr Lukasz Olejnik, an independent privacy researcher and consultant, who led a large scale study in 2009-2011 that found web browsing histories can be used by online ad companies to fingerprint individual browsers over time.  Researchers from Firefox-maker Mozilla emulated his study in 2020 with 52,000 Firefox users, which confirmed Olejnik’s findings. They warned that Google’s and Facebook’s tighter grip on online advertising today makes the practice of re-identification through browsing histories an even more pressing privacy problem today.  Google’s FLoC (Federated Learning of Cohorts) substitute for third-party cookies, which Google plans to block in 2022, is being trialed now with some Chrome users in the US and other markets except Europe, where Google recently admitted FLoC might not be compatible with the EU’s General Data Protection Regulation (GDPR).   But FLoC won’t solve the problem of browser fingerprinting. “Fingerprinting is here to stay and the removal of third-party cookies indeed does not impact on this technique,” says Olejnik. 

Easy to install, a burden to manage

In the past, security-conscious people advised others to disable JavaScript in the browser, but Olejnik tells ZDNet this is a sledgehammer approach for the web today. “Disabling JavaScript today is a no-go because almost every website depends on it. Disabling it would make the web essentially unusable,” says Olejnik.  One example is that today Google won’t let users who disable JavaScript to sign in to Google Accounts such as Gmail and YouTube.His recommended workaround for people wanting more privacy is to install the NoScript extension for Firefox, Chrome and Chromium-based browsers like the new Microsoft Edge. NoScript offers a more selective way to deal with invasive scripts and malware attacks that rely on JavaScript.   “In very simple ways users may easily decide which websites would be able to include what component, executing JavaScript or not,” he says. However, he warns NoScript may be “quite cumbersome” since it takes time to click-through to decide which websites should be allowed what. “But it is worth it,” he adds.  “Disabling scripting on weird or random sites is the biggest impact. Scripting is responsible for most of the most important privacy risks. It is also responsible for the delivery of some web browser exploits. So not having scripting on by default may actually save you from being hacked,” says Olejnik.   Of course, there are other approaches users can take too, including using a browser other than Chrome. To this end, Olejnik suggests it is wise to use several browsers for different tasks. You can go to the NoScript website for more information on what exactly the extension does, as well as access an active user community forum to report bugs, propose updates, and troubleshoot issues.Pros   Freely available for Firefox, Chrome and Chromium-based browsers    Protects against the most common privacy and security threats on the web   Doesn’t collect your web history Cons   A bit cumbersome to set up the allow list

Is this really the most privacy-focused browser?

Brave is a Chromium-based browser that by default blocks ads, fingerprinting and ad-trackers. Brave in January announced it had passed 50 million monthly active users, which is still a fraction of Chrome’s 3.3 billion users across desktop and mobile. Brave’s business model relies on privacy-protecting ads that can pay publishers and users with Basic Attention Tokens (BAT) when users pay attention to ads. It also recently acquired Tailcat to launch Brave Search, so it can provide a privacy-focussed alternative to Google Chrome and Google Search.  The Chromium-based browser is headed up by Brendan Eich, a key designer of the JavaScript programming language and a co-founder of Mozilla and Firefox. Brave’s privacy record isn’t unblemished. Eich in 2020 apologized to customers after being caught sharing default autocomplete answers with an affiliate cryptocurrency exchange. Still, a recent study by Professor Douglas J. Leith at Trinity College at the University of Dublin rated Brave as the most private browser over Google Chrome, Mozilla Firefox, Apple Safari, and Chromium-based Microsoft Edge.Leith looked at how much browsers communicate to each browser maker’s backend servers. Brave did not use any identifiers allowing the IP addresses to be tracked over time, and did not share details of web pages visited with its backend servers. By contrast Chrome, Firefox and Safari tagged telemetry data with identifiers linked to each browser instance. Brave has removed a ton of Google code from its version of Chromium to improve user privacy and has also come out hard against Google’s FLoC ID proposal, which is beginning to roll out to Chrome users but will not been enabled in Brave.  Brave has several privacy-enhancing settings with options to block third-party ad trackers, a toggle for upgrading unsecured connections to HTTPS, cookie blocking and fingerprinting blocking. Users can adjust these in Settings with in the Shields and Privacy and security sections.     Despite alarm over FLoC, Olejnik says it is preferable to third-party cookies from a privacy standpoint, but he’s holding off judgement until he sees the final design. FLoC is a type of fingerprint designed to replace third-party cookies. In this scheme, Google assigns a FLoC ID to clusters of Chrome users with similar interests, allowing for some privacy by letting individuals ‘hide within crowds’, as Google put it, while still delivering targeted ads to advertisers. Still, Olejnik found the initial implementation of FLoC can leak users web browsing histories, so taking cover in the crowd might not actually work as intended yet.”If I had to choose between third-party cookies or FLoC, I would choose FLoC. But it all depends on the final design and configuration. Care must be exerted in the design to avert the risk of data leaks,” Olejnik says. “In my tests of the initial version, I verified that leaks of web browsing histories are indeed possible. But I am sure that the final solution would have to have some privacy settings designed and implemented. In current testing FloC, this is not the case.”Pros   Privacy-focussed by default    Not in the traditional online ad business   A fast experience Cons:   No obvious negatives but issues in the past show it is not perfect

Probably the best privacy-preserving browser on the web

Chrome’s security and patching make it the most secure browser available today, but when looking solely at privacy, Olejnik rates Mozilla Firefox as the best of the pack. So, for those using a multi-browser strategy to improve privacy, Firefox is a must-have. One of Firefox’s most important privacy features is Enhanced Tracking Protection. Mozilla has also borrowed Tor techniques to block browser fingerprinting and, despite its declining monthly active user numbers (it’s at 220 million today, down from 250 million a year ago), Firefox developers are on a constant quest to improve tracking-prevention features, such as its work on browser data storage that can be used for tracking users across the web, which goes beyond just stored cookies and targets multiple caches.  Firefox is rich with choices to customize the browser for privacy by typing about:preferences#privacy in the address bar. The “standard” Enhanced Tracking Prevention blocks social media trackers, cross-site tracking cookies, and blocks tracking in private windows, cryptominers, and fingerprinting scripts. There is a “strict” mode too that might break some sites, but there are ways to whitelist Enhanced Tracking Protection for trusted sites. And for those with the time, Mozilla provides a way to customize the privacy feature.    The other option for Firefox fans is Firefox Focus, a privacy-focussed browser for iOS and Android that blocks ad trackers and has a built-in ad blocker.    And if you’re against Chrome’s FLoC, Mozilla this week told Digiday that it too would oppose the fingerprinting technique and won’t be implementing it in Firefox.   “We are currently evaluating many of the privacy preserving advertising proposals, including those put forward by Google, but have no current plans to implement any of them at this time,” a Mozilla spokesperson said.”We don’t buy into the assumption the industry needs billions of data points about people, that are collected and shared without their understanding, to serve relevant advertising,” they added. Pros   Firefox has invested a lot into Enhanced Tracking Prevention    No interest in profiting from online ads   Trusted by 220 million users Cons:  Despite a major overhaul Firefox is still losing users  Mozilla is pushing its read-it-later service Pocket through Firefox 

Is an extension from a privacy search engine the answer?

DuckDuckGo, a privacy-focused search engine, is a vocal supporter of consumer’s privacy rights and in January hit a milestone of reaching 100 million user search queries in a day.DuckDuckGo and the rise of encrypted messaging app Signal, shows there is a growing appetite for privacy-focussed alternatives to tech giants like Facebook and Google. Still, DuckDuckGo’s daily search numbers are minuscule compared to Google’s five billion daily search queries. DuckDuckGo’s Privacy Essentials extension for Chrome, Firefox and Microsoft’s new Edge has been installed by four million Chrome users. Its reputation is built on the idea it does not collect user data but can provide the same search results as those that do collect user data. In a seeming reaction to Google’s unchallenged dominance in search, some browser makers such as the To web-anonymizing project, made DuckDuckGo the default search engine to ship with its Firefox-based browser. DuckDuckGo was founded by entrepreneur Gabriel Weinberg as a self-funded project in 2008. The DuckDuckGo extension was also quick to block Google’s FLoC fingerprinting identifier.  And the company is a founding member of the Global Privacy Control (GPC) standard (which is still being hashed out) as an answer to consumer privacy protections under the California Consumer Protection Act (CCPA) and Europe’s General Data Protection Regulation (GDPR).But it is browser extension and, like all software, there are vulnerabilities that crop up. In March, researchers discovered a cross-site scripting flaw in the DuckDuckGo Privacy Essentials that could allow an attacker to observe all websites that the user is visiting. Fortunately DuckDuckGo fixed the flaw fairly swiftly for both Chrome and Firefox.  ProsSupported on Chrome, Chromium-based browsers and FirefoxDuckDuckGo appears to have a solid commitment to user privacy If you don’t like FLoC, it blocks it automaticallyConsIt’s a software extension and that creates another avenue for security flaws to creep in 

The wild card for online privacy

Microsoft Edge, being based on Google’s Chromium project, is now available for Windows 10, macOS and  Linux. Microsoft was rated the worst browser for privacy by Professor Leith because of how often it sent identifiers, including IP address and location data to Microsoft servers — even worse than Google Chrome. Microsoft told ZDNet it was just diagnostic data that can be easily disassociated from the device ID. Microsoft confessed its collection does include information about websites visited but said this information is not used to track users browsing history or URLs specifically tied to the user. Windows 10 telemetry data collection shows Microsoft can be clumsy on privacy despite Microsoft president Brad Smith’s principled statements on the use of facial recognition in public arenas. Microsoft also has an interesting take on Google’s FLoC. A Microsoft spokesperson told ZDNet it does not support fingerprinting because users can’t consent to it. It is however developing its own alternative to FLoC called PARAKEET, which has similar goals to FLoC, like retargeting browsers over time.”Like Google, we support solutions that give users clear consent, and do not bypass consumer choice. That’s also why we do not support solutions that leverage non-consented user identity signals, such as fingerprinting. The industry is on a journey and there will be browser-based proposals that do not need individual user ids and ID-based proposals that are based on consent and first party relationships. We will continue to explore these approaches with the community. Recently, for example, we were pleased to introduce one possible approach, as described in our PARAKEET proposal. This proposal is not the final iteration but is an evolving document,” Microsoft said.Microsoft PARAKEET proposal says it supports an “ad-funded web because we don’t want to see a day where all quality content has moved behind paywalls, accessible to only those with the financial means.”While Microsoft’s Bing search engine may not be widely-used, it does own LinkedIn and that brand’s online ad division brought in $2.58 billion in revenue in quarter ending December 2020 quarter, up 23% year on year, making up about 5% of Microsoft’s total $43.1 billion in revenue for that quarter. Microsoft has never claimed to be a guardian of end-user privacy but it does at least provide a support page explaining what data Edge collects and why Microsoft collects it. Pros   It’s not Google Chrome    Edge is gaining new features rapidly Cons  It has a burgeoning online advertising business  Microsoft’s position on FLoC is ambiguous 

Are there other browsers worth considering?

Another great choice for improving your privacy on the web is the Tor browser, which is based on Mozilla’s Firefox Extended Support Release (ESR). It’s been tweaked to help users use the Tor anonymizing network — a collection of distributed nodes versus a more centralized design like a VPN service. The Tor browser’s default search engine is DuckDuckGo.While it isn’t a mainstream browser choice, the Tor browser is a well-regarded browser for people who don’t want to be tracked across the web and it gets updated on a monthly basis by the Tor Project. However, page loads in the Tor browser can be slower and some sites might not work due to the architecture of the Tor network. Using the Tor browser for Google Search, for example, might require going through additional CAPTCHA challenges to prove you’re not a bot. Page loads are also noticeably slower on streaming services like Netflix. Nonetheless, the Tor browser is worthy addition for people who use multiple browsers to get life done on the web.   

Does using a private browsing window hide my IP address?

If you’re using Chrome, an Incognito Window doesn’t hide your IP address. It simply doesn’t store your browser history, information you’ve entered into forms, or what permissions you’ve given to sites you’ve visited. Microsoft Edge, Firefox, and Opera all use a similar form of “anonymous” web window for browsing, but they aren’t truly hiding your online identity. If you want to block your IP address from being viewed or tracked, you can download a VPN, which masks your IP address so your service provider (or anyone else, for that matter) can’t see what you’re doing.

What is the Tor browser?

Tor is a non-profit organization that researches online privacy. Their proprietary web browser “hides” a user’s IP address and activity by relaying it through an in-house network of servers run by volunteers. By bouncing your information around so much, it makes things exceptionally difficult to track, which is great if you don’t want your ISP or anyone else spying on your online activity. The Tor browser has seen its fair share of controversy, since it’s a popular choice for accessing the deep web: a collection of websites and pages that are inaccessible through traditional means, like search engines. While accessing deep web sites is not in itself a crime, there are quite a few places (like the now defunct Silkroad) that conduct highly illegal activity such as trafficking drugs. But don’t let that dissuade you from using the Tor browser itself, or other privacy-focused browsers that use Tor like Brave. Just because some people misuse the technology, that doesn’t mean it’s a bad browser.

What is the most common personal web security vulnerability?

Honestly? Putting your personal or contact information in your social media. If you have your full name, phone number, address, or place of work anywhere on your social media, someone can use it to wreak havoc on your personal accounts. To prevent this, avoid using your real name online where possible, turn off location tracking, and don’t post about your place of work if you can help it. All it takes is a single piece of personal information for someone with very bad intentions to get ahold of your entire online presence. Those innocent-looking name generator memes are another big issue; the ones that have you type out your first pet’s name and your childhood street name (or something similar) to make up a gnome (or whatever) name. These are answers to common password recovery questions, so by letting the world know that your Christmas elf name is Fluffy Elm Street, you could be handing over all of your personal accounts to internet criminals. 

ZDNet Recommends More

Image: Getty Images
SpaceX confirmed on Tuesday that up to 40 of the 49 Starlink low-earth orbit satellites launched last Thursday were “significantly impacted” by a geomagnetic storm on Friday.

“These storms cause the atmosphere to warm and atmospheric density at our low deployment altitudes to increase,” SpaceX explained in an update.”In fact, onboard GPS suggests the escalation speed and severity of the storm caused atmospheric drag to increase up to 50% higher than during previous launches.”In response to the storm, the Starlink team commanded the satellites into a safe mode to “take cover from the storm” so the satellites would “fly edge-on like a sheet of paper to minimise drag”, the company said.However, according to the company: “preliminary analysis show the increased drag at the low altitudes prevented the satellites from leaving safe-mode to begin orbit raising maneuvers, and up to 40 of the satellites will re-enter or already have re-entered the Earth’s atmosphere.”SpaceX assured that deorbiting satellites “pose zero collision risk with other satellites” or when it re-enters the Earth’s atmosphere. “By design [the satellites] demise upon atmospheric re-entry — meaning no orbital debris is created and no satellite parts hit the ground,” the company said.RELATED COVERAGE More

To find the best VPN service for your personal or business needs, you’ll need to compare brands, prices, features, and more. But first, you need to understand how a VPN accomplishes its primary mission: Keeping you safe and protecting your privacy online.

Fundamentally, most VPNs (virtual private networks) provide two services: They encrypt your data between two points and they hide the IP address (from which a general location can be derived) where you’re located. For those traveling or out and about, the first function is critical because most Wi-Fi available publicly is unencrypted — so anyone on the network can see what you were sending.  But VPNs also serve to hide your IP address, replacing the address logged on servers with one in a completely different location — even a different country. For those worrying about stalking or other threats, this feature could save lives. Most consumers, though, find streaming VPN features compelling because — in some cases, and with dubious legality — it allows them to spoof their region of origin to get access to streaming media and sports blacked out from their home locale. There is no doubt that you should use a VPN service provider when you’re using public Wi-Fi when away from home. But what about when you’re at home? Should you use a VPN then? My general advice is that using a VPN is not critical for most people at home, since your ISP rarely wants to look at your traffic. But if you live in an apartment with a bunch of curious roommates all sharing one router, a VPN might prove valuable. If you’re connecting to work and want to make sure you’re taking all the precautions you can (and if your employer hasn’t given you a corporate VPN to use) a VPN service would be useful. If you’re connecting to websites that log connection information and you don’t want to leave tracks where you are (especially where your home is), you might want to use a VPN. You get the idea: If you want extra protection and safety at home, then a VPN isn’t a bad idea. In this article, we look at a bunch of our top VPN solutions. We’ll cover many of the best VPN service providers, how to access the native VPNs built into your desktop machine, and even how to use your NAS as a VPN client and host. If you’re curious about VPNs, you can learn a lot more in our massive VPN FAQ.

Four tips to help you evaluate

1. Pay attention to trial period times and use them: Every VPN performs differently, and every user experience is going to be different still. Your ISP will offer different speeds than mine. Your favorite coffee shop has a different network connection than mine. You’re even likely to be connecting to different countries and definitely different sites. Before committing to a VPN provider, test candidates thoroughly in your real-world environment. That’s what the trial times and money-back guarantees are for.2. Avoid free VPN providers: Running a VPN is expensive and if the VPN provider doesn’t make money from your service fees, they’re going to make money from your data — sometimes even stealing your personal information and selling it. Stick with the proven commercial vendors we’ve tested.3. Don’t worry about country of jurisdiction, unless: There are generally two classes of VPN users, those who need to protect their coffee shop surfing and those counting on a VPN to protect their lives. VPN often provides a level of security theatre where folks get bent out of shape if a country has any form of data jurisdiction. But as I showed in this article, many countries outside of the so-called Five Eyes are Mutual Legal Assistance Treaties signatories and will share data with the US and other countries anyway. If you’re using a VPN to protect your life, research this a lot more than reading a review article.4. Finally, don’t sweat warrant canaries and no log policies: Most of you are going to use a VPN to protect your data stream from being hijacked by someone sharing your network. All of these big legal and jurisdictional issues get in the way of the simple fact that you want fast transfers and an encrypted tunnel from your spot in the airport to the website you’re trying to access.And with that, let’s dig into what makes the best VPNs tick and answer some more of your questions at the end of this article, so read on. But first, our picks for the best VPNs of 2022.

Which are the best VPN providers?

If you’re curious about how VPNs work or what a VPN provider can do for you, here’s a great VPN overview article. Now that you understand how a VPN service can help keep you safe, let’s kick it off with our list of recommended service providers.

A top-rated VPN provider

(Image: ExpressVPN)

Simultaneous Connections: 5 or unlimited with the router appKill Switch: YesPlatforms: A whole lot (see the full list here)Logging: No browsing logs, some connection logsCountries: 94Locations: 160Trial/MBG: 30 daysExpressVPN is one of the most popular VPN providers out there, offering a wide range of platforms and protocols. Platforms include Windows, Mac, Linux, routers, iOS, Android, Chromebook, Kindle Fire, and even the Nook device. There are also browser extensions for Chrome and Firefox. Plus, ExpressVPN works with PlayStation, Apple TV, Xbox, Amazon Fire TV, and the Nintendo Switch. There’s even a manual setup option for Chromecast, Roku, and Nvidia Switch.Must read:With 160 server locations in 94 countries, ExpressVPN has a considerable VPN network across the internet. In CNET’s review of the service, staff writer Rae Hodge reported that ExpressVPN lost less than 2% of performance with the VPN enabled and using the OpenVPN protocol vs. a direct connection.While the company does not log browsing history or traffic destinations, it does log dates connected to the VPN service, amount transferred, and VPN server location. We do want to give ExpressVPN kudos for making this information very clear and easily accessible.Exclusive offer: Get 3 extra months free.

Leak-free and unlimited connections

Simultaneous Connections: UnlimitedKill Switch: YesPlatforms: Windows, Mac, Linux, iOS, Android, Fire TV, Firefox, ChromeLogging: None, except billing dataTrial/MBG: 30 dayAt two bucks a month for a two-year plan (billed in one chunk), Surfshark offers a good price for a solid offering. In CNET’s testing, no leaks were found (and given that much bigger names leaked connection information, that’s a big win). The company seems to have a very strong security focus, offering AES-256-GCM, RSA-2048, and Perfect Forward Secrecy encryption. To prevent WebRTC leaks, Surfshark offers a special purpose browser plugin designed specifically to combat those leaks.Must read:Surfshark’s performance was higher than NordVPN and Norton Secure VPN, but lower than ExpressVPN and IPVanish. That said, Surfshark also offers a multihop option that allows you to route connections through two VPN servers across the Surfshark private network. We also like that the company offers some inexpensive add-on features, including ad-blocking, anti-tracking, access to a non-logging search engine, and a tool that tracks your email address against data breach lists.

Interesting options to enhance VPN safety and protection

Simultaneous Connections: 6Kill Switch: YesPlatforms: Windows, Mac, iOS, Android, Linux, Android TV, Chrome, FirefoxLogging: None, except billing dataCountries: 59Servers: 5517Trial/MBG: 30 dayAlso: How does NordVPN work? Plus how to set it up and use itNordVPN is one of the most popular consumer VPNs out there. Last year, Nord announced that it had been breached. Unfortunately, the breach had been active for more than 18 months. While there were failures at every level, NordVPN has taken substantial efforts to remedy the breach.Also: My in-depth review of NordVPNIn our review, we liked that it offered capabilities beyond basic VPN, including support of P2P sharing, a service it calls Double VPN that does a second layer of encryption, Onion over VPN which allows for TOR capabilities over its VPN, and even a dedicated IP if you’re trying to run a VPN that also doubles as a server. It supports all the usual platforms and a bunch of home network platforms as well. The company also offers NordVPN Teams, which provides centralized management and billing for a mobile workforce.Also: My interview with NordVPN management on how they run their servicePerformance testing was adequate, although ping speeds were slow enough that I wouldn’t want to play a twitch video game over the VPN. To be fair, most VPNs have pretty terrible ping speeds, so this isn’t a weakness unique to Nord. Overall, a solid choice, and with a 30-day money-back guarantee, worth a try.

Deep capabilities hidden in an easy-to-use app

Simultaneous Connections: UnlimitedKill Switch: YesPlatforms: Windows, Mac, iOS, Android, Linux, Chrome, plus routers, Fire Stick, and KodiLogging: None, except billing dataServers: 1,500 Locations: 75Trial/MBG: 30 dayIPVanish is a deep and highly configurable product that presents itself as a click-and-go solution. I think the company is selling itself short doing this. A quick visit to its website shows a relatively generic VPN service, but that’s not the whole truth.Also: My in-depth review of IPVanishIts UI provides a wide range of server selection options, including some great performance graphics. It also has a wide variety of protocols, so no matter what you’re connecting to, you can know what to expect. The company also provides an excellent server list with good current status information. There’s also a raft of configuration options for the app itself.In terms of performance, connection speed was crazy fast. Overall transfer performance was good. However, from a security perspective, it wasn’t able to hide that I was connecting via a VPN — although the data transferred was secure. Overall, a solid product with a good user experience that’s fine for home connections as long as you’re not trying to hide the fact that you’re on a VPN.The company also has a partnership with SugarSync and provides 250GB of encrypted cloud storage with each plan.

Open source with a dedicated focus on security

Simultaneous Connections: Depends on planKill Switch: YesPlatforms: Windows, Mac, iOS, Android, Linux, routersLogging: None, except billing dataCountries: 54Servers: 1,077Trial/MBG: 30 dayWe really like the ProtonVPN story. The company was created by engineers and scientists who met at CERN (the European Center for Nuclear Research — where the Web was invented) with a focus on creating encrypted email and VPN communications with the idea of protecting the communication of activists and journalists. The company is also headquartered in Switzerland, which has very strong privacy laws.In terms of product, ProtonVPN has a belt-and-suspenders approach to security, layering strong protocols on top of perfect forward secrecy, on top of strong encryption. Not only does ProtonVPN have a kill switch, but it also has an always-on VPN, which attempts to restore VPN service if it’s dropped mid-communication. Finally, we like that all apps are open source and the company reports that they are independently audited. Finally, the company offers a very generous free VPN service, allowing one machine to connect at medium speed, but there doesn’t appear to be any limit to the amount of data used in the free plan.

Are there other VPNs worth considering?

Yes. Below is a selection of other well-known VPN services. 

VPN service hosted on its own infrastructure

Simultaneous Connections: 5Kill Switch: YesPlatforms: Windows, Mac, iOS, Android, QNAP, Synology, router, TVLogging: None, except billing dataServers: 700+ on their own infrastructure Locations: 70Trial/MBG: 30 dayGolden Frog, the company behind VyprVPN, claims to be “A company as old as the Internet itself,” yet its own about page says the company was founded in 2009. Apparently, the founders of Golden Frog were founding companies back in the 90s, and they conflated the two facts. I’m always a bit uncomfortable when a security company conflates facts.On the plus side, we like that Golden Frog owns and manages its own infrastructure and does not rely on hosting companies. VPN infrastructure is often a murky thing, with the VPN service providers renting time from available data centers in host countries.The company offers a huge array of client software, including apps for routers and even BlackBerry devices. Apps support key features like a kill switch, a zero-knowledge DNS service, and their own Chameleon VPN protocol for added security. The company’s no-log service was last audited in 2018, so they’re a bit overdue.Golden Frog, also registered in Switzerland, is a standout in their effort to provide privacy and thwart censorship. When China began its program of deep packet VPN inspection, Golden Frog’s VyprVPN service added scrambled OpenVPN packets to keep the traffic flowing.

It’s Norton, a known and trusted brand. What else is there to say?

Simultaneous Connections: Based on planKill Switch: YesPlatforms: Windows, Mac, iOS, AndroidLogging: None, except billing dataCountries: UnspecifiedLocations: UnspecifiedTrial/MBG: 60 dayWe found performance is middle-of-the-road and platforms are limited to Mac, iOS, Windows, and Android. Don’t even think of using it on routers, Linux, or gaming platforms. Pricing is weirdly and unnecessarily tiered. The service raises its price by ten bucks when you jump from 1 device to 5, and another ten bucks when you jump to ten devices. Given the full ten simultaneous device package is a good deal at $59, it’s odd that it’s nickel-and-diming the lower tiers.Also: Norton Secure VPN review: More work is needed for this privacy product to shineWe’re recommending Norton not as much because it’s a great VPN (it’s really kinda meh), but because it’s from a brand we’ve long come to know and trust. The company also offers live 24/7 phone support and has an excellent 60-day money-back guarantee. The company also offers a generous 60-day money-back guarantee, but oddly doesn’t promote it. The only place it’s mentioned is deep inside their refund policy document.

A bundle of safety and security features beyond VPN

Simultaneous Connections: 7Kill Switch: YesPlatforms: All you’d expect and a lot moreLogging: None, except billing dataCountries: 89Servers: 6,381Trial/MBG: 45 daysThe CyberGhost client is more than a VPN connection driver. The company’s offering is a decently complete full security system, including ad-blocking, malicious website blocking, online footprint blocking (blocking cookies from dropping), and forced https redirect.Also: My in-depth review of CyberGhostWith more than 6,000 servers deployed in 89 countries and 112 locations, CyberGhost has a larger number of servers than many of the other VPN providers we surveyed. Performance was adequate. It provided enough bandwidth to stream video and get your job done, but it certainly wasn’t a rocket. Also, if you’re trying to hide the fact that you’re using a VPN, you’ll want to look elsewhere. That said, for a solid overall security package, CyberGhost is a good option.

31-day guarantee because sometimes that extra day matters

Simultaneous Connections: 10Kill Switch: YesPlatforms: Windows, Mac, iOS, Android, Linux, and a lot moreLogging: None, except billing dataCountries: 140Servers: 2,000Trial/MBG: 31 dayMost VPN providers license their international server presence from local providers all over the globe. PureVPN doesn’t. They own their own self-managed network of more than 2,000 servers in 140 countries. This allows the company to support its full range of protocols (OpenVPN, L2TP/IPSec, SSTP, and IKEv2). It also offers PPTP, but it’s so porous, you probably shouldn’t use it.Given the tough times due to the novel coronavirus, PureVPN has sent its support folks home, but they’re up and running providing 24/7 support from the safety of sheltering in place. So even though business isn’t as usual, PureVPN has, like many companies, routed around the problem using internet technology to keep connected. We also like the 31-day money-back guarantee, support for a wide range of devices, including Kodi, Roku, and Boxee boxes. 

A tremendous number of VPN servers

Simultaneous Connections: 10Kill Switch: YesPlatforms: Windows, Mac, iOS, Android, Linux, Chrome, Firefox, OperaLogging: None, except billing dataCountries: 76Servers: 17,605Trial/MBG: 30 dayOne of the more interesting aspects of Private Internet Access is the wealth of payment options the company offers. Sure, you can pay by credit card. But you can also pay with cryptocurrencies including BitcoinCash, Bitcoin, Zcash, Ethereum, and Litecoin. If you’re not all up on the crypto-craze but still don’t want to leave a record of your payment, you can use over 100 brands of gift cards, including those from Best Buy, GameStop, Home Depot, Lowes, Target, and Walmart.The company supports a good range of protocols and you can use it on your customized DD-WRT router. We do like the quick setup, included ad, malware, and tracker blocker, and unlimited bandwidth is always appreciated.

Native VPN support on your desktop

If you’re connecting to a corporate VPN, you may not need to purchase a VPN service. All the major desktop operating systems include VPN capabilities. Here’s how to get started using those.

Native VPN support on Mac

Connect to a corporate VPN with Apple

If you’re connecting to an existing corporate virtual private network, you may not need an additional service. MacOS comes with native VPN support built right in.Apple provides VPN support for High Sierra, Mojave, Catalina, and now Big Sur. Just pop open System Preferences, head over to the Network tab, and either import the configuration file you were provided or hit the plus button and add a VPN interface. Here’s a handy tip sheet from Apple that will walk you through the process.

Native VPN support on Windows 10

Connect to a corporate VPN with Microsoft

If you’re connecting to an established corporate VPN, all you need to do is add a new Windows 10 VPN connection. Point your mouse at the Start menu, hit Settings, then Network & Internet, and then VPN. Make sure you have the connection details provided by work and then click on Add a New VPN Connection. Fill in the form and you’re good to go. Here’s a handy tip sheet from Microsoft.Windows 10 also allows you to host a VPN server by creating a new incoming network connection, choosing the users who can connect, and telling Windows that the incoming connection is across the internet. You’ll also have to configure your router to allow traffic to your computer. PureInfoTech has a helpful guide for setting it all up.

Native VPN support on Chromebook

Connect your laptop with Google

Sadly, this simple solution isn’t built into the standard Chrome browser. If you’re just using the browser on a Mac or Windows machine, you’ll need a different solution. That said, if you’re rocking a Chromebook, all you need to do is open Settings and then Network. Click Add Connection. Then all you need to do is choose between OpenVPN and L2TP over IPSec. Google has a handy cheat sheet right here to guide you through the process. 

Linux with WireGuard

Another reason to love open source

WireGuard is Linux’s new baked-in VPN capability. Its code is relatively simple and small, making it far easier to maintain, test, and debug. Linus Torvalds, Mr. Linux himself, calls WireGuard “a work of art.”Also: Linux’s WireGuard VPN is here and ready to protect youSo what do you need to set up WireGuard? More and more of the VPNs we spotlighted support WireGuard right out of the box. You can download it for Linux. But you can also download a package for Windows, Mac, iOS, Android, and FreeBSD. It’s like most open source products, in that you’ll need to do some reading and thinking to make it work. But it’s free, solid, safe, and, as Linus says, “Can I just once again state my love for it.” 

VPN for your whole home network

Many of the commercial VPN services discussed above offer router-based VPN solutions. Even though I have a pretty powerful router, I prefer to run my VPN on my NAS. Here are two NAS-based VPN solutions that will get you connected securely.

Synology NAS VPN support

Built-in VPN app on the NAS

If you have a NAS like the top-reviewed Synology, you may already have a NAS app you can set up and protect your whole home network. The Synology server has a very capable little VPN built-in, and it’s available free to anyone with the NAS.If you want to go a step further and use some Synology-exclusive VPN services like Synology SSL VPN, clientless WebVPN, and remote desktop, as well as a site-to-site VPN service, you can do so using the Synology router I reviewed last year. That service is called VPN Plus and it normally costs $9.99 per concurrent user. But because of COVID-19, Synology’s offering free VPN Plus between now and September.

A mini-FAQ about VPNs

I answered a bunch of common questions above our big list of the best VPNs for 2022. But here’s a quick lightning round of questions and answers about VPNs, just to round out your knowledge.

Do VPN providers limit usage?

Some do. Check when you sign up. For non-free plans, none of the providers we recommended limit the amount of data you can use. But almost all limit how many devices you can use at once.

What does logging really mean?

Logging is the recording of data about your usage and it occurs everywhere. Every website, at minimum, records an IP address, time, and data accessed so they can track traffic. All VPN providers have to check credentials against recorded personal data to make sure you paid, but a few let you sign up with Bitcoin, allowing you to completely hide your identity. When we say a VPN doesn’t log data, we mean they don’t track what sites you visit and for how long, but they may track how much of their own infrastructure you use.

Is it legal to use a VPN?

Yes, in most countries. Some countries (and you should read my guide for more in-depth info) have made VPN use illegal. And even in countries where it’s legal, it’s likely to be illegal to use a VPN to spoof a streaming service into giving you content that otherwise wouldn’t be accessible. Plus…

Can I use a VPN to get free Netflix or watch a blacked-out sports event?

Sometimes, but it’s likely illegal and probably fattening. There’s an ongoing arms race where the media vendors are getting better at identifying and blocking VPN connections, so each case is different. And that’s all we can say about it, because… illegal.

If I have a VPN to my office, do I need a VPN service?

The VPN to your office will secure your link to your office. If you want to secure your link to anywhere else, you’ll need a VPN service.

Should I use a VPN on my phone or tablet?

If it’s your data and you want it to be secure, yes. The same choices are valid regardless of what kind of device you use to transmit and receive data over the Internet.

What’s this kill switch thing?

So let’s say you’re surfing along and all of a sudden your VPN connection fails. Your phone or computer is likely to immediately try to reconnect and do so directly, without going through a VPN. All of a sudden your data is unprotected. A kill switch is a feature in your device’s VPN app that detects that connection fails and immediately shuts down network access. Like with everything, it’s not a 100% perfect solution, but these days, I wouldn’t recommend using a VPN that doesn’t offer a kill switch.

What do simultaneous connections mean and why should I care?

I’ll give you a personal example. When I travel, I often take my laptop and my tablet. I use the laptop to write and I use the tablet as a second screen to look stuff up. I have two connections I’m using at once and I want my VPN to protect both. If my wife is also doing the same thing, that’s four connections. Add our phones and you have six connections. If we’re using all those devices at once that’s simultaneous connections. The more the better.

Does a VPN slow down your connection?

Let’s be clear: Using a VPN does add a bit of a load on your computer and can often slow down your connection. That’s because your data is encrypted, decrypted, and sent through intermediate servers. Game responsiveness might suffer. If you’re a first-person shooter player, you might have enough lag to lose the shot. That said, both computers and VPNs have gotten much faster. When I first used a VPN, every… thing…slowed… down… to… an… unbearable… c-r-a-w-l. But now, the negative impact is almost unnoticeable, and at least one service we spotlight below (Hotspot Shield) actually increased performance, making it one of the fastest VPNs we’ve seen.Also, most (but not all!) of the VPN providers we spotlight limit the number of devices you can connect simultaneously, so you may have to pick and choose which home devices connect.

What about all those weird protocol words?

If you’ve been shopping for a VPN service, you’ve undoubtedly come across a bunch of names like SSL, OpenVPN, SSTP, L2TP/IPSec, PPP, PPTP, IKEv2/IPSec, SOCKS5, and more. These are all communication protocols. They are, essentially, the name of the method by which your communication is encrypted and packaged for tunneling to the VPN provider. To be honest, while VPN geeks can argue over protocols for hours, you’re probably good enough if you just use the default setup by your provider.

What’s the best free VPN service?

We’re spotlighting paid services in this article, although some of them offer a free tier. I generally don’t recommend free VPN services because I don’t consider them secure. Think about this: Running a good VPN service requires hundreds of servers across the world and a ton of networking resources. It’s boo-coo expensive. If you’re not paying to support that infrastructure, who is? Probably advertisers or data miners. If you use a free service, your data or your eyeballs will probably be sold, and that’s never a good thing. After all, you’re using a VPN so your data remains secure. You wouldn’t want to then have all that data go to some company to sift through — it completely defeats the purpose.Now, before you choose a VPN service, free or paid, I want to make it clear that no one tool can guarantee your privacy. First, anything can be hacked. But more to the point, a VPN protects your data from your computer to the VPN service. It doesn’t protect what you put on servers. It doesn’t protect your data from the VPN provider’s VPN servers to whatever site or cloud-based application you’re using. It doesn’t give you good passwords or multifactor authentication. Privacy and security require you to be diligent throughout your digital journey, and VPNs, while quite helpful, are not a miracle cure.

How did we choose these VPN services?

This list did not involve as much original research and testing as some of my other recommendation lists. That’s because I’ve been writing VPN articles every month or so since early 2017. I have looked at a lot of VPN providers.Also: Fastest VPN: How we rated the top servicesMany of the providers recommended in this list have been subject to in-depth testing and reviews, written either by me or by CNET’s product evaluation team. For those, we have tangible testing numbers. Other VPNs have been ones we’ve been talking about for years, spoken with their management and their users, and have developed a generally positive impression.A few of the VPNs (Hotspot Shield, in particular) had a more rocky road. They had some tough PR at the beginning and made some seemingly ludicrous claims about speed. It wasn’t until I brought them in house and pounded on them for a few weeks that I realized that their claims were justified. Sometimes, products just surprise you.But here’s the thing: All these vendors have solid money-back guarantees and we would not have recommended them otherwise. We do test VPN services from multiple locations, but we can’t test from all locations. Every home, every community, every local ISP, and every nation has a different infrastructure. It’s essential that once you choose, you test for all your likely usage profiles, and only then make the decision to keep the service or request a refund.One thing to consider is whether you’re looking for a solution for working at home vs. traveling. For example, if you travel rarely (even before COVID-19), have strong bandwidth at home, and have a NAS or a server box, you might want to VPN to your home server from your machine’s native client, and then out to the world. If you’re newly home for the duration and your company has a dedicated VPN, you’ll want to use whatever process they’ve set out for you.Must read: But, generally speaking, it doesn’t hurt to have a VPN provider already set up and in your kit bag. Most home-based traffic won’t require VPN usage, but if you’re on any sort of shared connection, having a VPN provider is a good idea. Also, if you ever think you’ll need to access the Internet from out and about — like a hospital or doctor’s office, then having a VPN provider can be a win. Likewise, if you want to obscure where you’re connecting from (this might be more important now that we’re always in the same place all day), a VPN provider might help.Finally, don’t expect miracles. Your home-based pandemic broadband pipes are likely to be more clogged than ever before. Everyone is at home, many people are streaming movies to stay sane, and there are only so many bits that can fit at any given time. If you experience traffic slowdowns, be sure to check not only your VPN, but your Wi-Fi connection between your device and your router, your connection to your broadband provider, and even their connection to upstream providers.That said, we’re all in this together. Hang in there and stay safe. How are you managing your home-based networking? Let us know in the comments below.

You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.

ZDNet Recommends More

The National University of Singapore (NUS) plans to run a two-year trial to tap the use of Internet of Things (IoT) applications, with the aim to better manage its campus. Drones and patrol robots, for instance, may be part of live tests to enhance safety and facilitate quicker response to situations.Local telco StarHub has been roped in to provide its 5G and IoT service offerings, the partners said in a joint statement. StarHub’s 5G standalone services and fully solar-powered outdoor Wi-Fi system already have been deployed within the NUS campus. During the two-year collaboration, they would look to tap the network to improve operational efficiencies in managing outdoor campus facilities management. Both would work to identify gaps and co-develop applications in smart campus facilities management, with live data to be pulled from sensors and consolidated for analysis. 

Potential use cases here could include inspection of building facade, housekeeping and landscape operations, waste management, and security management. Augmented and virtual reality applications also could be used to provide an immersive classroom, tapping the university campus, for sustainability education.Asked to elaborate on trials that had been planned, a spokesperson told ZDNet initial efforts would focus on the use of IoT sensors to more effectively maintain facilities in a large campus environment. Housekeeping, for instance, was labour-intensive and could prove a challenge where resources are limited. To address such challenges, smart sanitary sensors have been installed at NUS U-Town, which will alert facility managers when taps or flushing systems are faulty. This not only reduces the need for regular maintenance and cuts wastage, but also speeds up response and rectification. Ammonia and occupancy sensors also have been deployed to track usage and provide notification when toilets require cleaning.

StarHub’s integrated 5G IoT network enables the university’s facility managers to access the data via a user-friendly dashboard, in real-time, so action can be taken in a timely manner, according to the spokesperson. He noted that some trials already were underway and further use cases to be developed. These included predictive maintenance, cleaning, and security management.Drones and patrol robots, for example, could be tapped to facilitate a safer campus environment with better situational awareness and quicker response time, he said. “Enabled by 5G, mobile cameras installed in these drones and patrol robots could transmit live feed seamlessly to the security command centre, to quickly detect any suspicious objects and activities on campus,” he noted. Through the two-year pilot, NUS hoped to testbed use cases to demonstrate the various benefits as well as feasibility of a wider deployment across its campus. The spokesperson noted that research suggested the time needed to inspect building facade could be slashed by 70% with the use of drone technology, powered by artificial intelligence.NUS’ vice president of campus infrastructure Koh Yan Leng said: “The high-speed connectivity and real-time communications that 5G provides will allow us to redesign our facilities management workflow, enhancing productivity, efficiency and safety, as well as provide targeted responses tailored to different situations.”NUS’ chief IT officer Tan Shui-Min added that NUS aimed to be “a borderless university, where learning and working can take place anywhere, anytime, and through any device”.StarHub’s chief of enterprise business group Charlie Chan said: “Partnering NUS, we are capitalising on 5G to build a smart sensor network and generate new insights, for more agile decision-making and greater workforce productivity.”RELATED COVERAGE More

When choosing a VPN, you’ve got a lot of choices. In our best of guide and speed test guide, we’ve narrowed down the list from the 50+ branded commercial options out there to about 10. But once you narrow the list down even more, how do you choose? In this article, we’ve taken two of our top choices — NordVPN and Surfshark — and compared them. About the Nord/Surfshark mergerIn early February 2022, Nord Security and Surfshark announced they were merging. According to their merger blog post, the companies say they will continue to operate as separate companies, with separate VPN infrastructures. We have no doubt this is true… for now. Merging large infrastructures takes time, and neither player wants to cede performance or position to their competitors due to a botched operational merger.That said, we don’t expect this to be the case in the long term. They’d be foolish not to consolidate infrastructures, teams, and technologies — and these are not foolish players.But for now, you’re still choosing between the various players, and our overview content below remains relevant.And with that, let’s dive in.

Less expensive option

Servers: 3200 Countries: 65Simultaneous connections: unlimitedKill switch: yesLogging: noBest Price: $59.76 for 24 months ($2.49 per month)Trial: 30-day refund guaranteeSupported platforms: iOS, Android, MacOS, Windows, Linux, FireTV

Consistently fast performance

Servers: 5242Countries: 60Simultaneous connections: 6Kill switch: yesLogging: Email address and billing information onlyPrice: $11.95 per monthBest Price: $89 for two years ($3.30/mo)Trial: 30-day refund guaranteeSupported platforms: iOS, Android, MacOS, Windows, Linux, game consoles, smart TVs, mor

Pricing

Surfshark wins

VPN providers are always tinkering with their pricing, so these numbers are bound to change. That said, Surfshark is less expensive. Surfshark’s best deal is what it touts as a $2.49 a month plan (you’ll really be paying $59.76 now for two years of service). Nord is asking for $3.71 (or a wallet hit of $89 on signup for two years of service).Surfshark definitively wins this round by allowing you to run an unlimited number of devices with its Surfshark VPN service, while Nord permits a relatively generous six simultaneous connections which is far less than the unlimited device amount.Both offer a 30-day money-back guarantee.

Speed

NordVPN wins

Image: ZDNet/David Gewirtz

In our fastest VPN guide, we took a look at both our own in-house tests and how the Internet overall rated open VPNs. We compared VPN rankings in speed tests from 10 sites besides ZDNet. Of potentially more interest, we compared the standard deviation of those rankings, which helps us determine whether a given VPN has a consistent ranking all across the internet, or different reviewers got wildly different numbers.As the above slide shows, NordVPN not only had a better aggregate average ranking but a considerably lower standard deviation. This means that pretty much wherever you are, your NordVPN performance should be pretty good. By contrast, how Surfshark will perform is likely to be considerably less predictable.

Platform clients

Tie between NordVPN and Surfshark

Both NordVPN and Surfshark support the big four: iOS, Android, Mac, and Windows. Surfshark also supports Linux, FireTV, Apple TV/iphone, and what it calls “other TVs.” It supports Xbox and Playstation as well as browsers Chrome and Firefox.NordVPN lists Android TV, Linux, and Chrome and Firefox extensions on its download page, but has a support page for installing NordVPN on other platforms, including routers, Raspberry Pi, and NAS boxes including Synology, Western Digital My Cloud, and QNAP.The fact is, both products support a reasonably wide range of devices. If you’re a NAS user, you probably want NordVPN. If you’re a console gamer, you probably want Surfshark. As we always recommend, do your research before buying.

Security profile

Tie between NordVPN and Surfshark

Let’s get this out of the way upfront: If you’re counting on a VPN for your physical freedom or to protect your life, you must do a lot more research than just reading an article like this. With that said, let’s look at the overall profile for these two vendors and their Wi-Fi.NordVPN has gotten a lot of mileage out of its Panamanian corporate registration, claiming that Panama puts its records out of the legal reach of governments and lawyers. I discussed in great depth in my analysis of NordSec that it’s possible that countries with Mutual Legal Assistance Treaties (MLAT) may well be able to pierce the corporate veil.Although I didn’t do as deep an in-depth Surfshark VPN review for security, the company has the same claims and limits as Nord. Surfshark lists its registry in the British Virgin Islands but is a company with developers based in many MLAT countries as well. It boasts a private DNS service among its advanced features so you can be protected even while using public Wi-Fi whether you’re in Australia, Hong Kong, the Netherlands, the USA, or anywhere in between. Surfshark also says it passed the German company Cure53’s security audit and offers uncrackable AES-256 bit encryption alongside its strict no-logs policy, but the German audit was limited to Surfshark’s browser extensions.Both vendors tout a no-logs policy. Both vendors say they don’t capture VPN connection time stamps, used bandwidth, traffic logs, IP addresses, or browsing data. Both offer warrant canaries. Both capture email addresses and billing information. NordVPN does capture your billing address and country. Both NordVPN and Surfshark accept cryptocurrencies. This makes it safer to use apps such as Paypal and use your credit card without having fear of security breaches.

Special features

Tie between NordVPN and Surfshark

Both vendors offer a kill switch, which we consider table stakes in terms of VPN special features. Surfshark offers a multi-hop connection, which is similar to NordVPN’s feature causing your IP address to change twice before reaching the destination vpn server. Both support P2P, allowing you to torrent your favorite Linux distros (and possibly other digital sharing activities of dubious legality, which we categorically do not recommend).NordVPN has a few interesting features not provided by Surfshark. NordVPN also provides Onion Over VPN, which allows you to use both the Onion anonymizer and Nord’s VPN together. NordVPN also allows you to buy a dedicated IP address, which can help if you’re dealing with anonymous servers or gaming connections. NordVPN also offers business plans.Both providers offer malware and adware filtering, although Surfshark’s AdBlock VPN feature appears to be somewhat more comprehensive. Surfshark also offers what it calls Camouflage Mode, which the company says can prevent your local ISP from knowing you’re surfing using a VPN. While NordVPN has a blog post on whitelisting, they don’t appear to have whitelisting as an actual client feature. By contrast, Suftshark uses its split-tunneling feature as a whitelister.Both vendors come to the game with most of the features you’d expect. Nord has a few more business-focused features while Surfshark has some features that may afford a limited degree of additional personal privacy — but this would need in-depth testing to truly validate. As such, we’re calling a tie for special features.

Decision treeSo how do you decide? Here are a few options that may make that decision easier. The fastest VPN: NordVPN, Hotspot Shield, and ExpressVPN compared: We don’t just test VPN provider performance in this in-depth analysis. We go out onto the internet, gather performance data from all across the web, and let you know which provider is the best overall.If price is your top concern, Surfshark will save you about $30 over two years. If predictably fast download performance is key, then NordVPN is more consistently fast in overall performance. If you need a VPN for a NAS appliance, then NordVPN is your choice. If you want a VPN for your Xbox or PlayStation instead of a mobile device or mobile apps, choose Surfshark. If you want a dedicated IP address or more business-oriented features, choose NordVPN. There you go. Surfshark vs. NordVPN. It’s not a super cut-and-dry answer. One isn’t wildly better than the other. But the decision tree above should help you pick the winner given your own needs. How do these choices fit your needs? 

For more about Surfshark VPN, see our video overview:

You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.

ZDNet Recommends More

Telstra enterprise group executive David Burns
Image: Telstra
Telstra and Intellihub have signed a 10-year AU$100 million agreement that will see the latter have its smart meters on the former’s mobile network. The telco said the deal was its largest involving the internet of things. “Using the Cisco Jasper platform, the IoT SIMs will be incorporated into Intellihub’s smart meters to deliver real-time monitoring and insights to help Intellihub and its customers better manage things like energy demand, solar feed-ins, and peaks and troughs,” Telstra Enterprise group executive David Burns said. “Intellihub was founded four years ago and has grown significantly with more than 1 million meters installed and around 1,000 new meters going in every day. Our IoT SIM will be soldered into each device at the point of manufacture.” Telstra added it already has approximately 500,000 Intellihub smart meters on its network, and in total had over five million IoT devices connected, with 1.2 million on its LPWAN network. The telco said it currently has around four million square kilometres of NB-IoT coverage, and three million square kilometres of LTE-M coverage. For its part, Intellihub said the deal would allow for around four million connected devices, and would help it support its 40 electricity retail customers. The meter provider also said it has been selected as a “key metering supplier” for Telstra Energy, and it would be providing its Intelli-M smart meter and Intelli-ConX communications bridge.

“We have more than 1.2 million smart meters under management across Australia and New Zealand, and a significant pipeline over the next decade,” Intellihub CEO Wes Ballantine said. Speaking in November, Telstra Energy chief Ben Burge said the telco would be taking a measured approach to entering energy market this year. Having gained authorisation to operate in New South Wales, Queensland, and South Australia, Telstra will begin signing up some of its employees as customers on a test basis, before the public can sign up by the end of this fiscal year. Burge said the telco had previously used its standby power assets in its telecommunication infrastructure to stabilise the grid and address market shortages. Elsewhere on Monday, TPG Telecom has signed an agreement with Nokia to deploy private 4G and 5G mobile networks for the mining sector. “As our industries adopt transformative technologies like automation and virtualisation, it’s essential to have smart, fast, sustainable and resilient private network solutions supporting their operations,” Nokia Oceania head Anna Perrin said. Related Coverage More

This week Juniper Networks announced its new Secure Edge product, which is a cloud-based firewall-as-a-service (FWaaS) solution. The new product will be part of its secure-access service edge (SASE) portfolio, which currently includes application control, anti-malware, identity and access control, intrusion prevention, threat intelligence, zero trust, and secure web access. All the features available in Juniper’s on-premises SRX next-generation firewall (NGFW) are now available from the cloud. Historically, SASE deployments had been tied to SD-WAN because customers required a different security model to protect a wide-area network that utilizes internet transport instead of private IP services, such as MPLS. SD-WAN deployments stalled when people were sent to work from home as companies started to rethink branch-office connectivity. Also: How Juniper is using AI in SD-WAN to differentiate itselfSASE enables businesses to give home workers business-grade security 

ZDNet Recommends

This is when SASE purchasing shifted from secondary to primary. Securing home workers is a non-trivial, expensive task with traditional security devices. Businesses would need to connect workers to a corporate location via a VPN, aggregate the connection and secure them through a next-generation firewall, and then workers would connect to the internet through a single connection. Most home workers use cloud apps, obviating the need to connect to a company location. Ideally, users would directly connect to the cloud services, but this creates a security nightmare. One solution would be to give every worker a business-grade security device, but this is prohibitively expensive and creates a management nightmare because keeping hardware, software, firmware, and configurations up to date are difficult — if not impossible — on a user-by-user basis. Juniper’s unique differentiator here is its unified policy management via its Security Director Cloud portal. There are many SASE vendors today, most of whom are cloud-only. While that model is ideally suited for remote work, it’s not in line with hybrid work. The world has been in an almost 100% work-from-home model for the better part of two years, but people will eventually come back to the office — not 100%, but part of the time. My research shows that 51% of employees plan to work at home 2 to 3 days a week in perpetuity, which means 2 to 3 days a week in the office.Hybrid is the way forward for security This means traditional, on-premises firewalls, intrusion prevention systems, and similar tools will still be in place. Managing the remote workers using SASE and company locations via a different model is problematic because policies need to be kept in sync. Some of the SASE pure plays, such as Cato Networks, pitch a vision where all locations everywhere will be secured via SASE, but that’s just not true.

Almost every technology transition shifts to a hybrid model. Think virtualization — there are still many physical servers being used. The world isn’t 100% VoIP, nor is it all wireless. Hybrid always winds up being the way for all technology. With security, once a location has more than a few hundred users, it makes no sense to secure it via the cloud because the amount of data generated to inspect the traffic cloud is more than user-generated traffic. For these large locations, on-premises systems will still be used. Also: How Intermedia became a viable contender in cloud communicationsUnified management is a key differentiator Juniper’s Security Director Cloud is a single pane of glass for unified policy management across the SRX firewalls and SASE cloud. This isn’t just for firewalls because the policies extend to all the SRX capabilities. Current Juniper customers would benefit most because they could apply the existing policies to SASE-delivered services upon deployment of the service, possibly saving months of time. The hybrid nature of the service also lets customers migrate at a pace with which they are comfortable. The Juniper Security Director platform offers customers dynamic zero trust to adopt policies based on user behavior. For example, a worker could be accessing a new service that is exhibiting suspicious behavior. Juniper’s system would automatically update the policies to protect the company. This can be particularly useful in a hybrid work environment where users may be purchasing their own services to store documents remotely, collaborate with others, or do another task. Shadow IT is one of the most challenging trends facing security professionals because it’s a big blind spot as users connect to cloud services directly. Connecting workers to a SASE node shines a light on that blind spot, and then dynamic segmentation automatically sets the policies without IT intervention. 

Enterprise Software More

There are many words used to describe Web3, the latest iteration of the World Wide Web: decentralized, verifiable, trustless, permissionless. Now, you can add “human” to the list…specifically “.hmn”.

ZDNet Recommends

On Tuesday, Butterfly Protocol, a decentralized autonomous organization, or DAO, and Cortex Application announced that they’re launching new .hmn top-level domains (TLDs) on the Polygon protocol — free to the public — making Web3 available to everyone. Butterfly Protocol will be giving away the .hmn domains indefinitely and can be claimed on its website.According to Cortex App’s press release, the .hmn domains are full NFT domains that cross-chain with lifetime ownership, intended to be given away to any person who wants one. The .hmn domains resolve across Ethereum, Polygon, and the current web (or legacy DNS) using name.hmn.link. The .hmn domain also bridges to other crypto projects such as the Ethereum Name Service (ENS), with name.hmn.eth. ENS is an open, public, decentralized identity protocol that runs on the Ethereum blockchain. In the spirit of Web3 as a decentralized form of the internet, not controlled by a centralized cabal of corporate players, the .hmn domains never expire and don’t require renewal fees, enabling the user to truly own their domain, unlike other TLD offerings. What’s more, the .hmn domains allow for a single identity that works with next-generation projects such as the newly-launched Cortex App, alongside existing browsers and crypto wallets, Cortex said.Also: What is Web3? Everything you need to know about the decentralized future of the internetAs metaverses start popping up and coalescing in the digital universe, domain NFTs are needed because they represent a user’s Web3 identity and online “home.” To improve user experience, the .hmn domains are free of charge and last forever, according to Cortex. “All of your activity, from published content to collaborative documents, will be tied to it, and that opens the door to making efficient use of decentralized, person-centric data,” said Leonard Kish, CEO and co-founder of the Cortex app. “A domain is an identity, but also an address for your digital home on Web3. We can now provide all that at near-zero cost,” he said in the announcement.Cortex said that its app is being constructed with domains as a core component and gateway to a crypto-enabled, human-centric data infrastructure and will allow users to build on a complete Web3 stack where wallet addresses and URLs are synonymous. So, each page will have a human-readable crypto address, just like current URLs, but can also store tokens belonging to the person who owns it. “While regular DNS points to a server, a .hmn domain points to a human. So we need these to reach across protocols, just like humans do,” said Cortex chief technology officer and co-founder Josh Robinson. More