Archive for the ‘VPN’ Category

Monday, November 9th, 2015

“Why Should I Worry About Internet Surveillance if I Have Nothing to Hide?”

For most of us, our home is the essence of sanctuary – a safe place where we are comfortable to do what we want to do because there is no one around to watch or judge us. Now imagine your same home, this time surrounded by glass walls where anyone that passes by are free to gaze in and gawp at the insides. Do you think you could enjoy the same freedom and go about performing your daily routines as you normally would?


Probably not. The thought of someone observing your every move, as innocent as you may be, brings about fear and discomfort, which will then lead you to restrict your freedom to do the things you love, even in your own home! Wouldn’t you want to have some form of protection from the roving eyes of outside surveillance?


Likewise, the current state of Internet privacy is akin to living in a house surrounded by glass walls. Albeit some individuals may be perfectly comfortable with the notion of a glass home, most of us would most likely be extremely uncomfortable at the idea. Yes, we have heard the news headlines time and time again; “Government Uses Surveillance Spyware to Monitor Citizens”, “Your Internet Activities Retained By the Authorities” and the likes of them.


Sure, some online users may argue that they have no problem with the authorities observing their internet activity because they have not done anything wrong. In fact, according to a poll by Pew Research Center, most Americans are still indifferent to the idea of the National Security Agency (NSA) monitoring their phone calls or internet activity. Shockingly, the majority of Americans (56%) approve of NSA tracking their phone records, and 45% do not care if the NSA monitors everyone’s internet activity in the name of anti-terrorism efforts.

is it ok for NSA to track2is it ok for NSA to track

Source: Pew Research Center

Going back to the question; “Why should I worry about Internet surveillance if I have nothing to hide?” Internet privacy is not only restricted to your online searches, but also extends to other forms of online activities including social media, bank transactions and job applications. Personal pictures, bank account numbers and employment history –information like this should be private to you and the people you choose, but you never know who else is watching and how your information will be used if they fall into the wrong hands.


Source: Shapeshed

As technologies are increasingly advancing, the Internet has turned into a living, breathing vehicle of data transport. Websites, digital devices, security cameras and almost anything connected to the Internet are constantly collecting and feeding masses of our personal data to be transformed into our digital identities, linked to unseen records. On the Government level, these records could be used to classify individuals for criminal investigations, restrict travel privileges, or deny financial benefits. On the private sector level, our digital records would affect factors such as our eligibility for loans, healthcare benefits, or infringement of copyright. The prospect of our digital identities possessing more prominence than our true identities is formidable if there were any misrepresentations in our records.


Source: Monash

Then there is the issue of freedom (or lack thereof?) of speech. Increased surveillance capabilities have made it easier for the government to identify reporters’ sources and limiting media groups’ ability to gather the information they need to report (shout-out to the notorious ban on the Sarawak Report site). Political and civil groups, or even us everyday Internet netizens are increasingly hesitant to voice our opinions online. We have probably been warned to refrain from having political discussions on public platforms with cautionary tales of bloggers arrested for violating the country’s Sedition Act.


Hence, this is why it is essential for users to take appropriate measures to protect our Internet privacy. One way is through the use of a Virtual Private Network (VPN). VPNs, such as BolehVPN allows users to hide their true Internet IP address, hence providing a strong layer of identity protection. The setup establishes a secure encrypted connection from a user’s computer all the way to the VPN’s servers, which then creates connections on your behalf. With this setup, those “watchful eyes” on the Internet can only trace your online activities up to the point of the VPN’s servers, allowing you to remain anonymous, hence protecting your identity.


Don’t we all have information that we would rather keep private? Would we still want to live in a glass home when there are curtains to enjoy? Do we really believe we have ‘nothing to hide’? Now that we have an option to secure our Internet privacy, it is up to us to take the necessary actions to safeguard and protect it.


“I hear it said that people who have nothing to hide need not fear this strangulating technology of surveillance. And where are they, these people with nothing to hide?” – Russell Baker in The New York Times (1988).




[1] Huffington Post

[2] Pew Research Center

[3] The Atlantic

[4] Pacific Standard Magazine

Friday, November 6th, 2015

Tor Messenger – the Latest App for Private, Encrypted Messaging


Source: Hackread

On 29th October 2015, Tor Project, a research-education non-profit organization, launched its first public beta version of Tor Messenger. The Tor Messenger is the first ever instant messaging tool by the organization, and is designed to be both simplistic but private by default. Here is what we know about the new Tor Messenger:

  • If you are looking for an instant messaging tool designed with privacy in mind, Tor Messenger will not only help to encrypt communications, but also routes users through the Tor network, made up of different “hops” or relays, to hide any original IP addresses.
  • It integrates the “off the record (OTC)” protocol to encrypt your messages and routes them over Tor just like the Tor Browser does for web data.
  • Logging is disabled by default too, so there should not be a record of private conversations and logging of chats using the messenger.
  • The Tor Messenger application can be installed on all operating systems (eg: linux, Windows, OS X). A great feature of the messenger is that it imports your contacts from the services you use, so you do not have to re-add your friends again upon installing it on a Linux, a Mac or a Windows computer.
  • The chat tool provides support to many renowned chat protocols, which include Google Talk, Twitter, Yahoo, Facebook and any XMPP account (XMPP, formerly known as Jabber, has become a favourite chat protocol these days)


Quick guide to download & use Tor Messenger

  • Register an account on your chosen server. Search Google for the server name of your choice and its registration. This XMPP website does provide ratings on the level of server securities by checking the connections between servers and PCs if there are any weak or broken encryption mechanisms in use. It is best to use servers with ‘A’ ratings.
  • Sign up using a username and a secure password. (Read our ‘7 Easy Tips to Avoid Getting Hacked’ blog post on how to secure your passwords).
  • Download Tor Messenger and verify it. According to the Tor website serving the download (updated as of 6th November 2015), you can download the Tor Messenger for your operating systems here: Linux (32-bit), Linux (64-bit), Windows, and OS X.
  • Once your Tor Messenger is up and running, you will be asked to add an account. If you are using Jabber, select XMPP. Fill in your username, chosen domain, password and click through. For Google account users, use your credentials that you have registered with. Any Google users who have opted for two-factor authentications on their accounts can follow this support guide to learn the process of authorising specific apps and Google will send you a one-time password to login.
  • Once all that is done, hooray! You should now be online. Invite your friends to sign up so you guys can start chatting. After initiating a conversation, click the padlock toggle on the Tor Messenger to send a request for a private chat. Your next step would be to verify your contact which can be done either by: a private question only answerable by your contact, a shared secret, or cryptographically-generated ‘fingerprints’ which are unique identifiers for the encryption keys you are using.

verify tor

Source: Forbes

  • If you would like an extra layer of security and decide to use the Tor Messenger through our BolehVPN servers to get double encryption, this has great advantages, such as being able to hide your use of Tor from your Internet service provider. Choosing to route Tor Messenger through our BolehVPN servers will also avoid corrupted Tor nodes as it will only see the IP address of our VPN and not your personal one.
  • Our BolehVPN servers routes your traffic through Tor net using random Tor nodes to provide optimal security. So the encrypted channel would be: You > BolehVPN’s servers > Tor’s servers. To do this, just set it to use a manual proxy and configure it as follows:

    Type: Socks5


    Port: 1080

Tor Messenger screengrab

  • You should now be able to successfully chat securely and privately with the Tor Messenger’s encrypted messaging through our BolehVPN servers.

Please note that this release is for users who would like to help us with testing the product but at the same time who also understand the risks involved in using beta software. As such, don’t rely on this product for strong anonymity just yet.” – Sukhbir Singh, one of the Tor Messenger developers.

Bear in mind Tor’s app is still in beta and therefore might not be as stable or as secure as one would hope. Hence, its developers are welcoming early users to pore over any software bugs to improve the messenger before its finalisation. After some auditing and bug fixes, the program is believed to become a highly powerful and popular tool for instant and surveillance-resistant communications.



[1] Tor Project Blog

[2] BBC News

[3] Engadget

[4] Wired

[5] Forbes

Friday, October 30th, 2015

Has the E.U. Killed Net Neutrality in Europe?

Although fast lanes and zero ratings have been outlawed by the U.S. Federal Communications Commission (FCC) in the net neutrality order passed earlier this year, Europe however has ideas of their own on what constitutes as ‘net neutrality’.

In a European Union parliamentary voting this past Tuesday, the good news is that the E.U. has passed legislations to ‘protect net neutrality’. The bad news? These so-called ‘net neutrality’ regulations are brimming with major loopholes. The new legislation passed by the E.U. allows the creation of internet fast lanes for ‘specialized services’ and permits Internet service providers (ISPs) to offer zero-rating products, the very preferential treatment that net neutrality is supposed to restrict.


Net neutrality, fast lanes & zero ratings

Imagine this scenario: you are eager to log onto your favourite website or play your video game or movie, when suddenly you find that your access has been blocked unless you paid extra! This horror story could well be a reality if it were not for regulations of net neutrality in place governing the freedom of neutral access to the internet.

send us more $

Source: Mike Thompson

Net neutrality is about the idea of fairness. Net neutrality holds that ISPs should treat all data that travels over their networks fairly, without improper discrimination in favour of particular apps, sites or services. This means that ISPs are banned from blocking lawful content, applications, services or non-harmful devices. The basis of net neutrality bills are an attempt to make sure there is no prioritization of some web traffic over others.

Internet fast lanes and slow lanes are the two-tiered classes of the Internet. Fast lanes give the power to ISPs to decide who gets good access to the Internet, or who would be left hanging over painfully-long buffering videos. Fast lanes tend to favour big providers like Google, Apple, and Netflix over smaller competitors. Big firms who are able to pay for faster access will reap the benefits of getting their content delivered promptly. Small businesses that are unable to pay will be shut out of the market.

paid special access

Source: Steve Sack

Zero rating, on the other hand, is the practice of allowing zero-rating products such as apps and services that will not count towards monthly data allowances. This will allow ISPs to favour certain services in commercial deals and provide web access for free to users for certain services (e.g. Facebook, Twitter, WhatsApp and Wikipedia). In fact, a few countries such as Japan, Norway, Chile, Estonia and others have banned this anti-competitive practice as this policy hinders openness and competition, but rather gives large companies whose data services are zero-rated an unfair advantage over others.


Source: Whoishostingthis

With the newly adopted E.U. legislations, it will authorise ISPs to speed up or throttle the speed of traffic which will be given priority based on what sort of data is being sent according to its claimed Quality of Service (QoS) requirements. For instance, making video calls may be optimized because it demands fast connections and considered more important than email traffic, which may be allowed to lag.

Concerns have been raised relating to the potential decrease in speeds of encrypted internet traffic because ISPs would not be able to ascertain the type of data contained in them. Activists claim that if ISPs are unable to classify encrypted data, they will just slow it down by default. Many ISPs lump all encrypted services together in a single class, and throttle that class. That could have serious implications for consumer privacy at a time of heightened concerns over government surveillance.

“All the amendments have been rejected, the text as it is has been preserved. That means it is very weak, it lacks definition of net neutrality – it doesn’t even have ‘net neutrality’ in the text, so how can it protect it? In the big picture, this does not ensure net neutrality” – spokesperson of La Quadrature du Net, Internet rights campaign group.

However, not all hope is lost for net neutrality advocates. Since the legislation has been approved by the European Parliament, the Body of European Regulators (BEREC) now has nine months to pass on guidelines to each member nation. Both parties interpretation will determine to which extent the freedom of the internet user is protected under these new E.U. regulations. Rejo Zenger, Dutch advocate of Bits of Freedom which focuses on privacy and communications freedom in the digital age, still believes there is time to convince the European Commission to close these loopholes that are still present.



[1] Fortune

[2] Wired

[3] The Verge

[4] The Verge

[5] SC Magazine

Monday, October 26th, 2015

7 Easy Tips to Avoid Getting Hacked

Cyber-crime, cyber-attacks, computer crime, hacking; call it what you might but the essence of it is still the same.

“Cyber-crime means any criminal or other offence that is facilitated by or involves the use of electronic communications or information systems, including any device or the Internet or any one or more of them.”Electronic Communications and Transactions Amendment Bill, 2012

Here are simple suggestions, which may be common sense, but are still useful all the same to help mitigate the risk of yourself and your data being hacked:

1)  Avoid bad links. Before you click on a link, be sure to figure out the real destination before you click it. The simplest way would be to hover your mouse cursor on the link without clicking it and examine the address. Another way would be to copy and paste the link address into a new browser to see what site URL appears before you enter. If the link is shortened, you can use tools such as URL X-ray that check where exactly the link is taking you before you click it.


2) Don’t visit questionable websites. Mysterious websites may be unsecure or infected with malware. Encrypted sites are the safest ones to surf on. A website is secure if it displays a lock icon on your browser, otherwise known as HTTPS (the “s” stands for “secure”). The HTTPS (as opposed to “http” or “www”) indicates that the site offers encryption on any data that passes from your device to the internet server, meaning any hackers can’t decipher your private information. Alternatively, you can install the HTTPS Everywhere browser extension, which is an add-on extension produced by The Tor Project and the Electronic Frontier Foundation (EFF) that ensures to use data encryption on any site you visit that offers it. This extension for Chrome, Firefox and Opera is downloadable for free from the Electronic Frontier Foundation.


3) Don’t fall for phishing scams. Another reason to avoid those questionable websites is because they often masquerade as a popular site you may know and trust to trick you into a phishing scam. Phishing is an email fraud in which the perpetrator sends victims seemingly innocuous emails that will lead victims to fake websites in an attempt to gather personal and financial information from recipients. Victims fall prey to phishing scams by updating their information from fake emails mimicking your bank, email provider or social media sites. Be sure to check the email address to see if they match with the website you think it is from. Emails or messages with threats to “shut down your account” are highly questionable and more often than not phony. As an extra precaution, you can check the IP address of the sender by finding the source information from the email and looking for the IP address that follows the line “Received: from”.  Next, Google the IP address to trace the email’s source. To learn more in-depth on how to track IP addresses for your Gmail, Yahoo and Outlook, click here.


4) Use different & smarter passwords. It is a good practice to change all your passwords regularly and most importantly to not use the same passwords across various accounts. Having one password for everything is equivalent to having one master key for your home, car, computer and office, allowing for universal access to your communication, finances and health information. Make your password hard to crack. A strong password would preferably include uppercase, lowercase, numbers, punctuation, and gibberish.

worst-passwords-of-2014 Splash Data

Source: SplashData

Do not make the password a personal reference or something common such as the ones in the list of top popular passwords of 2014 above. Also, avoid writing down your passwords or storing them in a saved file. If you feel you absolutely must save your passwords somewhere, try tools like LastPass or 1Password that securely stores passwords using encryptions.


5) Use two-factor authentications. When you log on to many different computers (especially shared computers) to access your accounts, it leaves you more susceptible to hackers. When large companies become victims of hacking scandals, it is easier for hackers to access your personal accounts and passwords from your personal data. Hence, more services and websites such as Amazon, Facebook, Twitter and Gmail are moving towards two-factor authentications. Two-step verifications will require users to not only enter a password to log-in, but to also confirm entry with another item like a unique one-time code texted to your phone. It is advisable to opt for two-factor authentication for your accounts, if the website offers such a feature for that extra layer of security.


6) Use secure connections. Public Wi-Fi or unsecured Wi-Fi networks are a haven for cyber hackers. Wi-Fi networks are really easy entry points to your computer, accounts and network. If your business premises offers free Wi-Fi to patrons, be sure to password protect it as well as provide it on a separate network from your own office network as it is unadvisable to access highly sensitive data such as financial accounts when using a shared network. If you must use an open public Wi-Fi network, take caution to update your security software installed and ensure that it is activated as your wireless data would be vulnerable to cyber criminals. However, using a Virtual Private Network will help in solving that problem.


7) Subscribe to BolehVPN! VPNs act as an intermediary between your device (be it your mobile, tablet or computer) and the internet server. Using a VPN (such as BolehVPN) will route all your internet activity through a loop of the internet that is encrypted, making it harder for a potential intruder to detect your detailed information or know what you are doing.



[1] The Telegraph

[2] Business Insider

[3] CNN Money

[4] Entrepreneur

[5] CNN Money

Friday, October 23rd, 2015

Cyber-Attacks Increasing – Are You the One in Four Who’s Been Hacked?

With readily available resources all over the internet with hacking “how-to’s” (eg. Gohacking, hacking-tutorial, CATB, and numerous others), it is no wonder that internet hacking is on the rise. In fact, there are numerous hacker conferences and conventions around running such as the Black Hat conference, H.O.P.E. conference, Summercon, ToorCon, and perhaps one of the largest hacker conferences; the DEF CON, held yearly in Las Vegas. These conferences form a platform for open dialogues and a gathering of attendees being between the best minds of the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives on cyber security.

As our Internet grows, the average peak Internet speed worldwide grows comparably as well. But so does the number of cyberattacks. A research by Kaspersky Lab and B2B International showed that in the past 12 months, one in four Internet users had at least one of their online accounts hacked, which generated unauthorized messages being sent out in the user’s name requesting for personal information, passwords and other credentials. Often, these unsolicited messages will also contain malicious links, or lead to the loss or theft of private, personal data. The five most commonly used hacks usually reported were malware, phishing emails that send malicious links, network interruption, spyware that tracks computer activity and denial-of-service (DoS) attacks that flood the bandwidth of a system and overloads its Web traffic.


Chart source: Hackmageddon

The research revealed that the type of accounts targeted by hackers are ones that Internet users utilize routinely to keep in touch with their close friends, family or work as personal data and identities are the primal thirst for hackers. These targeted accounts by hackers which users access on a daily basis include email (11%), social media networks (11%), and online banking or shopping accounts (7%).

However, according to a study by CNNMoney and the Ponemon Institute, a cyber-security research firm, the statistics in the United States alone are even more shocking as roughly half of Americans (47%) have had their personal information exposed, with up to 432 million accounts being hacked. Each record typically includes personal information, such as names, debit/credit card, email, phone number, birthday, password, security questions and physical address.

Cyber-attacks and massive data breaches are growing so numerous that we are beginning to become numb to its news. Statistics of hacker cases remain merely another obscure number to us. Hacking has increased so much that companies are still lagging behind trying to protect themselves, as stated by a PricewaterhouseCoopers’ 2014 U.S. State of Cybercrime survey. Less than half of companies in the PWC Cybercrime survey stated that they had taken any necessary steps to protect themselves, as only 38% prioritized security investments based on the risks to their businesses. Mobile technologies and risks are rapidly increasing, but security efforts are not keeping up, with only 31% of companies having a security strategy for their mobile sector. Security training for new hires was not offered for 54% of the companies in the same survey. Cyber-attacks are an imminent challenge for companies and the common Internet-user alike. Albeit certain sectors such as finance and power systems will be the most susceptible to these attacks, there are noteworthy divides between the prepared and the unprepared.

“Cyber-attacks will become a pillar of warfare and terrorism between now and 2025. So much of a country’s infrastructure-commerce, finance, energy, education, health care-will be online, and gaining control of or disrupting a country’s online systems will become a critical goal in future conflicts.” – Joe Kochan, Chief Operating Officer at US Ignite.

“The Internet of Things is just emerging. In the future, control of physical assets, not just information, will be open to cyber-attack.” – Tim Kambitsch, activist Internet user.

To check if your current online behaviour may lead to vulnerability in account hacking, take this test to see if you are cyber-savvy.



[1] NBC News – Internet Speeds Are Rising Sharply, But So Are Hack Attacks

[2] Kaspersky – Kaspersky Lab Reveals 25% of Internet Users Had an Account Hacked in 2015

[3] U.S. News – Companies Unprepared as Hacking Increases

[4] Pew Research Center – Cyber Attacks Likely to Increase

Join us at :

©  2012 BolehVPN. All rights reserved. Sales: [email protected] | Support: [email protected]