ReportWire

Tag: browsers

  • New SantaStealer malware is after your passwords and crypto

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Christmas is around the corner, and so is the SantaStealer malware. While the name sounds jolly, this malware is more than capable of ruining your happiness this festive season. The worst part is that this new strain is available to almost anyone willing to pay a small fee. It essentially works as malware-as-a-service, letting buyers target people at scale, obviously not for any legitimate use.

    SantaStealer is starting to make noise across Telegram channels and underground hacker forums. It is being marketed as a stealthy, memory-only information stealer that can quietly siphon data without leaving obvious traces on disk. 

    Memory-only does not mean undetectable. It simply reduces disk artifacts, which can delay detection rather than prevent it altogether. That promise alone is enough to attract cybercriminals, especially at a time when browser-stored passwords, session cookies and crypto wallets remain high-value targets.

    MALICIOUS BROWSER EXTENSIONS HIT 4.3M USERS

    Sign up for my FREE CyberGuy Report 
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    SantaStealer malware is spreading ahead of Christmas, with cybercriminals marketing the data-stealing tool for hire across Telegram and underground forums. (Kurt “CyberGuy” Knutsson)

    SantaStealer and how it actually works

    SantaStealer operates as a malware-as-a-service, charging $175 per month for its basic tier and $300 per month for the premium plan. Researchers at Rapid7 say the operation rebrands an earlier project called BluelineStealer, with a Russian-speaking developer pushing toward a wider launch before the end of the year.

    Despite bold claims about evading detection, Rapid7’s analysis paints a more grounded picture. The samples they examined were not particularly difficult to analyze and lacked the advanced anti-analysis techniques being advertised, which is good news for us. If it can be detected, security tools have a better chance of removing it before it can do serious damage.

    Functionally, SantaStealer is still dangerous. It uses 14 separate data-collection modules that run in parallel, pulling information from browsers, messaging apps like Telegram and Discord, gaming platforms such as Steam, crypto wallet apps and extensions, and even local documents. The malware can also take screenshots of your desktop. Stolen data is written to memory, compressed into ZIP files and sent out in 10MB chunks to a hardcoded command-and-control server.

    One notable capability is its use of an embedded executable to get around Chrome’s App-Bound Encryption, a security feature introduced in mid-2024. This workaround typically requires the malware to be executed at the user level and is not a remote bypass of Chrome’s security model. Similar tricks have already been used by other info-stealers, showing how quickly attackers test and adapt to new browser protections. 

    What this says about the current threat landscape

    SantaStealer is not fully operational yet and has not been distributed at scale, but it reflects a broader trend in cybercrime. Modern info-stealers are modular, configurable and sold much like regular software. The affiliate panel that Rapid7 observed allows buyers to fine-tune exactly what data the malware steals, from full system sweeps to narrowly targeted attacks focused on specific apps or crypto wallets.

    The malware also includes options to avoid infecting systems in certain regions and to delay execution, which can throw off both victims and security analysts. As for how SantaStealer might spread, researchers say recent campaigns increasingly rely on ClickFix-style attacks. These tricks push victims into pasting malicious commands directly into the Windows terminal, often disguised as steps to fix an issue or enable a feature.

    More traditional methods are still very much in play. Phishing emails, pirated software, torrent downloads, malicious ads and even deceptive YouTube comments remain effective delivery channels. Once malware like this runs on a system, it needs very little time to grab saved passwords, session cookies and wallet data that can later be abused or sold.

    7 steps you can take to stay safe from SantaStealer malware

    A few sensible habits and the right tools can significantly reduce your risk, even if malware like this continues to evolve. Here are seven practical steps you can take to stay safe:

    1) Use strong antivirus software

    Modern antivirus tools don’t just look for known malware signatures. They also monitor suspicious behavior, such as programs trying to grab browser data or run hidden processes. Keep real-time protection enabled and take alerts seriously instead of dismissing them.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.

    Someone typing on a computer in a dark room.

    A new malware-as-a-service threat known as SantaStealer targets passwords, session cookies and crypto wallets while promoting itself as a stealthy, memory-only attack. (Thomas Trutschel/Photothek via Getty Images)

    2) Keep your operating system and apps updated

    Updates are not just about new features. They often patch security flaws that malware actively targets. This includes your OS, browser, browser extensions, crypto wallet apps and messaging tools. Delaying updates gives attackers a wider window to exploit known weaknesses.

    3) Switch to a password manager

    Info-stealers love browser-saved passwords because they are easy to grab. A password manager stores your credentials in an encrypted vault and reduces what your browser keeps locally. It also helps you use strong, unique passwords for every service without having to remember them.

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    Check out the best expert-reviewed password managers of 2025 at Cyberguy.com. 

    FAKE WINDOWS UPDATE PUSHES MALWARE IN NEW CLICKFIX ATTACK

    4) Turn on two-factor authentication wherever possible

    Even if your password is stolen, 2FA can stop attackers from getting in. App-based authenticators are more secure than SMS codes and should be your first choice for email, crypto exchanges, cloud services and social media accounts.

    5) Be extremely careful with commands and “quick fixes”

    ClickFix-style attacks rely on trust and urgency. If a website, pop-up or video tells you to paste a command into the Windows terminal to fix something, stop. Unless you fully understand what that command does, assume it is dangerous.

    6) Use a personal data removal service

    When your email, phone number or other personal details are widely available online, attackers can target you more convincingly. Personal data removal services help take your information down from data broker sites, reducing the chances of targeted phishing or malware lures.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    HACKERS PUSH FAKE APPS WITH MALWARE IN GOOGLE SEARCHES

    7) Avoid pirated software and unverified extensions

    Cracked software, torrents and shady browser extensions remain some of the most reliable malware delivery methods. They often bundle info-stealers that run quietly in the background. Stick to official app stores, trusted developers and verified extensions, even if it means skipping a “free” download.

    Person wearing a hoodie works on multiple computer screens displaying digital data in a dark room.

    SantaStealer can quietly siphon sensitive data. (Kurt “CyberGuy” Knutsson)

    Kurt’s key takeaway

    SantaStealer may not yet live up to its own hype, but that should not make you complacent. Early-stage malware often improves quickly once developers patch obvious mistakes. Be cautious with links and attachments from unfamiliar emails, and think twice before running unverified code or browser extensions pulled from public repositories.

    When was the last time you checked which extensions have access to your data? Let us know by writing to us at Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report 
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Malicious browser extensions hit 4.3M users

    [ad_1]

    NEWYou can now listen to Fox News articles!

    A long-running malware campaign quietly evolved over several years and turned trusted Chrome and Edge extensions into spyware. A detailed report from Koi Security reveals that the ShadyPanda operation affected 4.3 million users who downloaded extensions later updated with hidden malicious code.

    These extensions began as simple wallpaper or productivity tools that looked harmless. Years later, silent updates added surveillance functions that most users could not detect.

    Sign up for my FREE CyberGuy Report 
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    THIS CHROME VPN EXTENSION SECRETLY SPIES ON YOU

    Malicious extensions spread through trusted browsers and quietly collected user data for years. (Kurt “CyberGuy” Knutsson)

    How the ShadyPanda campaign unfolded

    The operation included 20 malicious Chrome extensions and 125 on the Microsoft Edge Add-ons store. Many first appeared in 2018 with no obvious warning signs. Five years later, the extensions began receiving staged updates that changed their behavior.

    Koi Security found that these updates rolled out through each browser’s trusted auto-update system. Users did not need to click anything. No phishing. No fake alerts. Just quiet version bumps that slowly turned safe extensions into powerful tracking tools.

    NEW EMAIL SCAM USES HIDDEN CHARACTERS TO SLIP PAST FILTERS

    A screenshot of WeTab in the Google Play store

    WeTab functions as a sophisticated surveillance platform disguised as a productivity tool. (Koi)

    What the extensions were doing behind the scenes

    Once activated, the extensions injected tracking code into real links to earn revenue from user purchases. They also hijacked searches, redirected queries and logged data for sale and manipulation. ShadyPanda gathered an unusually broad range of personal information, including browsing history, search terms, cookies, keystrokes, fingerprint data, local storage, and even mouse movement coordinates. As the extensions gained credibility in the stores, the attackers pushed a backdoor update that allowed hourly remote code execution. That gave them full browser control, letting them monitor websites visited and exfiltrate persistent identifiers.

    Researchers also discovered that the extensions could launch adversary-in-the-middle attacks. This allowed credential theft, session hijacking and code injection on any website. If users opened developer tools, the extensions switched into harmless mode to avoid detection. Google removed the malicious extensions from the Chrome Web Store. We reached out to the company, and a spokesperson confirmed that none of the extensions listed are currently live on the platform.

    Meanwhile, a Microsoft spokesperson told CyberGuy, “We have removed all the extensions identified as malicious on the Edge Add-on store. When we become aware of instances that violate our policies, we take appropriate action that includes, but is not limited to, the removal of prohibited content or termination of our publishing agreement.” 

    Most of you will not need the full technical IDs used in the ShadyPanda campaign. These indicators of compromise are primarily for security researchers and IT teams. Regular users should focus on checking your installed extensions using the steps in the guide below.

    You can review the full list of affected Chrome and Edge extensions to see every ID tied to the ShadyPanda campaign by clicking here and scrolling down to the bottom of the page.

    How to check whether your browser contains these extension IDs

    Here is an easy, step-by-step way for you to verify if any malicious extension IDs are installed.

    For Google Chrome

    Open Chrome.

    Type chrome://extensions into the address bar.

    Press Enter.

    Look for each extension’s ID.

    Click Details under any extension.

    Scroll down to the Extension ID section.

    Compare the ID with the lists above.

    If you find a match, remove the extension immediately.

    For Microsoft Edge

    Open Edge.

    Type edge://extensions into the address bar.

    Press Enter.

    Click Details under each extension.

    Scroll to find the Extension ID.

    If an ID appears in the lists, remove the extension and restart the browser.

    183 MILLION EMAIL PASSWORDS LEAKED: CHECK YOURS NOW

    person typing

    Simple security steps can block hidden threats and help keep your browsing safer. (Kurt “CyberGuy” Knutsson)

    How to protect your browser from malicious extensions

    You can take a few quick actions that help lock down your browser and protect your data.

    1) Remove suspicious extensions

    Before removing anything, check your installed extensions against the IDs listed in the section above. Most of the malicious extensions were wallpaper or productivity tools. Three of the most mentioned are Clean Master, WeTab and Infinity V Plus. If you installed any of these or anything that looks similar, delete them now. 

    2) Reset your passwords

    These extensions have access to sensitive data. Resetting your passwords protects you from possible misuse. A password manager makes the process easier and creates strong passwords for each account.

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

    3) Use a data removal service to reduce tracking

    ShadyPanda collected browsing activity, identifiers and behavioral signals that can be matched with data already held by brokers. A data removal service helps you reclaim your privacy by scanning people-search sites and broker databases to locate your exposed information and remove it. This limits how much of your digital footprint can be linked, sold or used for targeted scams.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    4) Install strong antivirus software

    An antivirus may not have caught this specific threat due to the way it operated. Still, it can block other malware, scan for spyware and flag unsafe sites. Many antivirus tools include cloud backup and VPN options to add more protection.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.

    5) Limit your extensions

    Each extension adds risk. Stick with known developers and search for recent reviews. If an extension asks for permissions it should not need, walk away. 

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Kurt’s key takeaways

    ShadyPanda ran for years without raising alarms and proved how creative attackers can be. A trusted extension can shift into spyware through a silent update, which makes it even more important to stay alert to changes in browser behavior. You protect yourself by installing fewer extensions, checking them from time to time and watching for anything that feels out of place. Small steps help lower your exposure and reduce the chances that hidden code can track what you do online.

    Have you ever found an extension on your browser that you didn’t remember installing or one that started acting in strange ways?  How did you handle it? Let us know by writing to us at Cyberguy.com.

    Sign up for my FREE CyberGuy Report 
    Get my best tech tips, urgent security alert, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter. 

    Copyright 2025 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Google issues warning on fake VPN apps

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Google is sounding the alarm for Android users after uncovering a wave of fake VPN apps that sneak malware onto phones and tablets. These dangerous apps pose as privacy tools but hide info stealers, banking trojans and remote access malware designed to loot personal data.

    More people are relying on VPNs to protect their privacy, secure home networks and shield personal information while using public Wi-Fi. Attackers know this demand is growing. They use it to lure users into downloading convincing VPN lookalikes that contain hidden malware.

    Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter

    Fake VPN apps are spreading across Android devices by posing as trusted privacy tools. (iStock)

    How fake VPN apps lure users

    Cybercriminals create malicious VPN apps that impersonate trusted brands. They use sexually suggestive ads, geopolitical headlines or fake privacy claims to push people into quick downloads. Google says many of these campaigns run across app stores and shady websites.

    DELETE THE FAKE VPN APP STEALING ANDROID USERS’ MONEY

    Once installed, these apps inject malware that steals passwords, messages and financial details. Attackers can hijack accounts, drain bank balances or lock devices with ransomware. Some campaigns even use professional ad creatives and influencer-style promotions to appear legitimate.

    Scammers now use AI tools to design ads, phishing pages and fake brands with alarming speed. This gives them the power to reach large groups of victims with very little effort.

    Why malicious VPN apps are spreading

    Fake VPN apps remain one of the most effective tools for attackers. These apps request sensitive permissions and often run silently in the background. Once active, they can collect browsing data, cryptocurrency wallet details or private messages.

    According to Google, the most dangerous apps pretend to be known enterprise VPNs or premium privacy tools. Many promote themselves through adult ads, push notifications and cloned social media accounts.

    How to recognize a genuine VPN app

    Google recommends installing VPN services only from trusted sources. In Google Play, legitimate VPNs include a verified VPN badge to show that the app passed an authenticity check.

    A real VPN will never ask for access to your contacts, photos or private messages. It will not ask you to sideload updates or follow outside links for installation.

    Be careful with free VPN claims. Many free privacy tools rely on excessive data collection or hide malware inside downloadable files.

    Ways to stay safe from fake VPN apps

    Staying ahead of these fake VPN scams starts with a few smart habits that make your device much harder for attackers to target.

    1) Download only from official app stores

    Stick to the Google Play Store. Avoid links from ads, pop-ups or messages that try to rush you. Many fake VPN campaigns depend on off-platform downloads because they cannot pass the Play Store security checks.

    2) Look for the VPN badge in Google Play

    Google now includes a special VPN badge that verifies an app has passed an authenticity review. This badge confirms that the developer followed strict guidelines and that the app went through additional screening.

    If you want a reliable VPN that has already been vetted for security and performance, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices at Cyberguy.com.

    3) Use a data removal service

    Malicious VPN apps often target information already floating around the web, including your email, phone number and personal details exposed through data brokers. A trusted data removal service can help pull your information from people-search sites and broker databases, which reduces the amount of data scammers can use against you. This limits the damage if a fake VPN app steals your info or if attackers try to match stolen data with public records to build convincing scams.

    CAN YOU BE TRACKED WHEN USING A VPN?

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Sad elderly woman sit on sofa hold smartphone feels disappointed by received sms bad news, awful message, difficulties with modern device usage, unpleasant notification, stressed older person concept

    Once installed, these lookalike VPN apps steal passwords, messages and financial details. (iStock)

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

    4) Turn on Google Play Protect and use a strong antivirus software

    Google Play Protect, which is built-in malware protection for Android devices, automatically removes known malware. However, it is important to note that Google Play Protect may not be enough. Historically, it isn’t 100% foolproof at removing all emerging malware from Android devices. 

    Settings may vary depending on your Android phone’s manufacturer 

    How to turn it on: Open Google Play Store → Tap your profile icon → Select Play Protect → Tap Settings → Turn on Scan apps with Play Protect → Turn on Improve harmful app detection.

    While Google Play Protect offers a helpful first layer of defense, it is not a full antivirus. A strong antivirus software adds another layer of protection. It can block malicious downloads, detect hidden malware and warn you when an app acts in unusual ways. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

    5) Review app permissions carefully

    A genuine VPN only needs network-related permissions. If a VPN asks for access to photos, contacts or messages, treat it as a major warning sign. Restrict permissions when possible.

    6) Avoid sideloading apps from unknown sources

    Sideloaded apps bypass Google’s security filters. Attackers often hide malware inside APK files or update prompts that promise extra features. If you’re unfamiliar with the term, sideloading means installing apps outside the Google Play Store, usually by downloading a file from a website, email or message. These apps never go through Google’s safety checks, which makes them far riskier to install.

    7) Watch for aggressive ads and scare tactics

    Fake VPN ads often claim your device is already infected or that your connection is not secure. Real privacy apps do not use panic-based marketing.

    8) Research the developer before downloading

    Look up the developer’s website and reviews. A legitimate VPN provider will have a clear privacy policy, customer support and a consistent history of app updates.

    9) Be skeptical of anything labeled free

    Free VPNs often rely on risky data practices or hide malware. If a service promises premium features at no cost, question how it pays its bills.

    DO YOU NEED A VPN AT HOME? HERE ARE 10 REASONS YOU DO

    10) Avoid recovery scams after an attack

    If someone contacts you claiming they can recover stolen money, cut contact. Real agencies never demand upfront fees and never request remote access to your device.

    11) Keep your device updated

    Install security patches as soon as they appear. Updates protect your phone from malware strains that rely on old software vulnerabilities.

    A woman looking at a VPN on a smartphone

    Scammers now use AI-generated ads and fake brands to trick you into quick downloads. (Kurt “CyberGuy” Knutsson)

    Kurt’s key takeaways

    Fake VPN apps are becoming a major threat to Android users as scammers exploit the rising demand for privacy tools and home network security. Attackers hide behind familiar logos, aggressive ads and AI-powered campaigns to push apps that steal data the moment you install them. Staying safe requires careful downloading habits, attention to permissions and a healthy amount of skepticism toward anything that claims instant privacy or premium features for free.

    Do you think Google should do more to block fake VPN apps in the Play Store? Let us know by writing to us at Cyberguy.com

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter

    Copyright 2025 CyberGuy.com.  All rights reserved.  

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Google Chrome autofill now handles IDs

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Google has made Chrome even more capable. The browser can now fill in your passport, driver’s license and vehicle registration automatically. This upgrade joins the list of time-saving autofill options that already include passwords, addresses and payment details.

    Desktop users with enhanced autofill enabled will start seeing the new options right away. Chrome can even interpret complex form layouts and varying formats across different websites, improving accuracy with every entry.

    Google says these new autofill features were designed with privacy in mind. This from a company which makes money off of capturing your most intimate details in life. Google says Chrome only saves sensitive data after you give permission. It also encrypts stored information so it’s unreadable to anyone without your authorization. Before any personal info is filled into a webpage, Chrome asks you to confirm — keeping you in control.

    UPDATE CHROME NOW: GOOGLE PATCHES NEW ZERO-DAY THREAT

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Chrome’s enhanced autofill now saves and fills your passport, license and vehicle info with just a click. (Google)

    Still, autofill exploits by hackers have been known to happen. Infostealer malware has been used historically to capture data entered into web fields manually and with autofill. It is not perfect, but Google and others have come a long way to secure their browser. Keep in mind, Google may ask to share your information with third parties, so be cautious when you give it permission.

    Passport numbers, driver’s license details and other official records are valuable to cybercriminals, so be careful when you share them online. As always, use the strongest antivirus protection on all devices to ward off trouble. See my 2025 review of the best antivirus protection at Cyberguy.com.

    The company began rolling out these updates worldwide in all languages and plans to support even more document types soon.

    Car insurance information being autofilled in Google Chrome

    The Google Chrome browser encrypts personal data and always asks for confirmation before entering sensitive information. (Google)

    How to enable Enhanced Autofill in Chrome

    For Windows and Mac (Desktop):

    • Open Chrome on your computer.
    • Click the three-dot menu in the top right.
    • Click Settings.
    • On the left pane, select Autofill & passwords (or simply “Autofill” depending on version).
    • Click Enhanced autofill.
    • Toggle On “Enhanced autofill” to allow Chrome to fill in IDs (passport, driver’s license, vehicle info).
    • To enter or edit saved data: while still in the Enhanced autofill section, select Add/Edit under “Saved information” and input your document numbers or vehicle info.
    • Next time you visit a supported form (e.g., for vehicle registration or passport number), Chrome will prompt you to fill it in and ask you to confirm before submitting it.

    OVER 2B USERS FACE PHISHING RISKS AFTER GOOGLE DATA LEAK

    The settings of Google Chrome

    You can enable Enhanced Autofill in Chrome settings to securely manage and store official identification data. (Kurt “CyberGuy” Knutsson)

    For iPhone

    • Open Chrome on your iPhone or iPad.
    • Tap the three-dot menu (bottom or top right) and select Settings.
    • Go to Autofill & Payments (or similar label) and verify that “Addresses and More,” “Payment Methods” and “Passwords” are enabled for autofill.

    For Android

    Settings may vary depending on your Android phone’s manufacturer.

    • Open Chrome on your Android device.
    • Tap the three-dot menu (top right).
    • Go to Settings → Autofill & payments (or simply “Autofill and forms”).
    • Under “Addresses and more” (and possibly payment methods), enable the types of info you want filled in automatically.

    Note: The enhanced autofill update for passports, driver’s licenses and vehicle details is still expanding to mobile. You may not see it yet on iPhone or Android, even with the latest Chrome version. Keep your app updated and check back periodically as Google continues the global rollout.

    AI updates are driving Chrome forward

    This upgrade follows a wave of artificial intelligence-driven improvements in Chrome. Recently, Google added Gemini integration for all desktop users in the U.S. and previewed new “agentic” features that use AI to automate everyday tasks. Future updates will include password reset suggestions, smarter scam detection and AI-powered form assistance, all designed to make browsing safer and more convenient.

    CONGRESSIONAL BUDGET OFFICE HIT BY CYBERATTACK, RAISING CONCERNS OVER US GOVERNMENT NETWORK SECURITY

    A woman types on a laptop.

    The rollout of Enhanced Autofill continues worldwide, adding support for more ID types and expanding beyond desktop users. (Kurt “CyberGuy” Knutsson)

    Tips to keep your browser secure

    Even with encryption, there’s more you can do to protect what autofill stores.

    1) Use strong antivirus software

    Install trusted antivirus software on all your devices. It blocks malware that could record your keystrokes or hijack autofill data before encryption kicks in.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    2) Use a password manager instead of browser storage

    Dedicated password managers store and encrypt your logins locally, reducing risk if your browser gets compromised.

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

    3) Enable two-factor authentication (2FA)

    Pair your Google account with two-factor authentication (2FA). Even if hackers access your browser, they can’t reach your autofill data without your secondary code.

    4) Keep your browser and extensions clean

    Type chrome://extensions and remove anything unfamiliar. Malicious add-ons are a common way attackers steal autofill info.

    5) Use a data removal service

    Even with Chrome’s encryption, your personal information can still surface on data broker sites. A data removal service sends requests to these companies to delete your personal details, like your address, phone number and ID records, before they can be shared or sold. This lowers the risk of your data being used in phishing attempts or identity theft. Regularly clearing your digital footprint adds another layer of protection for Chrome’s autofill feature. It limits what hackers could use if they ever gain access through a breached website or browser extension.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    6) Use a secure email for verification

    If Chrome requests confirmation, make sure your linked Google account uses a private, encrypted email provider.

    For recommendations on private and secure email providers that offer encrypted addresses, visit Cyberguy.com.

    Take my quiz: How safe is your online security?

    Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Kurt’s key takeaways

    Chrome’s latest autofill update blends convenience with stronger safeguards. But security still depends on your habits. Taking a few extra minutes to manage extensions, enable 2FA and use privacy tools will go a long way toward keeping your personal data safe.

    Would you trust your passport or driver’s license info to Google Chrome’s autofill, or is that a step too far? Let us know by writing to us at Cyberguy.com.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • The Curious Case of the Bizarre, Disappearing Captcha

    [ad_1]

    As I browse the web in 2025, I rarely encounter captchas anymore. There’s no slanted text to discern. No image grid of stoplights to identify.

    And on the rare occasion that I am asked to complete some bot-deterring task, the experience almost always feels surreal. A colleague shared recent tests where they were presented with images of dogs and ducks wearing hats, from bowler caps to French berets. The security questions ignored the animal’s hats, rudely, asking them to select the photos that showed animals with four legs.

    Other puzzles are hyper-specific to their audience. For example, the captcha for Sniffies, a gay hookup site, has users slide a jockstrap across their smartphone screen to find the matching pair of underwear.

    So, where have all the captchas gone? And why are the few existing challenges so damn weird? I spoke with cybersecurity experts to better understand the current state of these vanishing challenges and why the future will probably look even more peculiar.

    Bot Friction, Human Frustration

    “When the captcha was first invented, the idea was that this was literally a task a computer could not do,” says Reid Tatoris, who leads Cloudflare’s application security detection team. The term captcha—Completely Automatic Public Turing test to tell Computers and Humans Apart—was coined by researchers in 2000 and presented as a way to protect websites from malicious, nonhuman users.

    The initial test most users saw online contained funky characters, usually a combo of warped letters and numbers you had to replicate by typing them into a text field. Computers couldn’t see what the characters were; humans could, even if most of us had to squint to get it right.

    Financial companies like PayPal and email providers like Yahoo used this iteration to ward off automated bots. More websites eventually added audio readouts of the correct answer after receiving pressure from Blind and low-vision advocacy groups, whose members were indeed humans browsing the web but could not complete a vision-based challenge.

    What if, rather than just a test to keep out bots, the challenge could generate useful data? That was a core idea behind the release of reCaptcha in 2007. With reCaptcha, users identified words that machine learning algorithms could not read at the time. This sped up the process of transferring print media into an online form. The tech was quickly acquired by Google, and reCaptcha was instrumental in the company’s efforts to digitize books.

    As machine learning capabilities improved—and they learned to read funky text—online security checkpoints adapted to be more difficult for malicious bots to circumvent. The next iteration reCaptcha challenges included grids of images where users were asked to select specific options, like photos containing a motorcyclist. Google used the data collected here to improve its online maps.

    [ad_2]

    Reece Rogers

    Source link

  • Browser Password Managers Are Great, and a Terrible Idea

    [ad_1]

    By default, Google manages your encryption key, but it allows you to set up on-device encryption, which functions similarly to a zero-knowledge architecture. Your passwords are encrypted before being saved on your device, and you manage the key. Regardless of how the encryption works, Google uses AES, which is still the gold standard for security among password managers.

    It was trivial to decrypt Chrome passwords previously, requiring little more than a Python script and knowledge of where the files are stored. But even there, Google has pushed the security bar up. App-bound encryption has invalidated those methods, and cracking passwords is far more involved than it used to be. Further, Google has integrated with Windows Hello. If you choose, you can have Windows Hello protect your passwords each time you log in by asking for your PIN or biometric authentication.

    Other browsers aren’t as secure. Firefox, for instance, makes it clear that, although passwords saved in Firefox are encrypted, “someone with access to your computer user profile can still see or use them.” Brave works in a similar way, though I suspect most people using Brave are using a third-party password manager (and probably a VPN) already.

    Regardless, storing your passwords in even a less secure browser like Firefox is leaps and bounds better than not using a password manager at all. And the browsers at the forefront of market share, Chrome and Safari, have vastly improved their security practices over the past few years. The problem isn’t encryption—it’s putting all your eggs in one basket.

    Let’s Talk OpSec

    OpSec, or operational security, is normally a term used when talking about sensitive data in government or private organizations, but you can look at your own security through an OpSec lens. If you were an attacker and wanted to swipe someone’s passwords, how would you go about it? I know where I’d look first.

    Even with better security measures, the goal of a browser-based password manager is to get people using password managers. That has to be balanced against how easy the password manager is to use. In a blog post announcing changes to Google’s authentication methods from Google I/O this year, the company mentions reducing “friction” seven times, while “encryption” isn’t mentioned at all. That’s not a bad thing, but it’s a testament to how these tools are designed.

    You don’t need to pick out words from a blog post to see this focus. Google gives you the option to turn on Windows Hello or biometric authentication with the Google Password Manager. Each time you want to fill in a password, you’ll need to authenticate. That’s undoubtedly more secure than not authenticating each time, but the setting is turned off by default. It creates friction.

    [ad_2]

    Jacob Roach

    Source link

  • OpenAI’s Atlas Wants to Be the Web’s Tour Guide. I’m Not Convinced It Needs One

    [ad_1]

    The oddest, and most memorable, interaction I had with ChatGPT Atlas occurred as I scrolled around on Bluesky and asked it to highlight any trends it saw. (ChatGPT listed “political anxiety” and “everyday absurdism” as two of the trends on my timeline.) I was curious what would happen if I opened my Bluesky DMs, which amounted to just a few old messages from friends. So I asked the bot what it would see if I opened that more private page.

    “Opening your DMs won’t expose anything to me—I’ll simply stop ‘seeing’ the page until you go back to a public view (like your feed, profile, or a post),” read part of ChatGPT’s answer.

    Knowing that my Bluesky DMs don’t have anything sensitive, I gave it a whirl. Even though the bot said it wouldn’t “see the message list, conversation text, or sender info,” that wasn’t the case.

    I opened a DM inviting me to an event, then asked the bot a follow-up question asking about the message and what the invitation was about. I received a response from ChatGPT that included facts culled from the conversation, along with details about the sender. What gives? I asked the bot to explain itself, just to see whether it would backtrack the privacy claims it made earlier in the chat.

    “I do not have access to your private messages or account data unless you explicitly paste or show that text to me in the chat,” read ChatGPT’s response. “What you just did—asking ‘what was this an invite to?’—temporarily surfaced part of the message context so I could answer your question. But I don’t have any background or visibility into your inbox beyond what you actively bring into our conversation.”

    The first answer the Ask ChatGPT sidebar spit out is a potential example of an AI “hallucination,” aka error, that’s common during interactions with generative AI tools. The second is more aligned with how the tool actually works.

    While some users may appreciate having a chatbot always pulled up on the side of their screen, ready to surface related facts or summarize details, it felt like an unreliable tour guide to me. One who was overly confident in its bland responses and taking up too much space.

    I’ll keep testing Atlas as my main browser for the next few weeks, but for now, I’m leaving that sidebar closed. I prefer the fullscreen version of the internet.

    [ad_2]

    Reece Rogers

    Source link

  • OpenAI Launches the AI Browser War

    [ad_1]

    ChatGPT has broken out of the chatbot. On Tuesday, OpenAI announced that it is launching a web browser called ChatGPT Atlas, which it says will reimagine the browsing experience from the ground up, now built around a chat-based experience for what the company called the “next era of the web.”

    During a demonstration, OpenAI’s Engineering Lead for Atlas, Ben Goodger, explained that Atlas is the company’s answer to the question, “What if you could chat with your browser?” While there are lots of familiar web browser elements to Atlas, including tabs, bookmarks, and autofill for passwords, the company has made ChatGPT central to the experience rather than an “old browser, just with a chatbot that was bolted on.” That starts at the home screen, where the standard search bar now serves as a composer bar to communicate with ChatGPT.

    Users can use conversational prompts to have ChatGPT find certain webpages, perform a standard web search, or go directly to a website or bookmark. In the demo, Atlas Lead Designer Ryan O’Rouke explained that users should be able to use “human language” to search both the web and their browser history (OpenAI calls this “memories”) to find webpages, documents, and information through contextual information. For instance, the company showed how it could find a Google Doc without knowing the URL or exact document name.

    Search results in Atlas are displayed on a homepage that curates a variety of information from the web based on the user’s prompt. Users can also tab between more traditional search results, including a Google Search-like list of links, images, videos, or news stories.

    The primary appeal of Atlas is that a user will be able to pull up ChatGPT at any time while browsing the web and use the chatbot to interact with the page they are on. OpenAI CEO Sam Altman described it during the demo as chatting with a webpage. The chatbot can be summoned via a button in the upper right-hand corner of the screen on desktop and will appear as a sidebar. Once opened, a user can ask it to summarize information on the page, ask page-specific questions and have the chatbot pull the answer directly from the site the user is looking at, and even interact with the page for them.

    That final feature is where ChatGPT’s Agent comes in. OpenAI has been touting its new Agent feature for months now, including introducing an Agent toolkit during its recent DevDay event to give developers the ability to build their own AI agents. But this Agent will be built into the browser, activated on the lower part of the ChatGPT sidebar, and can perform tasks on behalf of the user. In a demo of the feature, OpenAI’s Will Ellsworth, Research Lead on the Atlas Agent, asked the agent to purchase the ingredients needed for a recipe. Once prompted, the Agent navigated to Instacart and bought the relevant ingredients.

    According to the company, Agent will have access to user credentials so it can perform tasks on behalf of the user, though there will be prompts that will require the user to approve certain actions. Users can watch the task be completed by the Agent in real time with the cursor visibly moving on the page, or can let it run in the background. If the user needs to intervene, they can take back control at any time. Ellsworth described Agent as a tool for enabling “vibe lifing” and suggested users could delegate “all kinds of tasks, both in your personal and professional life, to the Agent in Atlas.”

    Atlas will be available immediately for macOS, with plans to bring the browser to Windows, iOS, and Android “soon.” While it seems the browser will be available for all ChatGPT users, Agent will be paywalled, only available for Plus subscribers paying $20 per month or Pro users paying $200 per month.

    Earlier this year, Google did its best to preempt this inevitability. The company announced an AI overhaul of its Chrome browser, which currently holds more than 70% of the total browser market share, including integrating its Gemini chatbot throughout the browser to do things like summarize web pages and do contextual search within a page. The company also floated that it will eventually include an AI agent capable of navigating the web and completing tasks on behalf of the user, though that feature is currently not available. Perplexity also has an AI-first browser called Comet, while companies like Opera, Microsoft, and The Browser company have all integrated AI features into their respective browsers.

    [ad_2]

    AJ Dellinger

    Source link

  • Here’s What Your Browser is Telling Everyone About You

    [ad_1]

    The problem with browser fingerprinting is that it’s probabilistic in nature. It looks at a treasure trove of data to track you online, not any individual piece of information. A VPN, for instance, can hide your IP address and make you appear in a different location. If enough of the other data in your fingerprint is consistent, however, it can still be used to track you. Your IP address may be different, but just about everything else about your browsing is not.

    There may be practical use cases for fingerprinting, but you really don’t have much say in the matter. Even with protections like the GDPR, the moment you load a website, there are likely a few dozen (if not more) trackers copying the information your browser shares for their own purposes. Services like Fingerprint leverage that information to create an identifier, but make no mistake, the data is always there.

    How to Get Around Browser Fingerprinting

    You can’t get around browser fingerprinting, at least not without significant compromises to your browsing experience (more on that later). Even if you were to spoof or obfuscate every piece of data your browser sends along, that’d probably work against you. The goal with avoiding fingerprinting is to become a Jane Doe online; you want to disappear in the crowd, so every piece of data that makes you stand out sends up a red flag.

    The best way to fight back against fingerprinting is to hide or rotate enough information so that it’s more difficult to track you, not impossible. And that starts with a VPN, though it doesn’t make you fully anonymous. The clearest online fingerprint you leave is your IP address and physical location, and VPNs hide both. More importantly, many of the best VPNs today include additional tools to combat fingerprinting.

    ProtonVPN, which is what I use myself, includes NetShield to block trackers, ads, and malware. It doesn’t prevent fingerprinting, but NetShield can at least capture and block requests from well-known trackers to make you a bit more private online. NordVPN has a similar feature, as does Surfshark.

    The most robust version of this type of blocker comes from Windscribe. Through its browser extension, you can do things like rotate your browser’s user agent to make it appear as if you’re using a different browser, as well as spoof your language, time zone, and GPS information to match the VPN server you’re connected to. Again, this will not make you fully anonymous online. But an extension like the one Windscribe offers makes tracking your fingerprint more difficult.

    [ad_2]

    Jacob Roach

    Source link

  • Google Chrome silences those pesky notifications | TechCrunch

    [ad_1]

    Google’s Chrome web browser is about to become much less noisy.

    On Friday, the technology giant announced a new feature that will automatically disable browser notifications for the websites you haven’t interacted with recently, disrupting their ability to pop up alerts and updates that you may no longer be interested in.

    The feature will launch on Chrome on Android and on desktop.

    The feature expands on existing functionality already available in Chrome’s Safety Check feature, which revokes camera and location permissions from websites you don’t visit anymore.

    The company tacitly admits that browser notifications, as designed, might have been a bad idea, saying that its own data shows users receive a high volume of notifications but rarely interact with them. Less than 1% of all notifications receive any interactions from users, notes Google.

    Image Credits:Google (screenshot)

    Still, the tech giant believes some notifications can be helpful, which is why it won’t revoke those for installed web apps — only for the sites where there’s low user engagement and high volume of notifications sent. This change alone could push spammy websites that push a lot of notifications to reconsider how many they want to send alerts, so they won’t lose access entirely.

    Unwanted notifications have been an issue facing consumers for years. On the iPhone, for instance, Apple was forced to add controls that let users send their push notifications to a daily summary, mute them, or turn them off altogether from the notification message itself, after consumer frustrations with the notification system grew.

    Google says it will inform users when it’s removing notification permissions, allowing users to change the setting back, if they prefer. If users would rather Google didn’t intervene, they can also opt to turn off this auto-revocation feature altogether, the company notes.

    The feature had been in testing ahead of today’s official launch. Google found that these changes didn’t significantly impact the total number of clicks on notifications, an indication that people weren’t really engaging much with these pop-ups to begin with.

    [ad_2]

    Sarah Perez

    Source link

  • Protect yourself from sneaky web injection scams

    [ad_1]

    NEWYou can now listen to Fox News articles!

    You’re checking your financial account online, moving money or paying bills, when suddenly a pop-up appears. It looks exactly like your bank’s page, complete with logo and branding, but asks for details you’ve already provided. Would you know what to do?

    This is the kind of situation Kent recently faced. He emailed us saying, “Two times this week, I had a financial account open, and I was doing transactions. In the middle of a transaction, up pops a box in the middle of a full page showing the company’s logo. Real, yes, looked as real as it gets. The first time, I fell for it. It asked for my email address to confirm, then my phone number. Sadly, I did. Then I saw about four or five seconds of a screen named CREDIT DONKEY. At that point, I woke up and decided it was a scam. I immediately closed down my computer and called the number on the back of my financial card to report it.”

    Kent’s quick thinking likely saved him from even more damage. But what exactly happened here?

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTER

    DON’T FALL FOR THIS BANK PHISHING SCAM TRICK

    A fake banking pop-up can appear while you’re making real transactions. (Kurt “CyberGuy” Knutsson)

    How web injection scams trick you

    This type of attack is called a web injection scam. It hijacks your browser session and overlays a fake login or verification screen. Because it appears while you’re already logged in, the fake page feels authentic. In Kent’s case, the appearance of “Credit Donkey” flashing on-screen was a red flag. Scammers sometimes abuse legitimate-looking redirects like this to convince victims they are dealing with their bank. The real aim is to capture login credentials or trick you into handing over two-factor authentication codes.

    SOCIAL SECURITY ADMINISTRATION PHISHING SCAM TARGETS RETIREES

    laptop keyboard

    Web injection scams aim to steal your login and security details. (Kurt “CyberGuy” Knutsson)

    Steps to protect yourself from web injection scams

    If you ever find yourself in a situation like Kent’s, here are the most important steps you should take right away to secure your accounts and information.

    1) Monitor your accounts

    Check your recent transactions daily. Turn on alerts for logins, withdrawals or transfers, so you’ll know instantly if someone is trying to move money. 

    2) Change your passwords

    Update the password for any financial account that may have been exposed. Use a strong, unique password generated by a password manager such as NordPass. Next, see if your email has been exposed in past breaches. Our #1 pick, NordPass, includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    Check out the best expert-reviewed password managers of 2025 at Cyberguy.com/Passwords 

    3) Remove your personal data from broker sites

    Scammers often get phone numbers, emails and other details from data broker sites before launching attacks like the one Kent faced. A personal data removal service can help wipe this information from those shady databases, so criminals have less fuel for scams. Consider tools that automatically scan and request removal from dozens of brokers at once, saving you the time and hassle of doing it manually.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com/Delete

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com/FreeScan

    4) Enable stronger multi-factor authentication

    Strengthen your account security with multifactor authentication. If your bank offers it, switch from SMS codes to app-based codes with Google Authenticator or Authy. These methods are far harder for scammers to intercept than text messages. 

    5) Scan your devices with antivirus software

    Since the scam appeared while Kent was logged in, malware or a browser hijack may be at play. Run a trusted antivirus to clear hidden phishing scripts. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com/LockUpYourTech 

    6) Notify your bank in writing

    Calling is smart, but also send a secure message or letter, so there’s a record. Ask them to put your account on high alert and require extra verification for any big moves.

    7) Freeze your credit

    Place a free credit freeze with Equifax, Experian and TransUnion. That way, scammers can’t open new accounts in your name even if they’ve stolen your personal info.

    8) Consider identity monitoring

    Services like Identity Guard can alert you if your Social Security number, email or phone number shows up where it shouldn’t. Identity Theft companies can monitor personal information like your Social Security number, phone number and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. 

    See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com/IdentityTheft

    CLICK HERE TO GET THE FOX NEWS APP

    Person using a credit card

    The bogus page asked for personal details before revealing it was a scam (iStock)

    Smart online banking habits to stay safe

    • Never enter personal details into a pop-up, no matter how real it looks.
    • Always log in fresh through your bank’s official website or app.
    • Keep your browser and operating system fully updated.
    • Use a private email address for your financial accounts that scammers won’t easily guess.

    For recommendations on private and secure email providers that offer alias addresses, visit Cyberguy.com/Mail

    Kurt’s key takeaways

    Web injection scams are designed to catch you off guard while you’re doing something routine. Kent’s quick reaction to close the page and contact his bank shows how important it is to stay alert. With the right habits and tools, you can keep scammers out of your accounts.

    Have you ever experienced a scam attempt while banking online? Let us know by writing to us at Cyberguy.com/Contact

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTER

    Copyright 2025 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Keep Your Old Laptop Alive by Installing ChromeOS Flex

    [ad_1]

    You’ll then be prompted to insert your USB drive and choose it from the drop-down list onscreen. Do make sure you select the correct USB drive and not an external disk that has information on it that you need. Eventually, you’ll be told your USB installer drive is ready: The necessary downloading and installing took 30 minutes or so for me but will depend on the computer you’re using and your internet connection.

    Use ChromeOS Flex on an Older Laptop

    You can try ChromeOS Flex before installing it.Courtesy of David Nield

    You then need to boot your aging PC or Mac—the one we’re giving a second life—from the USB drive you just created. This will usually involve pressing a specific key as your laptop starts up: If you’re not sure what it is, run a web search, check in your laptop’s documentation, or see Google’s list here. For Macs, start up the system either by pressing the power key and then the Option key (Intel chips) or by holding down the power key (Apple chips) until the boot options appear.

    You’ll see the ChromeOS Flex welcome screen appear, so click Get started to do just that. You’re then faced with two choices: Install ChromeOS Flex, which will overwrite Windows or macOS, and Try it first, which lets you run Google’s operating system from the USB drive without affecting anything on your laptop.

    If you’re looking to revitalize an old laptop, you’ll want to choose the first option, but Try it first lets you see what ChromeOS Flex is all about before you commit. Either way, click Next and you’ll be taken through the usual set-up process for ChromeOS, which will ask you to log in with a Google user account and start syncing your data.

    If you’re never used a Chromebook, it’s essentially a Chrome web browser with some extras, such as a taskbar along the bottom. Use the launcher button down in the bottom left corner to show all the installed apps, which will include links to web apps as well as the Files app for local files and Settings for configuring ChromeOS Flex.

    Open up the Settings and you get the usual personalization options you find in Google Chrome for Windows or macOS, plus some extras to cover input devices, Bluetooth connectivity, and network options. You should find ChromeOS Flex automatically picks up your Wi-Fi connection, trackpad, and mouse, especially if your computer is listed as certified for ChromeOS Flex.

    [ad_2]

    David Nield

    Source link

  • Google Injects Gemini Into Chrome as AI Browsers Go Mainstream

    [ad_1]

    Google is adding multiple new AI features to Chrome, the most popular browser in the world. The most visible change is a new button in Chrome that launches the Gemini chatbot, but there are also new tools for searching, researching, and answering questions with AI. Google has additional cursor-controlling “agentic” tools in the pipeline for Chrome as well.

    The Gemini in Chrome mode for the web browser uses generative AI to answer questions about content on a page and synthesize information across multiple open tabs. Gemini in Chrome first rolled out to Google’s paying subscribers in May. The AI-focused features are now available to all desktop users in the US browsing in English; they’ll show up in a browser update.

    On mobile devices, Android users can already use aspects of Gemini within the Chrome app, and Google is expected to launch an update for iOS users of Chrome in the near future.

    When I wrote about web browsers starting to add more generative AI tools back in 2023, it was primarily something that served as an alternative to the norm. The software was built by misfits and change-makers who were experimenting with new tools, or hunting for a break-out feature to grow their small user bases. All of this activity was dwarfed by the commanding number of users who preferred Chrome.

    Two years later, while Google’s browser remains the market leader, the internet overall is completely seeped in AI tools, many of them also made by Google. Still, today marks the moment when the concept of an “AI browser” truly went mainstream with the weaving of Gemini so closely into the Chrome browser.

    The Gemini strategy at Google has already been to leverage as many of its in-house integrations as possible, from Gmail to Google Docs. So, the decision to AI-ify the Chrome browser for a wider set of users does not come as a shock.

    Even so, the larger roll out will likely be met with ire by some users who are either exhausted by the onslaught of AI-focused features in 2025 or want to abstain from using generative AI, whether for environmental reasons or because they don’t want their activity to be used to train an algorithm. Users who don’t want to see the Gemini option will be able to click on the Gemini sparkle icon and unpin it from the top right corner of the Chrome browser.

    The new button at the top of the browser will launch Gemini. Users in the US will see these changes first.

    Video: Google

    [ad_2]

    Reece Rogers

    Source link

  • 10 ways to secure your older Mac from threats and malware

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Apple’s Mac computers are generally considered more secure than Windows PCs, thanks to the company’s tight control over hardware and software. Whether you use a MacBook, iMac, or Mac Mini, built-in protections help shield your device from common threats. But no system is completely immune. Hackers have repeatedly found ways to bypass Apple’s safeguards, especially on older Macs that no longer receive regular security updates.

    The good news: just because your Mac is aging doesn’t mean it has to be at risk. With a few smart precautions, you can keep it safe and running smoothly, even if it’s no longer eligible for the latest macOS version.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter. 

    1) Keep your older Mac up to date

    Even if your Mac no longer supports the latest macOS version, Apple often releases security patches for older versions. Make sure you’ve enabled automatic updates. Follow the steps below to do so:

    • Choose the Apple menu.
    • Select System Settings

    LONG-DORMANT MAC MALWARE RETURNS WITH ADVANCED CAPABILITIES

    Screenshot showing steps to enable automatic updates (Kurt “CyberGuy” Knutsson)

    • Then click General in the sidebar (you may need to scroll down).
    • Click Software Update.
    Screenshot of a Mac computer desktop

    Screenshot showing software update option on Mac (Kurt “CyberGuy” Knutsson)

    • Click the Info button next to Automatic Updates
    • Then turn on all the options.
    Screenshot of a Mac computer desktop

    Screenshot showing toggle options for Mac software updates (Kurt “CyberGuy” Knutsson)

    2) Update your apps and browsers

    Apps, especially web browsers, are a major target for attackers. If you’re using Chrome, Firefox, Brave or another browser, make sure it’s up to date. Most browsers have their own update systems independent of macOS, which is good news if you’re running an older OS.

    I’ll walk you through how to update Chrome on your Mac. If you’re using Safari, you can skip this step since it updates automatically alongside your device’s software.

    How to update your Chrome browser

    • Open Google Chrome browser
    • Select About Google Chrome from the Chrome menu
    Screenshot of a Google Chrome menu

    Screenshot showing steps to update Chrome (Kurt “CyberGuy” Knutsson)

    • Allow it to scan from a most recent update
    Screenshot of Google Chrome menu

    Screenshot showing steps to update Chrome (Kurt “CyberGuy” Knutsson)

    • Click Relaunch to complete the update

    Also check for updates for productivity apps, media players and email clients. Developers often patch vulnerabilities quietly, so it’s worth keeping everything current even if the Mac itself isn’t.

    3) Strengthen password protection

    A secure Mac starts with a strong password. Avoid simple combinations or anything that includes personal information. Use a passphrase if you have trouble remembering complex strings. Don’t reuse passwords across services. If one account is compromised, others will be too. Consider using a password manager to generate and store complex passwords.

    Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

    How to Change Your Mac Login Password (with current password)

    • Click the Apple menu in the top-left corner.
    • Select System Settings (called System Preferences in older macOS versions).
    • Navigate to Users & Groups or Login Password in newer versions.
    • Click the Info (i) button next to your user account.
    • In the pop-up that appears, click Change next to the password field.
    • Enter your old (current) password, then type your new password, verify it, and set a password hint (optional).
    • Click Change Password to finalize.

    4) Enable two-factor authentication (2FA)

    Two-factor authentication (2FA) adds an extra layer of protection to your accounts. Even if someone guesses or steals your password, they won’t be able to log in without the second code, usually sent to your phone or generated by an app.

    TOP MULTI-FACTOR AUTHENTICATION APPS TO PROTECT YOUR ACCOUNTS

    Make sure 2FA is enabled on your Apple ID, Gmail, social media accounts, banking apps and any cloud services you use. It’s a simple step that significantly increases your account security.

    5) Install strong antivirus software

    While Macs have built-in security features like Gatekeeper and XProtect, older systems may not receive the latest threat definitions. Installing third-party antivirus software can help fill in the gaps.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at CyberGuy.com.

    6) Turn on FileVault to encrypt your data

    Even if your Mac is older, FileVault can still encrypt your entire hard drive. This protects your data if your device is lost or stolen.

    How to turn on FileVault:

    • Go to System SettingsPrivacy & SecurityFileVault.
    • Click Turn On FileVault.
    • Choose to use your iCloud account or create a recovery key.
    • Restart your Mac to begin encryption.

    Pro tip: If your Mac is too old to support FileVault 2 (full-disk encryption), consider encrypting sensitive files manually using Disk Utility.

    A Mac computer on a table

    Cybersecurity experts recommend regularly updating older Mac computers to reduce the risk of security threats (Kurt “CyberGuy” Knutsson)

    7) Use a VPN

    Outdated macOS versions may be vulnerable to DNS hijacking or network-based attacks. Secure your internet traffic by enabling a VPN to encrypt your data in transit.  A reliable VPN is essential for protecting your online privacy and ensuring a secure, high-speed connection. Use a VPN with a no-logs policy for added privacy and protection.

    For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android & iOS devices at Cyberguy.com.

    8) Remove unused apps and system extensions

    Older apps and background processes can introduce vulnerabilities if they’re no longer maintained.

    • Open FinderApplications and delete anything you don’t use.
    • Check System SettingsGeneralLogin Items for anything unfamiliar.
    • Review System Settings > Privacy & SecurityExtensions and disable outdated tools.

     9) Use a limited (non-admin) user account for everyday use

    Running as an admin all the time increases your risk. Creating a standard user account for everyday use limits what malware can do if it sneaks in.

    How to add a standard user:

    • Go to System Settings > Users & Groups.
    • Click Add Account (+).
    • Choose Standard instead of Admin.

     10) Back up your data regularly

    If malware does sneak in or your system crashes, a recent backup can save the day.

    • Use Time Machine (built into macOS) to back up to an external drive.
    • Or choose a cloud backup provider that supports macOS.

    Set it to back up automatically, at least weekly. Here are step-by-step instructions to back up your Mac.

    CLICK HERE TO GET THE FOX NEWS APP

    An overhead view of an Apple store

    An Apple Store on Aug. 29, 2025, in Chongqing, China. (Cheng Xin/Getty Images)

    Kurt’s key takeaway

    Just because your Mac is aging doesn’t mean it’s defenseless. With regular updates, strong passwords, and added layers like FileVault and antivirus protection, you can stay ahead of threats. Take the time now to lock things down, remove risky apps, and back up your data. These small actions make a big difference in keeping your older Mac secure.

    How often do you change your Mac? Let us know by writing to us at Cyberguy.com.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Everything You Can Do From the Chrome Address Bar (Besides Run Searches)

    Everything You Can Do From the Chrome Address Bar (Besides Run Searches)

    [ad_1]

    It tends to really be used only by developers, but the address bar and search box up at the top of the Google Chrome interface has an official name: the omnibox. It reflects the multipurpose capabilities of this little text field, as it’s able to do much more than look up web addresses and run searches on Google.

    When you know about everything the omnibox can do, you can save time jumping between different apps and sites, and get things done more quickly. What’s more, Google is constantly adding new features to the omnibox. Most recently, as you might expect, the company added an integration with Gemini AI.

    Here are a few of our favorites—just remove the quotes around the text examples below to get the code you need to type into the omnibox.

    Chat With Gemini

    We’ve just mentioned the most recent upgrade to the Chrome omnibox, so we may as well start here: Type out “@gemini” in the address bar, then a space, then your prompt for the chatbot. Hit Enter, and the query will be run in Google Gemini. Chrome will use whatever flavor of Gemini is included with your Google account (so Gemini Advanced, if you’re a paying user).

    Carry Out Conversions

    Any kind of conversion you need, the all-powerful omnibox can take care of for you: Turn kilometers into miles, or dollars into euros, or days into months. All you have to do is type out the desired conversion in a way that makes sense. Chrome is pretty good at working out what you’re trying to do, so for example, you can type “£34 in us dollars” and it will know you’re looking for a conversion. You should immediately see the result appear underneath—you don’t need to hit Enter.

    Run Basic Calculations

    On a related note, you can run simple calculations from the Chrome omnibox as well, no need to press Enter. Anything like “24*8” or “352+91” will instantly show a result underneath—as will “24*8-352+91″—and you can use brackets if you need part of the sum worked out first. If you do press Enter afterwards, the full Chrome calculator opens up.

    Check the Weather

    Want to know the weather, anywhere? Chrome will tell you.Courtesy of David Nield

    Chrome can report on live weather conditions from the omnibox. Just type “weather” (no need to press Enter) to see a mini description of the current conditions in wherever you are. Note that this only gives the most accurate result if Chrome has access to your current location. Add a town, city, or postal code on the end to see conditions in that place, and hit Enter after your query for a more detailed forecast.

    Search Your Bookmarks

    You can search through your Chrome bookmarks right from the omnibox, without having to open up the browser’s integrated Bookmark Manager. You do need to type out the name of one of your bookmark folders first, so Chrome knows what you’re trying to do, and you can then write any word or phrase to see instant results for pages saved in that bookmarks folder.

    Make Notes in Chrome

    If you need to quickly get some thoughts down in Chrome and you don’t want to launch a separate program, the code “data:text/html, ” followed by Enter will give you a blank tab you can type into. It’s not the most advanced of text editors—there’s no formatting and no auto-save—but it works well as a quick solution for jotting down notes.

    Get Quick Definitions

    If you’re unsure what a particular word means, Chrome can tell you, and you don’t need to leave the page you’re currently on to find out the definition. Type “define”, then a space, then the word you want the meaning for, and a basic definition pops up underneath. To get back to the URL of the page you were viewing, press Esc to remove the definition.

    Screenshot of typing define cornucopia into the Chrome address bar

    The Chrome omnibox can define any word for you.Courtesy of David Nield

    Create New Documents

    You can quickly create new documents, spreadsheets, or presentations in Google’s online office suite by typing “docs.new”, “sheets.new”, or “slides.new” into the omnibox. When you press Enter, the new file is created in the Google Drive for the current Google account. To create a new file in a new window (leaving the current one alone), use Shift+Enter after your command.

    There’s a whole suite of things .new shortcuts can launch, and Google continues to add new capabilities.

    Start New Emails

    There’s a similar trick for creating new emails in the default email client on your computer: Type “mailto:” and hit Enter to open a blank email. You can also prepopulate the To: field with the destination address by typing it after the colon, if you know it. To set the default email client on Windows, choose Apps > Default Apps from Settings; over on macOS, pick Mail > Settings > General from Apple Mail.

    Run Instant Google Searches

    On many Google searches, you get the answer above the list of links on the results page. These “instant” searches work in Chrome too. Ask about facts (like the height of the Eiffel Tower or the mass of Jupiter), celebrity ages, the days until a certain date, current stock prices for a company, the size of countries, the authors of books, and so on.

    [ad_2]

    David Nield

    Source link

  • How to Create Your Own Browser Extension

    How to Create Your Own Browser Extension

    [ad_1]

    Most of us spend a lot of time inside a web browser. If you’re a Chrome, Firefox, or Edge user, then you’ll know these browsers come with a huge number of third-party extensions to augment the features already built into the software.

    But what if you need some kind of specific extra functionality, some tool or feature that’s not covered by existing add-ons? Then it might be time to consider writing your own browser extension. That might sound daunting, but It’s not that difficult to do once you learn how. And once you’ve created a custom extension, you can either keep it for your own private use or make it public so anyone can use it.

    Some coding knowledge is required, so you’ll need to learn the basics of how web pages and scripts are written if you don’t already know them. If you’re a beginner, you can start small and work your way up. There are also a lot of helpful resources out there on the web if you need them, everything from code libraries to online courses.

    Get Started

    You’re going to need an idea for an extension you can write.

    Photograph: David Nield

    There are certain components that make up a browser extension. First is the manifest, which takes the filename manifest.json and contains various bits of metadata identifying the extension and what it does. You put the name of the extension in the manifest, describe what it does, and specify a default action that the extension carries out.

    Check out the manifest file format documentation provided by Google for Chrome. You can see some examples there, including a minimal manifest only containing the basics. The manifest points to all of the other required files for the extension, which should be kept in the same folder as you develop it.

    Some of the files the manifest points to are the icon files, which visually represent your extension in the browser. Users will look for your icon to see that your extension is running, and they’ll click on the icon to access the extension’s settings or to disable it. You should create a 128 x 128-pixel icon as a minimum, and icons at other sizes (as listed here) are recommended, so the extension looks the same everywhere it appears in the browser, from the settings screen to the tab bar. If you don’t provide an icon, a generic one showing the first letter of the extension name will be used instead.

    You then have your scripts, which do the actual work of the extension and can come in a variety of forms: HTML (Hypertext Markup Language) for basic web design, CSS (Cascading Style Sheets) for more advanced styling and manipulation of objects on the web, and JavaScript to do the bulk of the programming tasks (assuming your extension does something more than simply loading a page on screen).

    [ad_2]

    David Nield

    Source link

  • How to Clear Your Browser’s Cache, and Why You Should

    How to Clear Your Browser’s Cache, and Why You Should

    [ad_1]

    Every web browser has what’s called a cache: A temporary storage space for web pages that syncs online content to your computer or mobile device. This syncing is designed to help websites load up faster, and put less of a strain on your internet bandwidth.

    It’s a good idea and it works well most of the time, which is why every browser does it. However, it can cause problems. By its very nature, cached content can fall out of date: Browsers will try to ensure this doesn’t happen, but it can, and that might mean you’re looking at information, links, and images that are no longer accurate or relevant.

    What’s more, discrepancies between cached content and what’s actually on the internet can also cause all kinds of weird bugs, like pages not loading properly or web apps not functioning.

    Cached content can also represent a security vulnerability. Data stored on your computer about the websites you’ve visited can tell a story of your online activity—and while it would require physical access to your computer and a skilled hacker to find it, it’s a possibility.

    For all these reasons, you might want to regularly clear out cached pages. Clearing the cache effectively resets the browser’s relationship to the webpage, and can often fix problems with a site.

    Note that cached files are different than cookies. Cookies are bits of information saved by websites that tell them details about who you are and where you’re located—so you don’t have to log in every time you visit Gmail, for example. The cache holds different information, like images and page furniture.

    There are reasons to clear your browser’s cookies too, but we’re going to focus on the cache here. This is how to do the job no matter what browser you’re using.

    Google Chrome

    Clearing the cache in Google Chrome.

    Courtesy of David Nield

    In Chrome on the desktop, click the three dots (top right), then Settings. Open up the Privacy and security tap, click Clear browsing data, and then select Cached images and files under the Basic tab.

    [ad_2]

    David Nield

    Source link

  • Why Apple’s iPhone Browser-Choice Option Sucks

    Why Apple’s iPhone Browser-Choice Option Sucks

    [ad_1]

    A few representatives from smaller browser companies also expressed that they wanted more information included with Apple’s choice process, like definitions of what a browser is for less tech-savvy users and descriptions of the different browsers’ specialties. “Giving people information about the choice, and also information about what they’re choosing is really, really important,” says Kush Amlani, a global competition and regulatory counsel at Mozilla, which makes the Firefox browser.

    Sophie Dembinski, a head of public policy and climate action at Ecosia, mentioned how Apple’s pop-up appears for all iPhone users even if they’ve already gone into their phone’s settings and set an alternative browser as their default. In comparison, Google’s browser choice screen for Android users won’t show up if you’ve already gone through the steps of setting a preference for a third-party option.

    While many developers are unhappy with Apple’s implementation, not every company with a browser on the choice screen expressed frustration. “We believe that Apple’s approach to presenting the browser choice screen is fair and acceptable,” says Andrew Moroz Frost, the Aloha Browser founder. He pointed out the randomized order of the browsers shown on the pop-up as one example of Apple designing it in a fair manner.

    Richard Socher, the founder and CEO of You.com, seemed more encouraged by there being a browser choice screen that includes the search-focused startup rather than frustrated by Apple’s implementation. “I think it’s great that there’s not the default already preselected,” he says. Socher highlighted the randomized order as a positive sign as well.

    Is this choice screen a true turning point for alternative browsers to grow their user base? “We’re expecting to have a clear picture on user uplift within months, not weeks,” says Dembinski. While some browsers reported initial upticks in downloads, it still seems too soon to make sweeping generalizations about the long-term efficacy of Apple’s choice screen.

    “We would like to encourage platform providers to also level out the playing field for app developers around the world, not just in the EU,” says Jan Standal, a vice president of product marketing at Opera. Some of the companies WIRED spoke with remain hopeful that the precedent of browser choice screens set by the DMA will inspire international software changes.

    Shortly after Apple’s choice screen launched, the European Commision announced that the screen would be part of its wider investigation into how Apple, Google, and Meta might be breaking these updated regulations: “The Commission is concerned that Apple’s measures, including the design of the web browser choice screen, may be preventing users from truly exercising their choice of services within the Apple ecosystem, in contravention of Article 6(3) of the DMA.” In keeping with its slow-moving tradition, this investigation may take up to a year to complete.

    [ad_2]

    Reece Rogers

    Source link

  • The Best VPNs to Protect Yourself Online

    The Best VPNs to Protect Yourself Online

    [ad_1]

    Mullvad offers apps for every major platform, as well as routers. The applications are all open source, and you can check the code on GitHub. The service has been independently audited as well. Advanced users can download configuration files and use them directly with OpenVPN or Wireguard.

    In my testing, speeds were very good. I never encountered a situation where I couldn’t get a fast connection. Over the years Mullvad remains the VPN I rely on day-to-day.

    Mullvad VPN costs 5 euros (around $5) per month, cash or charge.

    Best Free VPN

    Proton VPN is part of a suite of privacy tools from Proton, which is most famous for its encrypted email service, ProtonMail. The company is based in Switzerland, which has no data retention laws, so Proton VPN can have a no-logs policy. It has been independently audited and maintains a warrant canary page. All the usual features of a good VPN are here, including support for multi-hop connections, a kill switch in the app, split tunneling support, pretty good geo evasion for making Netflix work, and support for torrents. There’s also support for ad-blocking, custom DNS, and high-speed streaming.

    One thing Proton VPN offers that others do not is a free plan that gets you full access to all the regular plan’s features. However, it is limited to a single device, and there are only three server locations (Japan, Netherlands, and the US). If your needs are limited and you want to keep costs down, this is a good option.

    Proton’s pricing structure can be confusing since you can combine it with other services to lower the rates. For purposes of testing, I used a one-year Proton VPN Plus plan that’s $6 per month. If you use other Proton services, Proton Unlimited pricing is a better deal ($10 per month gets you access to all five Proton services).

    Proton’s VPN app is open source and available for macOS, Linux, Windows, Android, and iOS. With the Plus plan, 10 devices can connect simultaneously. Proton VPN uses a mix of IKEv2, OpenVPN, and WireGuard for connections. By default, the app chooses for you, but you can make a selection in the settings. I also like the Permanent Kill Switch, which prevents your device from reconnecting to the internet without a VPN even after a reboot.

    In my testing over the past few months, speeds on Proton VPN vary considerably by server and time of day. Overall, Proton VPN is very fast, dropping my speed by only around 7 to 8 percent versus unprotected speed. I also did not detect any DNS leaks through any of the servers I tried.

    Proton VPN has a free plan but it’s limited to one device. It otherwise costs $5 per month if you buy two years upfront, $6 per month if you buy one year, and $10 per month if you pay monthly.

    Best for Circumventing Geographic Restrictions

    Surfshark wouldn’t be my top pick if my life depended on my VPN, but for most of us, that’s not the case. If you want a way to get around some geographical restrictions on content (aka access Netflix) and protect your traffic while using an open Wi-Fi hotspot, Surfshark is a good choice. It’s secure, and it provides great value for the money if you pay for two years upfront.

    In my testing over the years, Surfshark has consistently had some of the best speeds of any VPN I’ve used. Yes, it is slower than not using a VPN, but I have never had any problem streaming HD content through Surfshark. It’s fast enough that you won’t notice any speed degradation.

    [ad_2]

    Scott Gilbertson

    Source link

  • It’s Time to Switch to a Privacy Browser

    It’s Time to Switch to a Privacy Browser

    [ad_1]

    The browser is part of a bigger project to keep internet browsing anonymous: Use Tor and you use the Tor Project network, a complex, encrypted relay system managed by the Tor community, making it much harder for anyone else to follow your activities online.

    As well as this additional layer of anonymity, Tor Browser is super-strict on the background scripts and tracking tech that sites can run. It also blocks fingerprinting, a method where advertisers attempt to recognize the unique characteristics of your device.

    At the end of each browsing session, everything gets wiped, including cookies left behind by sites and the browsing history inside the Tor Browser app itself. In other words, private browsing that leaves no trace is the default—and indeed the only option.

    Brave gives you a clean, speedy browsing experience.

    Brave via David Nield

    Brave comes with all the tracking protection features you would expect: Ads are completely blocked, there are tight restrictions on the data that sites can gather through cookies and tracking scripts, and you’re always kept informed about what’s happening.

    The browser comes with an optional built-in VPN, though it costs extra ($10 a month). You can also, if you want, use Brave to access the Tor network we mentioned with the Tor browser and take advantage of its anonymizing relay service that hides your location and browsing data.

    There’s no doubt about the effectiveness of Brave’s tracker-blocking technologies, and getting around the web in Brave is quick and snappy. It’s a comprehensive package and one that strikes a well-judged balance between simplicity and power for the majority of users.

    Brave has regularly pioneered features related to innovative web technologies, including cryptocurrencies, NFTs, and (most recently) artificial intelligence; there’s actually a new AI assistant built into it. In other words, it’s not exclusively focused on security and privacy.

    Firefox browser

    Firefox is part of a suite of privacy products from Mozilla.

    Firefox via David Nield

    Firefox has long been at the forefront of online privacy—blocking tracking cookies across sites by default, for example—and it continues to be one of the best options for making sure you’re giving away as little data as possible as you make your way across the web.

    [ad_2]

    David Nield

    Source link