Being Safe Online

Post Reply New Topic

that really good to know, can you turn on your VPN on your app?

incorrect.

VPN also redirects your traffic through their servers, so nobody on your local network - not even the network administration - can tell what sites you visit; all they can see is your computer talking to the VPN server.

I ran across something interesting the other day. Some malicious web sites have started using what looks like a captcha to lure people into allowing notifications. These "notifications" can include things like popups designed to appear like they are a virus warning with a phone number to a "Microsoft associate" to help you fix the problem.

I have noticed an upswing in captchas lately and so I checked the browser and found a number of sites given permission to push notifications to me that I had never seen before and that were highly suspicious. My intention now is to go through that at least once a week.

This is why VPNs are strongly encuraged when using file-sharing programs so your internet provider cant see you pirating copyrighted stuff

Here's a web site article that explains the issue with fake captchas from malicious web sites:

https://krebsonsecurity.com/2025/06/inside-a-dark-adtech-empire-fed-by-fake-captchas/

I mostly use Vivaldi. The latest version apparently includes the ability to use ProtonVPN. ProtonVPN seems to be one of the most trustworthy of providers out there. I have a Proton Visionary account which is no longer available to new subscribers. The Visionary account includes everything that Proton does. ProtonVPN does contain some connections that does not require a subscription.

Even though I haven't used the built-in ProtonVPN on Vivaldi yet, I use it otherwise. For example, on my cell phone, all my internet traffic is routed through the VPN using the "Secure Core" option with the traffic going through two hops -- one in Iceland and one in the US.

A few years ago, just for grins, I used the "Secure Core" option to route all my traffic from that one computer through Sweden and Japan. Then, using the connection, I connected from the workstation on my desk to a server in the computer room (about 50 feet away) by routing the traffic through Sweden and Japan. The first time I tried that, it was surprisingly fast, but the second time it was somewhat slower.

One of my primary uses for the VPN is to test my security on my servers.

On my firewall, I have assigned three different groups that an IP address can be assigned to. In a configuration file, each IP address is assigned to either %local%, %usa%, or %all%.

If tagged with %local%, the computer with that IP address can originate traffic but the firewall blocks any traffic to that IP address that originated elsewhere. For example, suppose my workstation is tagged %local%. Then if someone tries to connect to that IP address from anywhere that is not local as defined in a configuration file loaded by the firewall, they are blocked.

If tagged with %usa%, the computer can originate traffic, but the firewall blocks all traffic that is not from the "local" configuration file and that is not from an IPv4 or IPv6 block in the US. The US blocks for IPv4 and IPv6 are downloaded every day from ipdeny.com with

/usr/local/bin/wget -q -O /root/us4_table http://www.ipdeny.com/ipblocks/data/agg ... gated.zone
/usr/local/bin/wget -q -O /root/us6_table http://www.ipdeny.com/ipv6/ipaddresses/blocks/us.zone

If tagged with %all%, the firewall will not block any traffic based on source unless they are blocked for some other reason. Our DNS servers and web servers and mail servers are tagged %all%. Of course, anything with %all% is capable of doing its own blocking. Each of our servers also does its own determination of whether to allow connections from outside the US. While fluffy (one of my primary servers) may be tagged %all%, the configuration file on fluffy will block everything from outside the US.

One day about seven or eight years ago, I happened to check the authorization logs on one of our servers and found that in the previous month, it had seen approximately 1.3 million attempts to connect to it on ssh. Of those 1.3 million attempts, approximately half were from one block of 256 addresses in China! I checked the other servers and they were seeing the same.

So I came up with this scheme to block incoming connections from outside of the US to those ssh servers. The number of ssh connection attempts logged by each server dropped to under 100 daily.

Whenever I need to test the firewall and the servers, I can just set the VPN to use whatever state or country that I wish and connect through it. For example, if I want to make sure that Russian addresses are blocked, I can use a ProtonVPN server in Russia for testing.