An anonymous reader quotes a report from Ars Technica: Within the past year, there have been approximately five times more school shooting hoaxes called in to police than actual school shootings reported in 2023. Where data from Everytown showed "at least 103 incidents of gunfire on school grounds" in 2023, The Washington Post recently uncovered what seems to be a coordinated campaign of active shooter hoaxes causing "swattings" -- where police respond with extreme force to fake crimes -- at more than 500 schools nationwide over the past year. In just one day in February, "more than 30 schools were targeted," The Post reported.

The Post "examined police reports, emergency call recordings, body-camera footage, or call logs in connection with incidents in 24 states," which seemed to reveal a "distinct pattern" potentially linking swatting hoaxes nationwide. A man who "speaks with a heavy accent" -- and possibly uses a device or app to alter his voice in real time -- relies on a virtual private network (VPN) to mask his IP address, then places the hoax calls on non-emergency lines using free Internet-calling services. He frequently pretends to be a teacher hiding from the fake shooter on campus and sometimes falsely reports student shootings. To some law enforcement officials, the voice sounds too similar from call to call to be chalked up to coincidence. The Post stitched together audio that shows why many authorities believe these hoax calls might be coming from the same caller, whose motivations are currently unknown. It's possible the hoax calls are being orchestrated by one person with a hostile compulsion or by one or several perpetrators advertising swatting services available for hire online. [...]

According to The Post, the FBI has been investigating this string of school shooting hoaxes, but it's unclear how far that investigation has gotten -- mostly because tracing the hoax calls has perplexed many law enforcement agencies nationwide. Tracing calls is difficult partly because many VPN providers outside the US don't always cooperate with law enforcement, and some of the most popular free Internet-calling services only require an email address to sign up. However, The Post reported that it has increasingly become clear to law enforcement that one particular Internet-calling service appears to be the most popular choice for hoax callers reporting school shootings: TextNow. One police captain in Lousiana, Shannon Mack -- who is described as specializing in "cases involving Internet-based phone services -- told The Post that "nine times out of 10," hoax calls she has investigated have come from a TextNow number.

Apple on Monday rolled out iOS 17, iPadOS 17, tvOS 17, HomePod 17 and watchOS 10, the latest operating system versions for all its devices minus the Mac lineup. iOS 17: iOS 17 expands on last year's Lock Screen updates with the addition of interactive widgets and StandBy, a new feature that turns the iPhone into a mini home hub when it is charging. You can now see voicemail transcriptions in real time, and leave video messages in FaceTime. FaceTime also now works on the Apple TV with tvOS 17. With NameDrop, exchanging contacts is as simple as touching two phones together, and Messages has been overhauled with new safety features and updates to the way that stickers work. Autocorrect is better than ever, Spotlight search has been improved, private browsing in Safari is more secure with Face ID lock, and there's now a mood tracking feature in the Health app. Passwords can be shared in iCloud Keychain and AirTags can be shared among family members too, plus there are new features for the AirPods Pro. Apple has also added updates to Siri, Mail, Reminders, Notes, Home, and more. tvOS 17: In tvOS 17, Apple has added a FaceTime app for FaceTime calls on a larger screen. The feature works through an iPhone or iPad running iOS 17/iPadOS 17, with the iOS device serving as the camera and the TV serving as the display. With a Split View option, you can place your FaceTime call on one side of the TV and a TV show or game on the other side for SharePlay experiences. [...] Other new features include Dolby Vision 8.1 support, an enhance dialogue option to make it easier to hear what's being said over music and effects, and support for third-party VPN apps.

An anonymous reader quotes a report from Ars Technica: Russia's military intelligence unit has been targeting Ukrainian Android devices with "Infamous Chisel," the tracking name for new malware that's designed to backdoor devices and steal critical information, Western intelligence agencies said on Thursday. "Infamous Chisel is a collection of components which enable persistent access to an infected Android device over the Tor network, and which periodically collates and exfiltrates victim information from compromised devices," intelligence officials from the UK, US, Canada, Australia, and New Zealand wrote (PDF). "The information exfiltrated is a combination of system device information, commercial application information and applications specific to the Ukrainian military."

Infamous Chisel gains persistence by replacing the legitimate system component known as netd with a malicious version. Besides allowing Infamous Chisel to run each time a device is restarted, the malicious netd is also the main engine for the malware. It uses shell scripts and commands to collate and collect device information and also searches directories for files that have a predefined set of extensions. Depending on where on the infected device a collected file is located, netd sends it to Russian servers either immediately or once a day. When exfiltrating files of interest, Infamous Chisel uses the TLS protocol and a hard-coded IP and port. Use of the local IP address is likely a mechanism to relay the network traffic over a VPN or other secure channel configured on the infected device. This would allow the exfiltration traffic to blend in with expected encrypted network traffic. In the event a connection to the local IP and port fails, the malware falls back to a hard-coded domain that's resolved using a request to dns.google.

Infamous Chisel also installs a version of the Dropbear SSH client that can be used to remotely access a device. The version installed has authentication mechanisms that have been modified from the original version to change the way users log in to an SSH session. [...] The report didn't say how the malware gets installed. In the advisory Ukraine's security service issued earlier this month (PDF), officials said that Russian personnel had "captured Ukrainian tablets on the battlefield, pursuing the aim to spread malware and abuse available access to penetrate the system." It's unclear if this was the vector.

Katie Malone writes via Engadget: "Tor" evokes an image of the dark web; a place to hire hitmen or buy drugs that, at this point, is overrun by feds trying to catch you in the act. The reality, however, is a lot more boring than that -- but it's also more secure. The Onion Router, now called Tor, is a privacy-focused web browser run by a nonprofit group. You can download it for free and use it to shop online or browse social media, just like you would on Chrome or Firefox or Safari, but with additional access to unlisted websites ending in .onion. This is what people think of as the "dark web," because the sites aren't indexed by search engines. But those sites aren't an inherently criminal endeavor.

"This is not a hacker tool," said Pavel Zoneff, director of strategic communications at The Tor Project. "It is a browser just as easy to use as any other browser that people are used to." That's right, despite common misconceptions, Tor can be used for any internet browsing you usually do. The key difference with Tor is that the network hides your IP address and other system information for full anonymity. This may sound familiar, because it's how a lot of people approach VPNs, but the difference is in the details. VPNs are just encrypted tunnels hiding your traffic from one hop to another. The company behind a VPN can still access your information, sell it or pass it along to law enforcement. With Tor, there's no link between you and your traffic, according to Jed Crandall, an associate professor at Arizona State University. Tor is built in the "higher layers" of the network and routes your traffic through separate tunnels, instead of a single encrypted tunnel. While the first tunnel may know some personal information and the last one may know the sites you visited, there is virtually nothing connecting those data points because your IP address and other identifying information are bounced from server to server into obscurity.

Accessing unindexed websites adds extra perks, like secure communication. While a platform like WhatsApp offers encrypted conversations, there could be traces that the conversation happened left on the device if it's ever investigated, according to Crandall. Tor's communication tunnels are secure and much harder to trace that the conversation ever happened. Other use cases may include keeping the identities of sensitive populations like undocumented immigrants anonymous, trying to unionize a workplace without the company shutting it down, victims of domestic violence looking for resources without their abuser finding out or, as Crandall said, wanting to make embarrassing Google searches without related targeted ads following you around forever.

ASUS has released new firmware for several router models to address security vulnerabilities, including critical ones like CVE-2022-26376 and CVE-2018-1160, which can lead to denial-of-service attacks and code execution. The company advises customers to update their devices immediately or restrict WAN access until the devices are secured, urging them to create strong passwords and follow security measures. BleepingComputer reports: The first is a critical memory corruption weakness in the Asuswrt firmware for Asus routers that could let attackers trigger denial-of-services states or gain code execution. The other critical patch is for an almost five-year-old CVE-2018-1160 bug caused by an out-of-bounds write Netatalk weakness that can also be exploited to gain arbitrary code execution on unpatched devices.

"Please note, if you choose not to install this new firmware version, we strongly recommend disabling services accessible from the WAN side to avoid potential unwanted intrusions. These services include remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port trigger," ASUS warned in a security advisory published today. "We strongly encourage you to periodically audit both your equipment and your security procedures, as this will ensure that you will be better protected."

The list of impacted devices includes the following models: GT6, GT-AXE16000, GT-AX11000 PRO, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, and TUF-AX5400.

Along with FaceTime support and a redesigned Control Center, Apple is adding support for VPN apps in tvOS 17. MacRumors reports: VPN apps could allow for Apple TV users to watch geo-restricted content from any location, such as the U.S. version of Netflix in another country. In its tvOS 17 press release, however, Apple focused on how the VPN apps can benefit enterprise and education users, so it is possible that Apple could restrict usage of the apps.

Apple: "Third-party VPN support, which enables developers to create VPN apps for Apple TV. This can benefit enterprise and education users wanting to access content on their private networks, allowing Apple TV to be a great office and conference room solution in even more places."

Firefox users have been complaining about very intrusive full-screen advertisements promoting Mozilla VPN displayed in the web browser when navigating an unrelated page. From a report: The ads popping in Firefox disable the web browser's functionality, denying users access to the interface and graying out everything in the background until they close them. Some users reported on Reddit that the annoying full-screen ads even cause Firefox to become unresponsive for up to 30 seconds, forcing them to terminate the browser's process. [...] BleepingComputer has contacted Mozilla about the matter and received the following statement following the barrage of complaints from Firefox users: "We're continuously working to understand the best ways to communicate with people who use Firefox. Ultimately, we accomplished the exact opposite of what we intended in this experiment and quickly rolled the experience back. We apologize for any confusion or concern."

Internet users are turning to VPN services as a means to circumvent Utah's new law requiring porn sites to verify users' ages. The spike in VPN searches appears to be directly related to Pornhub's decision on Tuesday to completely disable its websites for people living in the state. TechRadar reports: Google searches for virtual private networks (VPNs) have been skyrocketing since, with a peak registered on May 3, the day the new law came into force. By downloading a VPN service, pornography fans will be able to keep accessing Pornhub and similar sites with ease. That's because a virtual private network is security software able to spoof users' IP address (digital location and device identifier). Hence a surge of interest in VPNs across Utah as people will simply need to connect to a server located in a US state or foreign country where the restriction isn't yet enforced.

"Utah's age-verification law shows a worrying trend to further restrict digital freedoms and disregard data privacy across the US," said a spokesperson of secure VPN provider Private Internet Access (PIA). "Private Internet Access is a long-time advocate of greater digital privacy, and we urge lawmakers to consider other ways of protecting children online, including education, guidance from parents, and open conversations about safe internet usage, rather than relying on increasingly intrusive digital regulations which disregard people's privacy and online freedom." You can see the spike in "virtual private network" searches via Google Trends.

"Search queries for VPN were at peak popularity in Utah just before 4 a.m. EST Tuesday, according to the trends data," notes Newsweek. "Other related queries in the past week include searches for VPN extensions like Hola and Fox Speed."

The Washington Post's "Tech Friend" newsletter suggests some "tech fears you can stop worrying about." And it starts by reasuring readers, "You're fine using the WiFi in a coffee shop, hotel or airport. "Yes, it is safe," said Chester Wisniewski, a digital security specialist with the firm Sophos. Five or 10 years ago, it wasn't secure to use the shared WiFi in a coffee shop or another place outside your home. But now, most websites and apps scramble whatever you do online. That makes it tough for crooks to snoop on you when you're connected to public WiFi. It's not impossible, but criminals have easier targets.

Even Wisniewski, whose job involves sensitive information, said he connected to the WiFi at the airport and hotel on a recent business trip. He plans to use the WiFi at a conference in Las Vegas attended by the world's best computer hackers. Wisniewski generally does not use an extra layer of security called a VPN, although your company might require it. He avoids using WiFi in China.

You should be wary of public WiFi if you know you're a target of government surveillance or other snooping. But you are probably not Edward Snowden or Brad Pitt... For nearly all of us and nearly all of the time, you can use public WiFi without stress.
The newsletter also suggests we stop worrying about public phone chargers. ("Security experts told me that 'juice jacking' is extremely unlikely... Don't worry about the phone chargers unless you know you're being targeted by criminals or spies.")

Beyond that, "Focus your energy on digital security measures that really matter" — things like using strong and unique passwords for online accounts. ("This is a pain. Do it anyway.") And it calls two-factor authentication possibly the single best thing you can do to protect yourself online.

Mullvad, the Swedish company behind Mullvad VPN (virtual private network), says police walked away with nothing after attempting to seize computers from its office. From a report: According to an update on Mullvad's site, the authorities left and didn't take anything after it informed them that the company doesn't store customer data. "We argued they had no reason to expect to find what they were looking for and any seizures would therefore be illegal under Swedish law," Mullvad writes. "After demonstrating that this is indeed how our service works and them consulting the prosecutor they left without taking anything and without any customer information." [...] Mullvad says this is the first time in its 14 years of operating a VPN that police have issued a search warrant, and company CEO Jan Jonsson tells The Verge he doesn't "know exactly what they were looking for." Even if the authorities had seized its servers, Jonsson says that police wouldn't have found anything due to its strict policies against keeping data. The Verge reached out to Swedish authorities with a request for more information but didn't immediately hear back.

An anonymous reader shares a report: You know that you're supposed to wipe your smartphone or laptop before you resell it or give it to your cousin. After all, there's a lot of valuable personal data on there that should stay in your control. Businesses and other institutions need to take the same approach, deleting their information from PCs, servers, and network equipment so it doesn't fall into the wrong hands. At the RSA security conference in San Francisco next week, though, researchers from the security firm ESET will present findings showing that more than half of secondhand enterprise routers they bought for testing had been left completely intact by their previous owners. And the devices were brimming with network information, credentials, and confidential data about the institutions they had belonged to. The researchers bought 18 used routers in different models made by three mainstream vendors: Cisco, Fortinet, and Juniper Networks. Of those, nine were just as their owners had left them and fully accessible, while only five had been properly wiped. Two were encrypted, one was dead, and one was a mirror copy of another device.

All nine of the unprotected devices contained credentials for the organization's VPN, credentials for another secure network communication service, or hashed root administrator passwords. And all of them included enough identifying data to determine who the previous owner or operator of the router had been. Eight of the nine unprotected devices included router-to-router authentication keys and information about how the router connected to specific applications used by the previous owner. Four devices exposed credentials for connecting to the networks of other organizations -- like trusted partners, collaborators, or other third parties. Three contained information about how an entity could connect as a third party to the previous owner's network. And two directly contained customer data.

The Free Software Foundation certifies products that meet their standards in regard to users' freedom, control over the product, and privacy. And they put out a new "Respects Your Freedom" certification on Thursday for ThinkPenguin's free software gigabit mini VPN router, the TPE-R1400.

From the FSF's announcement: This is ThinkPenguin's first device to receive RYF certification in 2023, adding to their vast catalogue of certified devices from previous years. As with previous routers from ThinkPenguin, the Free Software Gigabit Mini VPN Router ships with an FSF-endorsed fully free embedded GNU/Linux distribution called libreCMC. It also comes with a custom flavor of the U-Boot boot loader, assembled by Robert Call, the maintainer of libreCMC and a former FSF intern.

The router enables users to run their network connection through a VPN service, helping to simplify the process of keeping their communications secure and private. While ThinkPenguin offers a VPN service, users are not required to purchase a subscription to their service in order to use the router, and the device comes with detailed instructions on how to use the router with a wide variety of VPN providers.

"We're pleased to see ThinkPenguin continue with their commitment to bringing out devices that put software freedom as their first priority under the RYF program. The release of this router shows that ThinkPenguin is committed to the privacy and freedom of their users," said the FSF's executive director, Zoë Kooyman....

"The latest version of ThinkPenguin's VPN router lets its users take advantage of gigabit per second Internet connections while protecting their rights and privacy," said FSF's copyright and licensing associate, Craig Topham.

An anonymous reader quotes a report from Wired: The Russian government has banned more than 10,000 websites for content about the war in Ukraine since Moscow launched the full-scale invasion in February 2022. The blacklist includes Facebook, Twitter, Instagram, and independent news outlets. Over the past year, Russians living inside the country have turned to censorship circumvention tools such as VPNs to pierce through the information blockade. But as dozens of virtual private networks get blocked, leaving users scrambling to maintain their access to free information, local activists and developers are coming up with new solutions. One of them is Amnezia VPN, a free, open source VPN client.

"We even do not advertise and promote it, and new users are still coming by the hundreds every day," says Mazay Banzaev, Amnezia VPN's founder. Unlike commercial VPNs that route users through company servers, which can be blocked, Amnezia VPN makes it simple for users to buy and set up their own servers. This allows them to choose their own IP address and use protocols that are harder to block. "More than half of the commercial VPNs in Russia have been blocked because it's easy enough to block them: They do not block them by protocols, but by IP addresses," says Banzaev. "[Amnezia] is an order of magnitude more resilient than a typical commercial VPN." Amnezia VPN is similar to Outline, a free and open source tool developed by Jigsaw, a subsidiary of Google. Amnezia was created in 2020 during a hackathon supported by Russian digital rights organization Roskomsvoboda. Even then, "it was clear that things were moving toward stricter censorship," says Banzaev. [...]

It is unclear how many users the service has, since the organization doesn't have a way to monitor user numbers, Banzaev says. However, Amnezia offers a Telegram bot called AmneziaFree, which shares VPN configurations that help users access blocked platforms and news; it has almost 100,000 users. The bot is currently struggling with overload, and users are complaining about spotty service. Banzaev says the Amnezia team is working to add new servers on a limited budget, and that they are also working on a new version of the service. "Amnezia is not only used in Russia," notes Wired. "The service has spread to Turkmenistan, Iran, China, and other countries where users have been struggling with free access to the web."

The recently introduced RESTRICT Act, otherwise known as the "TikTok ban," is a dangerous substitute for comprehensive data privacy legislation, writes the Electronic Frontier Foundation in a blog post. From the post: As we wrote in our initial review of the bill, the RESTRICT Act would authorize the executive branch to block 'transactions' and 'holdings' of 'foreign adversaries' that involve 'information and communication technology' and create 'undue or unacceptable risk' to national security and more. We've explained our opposition to the RESTRICT Act and urged everyone who agrees to take action against it. But we've also been asked to address some of the concerns raised by others. We do that here in this post. At its core, RESTRICT would exempt certain information services from the federal statute, known as the Berman Amendments, which protects the free flow of information in and out of the United States and supports the fundamental freedom of expression and human rights concerns. RESTRICT would give more power to the executive branch and remove many of the commonsense restrictions that exist under the Foreign Intelligence Services Act (FISA) and the aforementioned Berman Amendments. But S. 686 also would do a lot more.

EFF opposes the bill, and encourages you to reach out to your representatives to ask them not to pass it. Our reasons for opposition are primarily that this bill is being used as a cudgel to protect data from foreign adversaries, but under our current data privacy laws, there are many domestic adversaries engaged in manipulative and invasive data collection as well. Separately, handing relatively unchecked power over to the executive branch to make determinations about what sort of information technologies and technology services are allowed to enter the U.S. is dangerous. If Congress is concerned about foreign powers collecting our data, it should focus on comprehensive consumer data privacy legislation that will have a real impact, and protect our data no matter what platform it's on -- TikTok, Facebook, Twitter, or anywhere else that profits from our private information. That's why EFF supports such consumer data privacy legislation. Foreign adversaries won't be able to get our data from social media companies if the social media companies aren't allowed to collect, retain, and sell it in the first place. EFF says it's not clear if the RESTRICT Act will even result in a "ban" on TikTok. It does, however, have potential to punish people for using a VPN to access TikTok if it is restricted. In conclusion, the group says the bill is similar to a surveillance bill and is "far too broad in the power it gives to investigate potential user data."

The Tor Project, the organization behind the anonymous network and browser, is helping launch a privacy-focused browser that's made to connect to a VPN instead of a decentralized onion network. From a report: It's called the Mullvad browser, named after the Mullvad VPN company it's partnered with on the project, and it's available for Windows, Mac, or Linux. The Mullvad browser's main goal is to make it harder for advertisers and other companies to track you across the internet. It does this by working to reduce your browser's "fingerprint," a term that describes all the metadata that sites can collect to uniquely identify your device.

"9to5Linux.com reports that the GNOME 44 desktop environment is officially released and gives a detailed look at the major new features and improvements," writes Slashdot reader prisoninmate. From the report: Code-named "Kuala Lumpur" in recognition of the work done by the organizers of GNOME.Asia Summit 2022 conference, GNOME 44 introduces a GTK4 port of the Epihaphy (GNOME Web) web browser, a file chooser grid view for apps that use the standard GTK file chooser, as well as support for adding a WireGuard VPN directly from the Network panel. GNOME 44 continues to improve the Quick Settings feature introduced in GNOME 43 by implementing a submenu to the Bluetooth button to more easily and quickly connect or disconnect peripherals, adding descriptions to buttons to easily see their status, and implementing a new feature called Background Apps via a new background monitoring service in XDG portals 1.16.0." A full list of changes are available in the official release notes. The GNOME project also published a launch video on YouTube.

Google is expanding VPN access to all Google One members on all plans and rolling out a new dark web report feature for all subscribers. From a report: VPN by Google One was previously only available to members on the Premium 2TB plan, but will now be available to all Google One members, including those on the Basic plan that starts at $1.99 per month. The tech giant notes that VPN by Google One adds more protection to your internet activity no matter what apps or browsers you use, shielding it from hackers or network operators by masking your IP address. Google is also introducing a new feature called "dark web report" for Google One members on all plans in the United States to help users monitor their personal information on the dark web. Dark web report will start rolling out over the next few weeks to members across all Google One plans in the United States.

An anonymous reader quotes a report from The Verge: Since Thursday morning, Dish Network has been experiencing a major outage that's taken down the company's main websites, apps, and customer support systems, and employees tell The Verge it's not clear what's going on inside the company. The company's Dish.com website is completely blank save for a notice apologizing for "any disruptions you may be having" while promising that "teams are working hard to restore systems as soon as possible." The Boost Mobile and Boost Infinite sites display a similar message. When we called each brand's customer support lines, there were no humans on the other end -- each call automatically hung up after delivering a recorded message about the outage.

In an ironic twist, the outage started around the time that Dish was set to release its earnings for Q4 and fiscal year 2022. CEO Erik Carlson addressed it during the company's earnings call, saying the company was experiencing an "internal outage that's continuing to affect our internal servers and IT telephony." While Carlson claimed that Dish, Sling, and the company's wireless networks were operating normally, he admitted that "internal communications, customer care functions, Internet sites" were knocked out. Internally, frontline employees have been kept in the dark about what's going on. Two sources tell The Verge that they are being told to stand by for information from their leadership teams, which haven't yet been forthcoming. They say it hasn't even been made clear whether they'll be paid. Employees have also been told that they won't be able to connect to their VPN, keeping remote workers from logging in to work.

Despite Carlson's comments that Dish's services should be working normally, Downdetector shows an increase in reports of issues using Dish Network's services, which include satellite TV and Boost Mobile's wireless network. Customers are reporting on social media that they're unable to activate new equipment or SIM cards received from the company, and alleged technicians say they can't complete installs and upgrades for customers. Customers have also said that the outage is preventing them from paying their bills. Some of the company's sites, like dishwireless.com and launch.5gmobilegenesis.com, are currently completely down and don't even display an error message. The good news is that the outage doesn't appear to be the result of a cyberattack, according to The Desk, though Dish likely hasn't concluded its investigation yet.

Regulators have told major Chinese tech companies not to offer ChatGPT services to the public amid growing alarm in Beijing over the AI-powered chatbot's uncensored replies to user queries. From a report: Tencent Holdings and Ant Group, the fintech affiliate of Alibaba Group Holding, have been instructed not to offer access to ChatGPT services on their platforms, either directly or via third parties, people with direct knowledge of the matter told Nikkei Asia. Tech companies will also need to report to regulators before they launch their own ChatGPT-like services, the sources added.

ChatGPT, developed by Microsoft-backed startup OpenAI, is not officially available in China but some internet users have been able to access it using a virtual private network (VPN). There have also been dozens of "mini programs" released by third-party developers on Tencent's WeChat social media app that claim to offer services from ChatGPT. Under regulatory pressure, Tencent has suspended several such third-party services regardless of whether they were connected to ChatGPT or were in fact copycats, people familiar with the matter told Nikkei. This is not the first time that China has blocked foreign websites or applications. Beijing has banned dozens of prominent U.S. websites and apps. Between 2009 and 2010, it moved to block Google, Facebook, YouTube, and Twitter. Between 2018 and 2019, it instituted bans on Reddit and Wikipedia.

Some people try to hide parts of their email address from online scrapers by spelling out "at" and "dot," notes a Washington Post technology newsletter. But unfortunately, "This spam-fighting trick doesn't work. At all." They warn that it's not just a "piece of anti-spam fiction," but "an example of the digital self-protection myths that drain your time and energy and make you less safe.

"Today, let's kill off four privacy and security bogus beliefs, including that you need a VPN to stay safe online. (No, you probably don't.) Myth No. 3: You need a VPN to stay safe online.

...for most people in the United States and other democracies, "There is no real reason why you should use a VPN," said Frédéric Rivain, chief technology officer of Dashlane, a password management service that also offers a VPN.... If you're researching sensitive subjects like depression and don't want family members to know or corporations to keep records of your activities, Rivain said you might be better off using a privacy-focused web browser such as Brave or the search engine DuckDuckGo. If you use a VPN, that company has records of what you're doing. And advertisers will still figure out how to pitch ads based on your online activities.

P.S. If you're concerned about crooks stealing your info when you use WiFi networks in coffee shops or airports and want to use a VPN to disguise what you're doing, you probably don't need to. Using public WiFi is safe now in most circumstances, my colleague Tatum Hunter has reported.
"Many VPNs are also dodgy and may do far more harm than good," their myth-busting continues, referring readers to an earlier analysis by the Washington Post (with some safe recommendations).

On a more sympathetic note, they acknowledge that "It's exhausting to be a human on the internet. Companies and public officials could be doing far more to protect you."

But as it is, "the internet is a nonstop scam machine and a little paranoia is healthy."