You wouldn’t walk around in public handing out copies of your house key. But if you’re not taking the proper precautions to protect your personal information, you could be opening the door for hackers or scammers to potentially steal your identity or commit credit card fraud.

Luckily, there are some simple ways you can stay safe online. Panda Dome has a protection plan for any lifestyle, so you can browse without worry.

Keep reading to learn more about common online risks and how to avoid them with the following 15 best practices.

1. Use Public Wi-Fi Safely

Public Wi-Fi is great for convenience, but it’s not so great when it comes to protecting your personal data. Avoid logging into important accounts, such as your banking app, or sending messages with personal information while using public Wi-Fi.

Hackers can monitor these networks, gleaning your information or passwords. Using a VPN while surfing the web on public Wi-Fi can help protect your personal data and allow you to browse anonymously.

2. Use a VPN

A virtual private network (VPN) conceals and protects your IP address from anyone who might be monitoring a Wi-Fi network. VPNs are helpful when you’re using public Wi-Fi, where you never know who might be spying on your activity, hoping to catch your bank login information. They conceal your IP address, so you can browse anonymously.

Use Panda Security’s VPN for an added layer of protection — so you know your private browsing stays private.

3. Choose Secure and Unique Passwords

It’s tempting to reuse the same password to keep things simple, but that means if someone cracks the code, they’ll have access to all your important accounts. Make sure your passwords are different, and use a variety of numbers, letters, capitalization and special characters.

4. Utilize a Password Manager

If you struggle to keep up with all your passwords, consider using a password manager. Digital password managers help you create and store unique passwords, so you don’t need to keep track of them all by yourself. Some services even monitor the web for you and scan for any potential password leaks so you can take action sooner.

Panda Dome Passwords goes beyond the basics to help you keep track of your secure passwords across all devices, so you don’t need to worry the next time you’re trying to check your email or pay a bill.

5. Install a Firewall

Firewalls protect your internet network and the devices on it by blocking connections from unknown sources. They come in both software and hardware forms, protecting your personal information from prying eyes. Many devices have a built-in firewall, but an extra layer of protection never hurts.

6. Set Up Two-Factor Authentication

Two-factor authentication (2FA) verifies each login attempt to block logins from individuals who may have stolen an account password. It works by sending the account owner a second way to verify their identity, such as a text or email with a unique, one-time code each time they need to log in. To access the account, you need the proper username, password and access to the one-time code. Always enable 2FA if it’s an option to avoid getting hacked.

7. Know the Warning Signs of Hackers

It’s important to know common signs of hacking so you can take action as soon as possible and recover your accounts. Here are some warning signs that you may have been hacked:

• Device internet usage increases dramatically
• Device operating speed slows
• Battery depletes rapidly without explanation
• You receive unauthorized requests to change passwords
• New software or applications are downloaded automatically

8. Update Your Devices and Software

To protect your personal information,  always update your software and operating system on all devices. These updates keep your devices running smoothly and often include patches that give up-to-date protection against any issues developers find. They’re a free and effective way to ensure your devices stay protected against cybersecurity threats.

9. Stay in the Know About Data Breaches

Educating yourself is a vital step in staying protected online. Data breaches are relatively common, and it’s important to know if you’re at risk so you can make new passwords, request new credit cards or take other steps to protect your personal information. A simple daily scan of technology news for recent breaches and malware — or using software that monitors data breaches for you — is an easy lifestyle change that can have a big impact on protecting your data.

10. Don’t Share Personal Information on Social Media

Social media brings people together, but you don’t want to invite scammers into your life. Be careful of sharing information on social media, even if it seems innocuous. Basic information you might not think twice about sharing, such as your favorite color or your pet’s name, could help hackers answer security questions and access your accounts without your consent. Always set your accounts to private for an added layer of defense.

11. Monitor Account Information

Monitor your accounts so you know when there’s suspicious activity. Contact your bank to set up credit monitoring or account notifications so your bank will alert you if anyone accesses your financial accounts or makes any changes. This makes it much easier to identify breaches and recover your account if anything happens.

Panda Security’s Dark Web Scanner constantly monitors your personal information, so you can take action as soon as a leak occurs.

12. Never Share Codes You Receive via Text or Email

2FA helps verify your identity before logging into an account. Some scammers have found a loophole, pretending their phone isn’t working and asking if they can use yours to log in instead. If you share the code, scammers can access or take over your account, and it can be difficult to recover account ownership when this happens. Never share a one-time code with anyone, and if you receive a code without trying to log in to that account, change the password immediately.

13. Never Click an Unknown Link or Attachment

One of the golden rules of using the internet is to never click a link or attachment unless you know exactly who it’s from and what it contains. Many hackers will send a link or attachment with a concerning message to tempt you to click. These links or attachments typically hide malware that can steal your personal information, access passwords or spy on your browsing habits. Some common stories scammers will use include false claims that:

• There are arrest warrants in your name
• You’ve already been hacked or spied on
• There’s mail delivery theft or issues
• Someone’s deactivated your account
• Your banking information has been stolen

14. Back Up Your Data

Back up important information on your devices regularly and store them in a secure cloud or hard drive. If you know your precious photos, documents and other important information are stored securely, you can wipe your devices if something goes wrong without losing anything personal.

15. Install Antivirus Software

If you don’t know what to look for, it can be tricky to spot the signs that someone has hacked your device until it’s too late. And once your device is infected, it can be difficult to get rid of a virus. To protect your personal information, install antivirus software on your devices to block unwanted spyware, hackers and other viruses.

Browse Safely With Panda Security

We rely on the internet now more than ever, so knowing how to use it safely can help protect your personal information. Panda Security Antivirus works around the clock to keep you safe, so you know your devices and personal information don’t end up in the wrong hands.

The post 15 Tips to Protect Personal Information Online for 2023 appeared first on Panda Security Mediacenter.

Privacy vs. security: A duo as iconic as Batman and Superman, Luke Skywalker and Princess Leia, and Woody and Buzz Lightyear. Each of these duos work together quite successfully, but they are just as strong, admired and acclaimed on their own.  

Similarly, privacy and security are the heroes of the data and information world — each regulates, supervises and protects user and organizational data. Separately and together, these information standards are crucial to technological growth.

Premium protection services can help support privacy and security measures, both individually and collectively. Before investing in either, learn more about the differences between privacy and security, the role of compliance and how to protect yourself from unauthorized data collection.

What Is Digital Privacy?

Digital privacy is an individual’s right to keep digital information —personal and professional — confidential. Most online users agree their privacy is worth protecting, especially when sensitive data is at risk.

There are multiple types of digital privacy, including:

• Information privacy
• Data privacy

Each type of digital privacy refers to the individual right to choose who can access and who can collect personal information. Due to digital privacy rights, many organizations must report what information they collect, how they store it and what they use it for.

Importance of Data Privacy

Data privacy is important for protecting the sensitive information of all online users. Various organizations — like Google, Facebook and Amazon — collect personal data like:

• Names
• Addresses
• Usernames
• Passwords
• Phone numbers
• Payment and card information
• Email addresses
• Driver’s license numbers

Prioritizing digital privacy can help protect vulnerable parties from dangerous actors, including hackers and other cybercriminals.

What Is Digital Security?

Digital security refers to the protections individuals and organizations take to defend their personal and professional information. Digital security is a broad topic, and there are a few distinct types of security that cover certain security measures and timelines:

• Cybersecurity: protection of data and information from unauthorized actors

• Data security: protection of data and information across its entire lifecycle

• Zero trust security: security framework that only allows access to authorized users

Additionally, digital security refers to the act of protecting digital privacy. While security isn’t a right — like privacy is — it is a public possibility for those willing to enforce their own protections.

Cybersecurity Tools

Effective cybersecurity uses a variety of methods and tools to protect sensitive data, including:

• VPNs: Web surfing is privately protected anywhere with a VPN, which masks locations — physical and virtual.

• Firewall: Firewalls provide information systems extra protection against hackers and bad actors.

• Encryption: Encrypted data is usually more difficult to hack than unencrypted data.

• Antivirus software: Antivirus software helps users identify potentially dangerous applications and remove malicious digital actors.
• User authentication: User authentication protections — like two-factor authentication and OAuth — help keep unauthorized users out of data systems.

Security Without Privacy: Is It Possible?

Security without privacy is possible, but it’s difficult to achieve and is strongest when paired with digital privacy. Additionally, organizations can still share and sell user information — if included in their privacy policy — while supporting strong internal security systems. While privacy without security is nearly impossible to support, security without privacy is commonly maintained.

Privacy vs. Security

Privacy and security often work hand in hand, but there are a few major differences between the two.

When discussing digital privacy, users consider:

• The use and control of data
• How privacy prioritizes the individual
• Legal protections that vary by age, type of information and location

When discussing digital security, users consider:

• Data protection
• How security prioritizes both individuals and enterprises
• Security is not legally protected

Privacy and security are substantially different, but the success of data and information transfers depends on their collaboration. Maintaining both can decrease the possibility of both public and private data security breaches.

Privacy and Security vs. Compliance

Compliance refers to whether or not an organization or individual meets the simplest requirements of a law, rule or standard. Frequently, digital privacy and security laws maintain some form of compliance expectation, and regulation compliance requires users to consider privacy and security together. 

There are multiple levels of compliance that dictate whether privacy or security gets prioritized. For example, there are different compliance expectations for these standards:

• HIPAA: Compliance expectations agree privacy and security are equally important.

• HIV status: Compliance expectations prioritize privacy while security is a secondary expectation.

In many cases — HIPAA included — compliance can quickly become a legal requirement in the case of data security and privacy. Users who fail to meet compliance expectations can be legally prosecuted for failing to protect the private information of covered individuals.

Which Is More Important?

Privacy and security are usually equally important, but compliance expectations and user or organizational priorities can affect the importance of each. Before assigning importance levels to privacy and security, understanding a standard’s levels of compliance is necessary. 

If worse comes to worst, it’s usually best to consider privacy and security a collaboration rather than a competition — allowing each to support the other.

Privacy and Security: 6 Protection Tips

Privacy vs. security should be less of a competition and more of a supportive partnership. To support both, individuals and organizations can follow specific protection tips:

1. Browse With a VPN

Whether you want to access content prohibited in your country or want to protect your personal data with additional security, consider using a VPN. This type of security tool masks a public IP address and protects data from third-party actors. Even if a cybercriminal hacks your connection, a VPN will continue to protect and encrypt data.

2. Communicate With Encryption

Sharing sensitive data digitally isn’t recommended, but it can be protected through end-to-end encryption. Encryption stops eavesdropping cybercriminals from being able to read and record digital communication, protecting the privacy of the sender and receiver. Specific forms of encryption — like AES encryption and PGP encryption — can be used to protect data across specific platforms.

3. Limit Social Sharing

Individuals can protect their privacy and support individual security by limiting what they share on social platforms. A digital footprint — which is the trail of an individual’s online activity — can be traced. If a user shares private information like credit card numbers, passwords, legal names, addresses and phone numbers on social platforms, they can be tracked and stolen by cybercriminals.

4. Utilize a Password Manager

Digital password managers are security systems individuals and organizations can use to store and protect passwords. This type of security can be free or paid, and authorized users can pass internal information between themselves. Users also use password managers to store unique usernames and passwords for multiple accounts, which can also increase security and privacy.

5. Try Ad Blocking

For web surfers, it’s possible to download ad blockers and cookie-blocking extensions to protect personal data from unauthorized collection. However, it’s important to research potentially malicious browser extensions before downloading anything to a device.

6. Install Antivirus Software

Antivirus software options — for various devices like iPhones and Android — can help protect devices from data-stealing malware. Additionally, anti-malware software can alert users to potentially dangerous apps, websites and other software.

Other security precautions, like private search engines, can also help users support privacy and security. With specialized protective downloads from Panda Security, you can turn privacy vs. security from a competition into an individually beneficial collaboration.

Sources: Security.org | IBM | Varonis

The post Privacy vs. Security: Discovering the Difference appeared first on Panda Security Mediacenter.

Implementing facial recognition technology by government agencies has proven to be a controversial topic over the years. However, hundreds of law enforcement departments across the USA have already deployed the technology and begun to actively use it in investigations.

While most security agencies claim that they use it only for severe crimes, police agencies such as the Miami Police Department openly use facial recognition for any crime if they believe that would benefit the investigation. US law enforcement agencies favor the high-tech tool but generally try not to rely solely on the technology and appear not to use it as a sole reason to make an arrest.

However, many cities in the USA either have not deployed the technology yet or have banned it outright. One of the most prominent examples of banning facial recognition is San Francisco. The city, known as the world’s tech capital, was among the first to prohibit its police force from utilizing the new technology. However, the ban expired, and at this point, there are no regulations, so agencies in the crime-ridden city began using the tools. San Francisco might have gotten pressure on a state level, too, as California plans to heavily implement the facial recognition system during the upcoming major sporting events 2026 FIFA World Cup and 2028 Summer Olympics.

With the immense advancements of AI, the vast amounts of digital prints left by internet users harvested by facial recognition platforms, and the increased use of facial recognition by law enforcement agencies, it is safe to say that face recognition is here to stay. Like every other technology, it comes with pros and cons, and outweighing one over another is almost impossible. Of course, everyone would want a murderer to be caught as soon as possible after committing a crime. Still, not everyone would be thrilled if government officials were just a click away from having access to attendee lists of political rallies or religious meetings.

Many are trying to ban the use of technology and have even created a map where US residents can see whether their local police station has already deployed the high-tech tool. The site hosts the maps to provide clarity who uses the technology, and also encourages users to sign a petition that bans the government’s use of the technology.

No one really knows whether facial recognition holds the key to success. Ironically most of California’s safest cities do not use the high-tech tool. So even though law enforcement enjoys its capabilities, the key to preventing crime might not be hidden in the facial recognition technology at all; thus, facial recognition may not be necessary for every police department.

The post Does my local police station use face recognition? appeared first on Panda Security Mediacenter.

Twitter, the social networking service, has undergone a series of significant changes since being bought by Elon Musk. One of the highest profile alterations has been extension of the “Twitter verified” program. Previously reserved for celebrities and high profile individuals. Now anyone can pay a monthly subscription to become verified – and to display a Twitter verified blue ‘tick’ on their profile picture.

But as new functionality is added, some is being taken away. One of the most important is the removal of SMS login verification for anyone except paying subscribers. Previously Twitter users could choose to protect their account with SMS two-factor authentication (2FA) which required a 6-digit code alongside their regular account password. This code would be sent via SMS to the user’s mobile phone.

Do I have to pay to protect my Twitter account?

SMS 2FA is not bulletproof – hackers have managed to breach these systems several times in the past. Security experts are agreed however, that SMS 2FA is far safer than simply relying on a password to protect account – and most are surprised about Twitter’s decision to remove this relatively basic safeguard.

So do you have to become Twitter verified if you want to secure your account with 2FA? Yes – if you want to stick with codes sent with SMS. However, there are other, even more secure ways to protect yourself – authenticator apps.

What are authenticator apps?

Authenticator apps work in a very similar way to 2FA SMS codes. But instead of receiving a text message, your authenticator app automatically generates a secure code that changes every 30 seconds – which is actually safer than traditional SMS codes.

Once you have 2FA set up on your Twitter account, you log in as normal. Then, when prompted, you open the authenticator app on your phone to generate a new 2FA code – and then enter that into the website when prompted.

Both Microsoft and Google provide authenticator apps for iOS and Android – and both work with Twitter too. Other options include LastPass, Twilio Authy and 1Password. If you already have an authenticator app for another service, it will probably work with Twitter too.

How do I set up my Twitter account to use an authenticator app?

Setting up 2FA in Twitter is quite easily. Log into your account at Twitter.com, then:

• Click Settings and privacy
• Select Security and account access -> Security -> Two-factor authentication

Once you have turned on two-factor authentication, follow the instructions provided to complete set-up in your authenticator app. Once complete, you will be prompted for a 2FA code every time you log in – and you can find that code in your chosen authenticator app.

Should you enable 2FA on your Twitter account?

2FA is an important tool for preventing cybercriminals from stealing your account and online identity. Everyone should enable 2FA – otherwise your Twitter account is vulnerable to hackers. It only takes a few minutes and it could save you some serious problems in future.

The post How to secure your Twitter account with 2FA appeared first on Panda Security Mediacenter.

Have you ever looked up something inconsequential only to be bombarded with ads for it everywhere else you go online? That can be a problem with big-name search engines like Google, Bing and Yahoo, because they use a variety of coding, trackers and activity logging to collect personal information about users. This data is then used by those search engines and third-party businesses to analyze user behavior and launch personalized, targeted ad and content campaigns.

In some situations, being served personalized information can be useful. But for many, the idea of large corporations selling off your personal data can feel like a breach of privacy and a risk for your personal online safety.

Thankfully, there are ways for users to search the internet without being tracked, such as using virtual private networks (VPNs) or private search engines. Here is a list of the 18 best private search engines you can use without being followed.

What Is a Private Search Engine?

Private search engines are programs used to browse the internet that do not store search or user information. These search engines are typically used to maintain user privacy. 

User information includes a variety of data that can be used to identify who a user is. Some of that information includes: 

• IP addresses
• User agents
• Unique identifiers, which can be found in cookies
• Search terms
• Browser fingerprints
• Location information 

There are a number of private search engines available that are used around the world. However, it is important to understand that every search engine offers a different level of privacy based on how the business gathers revenue.

Types of Private Search Engines 

There are two types of private search engines available to users.

Metasearch engines — or proxy search engines — are online information retrieval tools that use information gathered from multiple search engines to provide results for user queries. Often run through a proxy server to mask personal information during the search process, metasearch engines have the advantage of retrieving a wider range of results. 

However, these tools are often not as advanced as major search engines and may have a more difficult time interpreting complex syntax queries. Additionally, metasearch engines often use sponsored link advertisements as a revenue source, which affect search results. 

A second type of private search engine uses proprietary crawlers to crawl the web and create independent indexes of the web. This results in a wider variety of search results that may not be affected by personalization filters. However, the number of results may still be smaller than those gathered by big-name search engines.

Why Should You Use One?

Unlike the more common search engines like Google, Bing or Yahoo, private search engines are preferred by many users because they don’t capture user or search information. This information can be used to: 

• Track users online
• Analyze user behavior
• Inform targeted ad campaigns
• Enhance personalization on online services 

While most of this information may be used by advertisers or site developers in benign marketing campaigns or program development, it can also be collected and used against you by different malware or cybercriminals. 

And although many regular search engines require users to opt in to sharing personally identifiable information in order to stay compliant with General Data Protection Regulation (GDPR) laws and regulations, many users prefer to avoid risking privacy altogether by solely using private search engine options.

The 18 Best Private Search Engines 

From saving search query history to capturing personally identifiable information, users have the right to private internet use. Here are some of the top private search engines to help you browse undetected.

1. DuckDuckGo  

Serving more than 80 million people in 2020, DuckDuckGo (DDG) is one of the most popular private search engines on the market. Accessible from desktop, mobile, browser extension and app, DDG is an anonymous search engine that blocks trackers, allowing users to escape the filter bubble. 

DDG features a proprietary !bang shortcut feature that pulls results directly from third-party sites. The engine also generates revenue through the use of private, contextual ads based on search queries, not user profiling. 

Best for: Untracked searching

Does not:

• Track IP addresses 
• Store search history
• Save user agents
• Build user profiles

Does:

• Block trackers
• Offer email protection
• Offer Android app protection
• Use contextual paid advertising

Features:

• SSL encryptions
• Tracker blockers
• Search shortcuts
• Result categorization

Price: Free

2. Startpage 

Startpage is an award-winning Netherlands-based private search engine that specializes in blocking third parties from gathering personal data or setting price trackers. Users’ personal data such as IP addresses, network settings, browsers, locations or hardware are removed by the company’s two levels of managed, on-premise servers, resulting in unpersonalized results. 

The engine’s anonymous view allows users to choose when to browse without being tracked, and can block targeted and retargeting ads when turned on. The engine is accessible as a Google Chrome extension, and the company earns revenue through paid, contextual advertising. 

Best for: Unprofiled browsing

Does not:

• Track IP addresses 
• Store search history
• Save user agents
• Build user profiles
• Use price trackers
• Share ISP
• Store cookies
• Store cache
• Share browser type
• Share location information

Does: 

• Block trackers
• Include an anonymous view feature
• Use contextual paid advertising

Features: 

• Anonymous view
• Encrypted connection
• Blocked price trackers
• Unprofiled news
• Online profile prevention 

Price: Free

3. Searx 

Searx is an open-source metasearch engine that was inspired by the Seeks project. The engine can run on a computer or cloud-based, user-run instances that can be accessed as a Tor hidden service, meaning anyone can run their own public or private instance of Searx.

Searx’s search results contain cached links that direct users to saved Wayback Machine pages or proxied direct links to websites, making it easier to hide personal information. The results, gathered from 82 separate search engines and served in more than 20 languages, come in categories including file, image, maps and social media.

The browser is accessible as a public API and Firefox plugin, focuses on a minimalist interface and allows users to customize themes, cookie tracking, which engines to fetch from and what answer to receive. 

Best for: Decentralized searches

Does not:

• Track IP addresses 
• Store search history
• Save user agents
• Build user profiles
• Share ISP
• Store cookies
• Store cache
• Share browser type
• Share location information

Does:

• Share results in multiple languages
• Provide cookie tracking preferences

Features: 

• Customizable
• Open-source
• Proxy service
• Cloud-accessible
• Unique search operators 

Price: Free

4. Qwant 

The Qwant search engine was designed to give users a private search experience. Based in France, this search engine provides unpersonalized, algorithm-free results to searches and offers protections that follow 2018 GDPR regulations. 

Qwant offers search results in a number of categories, including a unique, social-media based visual board. It can be accessed via browser or Chrome extension and set as a default browser. The site does use paid private ads, and its ad targeting and search results are powered by Bing.

Best for: GDPR-protected searching

Does not:

• Track IP addresses 
• Store search history
• Build user profiles
• Store cookies
• Track ads

Does:

• Use contextual paid advertising

Features:

• Multi-category search results
• Qwant Maps
• Qwant Junior for kids
• Chrome extension
• Customizable appearance 

Price: Free

5. Swisscows 

Swisscows is a Switzerland-based anonymous search engine that uses a proprietary index and years of search expertise. Its technology was designed to make storing personal information impossible, meaning it does not track cookies or build user profiles. 

Swisscows prides itself on being family-friendly, meaning it’s safe for younger users to browse safely. The engine also offers categorized results, can be added as a VPN Chrome or Firefox extension, integrates with most browsers, is an email provider and uses contextual ads powered by Bing to generate revenue. 

Best for: Family-friendly browsing

Does not:

• Store search history
• Store personal data 
• Build user profiles
• Store cookies
• Store cache

Does:

• Use AI for result suggestions (GetDigest)
• Use contextual advertising

Features:

• Anonymous view
• Categorized results
• Free music
• TeleGuard messaging 

Price: 

• Free
• VPN monthly subscriptions
  • CHF 10 per month monthly subscription
  • CHF 7 per month yearly subscription

6. MetaGer 

MetaGer is a metasearch engine based in Germany that offers full data protection, hides IP addresses and blocks targeted ads. Using an anonymizing proxy to protect users while they browse the SERP, MetaGer prioritizes protection against censorship, providing users with unbiased and unfiltered search results. The engine also provides results crawled from multiple leading search engines. 

Additionally, MetaGer is run by a nonprofit organization committed to sustainability, so all its services runo n renewable energy and use transparent algorithms. The engine is accessible through a browser plugin, smartphone apps and Tor hidden service, and offers access to maps without location tracking. 

Best for: Deep-browsing searches

Does not:

• Track IP addresses 
• Share location information

Does:

• Block targeted ads 

Features:

• Anonymous setting
• Ad-free for members
• Browser extensions
• Proxy protection for off-results browsing

Price: 

• Free with ads
• Members of SUMA-EV–Association for Free Access to Knowledge can search without ads

7. Mojeek 

Mojeek is an independent, alternative search engine that values users’ rights to privacy and puts users first. Indexing over 5 billion pages with owned crawlers, the engine provides independent and unbiased results in four categories, including an emotion-based category. The browser is also accessible via a smartphone app.

With a company value of “doing what’s right,” Mojeek is committed to sustainability, operating from the U.K.’s award-winning greenest data center. 

Best for: Eco-friendly searching 

Does not:

• Track user data
• Sell data to third parties

Does: 

• Include customizable search preferences

Features:

• Customized search results 
• Smartphone app

Price: Free

8. Disconnect Search 

Developed by former Google employees, Disconnect Search is an alternative private search engine that provides privacy to over 750 million users. The engine synthesizes proxied results from multiple leading search engines. 

Disconnect Search takes user security seriously, with a unique focus on blocking malicious ad and content targeting used by criminal hackers, data brokers and adverse nation-states. Anonymous and encrypted, Disconnect Search also features an ad blocker that reduces the amount of SERP clutter, making it faster to find information.

Best for: Protected searching

Does not:

• Track IP addresses 
• Store search history
• Store fingerprint data
• Store cookies
• Share location information

Does: 

• Use encryption protection
• Block targeted ads
• Block surveillance programs
• Remove ad clutter

Features:

• Anonymous view
• Browser extensions

Price: Free and premium subscription options

9. Ecosia 

German-based Ecosia is known as one of the greenest private search engines. Run as a social company, 80% of Ecosia’s profits from ad revenue are donated to planting trees as part of the company’s commitment to being CO2 negative. The company is committed to transparency and regularly shares financial reports and tree-planting campaign updates. 

Ecosia is accessible as a Chrome extension, browser application, search engine and mobile app. The company does not sell private data and does not use external tracking tools to monitor performance data. It generates revenue through click-based advertising.

Best for: Eco-friendly searching 

Does not:

• Share location information
• Use external tracking tools
• Sell personal data

Does:

• Track analytics
• Use click and affiliate advertising

Features:

• Categorized results
• Environmental impact counter
• Transparent financial information

Price: Free

10. Wolfram Alpha 

Wolfram Research’s WolframAlpha private answer engine is designed to provide expert-level answers to fact-based questions using data sourced from external sources. This means that unlike traditional search engines, WolframAlpha search results are computed through objective data that has been drawn from factual data sources and algorithms.

WolframAlpha results are scientifically and academically focused, designed to help users learn about complex topics with step-by-step solutions through free-form input. The topics are divided into four primary categories — Mathematics, Science and Technology, Social and Culture, and Everyday Life — followed by a series of subcategories that users can use to navigate and discover solutions.

Users can access the answer engine online via browser or mobile app. 

Best for: Academic searching

Does not:

• Sell personal data

Does:

• Source from third-party search engines
• Include private ads

Features:

• Customizable settings
• Free-form input searching
• Result categorization

Price: 

• Basic Plan: Free 
• Pro Plan
  • $60 annually
  • $7.25/month 
• Pro Premium Plan
  • $99 annually
  • $12/month
• Pro for Students: $5.46/semester
• Pro Premium for Students: $9/semester

11. Search Encrypt 

Search Encrypt is a privacy-enhanced search engine that values privacy above all else. Both a search engine and a browser extension, Search Encrypt uses encryption to mask search terms locally before sending queries to servers, providing high-quality forward secrecy. And most unique of all, results expire after 30 minutes of inactivity, making them impossible to be viewed again.

Best for: Encrypted searches

Does not:

• Store search history
• Build user profiles
• Store cookies
• Store cache

Does:

• Use SSL encryption
• Use perfect forward secrecy
• Delete history after inactivity
• Use paid advertising

Features:

• SSL encryptions (HTTPS)
• Perfect forward secrecy
• Suggested results

Price: Free

12. Gibiru 

Gibiru is an uncensored private search engine whose goal is to provide access to information away from the filter bubble and Big Tech censorship. Its no-log search and no IP address or cookie tracking policies prevent it from selling personal data to third parties, meaning no retargeting. 

Gibiru does not extend cookie blocking once you visit outside the SERP. However, the Gibiru Wormhole app for mobile devices acts as a VPN and protects cookies from being stored on Android and Apple devices. 

The engine is accessible via browser extension and downloadable app. The company earns revenue from commission-based plans, not by selling personal data.

Best for: Censor-free searching

Does not:

• Track IP addresses 
• Store search history
• Store cookies
• Sell persona data

Does:

• Use affiliate-based advertising
• Provide mobile VPN

Features:

• Browser extension
• App with VPN service
• Result categorization

Price: Free

13. Lukol

Lukol is an anonymous search engine powered by Google Search to help users browse the internet privately. It provides web, image, news and video results, and can be used on the web or added as a Firefox browser extension. 

Although Lukol does not collect personally identifiable information or require users to register to use the search functionality, it does use cookies to personalize content and ads by selling cookie information to third parties. It also uses cookies to analyze site traffic and provide user behavior analysis to third parties. 

Best for: Personalized private browsing 

Does not:

• Require registration 

Does: 

• Use cookies
• Sell user behavior data to third parties
• Use cookies to track performance
• Use paid advertising

Features:

• Categorized results
• Firefox extension

Price: Free

14. Peekier 

Peekier is an alternative, privacy-based search engine designed to enhance a user’s experience while browsing the internet. Although personally identifiable information such as user agents, IP addresses, unique IDs and search histories are not stored, the engine temporarily stores search queries for caching, analytical data and service improvement purposes.

Additionally, although the site itself does not use cookies to track personal information and uses HTML5 local storage to store location, region or save setting preferences, their caching provider may use single session cookies for anti-DDOS protection. SSL/TLS encryption is also used throughout the site, and search query leakage — or an indication within the HTTP Referer header that a link was clicked — does provide a level of insight into your search engine usage. 

Two factors that set Peekier apart from other search engines include its ability to play YouTube videos directly from the website and its expandable preview boxes on SERPs. However, YouTube autoplay is turned off by default due to YouTube’s use of tracking IDs and cookies for data capturing. 

Best for: Personalized browsing

Does not: 

• Track IP addresses 
• Store search history
• Save user agents
• Build user profiles
• Share ISP
• Store cookies
• Store cache
• Share browser type
• Share location information

Does:

• Cache search queries for analysis
• Use HTML5 for preference storage 
• Allow cooking tracking preferences

Features:

• Playable YouTube video on-site 
• Customizable preferences 

Price: Free

15. Brave Search 

Brave Search is an independent search engine that is often used as a default engine for the Brave web browser application. Although the engine aims to provide users with web, news, image and video search results directly from their independent index of the web, the platform includes a small percentage of results from third-party APIs that result from big-name search engines like Google or Bing. 

Committed to being independent, transparent and focused on users, Brave provides a browsing experience without tracking behavior, searches or clicks.

Brave Search also uses private usage metrics that can be turned off in preferences to monitor and forecast traffic and performance. Additionally, it does not block ads by default but provides users with the option to opt into Brave Rewards, a commission-based program that rewards users for accepting private, targeted ads to earn exchangeable reward points. 

Best for: Search that supports local businesses

Does not:

• Build user profiles
• Block ads

Does: 

• Gather results from third-party engines
• Track performance with private analytics 
• Include customizable tracking preferences

Features:

• Anonymous search
• Preferences 
• Customizable themes
• Desktop and mobile browser integration
• Ranking transparency
• Independent search index

Price: Free

16. Oscobo 

Oscobo is a U.K.-based anonymous search engine designed to protect users from Big Tech selling their data to third parties. The browser does not store personal information and does not require any sort of sign-in or registration. 

Oscobo’s SSL encryption and perfect forward secrecy protects user connection between browsers and servers by encrypting searches locally, protecting your activity from interceptors. Its lack of third-party script and analytics and hidden meta information provide an extra layer of security for users.

Best for: Anonymous browsing

Does not:

• Sell data to third parties
• Store personal information
• Require registration or login
• Use third-party analytics

Does:

• Use SSL encryption
• Use perfect forward secrecy

Features:

• Downloadable browser 

Price: Free

17. Gigablast 

Gigablast is an alternative open-source search engine that offers users independent search results sourced from their proprietary web crawler. Coded in C and C++ programming language, the browser supports Boolean algebra operators and provides query-related information on results pages called Gigabits. 

Gigablast believes that user search behaviors belong to users, not Big Tech corporations. As such, it does not sell search activity or IP addresses to third-party advertisers. Additionally, query logs are deleted regularly to ensure privacy. 

Best for: Open-source input

Does not:

• Track IP addresses 
• Store search history
• Save user agents
• Sell data to third parties

Does:

• Accept open-source input
• Delete query logs regularly 

Features:

• Boolean algebra operators
• Query-related result snippets
• Open-source
• Independent indexation

Price: Free

18. Infinity Search 

Infinity Search is an alternative private search engine that combines web indexes from leading search engines like Bing with its own to provide users with unlogged search results. Its search engines are designed not to save user searches, and utilize the same !bang functionality used on the popular private engine DuckDuckGo.

Infinity Search is currently a subscription-based service. For a small fee, users or businesses can have complete control over interface customization, advanced searching capabilities and experience ad-free browsing. 

Best for: Privatized searching

Does not:

• Store search history
• Serve ads
• Sell data to third parties

Does:

• Require registration
• Charge a fee

Features:

• Customizable interface appearance 
• 100% no ads
• Advanced searching capabilities

Price:

• Infinity Pro
  •  $5 /mo
  • $50 /year
• Infinity Business: custom pricing is available

Are Private Search Engines Actually Private?

Similar to incognito browsing, it’s nearly impossible to be completely private. Different types of private search engines offer different levels of privacy to users. Engines that use VPNs offer more security to those that do not.

To pick the best private browser, explore the brand’s about page and privacy policy. This information will inform you how protected your personal data is, and whether or not the company will sell your data to third parties.

What to Consider in a Private Search Engine

Genuinely secure and anonymous search engines guarantee:

• Customized experiences with changeable settings
• Easy interfaces
• Accurate search results
• Maintained privacy, meaning personal data is not tracked
• No tracking cookies
• Run by a trusted team or organization

From paid services to completely untracked browsers, users have the opportunity to explore some of the best private search engines with a simple download.

However, private web searching isn’t the only way to stay safe online. Take the extra steps to protect your personal data and devices by downloading a secure VPN service and antivirus software. Combining private search, VPNs and protective scanning will help keep your personal information safe and secure.

The post 18 Best Private Search Engines: Where to Search Without Being Tracked appeared first on Panda Security Mediacenter.

A hacker known as maia arson crimew claims that he was able to get a hold of the FBI’s no-fly list database. The zesty cyber researcher located in Switzerland stumbled upon the list while browsing through an unsecured server used by a commercial airline called CommuteAir. The list reportedly has the details of more than 1 million people who are part of the FBI’s no-fly list. The database consists of the names and birthdates of people barred from flying. This includes terrorism suspects, fraudsters, and unruly passengers such as those who openly refused to follow the mask mandate during the covid-19 pandemic.

While exploring the loosely secured server, the hacker also came across private information of approximately 1,000 airline employees and other sensitive company information. Data points include full names, addresses, passport numbers, and phone numbers of CommuteAir crew members such as stewardesses, pilots, etc. Fortunately, the Ohio-based airline has taken the server down to prevent further leaks and has reported the incident to the authorities, who are now investigating the intrusion.

The list mainly consists of Arabic and Middle Eastern names of children as young as eight and adults. Even though the index has approximately 1.5 million entries, the number of people included in it is much less as there are many entries of common name misspellings or altered names of single individuals. For example, variations of the name of Viktor Bout, also known as the Merchant of Death, are mentioned in the list at least sixteen times.

The story has been covered by major media outlets such as Gizmodo, The Daily Dot, and VICE. The leaked information is generally secretive, but it is neither classified nor top secret, as many government agencies, entities, and individuals already have access. CommuteAir stated that the incident occurred because of a misconfigured development server, and its IT team is working on securing its systems to avoid such incidents in the future.

The hacker has decided not to publish the leaked list online for everyone to see. Still, his official blog statement says he is happy to share his findings with journalists and human rights organizations. The cyber researcher believes it is in the public interest to share this information with entities and people who would do the “right thing” with the list. The hacker does not clarify how the list could be helpful and what would be the “right thing” to do with the leaked info.

The post No-fly list with details of over 1 million people leaked by hacker appeared first on Panda Security Mediacenter.

A recent study published by the University of Guelph in Canada concluded that repair shop employees might violate privacy rights more often than customers think. Many people take smart devices for servicing in repair centers, and the study results show that technicians often are accessing files that are not relevant to the repair.

University researchers recovered logs from repaired devices that exposed technicians looking at private photos and videos. The employees servicing the devices were looking at sensitive files and copying information from the devices onto personal storage devices. The information that was accessed and copied included sexually revealing private content, financial information, and documents. What is particularly alarming, but it does not come as a surprise, is that female customers are more prone to become victims of such snooping than males.

The study also showed that most electronics repair service providers do not have any privacy rules that would prevent technicians from accessing data irrelevant to the repair.

There are a few things people can do to avoid becoming a victim

• Be present during the repair

Technicians will likely not try to access or copy content irrelevant to the repair if the customer is looking at them while performing the job. Being present would certainly decrease the chance of them looking at your private information.

• Ask for privacy protocol rules

Asking for the privacy policy of their repair shop would make it very clear that you care about your privacy. The fear of potential lawsuit would hopefully decrease the temptation levels of the customer service rep.

• Encourage repair mode

Mention to your technician that you want the device serviced while in maintenance mode. Some smartphone brands are slowly introducing such methods that might be available for your device too.

• Clear up sensitive info before taking the device

If you have content that you feel uncomfortable sharing with the repair person, consider just storing the sensitive data on another device. Not having sensitive data on the smart device is the best way to ensure the data remains safe and private.

Remember that repair shops are only one place with people who might not respect privacy boundaries. Next time you go to the local wireless carrier shop to buy a new smartphone, you may unintentionally expose data too. If a customer service rep offers to take your device in the back to transfer files from your old smartphone to your new one, the agent may decide to have some fun browsing through the content on your device. Thinking twice might be a good idea next time you bring a device to a repair shop for repair, software

The post PC and smartphone repair technicians might be snooping on your devices appeared first on Panda Security Mediacenter.

Unsolicited nude photos have been significant concern over the years. With the exponential adoption of social media over the last fifteen years and the constantly increasing popularity and affordability of smartphones with high-end cameras, technology has made it very easy for people to share private photos and distribute unsolicited content.

Sharing intimate photos between two consenting adults is generally not illegal. However, people, predominantly women, who work as casting agents, social media managers, and journalists have seen things they never sign up to see. A recent study by Pew Research Center concluded that no one is protected, and even regular folks and low-profile influencers are very likely to be victims of cyberflashing. According to the survey, more than half of the women thirty years or younger have experienced cyberflashing at least once.

Social media and dating apps have acknowledged the problem and are actively working to figure out how to fight cyberflashing. A popular dating app for women called Bumble recently scored a significant win by working with California’s Governor Gavin Newsom, who recently signed the cyberflashing bill SB 53 into law. The new law, often referred to as the FLASH Act, will go into effect on January 1st, 2023, in the Golden State. Similar bills have already been adopted in other states, such as Texas and Virginia. The bills introduced among states would allow plaintiffs to get between $500 to $30,000 in damages. Many states have open discussions about the topic, and some believe that one day there will be a federal law against cyberflashing.

Meta’s Instagram is also actively working to develop tools that protect users from receiving unsolicited private photos. The new filter addition would be part of Instagram’s “Hidden Words” feature, allowing app users to filter direct messages containing content they might find offensive. Apple’s Messages app does offer tools that could warn users when receiving or sending photos that contain nudity. Many believe that cyberflashing incidents could have long-lasting psychological damage, as seen in real-life victims of indecent exposure and flashing.

Cyberflashing is not the only problem associated with nude photos. Storing and sharing personal sensitive content could backfire even if the content is shared between consenting adults. Relationships sometimes go wrong, and sometimes, the sore partner in a relationship might decide to retaliate. Revenge porn has been recognized as a crime in some states, such as California but continues to ruin lives and careers. The fact that offenders can get up to 6 months in jail and be heavily fined does not stop them from sharing private content.

One way to not become a victim is to rely on filters offered by antivirus companies or tools integrated into the social media apps of choice. In addition, consumers need to be fully aware that storing nude photos in digital format is risky, and those files need to be well protected. Lastly, users must always block and report cyberflashing incidents to local police and the admins of the platform of choice.

The post Big Tech and Legislators are Taking on Cyberflashing appeared first on Panda Security Mediacenter.

Google has made it easier for some users to remove personal information from the company’s popular search engine results. Android cellphone users can now submit a request for personal information to not appear in searches on Google in a reasonably straightforward process. The owners of smartphones operating with the Google-developed Android operation system and installed Google App can go to their profiles and tab on ‘Results about you. Then users can follow the instructions and choose ‘go to search,’ then, all they need to do is tap the three dots to any result showing their info. A simple click on the ‘remove result’ is enough to deindex the result from the search engine.

Removing the link from Google’s results section does not remove users’ personal information from the hosting website. So, if you see your personal information on White Pages and want it removed, you will have to contact White Pages directly. Even if the info is no longer indexing on Google, data-brokerage companies such as White Pages would still have your info. Anyone interested in you will still have access to your personal information if they visit the data website. Google is trying to make it not as easy as it is now for people to find personal information online.

The information you can remove from the popular online search engine includes personal information such as phone number, email, or home address. Currently, there is no information on when users with smartphones running a non-Google-developed OS will be able to take advantage of this tool. Currently, if non-Android smartphone users want to remove personal info from Google, they must go through Google’s support page and fill out a form. Google announced the perk for Android users earlier this year but officially rolled out the service on Sept 28th.

The tech giant’s new tool does not change the process of allowing users to deindex websites from its search engine but makes the process a lot easier for its smartphone customers. Google allowing people to deindex information is a step towards privacy, but it is certainly not a full on solution. If you want to maintain privacy while browsing, you may consider using a high-end VPN service. Having a layer of protection over your internet browsing is another step forward for people who want to share less with tech giants such as Google.

The post Google helps Android users remove personal data from search results appeared first on Panda Security Mediacenter.

OAuth, or open-standard authentication, is a framework or protocol that allows client-operated applications secure access to other servers and services. With OAuth, this third-party access is safely controlled in order to protect passwords and login credentials.

As you interact with websites or web-based applications, like your social media accounts, third parties may ask for permission to access your protected information. If you grant them permission, OAuth can protect your private information if the third party experiences a breach or other emergency situation. 

Have you ever seen a pop-up asking for permission to post on your social media feed, access your smart devices, or share files across different platforms? If you answered yes, you’ve most likely used this framework without even asking “What is OAuth?” Keep reading to learn how OAuth works, if it’s safe and other helpful information.

How Does OAuth Work?

After you have given a third party access to your account, there is a six-step OAuth process that automatically begins. There are three groups involved in this process, known as OAuth flow: the user, the third party referred to as the application and the service provider. 

In most cases, the user is the original owner of the profile in question, the application is who wants access to the profile and the service provider is where the profile in question resides. 

Steps in OAuth Flow:

1. Reveal Intent: The user reveals that they want to give permission to an application to access protected servers or services. This intent is most often revealed during interactions with social media apps or file sharing across systems.
2. Ask for Service Provider Permission: The application requests permission from the service provider for authorization. If it is granted, the service provider will grant the application a request token and share a randomly generated password known as a secret with the user. The user will sign each authentication request with the secret so the service provider can verify they are truly making the request.
3. Be Redirected: The application gives the user the request token. They are then redirected to the service provider to provide application authorization.
4. Ask for User Permission: The user authorizes the request token. When authorized, the application returns to the service provider without pharming for passwords or usernames. The service provider will ask the user what permissions to grant and approve the request token.
5. Gain Access Token: The application exchanges its request token for an access token and secret from the service provider. 
6. Access User Profile: Every time the application accesses the user’s servers or services, it must present its access token and secret to the service provider.

Instead of divulging password information to third-party users, OAuth uses tokens to authorize a user’s identity, their connection to an account and their service providers. An OAuth token is safer than sharing password information and is also protected by a secret known only by the user, application and service provider.

OAuth Examples 

Third-party applications have started to use OAuth to access user profiles, post to accounts and log in to websites and mobile applications more frequently. Here are a few examples of how OAuth can be used with social media apps, smart home devices and the cloud to share files. While these aren’t the only places where OAuth can be used, they are some of the most common spaces where OAuth is used.

Social Media Apps

A social media app houses a user’s profile, timeline and login information, making them the service provider. In order for an outside application to read any part of a user’s information, it must ask the service provider for an OAuth token and secret before gaining access to a user’s protected information. After the user authenticates and authorizes the application’s access, OAuth continues running in the background of the program to block the application from accessing credentials the user did not give it access to.

For instance, if you, the user, want an application like ESPN to post score updates to your Facebook profile, it needs to ask the service provider for access. Since Facebook is the service provider, it will need to grant ESPN request tokens and access tokens before your page can become a rolling scorecard of the season’s games.

Smart Home Devices

OAuth is needed to authenticate and authorize secure access to user profiles on smart home devices. For example, the Nest Learning Thermostat is a service provider that can allow other applications access to the user’s preferred temperatures and home settings. Some third-party applications, like FTL Lights, may want access to this information from Nest to turn your lights on or off, or alert you if your security camera notices unusual movement.

If an application wanted access to this information, it would need to receive a request token and secret from Nest, request authentication from the user and then trade the request token for an access token before ever accessing or changing the home’s environment. 

Cloud File Sharing

Sharing cloud-stored files across systems can be difficult without OAuth. For example, simply sharing your wedding album with your parents can be a pain if you use Google Drive and they use Microsoft OneDrive. Normally, your parents would need a second username and password to access any attached email files you send them, but OAuth allows you to safely, securely and quickly share files from one user to another, no matter what system their email is connected to.  

Even though many cloud users’ content is protected by encryption, OAuth is a helpful additional protection framework when data sharing. However, for the cloud to connect to a separate system, both must support the same OAuth version and framework.

OAuth 1.0 vs. OAuth 2.0

While OAuth is a standard authentication framework, there have been different versions of its protocols. OAuth 1.0 is the original open-standard authentication framework, while OAuth 2.0 is the newer, more mainstream version. Because OAuth 2.0 was expected to replace older versions of the framework, 1.0 and 2.0 are incompatible. However, websites can support both versions of OAuth, even though there are major differences between the two.

OAuth 2.0 is the more widely accepted version of the framework, and many high-level websites and experts encourage users to make this their standard authentication protocol. 

SAML vs. OAuth

Security Assertion Markup Language (SAML) is often compared to OAuth. The former can be referred to as OAuth’s “older sibling” because of the similarities between the two programs. Because SAML uses XML and cookies to give users access to web maps while both authenticating and authorizing credentials, it eventually became too outdated for high-tech mobile, web and gaming applications. 

While these two protocols share some similarities, there are a variety of important differences between them.

Differences Between OAuth and SAML

Is OAuth Safe?

There is yet to be a perfectly safe solution to keeping passwords and credentials secure when providing third parties with authenticated access. However, using OAuth can substantially increase security during the authentication and authorization processes. Plus, combining OAuths with Transport Layer Security (TLS) or Secure Sockets Layer (SSL) can further increase the safety of credential authentication. 

After answering “What is OAuth?” you may be wondering how to avoid being hacked or losing your login credentials. Without proper authentication and authorization practices, it’s easier for outside forces to hack accounts using man-in-the-middle attacks and other credential-stealing attacks. 

Being proactive and understanding your security environment is the best way to avoid credential-stealing attacks. Secure your network and internet access by investing in a VPN with Panda Security, and practice password security by using our password manager.

The post What Is OAuth? How It Works and What It’s Used For appeared first on Panda Security Mediacenter.