5 Ways to Spot a Phishing Email 

Phishing is one of the most common cyber crimes.

And because they’re so deceiving, a lot of people fall prey to phishing emails.

To make sure that doesn’t happen to you, we’ve put together these 5 warning signals you should look for in emails.

Phishing is on the rise

Phishing is the fraudulent practice of sending emails and pretending to represent a reputable company to entice you to reveal personal information, such as passwords, company data, credit card numbers, or other valuable information.

People who do this are trying to:

        • Steal your money
        • Steal your identity
        • Steal information about your company and sell it to competitors

One thing to remember is that a phishing email will always ask for personal information.

Unlike malware, phishing emails don’t require as much technical knowledge, so they’re popular amongst scammers. And according to Mimecast’s State of Email Security 2020, 58% of organizations saw an increase in phishing emails in the past year.

5 tell-tale phishing signs

It’s best to exercise caution and keep an eye out for these 5 tell-tale signs that you might be dealing with a phishing scam.

1. The email is sent from a free email service

The first thing you should do is to check the sender’s email address. No reputable company will ever send you information using a free email service address.

Notifications from PayPal come from email addresses ending in @paypal.com. The ones from Netflix use @netflix.com, and so on. Not even Google employees themselves rely on @gmail.com; they use @google.com.

And while the email address is one of the biggest red flags, you still need to be extra careful about it.

That’s because most inboxes tend to display the sender’s name, not the email address.

For example, you may receive an email from the ‘EA Support Team,’ which sounds inconspicuous. But if there’s a Yahoo, Gmail, or some other type of free email address tied to it, you’re not dealing with a legitimate email.

2. The domain name is misspelled

If an uppercase I is switched with a lowercase l, you might not be able to tell. A 0 also makes for a credible O. And, if you’re in a hurry, you might not notice a misspelled detail. But Chipotle and Chipolte are not the same things, and @airbnb.com.work or @outlook.com.net can’t wait to steal your data.

Scammers rely on you not paying attention to these things, and you might have already seen people using these tactics to impersonate celebrities on social media.

If an email looks fishy to you, or you don’t remember ever interacting with the company in question, take a closer look and make sure the domain name is right.

A reputable company won’t ever misspell its name.

3. The email tries to panic you

If you get an email from a company trying to instill panic, pay extra attention.

An alarmist message could be something like:

        • Your account has been breached, and you need to confirm your credentials
        • Your transaction couldn’t be processed, and you need to enter your credit card information now
        • You’re about to lose our special discount if you don’t send money in the next 30 minutes

In case something like this lands in your inbox, inspect all the details, from the email address to the logo, to the company’s legitimacy. You may just end up marking it as spam and move on with your day.

4. The email includes suspicious attachments or links

Phishing links are deceptive, so hover over them to see the link’s real destination. If it is not the expected website, it’s probably a phishing attack.

For example, while the text might say Open document, the URL takes you to a phishing page designed to look like Microsoft.

To avoid detection by email security filters, hackers sometimes include the phishing link in an attachment, such as a PDF or Word doc.

Because sandboxing technology scans attachments for malware, not links, the email will be deemed OK, but it will be a trap.

5. The email is poorly written

More often than not, you can spot a phishing email only by the poor language used. Look out for spelling and grammatical mistakes, strange turns of phrase, or errors people make when learning English.

Emails from legitimate companies will have been constructed by professional writers and exhaustively checked for spelling, grammar, and legality errors. But phishing may come your way from all over the world.

Now, this doesn’t mean that any email with a typo is automatically a scam. People make mistakes, especially if they are in a hurry. But if you notice a pattern of weird expressions and misspellings, make sure you double-check the email address, and any links included.

Keep yourself safe

Spam email filters are not fully effective against phishing attempts, so you must be on the lookout for anything suspicious.

Here’s what you can do to protect yourself against phishing emails.

Don’t reply, click on links, or send any personal information

Phishing emails generally prey on human error.

Check your correspondence for the 5 signs we just went through, and if anything strikes you as suspicious, contact the sender.

Ask your boss or call your bank to verify if they actually sent you the email.

Use an antivirus

A good antivirus will notify you if you are about to download a shady attachment.

It can also act as a means of defense, in case you did download an attachment that turns out to be malware siphoning your data.

Create a strong Password

An effective password allows you to better protect your data.

If you want to increase the security of your data here are 5 tips on how to make your password more secure.

Use a VPN

Short for Virtual Private Network, a VPN encrypts your internet traffic and hides your IP.

While a VPN can’t stop you from giving out personal information, it will steer you away from suspicious, unsecured HTTP websites.

Enable 2FA

Two-factor authentication, 2FA for short, is a subset of multi-factor authentication. You’re granted access to an account only after successfully presenting two or more evidence pieces to an authentication mechanism.

An example of 2FA is only logging into your Facebook account after inserting a code sent to your phone.

Using 2FA, you can keep out any unwanted access to your accounts.

Block the sender’s domain on your firewall

If you check the domain the sender uses either for their email address or the link, you can then block it through your firewall.

This will prevent you from accidentally revisiting the suspicious website while stopping any further emails from that scammer.


Got any other tips or questions? Leave them in the comments below. 😊

Until next time, stay safe and secure!

Google bans ads for surveillance software 

Starting in August 2020, Google will no longer accept ads from companies or organizations offering surveillance software.

Now, this is a policy update we can get behind.

Google Ads fights against dishonest behavior

To put everything into context, you should know that Google Ads is an online advertising platform developed by Google. Advertisers pay to display ads, service offerings, product listings, video content, and generate mobile app installs within the Google ad network to web users.

And Google announced it would update their Google Ads Enabling Dishonest Behavior policy.

This way, they’re making sure that products or services designed to enable dishonest behavior can no longer be promoted through Google Ads. That’s fantastic news, because scammers, fraudsters, or outright shady businesses will have less ad space for their offering.

So far, Google’s policies reference two types of services:

      • Products or services that help users to mislead others
      • Products or services that enable a user to gain unauthorized access to systems

Let’s take a closer look at them.

No more misleading

Any product having to do with:

      • Forged papers
      • Selling stolen credit card numbers
      • Bypassing drug tests
      • Paper-writing services

Is now off-limits for Google Ads.

And it makes perfect sense, considering these types of services are already illegal in many parts of the world.

No more unauthorized access to systems

If an ad promotes:

      • Hacking
      • Wiretapping
      • Jamming radars
      • Stealing cable

It’s no longer suitable for Google Ads.

Weeding out surveillance software

As you might have noticed, surveillance apps are not on the banned lists. That’s because surveillance software, most known as spyware or stalkerware, is rarely advertised as such.

Most often, you’ll find it labeled as parental control software. Or as a tool to monitor your team and ensure productivity. And stalkers, jealous spouses, and hackers can’t get enough of them.

I spy with my little eye…

Spyware is a type of malware that enables a person to get information about one of your devices by transmitting data covertly from it.

Spyware stays silent in the background, recording everything you do, including your passwords, browsing history, messages, and contacts, eating away at your privacy.

A major identity theft threat

If you get infected by spyware, it can have harmful consequences, since the theft of private and financial data is what most malicious parties are after.

And since identity theft is a highly lucrative business, your data is sought after.

Make sure you look out for these 9 signs your phone might be infected with spyware.

Google’s stepping in the right direction

Google will also stop accepting ads for technology that allows the monitoring of a person’s online activity. This includes access to messages, phone calls, or tracking position.

In August 2020, the Google Ads Enabling Dishonest Behavior policy will be updated to clarify restrictions on advertising for spyware and surveillance technology. Spyware and technology used for intimate partner surveillance including but not limited to spyware/malware that can be used to monitor texts, phone calls, or browsing history; GPS trackers specifically marketed to spy or track someone without their consent; promotion of surveillance equipment (cameras, audio recorders, dash cams, nanny cams) marketed with the express purpose of spying. 

Google’s Advertising Policy Update


Google’s updated policy will most likely target other surveillance services, as well. This includes the promotion of surveillance equipment, like:

      • Audio recorders
      • Cameras
      • Dashcams
      • Nanny cams
The company stated that it would first issue a warning for any violation of the new policy. If an advertiser doesn’t comply with the new regulations within 7 days, it will face a suspension.

A privacy-conscientious decision

Google’s updated ads policy is a good step in curbing the rise of surveillance software and normalizing spyware.

Pairing that with IBM, Amazon, and Microsoft’s decision to stop selling facial recognition to police departments, it looks like some companies are starting to be more privacy conscientious.


But what do you think?

Is this a step that proves that we’re taking privacy more seriously?

Let me know your thoughts in the comments below. ⬇️


Until next time, stay safe and secure!

We’re standing our ground in Hong Kong

Our server fleet stays put in the city

On June 30, 2020, the Chinese government passed a controversial security law on the special administrative region of Hong Kong, threatening digital safety and freedom of expression.

In the following weeks, some VPN providers have decided to leave the region.

But because we can fully protect our Ghosties’ digital privacy and security, our approach is different, and we’re keeping our server fleet in Hong Kong.


The national security law of Hong Kong

To understand this situation, you may need a bit of context. Especially since China and Hong Kong have a long, complicated history.

Learn more about internet privacy in the wake of the Hong Kong protests

The gist of it is that Hong Kong has been a British colony from 1842 up until 1997.

In 1997, the UK agreed to let capitalist Hong Kong return to Chinese sovereignty. The same China that’s a socialist state under the people’s democratic dictatorship.

Ever since then, Beijing has been asking Hong Kong to pass a national security law to little avail. And it looks like they finally ran out of patience in 2020.

While semi-autonomous Hong Kong has an independent legal system, there’s a back door in its mini-constitution that allows Beijing to make law in the city. And that’s how they imposed the national security law.

The four vaguely defined crimes laid out in the new law are:

        • Secession,
        • Terrorist activities,
        • Subversion against the central Chinese government,
        • Collusion with foreign forces to endanger national security.

For the first time, mainland Chinese officials can now operate in Hong Kong. And Beijing may override local laws.

Privacy and human rights activists fear this opens the door for the Chinese government to force Internet Service Providers in Hong Kong to hand over user data and limit free speech.


Our Hong Kong servers stay in place

Here at CyberGhost VPN, we’re keeping a close eye on the situation in Hong Kong. We’re worried about the effects this vexed national security law might have, and it’s more important than ever to make sure the people of Hong Kong have a VPN they can rely on.

However, our servers are as safe in Hong Kong as they are anywhere in the world. That’s because we have a strict no-logs policy and rigorous procedures for maintaining our server fleet.

For example, we are the only ones who can access our servers in the data centers. From deployment to retirement, we handle everything ourselves, including the installation of our operating system. There’s no 3rd party involvement.

Our servers run on RAM-only; they are fully encrypted and have no ties to our databases or management infrastructure. Every reboot wipes them down, and even if they’re removed for the rack, they’re completely useless and can’t be accessed.   

Tudor Fulga, Head of Infrastructure, CyberGhost VPN


Furthermore, we have additional server authenticity tests in place to eliminate the risk of man-in-the-middle attacks. We also use self-managed DNS servers to ensure the end-to-end protection of all online activity.

As a Ghostie, each VPN connection you establish is also encrypted by the protocol of your choice, so no data can be intercepted.

There is a risk that, in the future, we won’t be able to find data centers in Hong Kong willing to work with us and comply with our strict terms. Rest assured, if that’s the case, we’ll implement new solutions to continue serving you all in the region.


Until next time, stay safe and secure!

Your contributions helped support the battle against the coronavirus 

Back in March, we joined the global fight against the coronavirus.

We’ve teamed up with GlobalGiving, a nonprofit that connects donors with grassroots projects worldwide and donated to the Coronavirus Relief Fund.

10% of each of your purchases on our website went to support those most affected by the pandemic. And since GlobalGiving have been awarded the highest possible rating by Charity Navigator, BBB Wise Giving Alliance, and GuideStar, they were the best partner for this mission.

Here’s what we managed to do together.

Helping those in need across more than 20 countries

Humanitarian needs come in many different forms:

        • Medical care
        • Shelter
        • Meals
        • Financial assistance
        • Emotional support
        • Innovative solutions to help communities

And through the Coronavirus Relief Fund, we have been able to ease the burden for communities around the world.

Helping those on the front line

Relief and recovery efforts continue to be the focus.

When exhaustion sets in, those we rely on to save us need help themselves.

The funds supported doctors, nurses, technicians, but also personnel cleaning and disinfecting medical facilities.

For example, the International Medical Corps, a GlobalGiving partner, reached 11 hospitals in New York, Los Angeles, and Puerto Rico with emergency medical units, equipment, and volunteers.

Helping people in need

COVID-19 made it hard for many families across the world to get access to food and basic amenities. So GlobalGiving directed funds to the World Central Kitchen.

Their teams worked with community leaders to deliver meals to children and their families, healthcare workers, and the elderly.

Helping children

Whenever disaster strikes, children are especially vulnerable, and this pandemic is no exception.

This is why organizations such as Children’s Aid is now supplying testing and treatment options in their health clinics.

They’re also conducting in-person and virtual home visits and academic services for nearly 700 youth in foster care and distributing food to families.

Helping those vulnerable

Lockdowns have been particularly difficult for domestic violence victims, who have experienced higher risks to their safety.

The Safe Horizon team, another GlobalGiving partner, is continuing to run shelters, helplines, and child advocacy centers. Survivors have somewhere safe to go during these horrible times.

These are all the grantees who benefited from the Coronavirus Relief funds:

Asociación Grupo de Trabajo Redes
Banco de Alimentos de Bogotá
Boys and Girls Clubs of Canada
Brazil Child Health/Associação de Saúde da Criança
Breakthrough Urban Ministries
Cathedral Soup Kitchen
Chengdu Hezhong NGO Development Center
The Children’s Center
Citizens’ Disaster Response Center Foundation, Inc.
Community Skills Development
South Sudan
Global Medic
Ednica, Institución de Asistencia Privada
Egyptian Food Bank
Enjoyable Aging / Starost v radost
Free Minds Book Club and Writing Workshop
Fundación de Beneficencia Privada Banco de Alimentos de Puebla
Fundación Patronato María Auxiliadora
Global Fund for Children
Latin American countries
Global Fund for Women
Greater Boston Food Bank
Health and Illness Awareness Fit for You Raising Awareness with Students
Instituto Oswaldo Ribeiro De Mendonca
Interfaith Neighbors Inc.
Latin American Youth Center
LEAD Coalition of Bay County, Inc.
Mission old Brewery
African countries
Move for Hunger
Movimiento de Apoyo a Menores Abandonados
Narada Foundation
National Association of Free and Charitable Clinics
National Day Labor Network
Network of Organizations working for people with Disabilities in Pakistan
One Planet
Organismo de Nutrición Infantil
Promoción y Acción Comunitaria
Rajasthan Samgrah Kalyan Sansthan RSKS
Reach Out NGO
Sarah’s Circle
Second Harvest Food Bank of Central Florida
Sozidanie, Charitable Foundation
Synergie des Associations Féminines du Congo (SAFECO)
Voice Trust
World Vision Somalia
Xilotl Asociación para el Desarrollo Social
Zindagi Trust

Fighting the good fight

We’re thankful for GlobalGiving’s leadership in supporting local recovery efforts. Hundreds of NGOs mobilized to meet the urgent and evolving needs in their communities, and we’re honored to have been a part of it.

But the biggest thank you of them all goes to you, Ghosties! You’re the ones who made our donation possible!

Now it’s the time for us to stand in solidarity as we rise to face one of the most challenging crises in modern history.

Take good care

The pandemic is far from over.

As always, please follow preventive measures, stay at home as much as possible, and practice social distancing.

Contact your doctor in case of any health concerns and be wary of fake news pushing potentially harmful information.

Use your best judgment, and, until next time, stay safe and secure!

5 Tips For Creating a Strong Password  

Cybercrime is the fastest-growing type of felony in the world. And according to the University of Maryland, one hacking attack occurs every 39 seconds. On average, that’s 2,244 attacks a day!

Being hacked could mean anything from having private pictures of yourself and your loved ones stolen to identity theft or financial fraud. And weak or stolen passwords are one of the most common causes of data breaches and cybertheft.

To make sure you’re keeping yourself safe, here’s what you should do about your passwords.

A weak password is a flimsy shield

A lot of hackers use force brute attacks, trying to guess passwords and get into computers.

Having a strong, hard-to-guess, unique password is an essential layer of protection.

Unfortunately, a lot of people don’t pay enough attention to this. Computer engineering student Ata Hakçıl did a study of leaked credentials and found that the most used password is still “1234”.

In a batch of one billion leaked credentials, 7 million passwords were 1234!

Hakçıl also discovered that:

      • 28.79% of passwords were letters only.
      • 26.16% of passwords were lowercase only.
      • 13.37% of passwords were numbers only.

These are all things you should avoid like the plague. Instead, here’s what you should do.

1. Don’t use the same password for all your accounts.

Maybe this goes without saying, but not using the same password for all of your accounts is one of the most important things for your cybersecurity.

If somebody hacks your Instagram account, don’t give them the opportunity to compromise your email and banking accounts too.

Don’t fall into the trap of using the same password everywhere because anything else would be hard to memorize. We’re here to help you out.

PassCamp is a cloud-based password manager.

It lets you create strong and unique passwords. Better yet, it stores them for you in a highly protected, encrypted, and hacker-proof environments. And you won’t have to bother typing in complex passwords anymore, PassCamp also gives you an autofill option.

The best part? You can get a PassCamp add-on with your CyberGhost VPN subscription.

2. Update your passwords regularly.

Frequently changing your passwords decreases your chances of getting hacked. That’s because a hacker might try to access your account more than once.

You should continuously update your passwords because you’d be preventing someone else from accessing your accounts from other devices, too.

For instance, if you forgot to log-out from a school or work computer, anyone would be able to use your account. And that’s not something you want.

3. Choose multi-factor authentication whenever possible.

Multi-factor authentication, or MFA, is a different type of sign-in process. It’s commonly used for banking apps or online transactions.

When you sign-in, you go through another authentication step, like introducing a code you received via text message or using a biometric scanner to confirm your action.

This considerably reduces the risk of having your password compromised or someone else using your accounts.

4. Use numbers and symbols.

Numbers and symbols make passwords harder to crack because they increase the number of possible combinations. This makes it difficult for hackers to use brute force attacks to find their way to you.

Dictionary words are easier to figure out, as well as combinations of just numbers because there are fewer combination possibilities.

5. Bigger is better.

When you set a longer password, a hacker will have to spend more time trying to guess it with a brute force attack.

With each character you add, the time it takes to find out your password through brute force grows exponentially:

Password length
Time it takes to crack it
9-characters long
Up to 5 days
10-characters long
Up to 4 months
11-characters long
Up to 10 years
12-characters long
Up to 200 years

Worst possible passwords

Every year, researchers look at millions of leaked log-in credentials and rank the worst of them all. Check out the list below and make sure yours didn’t make the top 10 in 2019:

      • 123123
      • 111111
      • iloveyou
      • 12345
      • 12345678
      • 1234567
      • password
      • qwerty
      • 123456789
      • 123456

Until next time, stay safe and secure, and take care of your passwords!

CyberGhost VPN’s Transparency Report April, May, and June 2020

April, May, and June of 2020 in review

Back in 2011, when we first published our Transparency Report, we never would have imagined a time when everyone was at home, relying solely on internet connections for work, entertainment, shopping, and socializing.

But here we are now, reminiscing how life used to be and dreaming of more precedented times.

A lot has changed in the past three months, and new realities reflect in our Transparency Report numbers as well.

Let’s see what’s been happening.

Legal requests in a world turned upside down


That’s how many DMCA complaints, malicious activity flags, and police requests we got in the past three months.

Compared to the beginning of the year, that’s a whopping 37% decrease!

You might think such a drop is unusual since many people around the world spent a lot more time online in lockdown. But the explanation is quite simple and tied to a sad reality. Companies that used to send us requests worked less in the past quarter, if at all.

We only saw a significant increase in the number of police requests we got, even if their priorities were undoubtedly affected by the pandemic.

As you go through this Transparency Report, just keep one thing in mind: we have a strict no-logs policy. We have nothing to share with the authorities and can’t comply with their requests.

Here at CyberGhost, we’ve always followed the Privacy by Design principle. We don’t collect any type of data we don’t absolutely need. It’s the most reliable approach for us to provide you with secure infrastructure and protect your digital privacy.
Timo Beyel, CTO, CyberGhost VPN

Let’s take a closer look at things.

DMCA complaints


DMCA takedowns are copyright infringement claims. They signal someone illegally shared material using a CyberGhost VPN IP address.

We got 39% fewer DMCA takedowns in Q2 compared to Q1.


Typically, these are the most common requests we receive. And even in April, May, and June 2020, they made up 91% of all the demands we got.

Malicious activity flags


When we get flagged for malicious activity by the authorities, it’s because someone used a CyberGhost VPN IP address for something shady online.

Compared to Q1, there’s a 26% decrease in our malicious activity flags in Q2.


However, percentages are still fairly consistent. In Q2, 8% of all the requests we got were tied to malicious activities. In Q1, that figure was at 7%.

Police requests


When law enforcement agencies trace an IP used for something illegal back to our data centers, they can ask for more data.

Typically, they’re looking for the original IP of the supposed perpetrator. But, since we keep no logs, we have no data to share with them.

This number increased by a dramatic 400%! It’s alarming, and it reflects a world more surveilled than ever. Now murky contact-tracing apps, COVID-19 scammers and fraudsters, and unique threats targeting people working remotely are the norm.


As usual, police requests make up less than 1% in our total.

Another six months left for improvement

Since our very beginning, we’ve advocated for privacy as a fundamental human right. But to fulfill our promise, we always need to be ahead of the game.

Even during the pandemic, it’s been business as usual for us. We didn’t skip a beat, and we delivered like no other.

Here some of the things we did.

We’re no longer supporting L2TP and PPTP protocols

With more governments using complex surveillance methods, real-time deep packet inspection systems, and elaborate data-mining solutions, we need to make sure we’re always keeping you safe online.

Since L2TP and PPTP have become outdated in terms of encryption, we dropped them.

You can now use WireGuard® with CyberGhost VPN

Protocol customization is essential, and we love providing you with a variety of secure and fast options. Naturally, WireGuard® caught our eye.

This is an open-source protocol that combines the security of OpenVPN and the speed of IPsec.

You can find it in our iOS and Linux apps, with the rest following suit soon.

Our Secret Photo Vault is here

All you iOS loving Ghosties out there, this one is for you.

You can now use our Secret Photo Vault to keep your private photos and videos locked behind a code or your biometric login.

We’ve partnered up with PassCamp

Password security software is a must nowadays since that sensitive data is hacker’s honeypot. For your privacy and security, we teamed up with PassCamp.

PassCamp is a cloud-based password manager that lets you create strong, unique passwords and stores them for you in a secure environment.

You can now get it as an add-on with your CyberGhost VPN subscription.

Our fight for privacy continues

In 2019, we pushed for more transparency in the VPN industry.

Leading by example, we started publishing quarterly editions of our transparency report. If you missed them, they’re all here:

Throughout the rest of 2020, we’ll continue reporting the number of legal requests we receive every three months.

Stay tuned and subscribe to our newsletter to find out more about what we’re doing.


Until next time, stay safe and secure!


“WireGuard” is a registered trademark of Jason A. Donenfeld.

EARN IT and LAED are threatening to kill free speech and encryption

Privacy is under threat again in the US.

This time, two new acts proposed by US Senators aim to undermine encryption and bring even more surveillance to the online world.

Under the guise of making the internet a safer place, the bills would massively transform cybersecurity and free speech.


Senators introduced the EARN IT Act (S. 3398) in early March 2020.

It stands for Eliminating Abusive and Rampant Neglect of Interactive Technologies Act, and it falls under the Communications Decency Act.

EARN IT has stirred quite a bit of controversy. That’s because it would dramatically affect free speech online and undermine encryption.

Also, it directly contradicts the First and Fourth Amendment of the US constitution.

Going against the First Amendment

The EARN IT Act wants to impose a series of so-called best practices for online service providers. As a result, digital platforms would need to take legal responsibility for the content their users generate online.

To better understand why this is controversial, let’s look at the European Union’s copyright law, amended in 2019. As Article 13 proved, being legally responsible for the content posted on your platform can’t happen without massively censoring a wide variety of topics, even if they’re satire, critique, or opinion-based pieces.

But editorial activity is protected by the First Amendment to ensure freedom of the press.

Contradicting the Fourth Amendment

The Fourth Amendment in the US Constitution protects people from unreasonable searches and seizures by the government. It’s not a guarantee against all searches and seizures, but against those deemed unreasonable.

However, the EARN IT Act implies online service providers turning into government actors.

While the act isn’t clear on the implementation side of things, we can look at how things happened in the European Union with Article 13.

In such a scenario, the government could coerce digital platforms to scan users’ accounts and their content proactively. The carrot dangled in front of them would be keeping their legal immunity as companies under Section 230.

No exceptions for the EARN IT Act

Regulating what content can be distributed online has proven to be a slippery slope time and time again all over the world.

While the idea of eradicating digital crimes is appealing, it’s impossible to have all the content online verified and vetted by humans all the time.

An automation layer detecting specific keywords, images, or video content would be necessary, with protected edge cases in place.

For example, what happens to journalists exposing crimes and illegal activities when they get flagged by the filters?

The EARN IT Act has no mention of such exceptions, which is worrying.

EARNING side-effects

If EARN IT passes, companies will most likely implement digital filters. They’re the easiest and most cost-effective way of weeding out problematic content.

But we need to talk about the privacy implications.

Weeding out digital content

When companies are forced to make sure they have no damaging content or IP addresses linked to malicious activities on their platforms, scanning everything is the only way to go about it.

So, even if you’re not a criminal, your data would be verified as if you were guilty of something. If stored, you can imagine it would quickly become a target for hackers and other malicious parties.

Parsing information online relies on machine learning algorithms. And while you can teach them to identify words or images, they’re not great with sarcasm, irony, or jokes.

Ever texted “I’ll kill you” jokingly? That could now turn into a red flag for machine learning.

The LAED Act

Apparently, bad things come in twos. And since we’ve covered the EARN IT Act, let’s take a look at another dangerous bill: the Lawful Access to Encrypted Data Act of 2020.

LAED was introduced last week by Senators Graham, Blackburn, and Cotton, and it’s a nightmare for privacy.

The bill makes backdoors mandatory so that the police and other law enforcement agencies catch the baddies easier.

The problem is that backdoors would render all encryption efforts useless.

Accessing your devices one backdoor at a time

The proposed bill is over 50 pages long and sports ambiguous wording.

LAED would apply to any electronic device with a storage capacity of over 1 GB that sells more than a million units a year. The list includes:

        • operating systems
        • apps
        • messaging and chat platforms
        • social media platforms
        • email services
        • cloud storage services
        • videoconferencing software
        • smartphones
        • PCs
        • gaming consoles
        • IoT devices

…and probably others as well.

Backdoors are not friends

LAED requires companies to figure out for themselves how to comply with a decryption directive.

But the thing that these senators don’t seem to get is that a backdoor isn’t just for the police. Any malicious party can also use it!

A company’s only defense would be to prove that lawful access through a backdoor is “technically impossible.”

But, even if decryption is deemed impossible, the government can require a system redesign! The user won’t be the one with the decryption key anymore, turning digital security into a joke.

If you want to understand this gloominess, imagine a backdoor to your banking information wide open for anyone with technical know-how.

Guilty until proven innocent

EARN IT and LAED don’t just completely neglect the safety of users or thorny matters for companies, such as trade secrets, they also bring extensive surveillance capabilities.

Decryption will be possible even without a warrant, and continuous content monitoring will make it easier to fish out user data.

Much like how we’ve seen with the PATRIOT Act or Prism, the power these bills grant would most likely be abused.

Many of the people searching through the haystacks were young, enlisted guys and … 18 to 22 years old. They’ve suddenly been thrust into a position of extraordinary responsibility where they now have access to all your private records. In the course of their daily work, they stumble across something that is completely unrelated to their work, for example, an intimate nude photo of someone in a sexually compromising situation, but they’re extremely attractive. So what do they do? They turn around in their chair, and they show a co-worker.
Edward Snowden in interview with Alan Rusbridger and Ewen MacAskill for The Guardian

Being surveilled in case you might turn out to be a threat to national security goes against the US justice system’s core values.

We need to recognise that people have an individual right to privacy, but they also have a collective right to privacy. Nobody should have their communications seized and stored for an indefinite period of time without any suspicion or justification, without any suspicion that they’re involved in some sort of specific criminality. Just as it would be for any other law enforcement investigation.
Edward Snowden in interview with Alan Rusbridger and Ewen MacAskill for The Guardian

It seems like no one is safe from Big Brother.

You need to act now

EARN IT aims to bring more people who distribute illegal content online to justice, while LAED’s authors target iPhones, Android phones, WhatsApp, Signal, and social media platforms.

But these bills also impact digital privacy and security, with a lot of inconspicuous content inadvertently targeted. They could ultimately change how much we can reliably use technology.

Even if the bills pass, this doesn’t mean that there will be no more crime. It’s impossible to catch every criminal under the sun.

You should be concerned; concerned enough to do something about it.

Contact your local representatives

Urge your representatives to vote against all bills threatening free speech online and encryption.

With so many people working from home and relying on their internet connections for everything, this would be the worst possible time to attack cybersecurity.

Make your stance clear and let your politicians know that potential offenses shouldn’t be used as an excuse for dismantling encryption.

Act now and do what you can to protect your digital privacy and security!


Until next time, stay safe and secure!

How to permanently delete your Instagram account

Instagram, the popular social media platform, has been perceived by many as a safer alternative to Facebook or Twitter.

But the picture-perfect network is still part of the Facebook family and is not without privacy and data protection and privacy concerns. It’s no surprise that your likes, hobbies, and activities on the platform are monitored and sold to advertisers. There’s a lot of profit to be made off your data.

Are you’re tired of too many curated pictures, unrealistic beauty standards, and invasive tracking? Instagram might no longer be your cup of tea.

If you’re ready to get Instagram out of the picture, let me teach you how to delete your account.

First off, save your Instagram data

Deciding to quit a social media platform is never an easy feat.

So, before you delete your Instagram account permanently, you might want to keep a copy of your data. You know, for old times’ sake.

Just like Facebook, Instagram gives you the option to save your activity. And you can download your data from a computer or a phone.

From the web version:

  1. Log into your account using a browser.
  2. Click your profile picture on the right side.
  3. Go to ‘Settings’.
  4. Select ‘Privacy and Security. ‘
  5. Scroll down until you reach ‘Data Download.’
  6. Click on ‘Request Download.’
  7. Enter your email address and confirm your Instagram password.
  8. Find the link to download your data in your inbox.

From the Android/iOS app:

  1. Tap your profile picture.
  2. Tap the three lines on the right side.
  3. Go to on ‘Settings’
  4. Tap on ‘Security’ and select ‘Download Data.’
  5. Enter your email address and confirm your Instagram password.
  6. Find the link to download your data in your inbox.

You might have to be a bit patient for this one. Instagram says that it can take up to 48 hours to receive that link in your email. But, after that, you’re ready to delete your account.

Now, you’re ready to take the next big step.

How to permanently delete your Instagram account

Keep in mind that when you delete your Instagram account, your profile, photos, videos, comments, likes, and followers are permanently removed.

What’s more, you won’t be able to register under the same username again, so make sure you’re totally comfortable with your decision to delete your Instagram account.

If that’s what you’re after, here’s what you got to do:

  1. Log into your account using a browser.
  2. Go to the ‘Delete Account’ page.
  3. Choose a reason and confirm this step with your Instagram username and password
  4. Click on ‘Permanently delete my account.’

And that’s it!

Now enjoy your peace of mind as Instagram no longer keeps tabs on you and sells your data to advertisers.

How to deactivate your Instagram account

If you’re not ready to break free from the world of social media, but you still feel overwhelmed, you can still take a break.

Instagram gives you the option to temporarily disable your account.

This won’t delete any content from your account, and all your data will still be accessed by Instagram.

Here are the steps:

  1. Log into your account using a browser.
  2. Go to your account and click on ‘Edit profile.’
  3. Scroll down and click on ‘Temporarily disable my account’ in the bottom right.
  4. Select your reason and enter your password to confirm.
  5. Click on ‘Temporarily disable account.’

To reactivate your Instagram account, you just need to log back in again.

No filter can make data mining pretty

Instagram collects a lot of data, like:

      • Account names and passwords
      • All uploaded photos and videos
      • Data that links users to the photos they took, tagged or liked
      • Text message history
      • Address book contacts
      • Metadata on how people use the Instagram mobile app
      • Transactional data from Facebook products and services
      • Facial recognition data
      • Information about your devices
      • Geolocational data

Based on your profile and data, Instagram can personalize the ads that show up on your feed.

But despite the platform’s promises that no third-party developers can access your data, there have been quite a lot of mishaps in the past.

One of the first things that changed after joining Facebook was IG’s privacy policy. The company started collecting all sorts of data. “You agree that a business may pay Instagram to display your photos in connection with paid or sponsored content or promotions without any compensation to you.” That sentence caused an uproar back in the day.
The press revealed that Instagram automatically geotagged photos, even if the user didn’t use the ‘Add to Photo Map’ option.
A bug allowed hackers to access email addresses and phone numbers of unsuspecting Instagram users. You might remember this one because high-profile users were targeted. For example, hackers posted uhm… unflattering pictures of Justin Bieber using Selena’s Gomez account.
An ad partner of Instagram’s, HYP3R, made the news for scrapping profile info from millions of users. Details like their locations, stories, photos, and bios, were used to create a database of user profiles.
49 million Instagram users had their data exposed by a marketing agency who left an unprotected database on an Amazon Web Services server for about 3 days.
After Instagram removed the ‘Following’, apps similar to Like Patrol started scrapping public profiles for data, even though that was a violation of Instagram’s policies and guidelines. Apple removed Like Patrol from the App Store a few weeks later.
Social Captain, a social media boosting startup, stored Instagram passwords in plain text. And because they had a bug on their website, plugging in a user’s unique account ID granted you access to their Social Captain account and their Instagram login credentials.
Instagram plans to ask for IDs to fight Russian bots and troll accounts. Users will upload a photo of a government-issued ID and then take a selfie video. These are then supposed to be validated by humans.

This doesn’t look good at all.

If you care about your data, you should consider how much of a risk Instagram poses to your privacy.

Taking away the likes

There’s no doubt that Instagram is one of the most aesthetically pleasing social media platforms out there. But behind the pretty pictures and eye-catching Boomerangs, its tracking capabilities are a force to be reckoned with.

If you’re worried about losing touch with your friends, you might want to convince them to switch to a more privacy-friendly messaging app.

In the end, it’s always advisable to use a VPN provider to protect your digital privacy and keep snoopers at bay. Get that extra layer of security and encrypt your connection.


So, are you ready to #DeleteInstagram? Or did you already take the plunge? 😉

Let me know in the comments below.


Until next time, stay safe and secure!