Today we’ll go over how this new encryption protocol works, and why it’s needed.

How PQ3 works

All popular instant messaging applications and services today implement standard asymmetric encryption methods using a public and private key pair. The public key is used to encrypt sent messages and can be transmitted over insecure channels. The private key is most commonly used to create symmetric session keys that are then used to encrypt messages.

This level of security is sufficient for now, but Apple is playing it safe – fearing that hackers may be preparing for quantum computers ahead of time. Due to the low cost of data storage, attackers can collect huge amounts of encrypted data and store it until it can be decrypted using quantum computers.

To prevent this, Apple has developed a new cryptographic protection protocol called PQ3. The key exchange is now protected with an additional post-quantum component. It also minimizes the number of messages that could potentially be decrypted.

Types of cryptography used in messengers. Source

The PQ3 protocol will be available in iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4. The transition to the new protocol will be gradual: firstly, all user conversations on PQ3-enabled devices will be automatically switched to this protocol; then, later in 2024, Apple plans to completely replace the previously used protocol of end-to-end encryption.

Generally, credit is due to Apple for this imminent security boost; however, the company isn’t the first to provide post-quantum cybersecurity of instant messaging services and applications. In the fall of 2023, Signal’s developers added support for a similar protocol – PQXDH, which provides post-quantum instant messaging security for users of updated versions of Signal when creating new secure chats.

How the advent of PQ3 will affect the security of Apple users

In essence, Apple is adding a post-quantum component to iMessage’s overall message encryption scheme. In fact, PQ3 will only be one element in its security approach along with traditional ECDSA asymmetric encryption.

However, relying solely on post-quantum protection technologies isn’t advised. Igor Kuznetsov, Director of Kaspersky’s Global Research and Analysis Team (GReAT), commented on Apple’s innovations as follows:

“Since PQ3 still relies on traditional signature algorithms for message authentication, a man-in-middle attacker with a powerful quantum computer (yet to be created) may still have a chance of hacking it.

Does it offer protection against adversaries capable of compromising the device or unlocking it? No, PQ3 only protects the transport layer. Once a message is delivered to an iDevice, there’s no difference – it can be read from the screen, extracted by law enforcement after unlocking the phone, or exfiltrated by advanced attackers using Pegasus, TriangleDB or similar software.”

Thus, those concerned about the protection of their data should not rely only on modern post-quantum cryptographic protocols. It’s important to ensure full protection of your device to make sure third-parties can’t reach your instant messages.

Complicating matters is the heightened uncertainty about the identity of your virtual conversational partner, and the disconcerting possibility of digital stalking.

In fact, we recently commissioned a report on digital stalking to ascertain the reality of these risks and concerns. We engaged with over 21,000 participants to cast light on the alarming prevalence of digital abuse experienced by those in pursuit of love.

Revelations from the survey

As per our survey findings, 34% of respondents believe that googling or checking social media accounts of someone they’ve just started dating is a form of “due diligence”. While seemingly harmless, 23% reported encountering some form of online stalking from a new romantic interest, suggesting that some individuals may take a swift Google search a bit too far.

Furthermore, and somewhat alarmingly, over 90% of respondents expressed a willingness to share or consider sharing passwords that grant access to their location. While seemingly innocuous on the surface, there can loom there specter of stalkerware: silent software capable of continuously tracking user whereabouts and spying on messages.

How to protect yourself? Tips from the experts

We’ve compiled advice from leading online security, dating, and safety experts to help you navigate the waters of love safely this Valentine’s Day!

Enhanced password safety measures

• Create complex passwords using a mix of letters, numbers, and symbols.
• Never reuse passwords across different sites and apps; keep them private.
• Use two-factor authentication for an added layer of security.
• Change your password immediately if you’ve shared it with someone you’ve been dating but are no longer in touch with.
• Use a password manager to keep all your passwords strong and safe.

Proactive verification techniques of online dating profiles

• Run a reverse-image search for that profile; if it appears on multiple pages under various names, it’s likely a catfisher.
• Look for inconsistencies in daters’ stories and profile details.
• Be wary of sudden, intense expressions of love, or requests for money.
• Use video calls to verify a dater’s identity before meeting in person.

Maximizing online dating profile security:

• Conduct your own privacy audit of your social media accounts to understand what’s publicly visible.
• Customize your privacy settings to control who can see your posts and personal information.
• Regularly review your friends/followers list to ensure you know who has access to your information.

Strategic sharing guidelines:

• Avoid posting details that could disclose your location, workplace, or routines.
• Think twice before sharing emotionally charged or intimate content.
• Be mindful of metadata or other identifiable clues in photos (like geotags) that can reveal your identity, location, or details you’d rather keep private.
• Set personal boundaries on the type of information you share early on in a relationship; only reveal personal details gradually as trust builds over time.
• Listen to your instincts – if something feels off, take a step back and give yourself a moment.
• Consider how the data you share could be used to piece together a profile or compromise your physical safety.

Comprehensive safety plan for offline meetings:

• Choose well-lit, public places for initial meetings.
• Avoid sharing or displaying personal items that might reveal your address or sensitive information.
• Arrange your own transportation to and from the meeting place.
• Have a check-in system with a friend or family member.

As we embrace the possibilities for romance and connection in the digital age, let’s not forget the importance of our safety and wellbeing. By implementing these strategies, you can confidently explore the world of online dating while safeguarding both your digital and physical self. For more details, please take a look at our safe dating guide. And our premium security solution with identity protection and privacy features can help you keep calm and carry on… dating!

What is Facebook link history?

Facebook mobile apps come with a built-in browser. Whenever you follow an external link posted on Facebook, it opens in this very browser. Recently the social network decided to start collecting the history of all the links you click, and to use this data to show you targeted ads.

Why does Facebook need it? Because it’s not just the largest social network in the world, but also one of the most powerful global advertising platforms — second only to Google in terms of scale and capabilities. Previously, to collect data on user interests and show targeted ads based on it, Facebook used third-party cookies. However, support for third-party cookies is being phased out in the world’s most popular browser — Google Chrome.

Google has devised its own mechanism for tracking users and targeting ads — known as Google Ad Topics. To collect data, this technology makes active use of the Google Chrome browser and the Android operating system. Not so long ago, we explained how to opt out of this Google tracking.

Now Facebook has decided to track users through the browser built into its various mobile app versions. That’s how the link-history feature was born. But it offers no additional benefits to regular users — despite Facebook trumpeting the convenience of being able to find any link you ever opened at any moment. But if you don’t like the idea of Facebook tracking your every move, it’s best to turn off the feature; thankfully, it’s easy to do.

How to turn off Facebook link history

First, let’s clarify that link history is only available in Facebook mobile apps. The feature is missing when you use the web version of the social network. It’s also neither available in Facebook Lite (if only because this app has no built-in browser), nor (at least for now) in the Messenger app.

The first time a user opens an external link posted on the social network after Facebook introduced link history, they’re asked for their consent to use the feature.

The screen requesting permission to turn on link history is only shown once

As you’d probably expect, link history is enabled by default. So most users likely give consent without too much thought — just to get Facebook off their backs and to show the page they want.

If you’ve already opted in to link history and now want to turn it off, there are two easy ways to do so.

The first way to turn off link history

• In the Facebook app, open Menu by tapping the hamburger icon (the three lines in the upper-right corner on Android), or the Profile icon in the lower-right corner on iOS.
• Go to Settings & privacy — the easiest way is by tapping the gear icon.
• Scroll down to Browser and tap it.
• In the window that opens, toggle Allow link history
• Also, while you’re at it, tap the Clear button next to Link history.

Turning off Facebook link history through Settings & privacy on Android

The second way to turn off link history

• In the app, tap any link posted on Facebook. This will open the app’s built-in browser.
• In it, tap the ellipsis icon (upper-right corner on Android, lower-right on iOS).
• Select Go to Settings.
• In the window that opens, toggle Allow link history off and tap the Clear button next to Link history.

Turning off Facebook link history through the built-in browser on iOS

All done. Facebook will no longer collect your link history. While you’re at it, don’t forget to stop Google tracking you by disabling Google Ad Topics. To avoid online tracking in general, use the Private Browsing feature in Kaspersky applications.

However, Nothing Chats was almost immediately found to have a whole host of security and privacy issues. These problems were so serious that less than 24 hours after its release in the Google Play Store, the application had to be removed. Let’s delve into this in more detail.

Nothing Chats, Sunbird, and iMessage for Android

The Nothing Chats messenger was announced on November 14, 2023, in a video by the well-known YouTube blogger Marques Brownlee (aka MKBHD). He talked about how the new messenger from Nothing had plans to allow owners of a Nothing Phone (which is Android-based) to communicate with iOS users through iMessage.

By the way, I recommend watching the video by MKBHD, at least to see how the messenger worked.

The video also briefly outlines how the messenger operates from a technical point of view. To begin, users have to provide Nothing Chats with the login and password to their Apple ID account (and if they don’t have one yet, they need to create one). After this, to indirectly quote the video, “on some Mac mini somewhere on a server farm”, this Apple account is logged in to, after which this remote computer serves as a relay transmitting messages from the user’s smartphone to the iMessage system, and vice versa.

To give credit where credit is due, at the end of the sixth minute, the author of the video makes a point of emphasizing that this approach carries some serious risks. Indeed, logging in with your Apple ID on some unknown device that doesn’t belong to you, located who knows where, is a very, very bad idea for a number of reasons.

The coveted blue message clouds of iMessage — the main promise of Nothing Chats

The Nothing company made no secret of the fact that “iMessage for Android” was not their own development. The company partnered with another company, Sunbird, so the Nothing Chats messenger was a clone of the Sunbird: iMessage for Android application, with some cosmetic interface changes. By the way, the Sunbird app was announced to the press back in December 2022, but its full launch for a wide audience was constantly postponed.

Nothing Chats and security issues

After the announcement, suspicions immediately arose that Nothing and Sunbird would face serious privacy and security issues. As mentioned earlier, the idea of logging in with your Apple ID on someone else’s device is highly risky because this account gives full control over a significant amount of user information and over the devices themselves through the Apple feature Find My…

To reassure users, both Sunbird and Nothing asserted on their websites that logins and passwords aren’t stored anywhere, all messages are protected by end-to-end encryption, and everything is absolutely secure.

Sunbird’s website confirming the security and privacy of iMessage for Android, as well as the use of end-to-end encryption (spoiler: this isn’t true)

However, the reality was way off even the most skeptical predictions. Once the application became available, it quickly became clear that it totally failed to deliver on its promises regarding end-to-end encryption. Worse still, all messages and files sent or received by the user were delivered by Nothing Chats in unencrypted form to two services simultaneously — the Google Firebase database and the Sentry error monitoring service, where Sunbird employees could access these messages.

The FAQ section on the official Nothing Chats page also explicitly mentions end-to-end encryption

And if that still wasn’t enough, not only Sunbird employees but anyone interested could read the messages. The issue was that the token required for authentication in Firebase was transmitted by the application over an unprotected connection (HTTP) and could, therefore, be intercepted. Subsequently, this token provided access to all messages and files of all users of the messenger — as mentioned earlier, all this data was sent to Firebase in plain text.

Once again: despite assurances of using end-to-end encryption, any message from any user on Nothing Chats and all files sent by them — photos, videos, and so on — could be intercepted by anyone.

Also, the FAQ page of Nothing Chats claims that messages are never stored anywhere — doesn’t it make you want to cry?

One of the researchers involved in analyzing the vulnerabilities of Nothing Chats/Sunbird created a simple website as proof of an attack’s feasibility, allowing anyone to see that their messages in iMessage for Android could indeed be easily intercepted.

Shortly after the vulnerabilities were made public, Nothing decided to remove their app from the Google Play Store “to fix a few bugs”. However, even if Nothing Chats or Sunbird: iMessage for Android returns to the store, it’s best to avoid them — as well as any similar apps. This story demonstrates vividly that when creating an intermediary service that allows access to iMessage, it’s very easy to make catastrophic mistakes that put users’ data at extreme risk.

What Nothing Chats users should do now

If you’ve used the Nothing Chats app, you should do the following:

• Log into your Apple ID account from a trusted device, find the page with active sessions (devices you’re logged in to), and delete the session associated with Nothing Chats/Sunbird.
• Change your Apple ID password. It’s an extremely important account, so it’s advisable to use a very long and random sequence of characters — Kaspersky Password Manager can help you generate a reliable password and store it securely.
• Uninstall the Nothing Chats app.
• You can then use a tool created by one of the researchers to remove your information from Sunbird’s Firebase database.
• If you’ve sent any sensitive information through Nothing Chats, then you should treat it as compromised and take appropriate measures: change passwords, reissue cards, and so on. Kaspersky Premium will help you track possible leaks of your personal data linked to email addresses or phone numbers.

Together with clinical psychologist Dr. Saliha Afridi, Kaspersky is presenting cybersecurity and psychological considerations that parents would do well to be aware of before giving their kids their very first tech gadgets.

What to do before giving a gadget to a child?

Set up a Child Account before giving your offspring their first gadget. Whether it’s a phone or a tablet, it’s crucial to ensure the age-appropriateness and safety of the gadget. Even if it’s a brand-new gift, prioritize setting up this feature. A Child Account acts as a safeguard on the device, preventing things like downloads of mature content or songs with explicit content. For detailed guidance on creating a kid’s account, refer to our guide for Android or the one for iOS.

Install all the basic applications that support either communication or geo-location (like messenger and map apps), plus learning applications. And don’t forget to set up the privacy and confidentiality settings in each of the installed applications, so that the child, for example, isn’t discoverable via their phone number by unknown individuals. Tools like Privacy Checker can assist you in tailoring the optimal protection settings for various devices and platforms.

Remember to install a digital parenting app as well. This will empower you to curate content, monitor the amount of time your kid spends on specific apps (and set limits if needed), and track their current location.

How to introduce a new device into a child’s life?

Walk them through the device’s functionalities as well as the potential dangers when gifting them a new gadget. This is an opportune moment to explore its features and understand its potential pitfalls.

Craft a set of family usage rules together. In this conversation, it’s important to foster an understanding and consensus about the responsibilities and expectations tied to device ownership. To ensure a healthy balance, establish tech-free zones and times — perhaps during dinner or the hours leading up to bedtime. Designate moments for non-tech hobbies like reading, outdoor games, or puzzles, which can act as beneficial alternatives to screen time. Periodically revisiting and refining these rules as your kid grows and technology advances is key.

And remember — unless a kid shows a healthy level of engagement with real-life activities and in-person socializing, don’t introduce a smartphone or social media. One way they can earn a device is by showing that they’re capable of doing the “non-negotiables” regularly and consistently. These include sleep, exercise, homework, socializing, eating healthily, and wakeful resting periods.

How to talk to a child about online safety?

Encourage open communication from the outset. Engage junior in conversations about their online experiences — ensuring they feel safe to share both the good and the bad experiences.

Stay up to date with the latest digital trends and threats as well as high-profile cyberbullying or data breaches. Share this information with your child in a way they understand. You can learn the latest cybersecurity news via our blog.

Bring up the permanence of online actions. This includes how things shared online stay there forever and can affect their reputation and future opportunities. Kids should be especially careful about information they share about themselves: never giving out their address, geolocation or login credentials and passwords. Additionally, they should avoid using their real names as user IDs, as these can be potential clues for attackers to discover their other social media accounts. Help them understand the concept of privacy and the potential risks of sharing too much information.

Teach your kid that accepting friend requests from unfamiliar individuals in real life should be avoided. It’s crucial to explain that if someone they don’t know is persistently trying to find out personal information about them or their parents, it’s a cause for concern. Your child shouldn’t feel they’re being rude or impolite if they don’t respond to a request for friendship. In social networks, just like in life, there needs to be privacy.

By having such conversations and educating your children about online risks in a non-confrontational manner, you raise your kids being more likely to approach you when they encounter something questionable online. You should make sure they maintain a stance of curiosity — not judgment or fear. Your reactions will determine how open they feel about sharing in the future.

And a digital parenting app serves here as a valuable tool to enable you to monitor your kids’ online searches and activity, ensuring a safer online experience.

What are the main risks I should tell my child about?

In our digital age, kids are vulnerable to cybercriminals, often because they’re unfamiliar with essential cybersecurity principles and common scam tactics. It’s our duty as guardians to educate them on these matters before they inadvertently fall prey to them.

For instance, guide your kid in identifying deceptive commercials, bogus survey requests, counterfeit lotteries, and other schemes that can jeopardize their personal data. Help them grasp the reality that, while it might be tempting to download a Barbie movie ahead of its official release, offers like these could be ploys by cybercriminals aimed at pilfering data or even siphoning money from their parents’ cards. A reliable security solution can detect and block any phishing websites or any malicious software.

Instill in your child the habit of being critical and cautious when online. Teach them to pause before clicking when it comes to dubious links, unfamiliar email attachments, or messages from unknown entities. Discuss the appropriate permissions apps should have on their devices. For example, there’s no valid reason for a Calculator app to request geolocation access.

Make conversations about cybersecurity more enjoyable and interesting by discussing the topic through games and other entertaining formats. Most importantly, instill confidence in them to approach a trusted adult when faced with unsettling or suspicious situations online.

How to check that you’re prepared?

Once a gadget appears, your family’s life will inevitably undergo a transformation, as your kid will be drawn into the realm of the internet. Rather than forbidding it, it’s advisable to guide them on proper online behavior — if used correctly, a gadget can really help kids learn and grow. However, this can only happen if they know when and how to alert their parents about any online threats they come across – whether they’re receiving strange messages from adults, requests for personal information, or stumbling upon phishing sites.

Learning, however, is a gradual process, and it doesn’t guarantee perfection from the start. Mistakes will naturally occur, such as your kid accidentally downloading malware or engaging with suspicious individuals or struggling with screen time management. Nonetheless, your role as a parent is to provide support and assistance in their learning process. Only this way can you help your child be safe online.

To get ready for the challenge, we suggest taking a peek at our complete handbook for parents about getting your kid’s first gadget.

What should I do before give a gadget to my kid?

1. Create a child account
2. Disable in-app purchases
3. Install essential apps
4. Adjust app privacy
5. Use a digital parenting app (like Kaspersky Safe Kids)
6. Set age-appropriate filters
7. Block unknown calls

How do I introduce a new gadget to my child?

1. Establish family rules and good tech-habits
2. Create tech-free zones and times
3. Promote non-tech activities
4. Limit your kid’s phone usage during:
   • meals
   • bedtime
   • family gatherings and outings
   • homework and studying
   • hosting social gatherings
   • engaging in outdoor activities
   • morning routines

What online safety rules should my child know?

1. Set clear ground rules about what they can and can’t do online
2. Teach them privacy basics and tell them about the risks of oversharing
3. Emphasize that they should never share personal info or login details
4. Advise children to use non-personal usernames

What are the main online risks I should tell my kid about?

1. Watch out for phishing scams
2. Avoid unauthorized game downloads
3. Ignore intrusive ads and surveys
4. Exercise caution regarding links and email attachments
5. Seek help if uncomfortable or suspicious regarding something online
6. Use unique passwords, and consider Kaspersky Password Manager  for security

How do I help my children avoid online strangers?

1. Telling them to say no to unknown friend requests
2. Telling them to become suspicious if someone asks personal questions
3. Maintaining open communication about your kids’ online activities

What online gaming safety advice should I give?

1. Play with friends you know
2. Enable a “gaming mode” for safety
3. Download games only from trusted stores
4. Ignore chat-room links
5. Never share passwords – even with friends

My kid is being bullied on the Internet. What should I do?

1. Listen to them without interrupting
2. Make them feel both safe and understood
3. Take screenshots of harmful content
4. Discourage retaliation
5. Update privacy settings, change passwords, block or report the bully
6. Report to the school
7. Consider professional help for stress-related signs

My kid is bullying others online. What should I do?

1. Stay calm, gather evidence, and understand the context
2. Get your child’s side of the story
3. Help them see the impact on others
4. Encourage an apology to the victim
5. Without being overly invasive, consider using digital parenting apps
6. Promote responsible online behavior
7. Seek professional help if necessary

What questions should I ask my child to ensure their online experience is safe?

1. What’s interesting online today?
2. Anything confusing encountered?
3. Do you chat or game with strangers?
4. How do you choose what to share?
5. Have you ever felt uncomfortable online?
6. Are there any new apps or websites you enjoy?
7. Do you know how to handle inappropriate messages?
8. Have you ever seen someone being unkind online? How did you react?

How do I monitor my kids online without invading their privacy?

1. Talk about their online experience
2. Engage in their online activities together
3. Use safety-focused parenting apps
4. Explain why certain controls are needed
5. Shift from monitoring to mentoring
6. Stay updated on digital trends and share insights

What are signs of a negative impact of devices on my kids?

1. Lower grades
2. Less physical and social activity
3. Eye strain, poor sleep, bad posture
4. More irritability, withdrawal
5. Neglecting hobbies, responsibilities
6. Anxiety, depression, low self-esteem
7. Shorter attention span, memory issues

We’ve explored the crucial steps for empowering both you and your child in the digital realm. For your convenience, download our PDF handbook — a practical resource to help you navigate your child’s tech journey with confidence.

1. Watch foreign sports or TV shows

A familiar situation for many sports fans: having moved abroad or simply gone on vacation, you find to your annoyance that your beloved football/soccer/baseball/cricket/rugby… team’s games aren’t broadcast on TV there. The same catastrophe befalls fans of domestic TV shows that aren’t popular abroad. This issue may be solved if you can subscribe to digital broadcasts of whatever matches or shows you like in your hometown, but in other regions that service is likely to be blocked. However, the good news is that Kaspersky VPN Secure Connection lets you watch what you paid for — wherever you are. To do this, when away, you need to select a VPN server in your home country and connect to it. That way you’ll be assigned a “native” IP address that will virtually teleport you home. You just need to make sure that both your local internet connection and VPN are up to it speed-wise. For fast VPN secrets, see the end of this post.

2. Bypass bandwidth throttling

In mobile networks, public places, and sometimes even home connections, ISPs limit communication speed, which is known as bandwidth throttling. You may notice this when visiting sites with videos or downloading large files: your internet runs much slower. This allows ISPs to save bandwidth and reduce the load on the network, but it also restricts your rights. Thanks to Kaspersky VPN Secure Connection, which encrypts your traffic, providers and other third parties can’t see exactly what you do online or what sites you visit, and so they cannot throttle your bandwidth – however, if your ISP slows down all activities for all subscribers (blanket throttling), there’s no escape.

3. Play in the region of preference

Servers of many multiplayer games are distributed all over the world. Connecting from a certain region, you will play on the nearest server. This is done to minimize lag for all players, unite players from the same time zone, and lessen the language barrier in game chats. But this approach can cause issues too: for example, you might play at an “unsociable” hour, which means few suitable gaming partners on the nearest servers, or your team has settled on a very specific game server. Going online through Kaspersky VPN Secure Connection in the desired region guarantees a connection to the best server for your needs. Of course, VPN speed is critical here to ensure low lag and fast data exchange, so slow VPNs and VPN protocols are a big no-no for gamers — which is why we especially recommend that gamers use our VPN, recognized for high speeds in independent tests.

On game consoles, setting up a VPN can be tricky, so console owners find it easier to set up VPN directly on the router — more on this at the end of the post.

4. Sidestep price policies

In many stores and service organizations, the price for the same goods and services differs significantly from country to country due to variances in pricing policies or simply different sales schedules. At the time of posting, Black Friday and Singles’ Day (11.11) are on the horizon, to name just a couple of shop fests. You can cash in on seasonal offers and save money by connecting to a VPN server in the desired country and thus changing your IP address. That done, logging into the regional versions of online stores, you’ll see local promotions and enjoy the best discounts.

To take full advantage of this, your VPN service should offer a wide variety of servers in different countries. For example, our VPN has more than a hundred of these, including in such exotic locations as Bangladesh, Liechtenstein, and Malaysia. With such a wide selection, finding the right server in the list can be tough, which is why the latest version of Kaspersky VPN Secure Connection lets you add servers to a Favorites tab and quickly select the one you need.

5. Shop with peace of mind

Public networks — be it Wi-Fi at an airport, hotel, cafe, train, or bus — pose a number of risks to your devices. Among them are: third-party ads on websites; data harvesting of your online activities; the already mentioned slowdown when watching videos; and potential interception of payment information and passwords. It’s a real stinger to pay for extra baggage or window seats on your phone, only to see unexpected debits from your account after landing, right?

Over an encrypted VPN channel, none of that can happen. Nearby cybercriminals, cafe owners, and unscrupulous Wi-Fi providers can neither see nor intercept your online activity.

What’s more, our VPN can be configured to automatically turn the VPN on when connecting to unprotected Wi-Fi networks, plus you can customize the VPN settings for each Wi-Fi access point saved on your device individually. This makes it easy to configure which Wi-Fi networks need VPN protection, keeping you safe at all times.

And one other thing: if the VPN connection drops, Kaspersky VPN can automatically block all your network traffic until reconnection, ensuring your data doesn’t leak to an unsecured network.

6. Open geo-blocked websites

For both legal and security reasons, some sites choose to shut out connections from other countries. For example, many online stores aren’t accessible in countries they don’t ship goods to. The same goes for many municipal or government services provided online — access from abroad isn’t possible. If you need to use such sites, you need to point your VPN to a server in the respective country.

7. Open websites despite blocking

The opposite scenario to geo-blocking is when you arrive in a country where, say, Google or Instagram is blocked. By connecting to a VPN server in another country, you can continue to use your usual accounts and services.

Geo-blocking often creates the nuisance of having to constantly turn your VPN on and off to access certain sites or use certain apps. Kaspersky VPN Secure Connection comes in handy here, too. By configuring rules for Smart Protection (on Android only) and Split Tunneling (on Android, Windows and macOS), you can forget about the need to keep toggling the VPN: it will activate automatically for selected apps, sites, or site categories (such as payment systems, banking sites, or online stores) or bypass VPN for apps added to the exceptions list.

What makes Kaspersky VPN the fastest?

Gaming, watching videos, downloading large files, and even conference calling all require a lightning-quick VPN connection with minimal latency and high data-transfer rates. Besides a fast enough internet connection, this requires three other jigsaw pieces: a high-performance VPN server with a strong communication channel; a sufficiently powerful client (your phone, computer, or router); and an optimized communication protocol between these two pieces.

To make our VPN the undisputed speed champion (it outperformed all six of the other VPNs in an independent test), we use the fastest servers (10 Gbps) and connect to them over the most powerful protocols: Catapult Hydra and WireGuard. According to our internal tests, Catapult Hydra is five to seven times faster than the common OpenVPN protocol in terms of connection speed and ensures exceptional privacy protection without data leaks.

Where and how to use VPN?

You can install a VPN on your smartphone, computer, tablet, and sometimes even your TV or game console. Most routers also support a VPN connection, giving you the benefits of a VPN across your entire home network all at once. Which of these scenarios is better?

For travel and business trips, setting up a VPN on your phone and laptop is a priority. If gaming or online bargain hunting is your thing, it’s best to install a VPN on your Windows or Mac computer.

For TVs, game consoles, and simultaneous VPN use on multiple devices, the encrypted channel is best deployed directly on the router. Our VPN supports the ability to connect routers using the WireGuard and OpenVPN protocols: the former delivers maximum speed even on relatively weak router models; the latter provides maximum compatibility even with older models. Simply go to the VPN section on the My Kaspersky portal, and under VPN for routers, create a configuration file by selecting the protocol and server in the desired country. Then upload it to your router’s control panel — and every device in your home network will automatically enjoy all the benefits of VPN.

Where to find the best VPN deal?

You can get Kaspersky VPN Secure Connection either as a standalone product or as part of a Kaspersky Plus or Kaspersky Premium subscription. Besides super-fast VPN, your subscription comes with full protection for all devices — both computers and smartphones.

Fine print

Some countries prohibit the use of VPN as a technology, while others ban specific VPN usage. In addition, the license agreements of various online services explicitly prohibit the use of VPNs to bypass their regional restrictions. You should research the legal position in your specific case before opting for a VPN.

But this doesn’t mean such tracking will simply stop. It would be odd if the tech giant, whose revenue comes mostly from online advertising, voluntarily gave up the ability to collect user data. Instead, third-party cookies will be replaced by a new technology — Google Ad Topics. In fact, Google Ad Topics is already here: the company integrated it into the Chrome browser this summer and recently started to roll it out to the Android operating system.

In this post, we explore how Ad Topics works, where to disable it in the Chrome and Android settings, and what else you can do to avoid being tracked by online advertisers.

A little history: Google Privacy Sandbox and FLoC

Let’s first go back a bit to Google Privacy Sandbox. This is what Google calls the entire initiative to abandon third-party cookies and replace them with different technologies for targeted advertising. Google first started talking about this initiative back in August 2019. As you can see, it’s taken them four years to develop specific solutions for phasing out cookies.

The purpose of this initiative is, on the one hand, to get rid of technology that’s widely perceived as a violation of privacy. On the other hand, Google wants to find a way to continue showing personalized ads to users — maintaining the competitive advantage that made it an internet giant.

If you look at the Wikipedia article on Privacy Sandbox, you’ll find a long list of candidate technologies that Google planned to use to move away from third-party cookies. However, in 2021, a technology called Google FLoC emerged as the primary candidate. Let’s discuss it in more detail.

What is Google FLoC?

FLoC (Federated Learning of Cohorts) was a technology proposed by Google aimed at changing the approach to targeted online advertising — making it more private. Instead of using individual user behavior data to personalize ads, FLoC grouped users with similar interests — meaning similar browsing histories — into “cohorts”. These cohorts were then assigned a unique identifier, which advertisers can use to target their ads.

One of the key advantages in terms of user privacy was that FLoC didn’t send user activity information to Google servers, but processed the data locally — directly on the user’s device.

It’s worth noting that, despite the name, FLoC didn’t actually use federated learning. Its use was initially planned, but it turned out that local computing was good enough.

What is federated learning? It’s a variant of machine learning — an alternative to the centralized learning approach. In centralized learning, data from all devices is uploaded to a central server where the AI model is trained. In federated learning, data isn’t sent to a central server; instead, local models are trained on local data directly on the devices. These devices then exchange the training results, rather than the user data itself, with the server. Based on the results of this local training, a global AI model is built — thus, the local AI models and the global AI model mutually train each other. This is all done to eliminate the need for centralized storage of user data.

As is often the case with attempts to have one’s cake and eat it too, the technology was criticized from both sides. Despite Google’s claims that FLoC is 95% as effective as third-party cookies, advertisers weren’t satisfied with the technology’s performance.

Privacy advocates, in turn, were extremely unhappy that FLoC didn’t adequately address user privacy concerns — and also that millions of Chrome users were included in the testing of FLoC without their consent. However, the main privacy concern regarding Google FLoC was its highly precise methods for categorizing users — the possible number of cohorts exceeded 30,000 — which allowed too much scope for user tracking.

A significant portion of the internet industry quickly took up arms against Google FLoC, including all Chromium-based browser developers — which refused to include FLoC in their products, and Amazon — which disabled FLoC on all its websites. Consequently, just a few months after the testing of FLoC began, Google decided to freeze the project. Already by early 2022, they officially announced the abandonment of FLoC in favor of another technology — Topics API.

What is Google Ad Topics (Topics API)

Google Ad Topics (also known as Topics API) is a technology that Google is currently planning to use to replace third-party cookies for targeted advertising. Ad Topics functions somewhat similarly to FLoC: it also relies on browser history (in the case of Chrome) or app usage (in the case of Android), through which a locally operating algorithm tries to identify user interests.

However, there are significant differences: while FLoC grouped users with similar interests into cohorts with unique identifiers, Topics API only compiles a list of things that interest the user — that is, “topics”.

At the time of writing this article, there were 629 such topics, but this list is constantly being updated, so the number will continue to grow. In Google Ad Topics, each webpage on the internet is associated with a certain topic. The algorithm constantly updates the list of Google topics assigned to the user based on what they’ve visited recently. Here’s how it works:

• Every week, the user is assigned five topics based on the sites they visited the most that week.
• Three lists of five topics each are created for the last three weeks.
• A site that wants to show ads to the user requests the topics assigned to that user from Topics API. The algorithm randomly selects one topic from each of the three lists and provides the site with these three topics for displaying targeted ads.
• The topics assigned to the user are stored for only three weeks. Older topics are deleted, and a list of five new topics is generated every week.

Since there is an element of randomness in the selection of topics, it seems that identifying a specific user or even a narrow group of users from such information is not so easy. Nevertheless, even soft and gentle tracking is still tracking, and targeted advertising is not to everyone’s taste. The good news is that Google allows you to not only manually configure Ad Topics but also to disable them altogether. For the sake of your privacy, we recommend doing this.

How to disable Google Ad Topics in the Chrome Browser

To disable Google Ad Topics data collection in the Chrome settings, go to Settings → Privacy and security → Ad privacy. The main point of interest on this tab is the first option, Ad topics. Click on this option and turn off the switch in the window that opens.

Where to disable Google Ad Topics in the Android settings

Alternatively, you can go directly to the Google Ad Topics settings by entering the following path in the Chrome address bar:

chrome://settings/adPrivacy/interests

While you’re in this part of the browser settings, it doesn’t hurt to disable two other options on the Ad privacy tab: Site-suggested ads and Ad measurement. That’s it! You’ve successfully disabled Google Ad Topics in the Chrome browser.

Note! Chrome settings are specific to each user profile. So, if you use Chrome with multiple Google accounts on the same computer, you’ll need to disable Ad Topics for each account separately. Go through all your Chrome profiles and repeat the steps above.

How to disable Google Ad Topics in the Android operating system

Disabling Google Ad Topics in the Android operating system must be done directly in your smartphone’s settings. To do this, go to Settings → Google → Ads → Ads privacy → Ad topics and turn off the switch in the window that appears.

Where to disable Google Ad Topics in the Android settings

Again, since you’re already adjusting the privacy settings, go back to Settings → Google → Ads → Ads privacy and also disable App-suggested ads and Ad measurement. Now, go one step back to Settings → Google → Ads and click on Delete advertising ID.

Please note that this guide is for the standard version of Android. Depending on the manufacturer, smartphone model, and firmware version, the names of settings and paths might vary slightly. If you can’t find them following these instructions, try using the search in the Android settings.

Note! If you disable Google Ad Topics on Android and then receive a notification about “new ad privacy features”, Google Ad Topics might be re-enabled automatically. If that happens, it’s best to go to your smartphone settings and make sure it’s turned off.

How to opt out of personalized ads in the Google Account settings

Still with adjusting your privacy and ad settings, there’s one more thing worth doing: disable personalized ads for your Google account.

To do this, go to the Google’s My Ad Center page. If you haven’t disabled personalized Google ads yet, this page will be covered with colorful category and brand tiles. You can hang around here for a long time, choosing what kind of advertising you want to see.

Google My Ad Center, where you can manage ad personalization

But don’t let the pretty advertising distract you — rather than choosing anything here, it’s best to just turn it all off. What you’re looking for here is a shy little switch at the top right of the page labeled Personalized ads — switch it to Off.

How to disable personalized ads in Google My Ad Center

Note! This setting is also specific to each Google account. Therefore, if you use multiple accounts, you need to disable personalized ads separately for each of them.

All set? Congratulations! You’ve now used all the available settings that help you avoid unnecessary attention from both Google and advertisers.

More privacy

But why limit yourself to the anti-tracking options Google provides in the settings of its products and services? It’s a good idea to use additional methods of combating data collection. In particular, we recommend the Private Browsing feature available in all our paid subscriptions — Kaspersky Standard, Kaspersky Plus, and Kaspersky Premium.

All the same, malware creators do occasionally sneak under the App Store’s radar. This post examines three fraudulent apps we’ve found in the official Apple store, and what precautions you can take to avoid a financial hit.

Scam apps in the App Store

The three we’ve found all share a common theme: investment. If the descriptions are to be believed, two are for tracking the current value of cryptocurrency assets. The third seems to be some kind of investment game, which, I quote, “plunges you into the world of financial decisions, making you feel like a real office worker. You will have to make complex financial decisions that will affect your character’s mood and the state of their wallet”.

Scam apps we’ve found in the App Store

When the user opens any of these apps almost anywhere in the world, the program, having checked the location by IP address, shows what was promised in the description: either a simple app for tracking cryptocurrencies, or a mini-game with multiple-choice questions.

But if the user is in Russia, however, the app downloads far less innocuous phishing content. First, the victim is promised a decent income of at least $1000 a month. What’s more, you can start investing supposedly with small amounts — “from $110” — and expect your first profit “in just a few days”; access to the platform is, of course, free.

The promises of fabulous riches are followed by a rather long and detailed questionnaire. The scammers’ aim here is to get you to “invest” a certain amount of time and effort in the process; this is so that, come the key stage of the scam, the victim will be reluctant to give up that investment.

The culmination is a form asking for your first name, surname, and phone number so that “an investment platform specialist can be in touch”. Once the contact information is sent, the phishers promise to call you shortly.

And they’re true to their word. According to user reviews in the App Store, during the phone call with the “specialist”, the hapless user is persuaded to “invest” a certain amount in a highly dubious financial project. The outcome isn’t hard to predict: the fantastic payback never materializes, and the victim’s investment disappears.

Although user reviews of all three malicious apps warn about fraud, only when we reported them did the App Store moderators sit up and take notice. At the time of posting, all three apps have been removed from the App Store.

But how did they even get there in the first place? We can’t give a definite answer, of course — only Apple itself can do so after a thorough investigation. We can only assume that when the apps were being moderated, they only displayed harmless content since they were designed to download the phishing questionnaire from the internet as a regular HTML page. And then, after the apps had been approved and placed in Apple’s official store, the scammers modified the uploaded content.

How to stay safe

The iOS architecture is built to keep user apps as isolated as possible from the rest of a device’s system and also user data. Because of this, there’s no way to create a “classic” antivirus for iOS: it simply won’t have the necessary access to other programs and data running in the system. Apple works on the assumption that App Store moderation protects against malicious apps such as these. But, as we now see, its safeguards can be bypassed by substituting uploaded content with phishing once the app is approved. And because the App Store currently hosts around two million apps, the moderators simply don’t have time to respond quickly to user complaints.

Therefore, the next line of defense becomes all-important. Kaspersky: VPN & Antivirus for iOS with Plus and Premium subscriptions analyzes traffic and promptly detects attempts to open phishing sites on your device. Dangerous pages get blocked straight away and a warning is displayed.

Here’s how Kaspersky: VPN & Antivirus for iOS responds to an attempt by a scam app in the App Store to download phishing content

And although all the scam apps we found this time around singled out users in Russia, the same technologies could just as well be used to target any audience in any country in the world — the only question is when. So, as you can see, iOS needs protection just as much as Android.

Now, if you were raised in the 80s/90s and are a little bit like me, there’s a chance that your parents didn’t always see these letters/results and the letters maybe had a forged signature or two. To be fair, karma caught up with me on a few occasions and my son wrote a note to his teacher once as well signing it with “Love, name redacted’s Mom”.

While my son’s note gave all involved a chuckle, in all seriousness, technology has now enabled communications between parents and teachers and also teachers and their students. Likewise, there are multiple ways for students to connect with other students. With all these tech-enabled communications for school, there are multiple “human element” fail points – so being a security company with a blog, we’d be remiss not to offer some tips to keep you and your kids safe and sound.

Parent to teacher

Who remembers the pandemic? You know, the one that introduced us to the lovely world of remote learning. At the time, it was nice to see how the educational system was flexible enough to embrace technology quickly and assure that the kiddos’ education could continue.

Fast-forward a few years to today and the technology still has a firm grip within the school systems. As a resident of the U.S., my children are now using Chromebooks vs textbooks and there are various apps that the teachers use to keep us up to date on progress. There are a number of these apps and they’ll vary from case to case, but ours are Remind and Google Classroom.

While these platforms are very integrated and easy, they still also tie into emails. So parents should be extra careful to make sure that the sender and the links within mails aren’t malicious.

Student to teacher

The above-listed apps are also used for students to communicate with teachers; however, they also have the added level of an internal email that could be used to communicate with the teachers directly. While email in Google’s ecosystem should be locked down and be more of an internal messenger, it’s good practice to let kids know they should be cautious of what they’re sending to teachers, as well as the links that teachers are sending along that direct them outside their school’s ecosystem.

Student to student

Perhaps the most tricky part of kids going to tech-enabled school is that we live in a tech-enabled society. This means that (almost) everyone has a smartphone or other connected device and the ills that come with them – including messaging apps, social networks, a camera and SMS.

Perhaps the biggest risk that we have when discussing schools and tech is the phones within the pockets of our little ones. There are simply too many avenues for sharing that our kids can take advantage of. As parents, we need to make sure that we have them set up with a device that’s secure. And before you say it, NO – the device is not secure out of the box, despite marketing messaging. You should make sure that you install a reliable security solution on any device your kids use to help add in a layer of extra protection. Here are some tips that can help further securing the phone.

Sharing is not always caring

This final tip is for both parents and kids. Repeat after me: Sharing is not always caring.

While many applications provide the ability to share what you’ve received via various channels, when it comes to schooling, this should be avoided. Also, as mentioned, our phones are the biggest risk to us.

We literally have at our fingertips the ability to broadcast our opinions, thoughts, pictures, videos…  even what we’re doing on the toilet in real time and to the whole world. Sure, this is empowering, but it is also something that could come back to hurt us.

This is a lesson we need to remember as parents and also to impart to our children. Being prudent is a huge part of life: not everything needs to be shared. We all need to take a minute to take a step back and think about what we’re doing before hitting send.

Now, before I preach to the choir, I’ll admit that I often post stupid things: you can see this on my X, for example; however, I still think before hitting send. As parents, we need to let our kids know that the stuff they post could not only get them in trouble (broadcasting fights, illegal activity, etc.), but also that there are things that could hurt them well down the line in the employment space. As they say… the internet never forgets!