Friday Digest #1: Shutdowns, Snoopers Charter & VPN Restrictions
Hey it’s Sam, from Top10VPN. Welcome to our first newsletter where we’ll be sharing our favorite news stories, research and advice every week.
Expect exclusive analysis of major VPN developments, real-time updates on global internet shutdowns, and the latest digital rights research from around the world.
To find out more about this newsletter, check out our welcome post.
Internet connectivity was disrupted in Namibia, Cuba and Curaçao during the past week, according to Cloudflare Radar. Unlike the intentional government-imposed shutdowns recorded in our Cost of Internet Shutdowns research, these disruptions were the unintentional consequence of power shortages and, in the case of Namibia, telecom cable theft.
In Gaza, a fourth complete internet blackout was recorded on Thursday with telecom company, Paltel tweeting:
“We regret to announce that all telecom services in 𝐆𝐚𝐳𝐚 𝐒𝐭𝐫𝐢𝐩 have 𝐠𝐨𝐧𝐞 𝐨𝐮𝐭 of service as all energy sources sustaining the network have been depleted, and 𝐟𝐮𝐞𝐥 𝐰𝐚𝐬 𝐧𝐨𝐭 𝐚𝐥𝐥𝐨𝐰𝐞𝐝 𝐢𝐧. “
The interruptions underscore the delicate state of internet connectivity in many parts of the world. And yet, governments are still intentionally limiting access even when connectivity is stable. This week, Nepal's government joined the ever-growing list of authorities imposing restrictions on TikTok, saying the platform was “detrimental to social harmony.” And in Kenya, measurements from the Open Observatory of Network Interference indicate that Telegram is being blocked for the first time in the country.
Meanwhile in the world of surveillance legislation, the UK is looking to update its controversial Snoopers Charter, AKA the 2016 Investigatory Powers Act.
The proposed amendments, include mandates for service providers to retain internet browsing records and expand the definition of bulk personal datasets, raising concerns over increased government snooping and reduced privacy protections.
Combined with the Online Safety Bill, with its intrusive age-gating provisions and anti-encryption rhetoric, the UK is quickly becoming a poster child for anti-privacy legislation the world over.
What we’re reading
Eaten by the Internet, Corinne Cath (Manchester, UK: MeatSpace Press, 2023)
This thought-provoking collection of essays edited by Corinne Cath reveals the often overlooked influence of internet infrastructure on debates of digital privacy, equity and power. A beautifully designed book, with illustrations from Carlos Romo-Melgar and John Philip Sage. It’s also available as a free e-book.
Roskomsvoboda: VPN in Russia: from Blocking Services to Blocking Protocols
The team at Russian digital rights organisation, Roskomsvoboda, have published an in-depth report investigating the blocking of VPN services in the country. Their analysis shows the shift from blocking VPN apps to disrupting entire protocols, while noting the potential impacts this has on “legitimate” use of the services.
WIRED: Internet Blackouts in Gaza Are a New Weapon in the Israel-Hamas War
Although internet restrictions during conflicts may seem a minor inconvenience compared to real-world suffering, their impact can still be seriously destructive. This article traces the restrictions in Gaza and offers insight into how they’ve led to a further deterioration in conditions for the people living there.
Access Now: Palestine unplugged: how Israel disrupts Gaza’s internet
This report provides a comprehensive analysis of internet traffic data for 19 major ISPs in Gaza and calls for immediate action to restore connectivity. It details the impact of the disruptions on the residents of Gaza, who are facing a near-complete communications blackout amidst heavy bombardment, exacerbating their suffering and hindering their access to vital information and emergency services.
The Latest from Top10VPN.com
Data Privacy Investigation: Chinese Electric Vehicle Exports
Our latest investigation digs into the privacy risks associated with Chinese electric vehicles (EVs) and their associated mobile apps. The cars collect a huge amount of personal data, with most of the brands having substandard privacy policies, incorrect privacy labels and risky app permissions.
VPN News
VOA News: Russia to Limit Only VPN Services that Pose a ‘Threat’ to Security, State Media Says
Russia plans to restrict certain VPN services and protocols deemed a security threat, following a huge surge in VPN use after the country limited access to Western social media platforms. It’s the latest announcement in a long list of government officials publicly denouncing the ‘improper’ use of VPN apps.
Mullvad: Moving our Encrypted DNS servers to run in RAM
Mullvad VPN has completed migrating its Encrypted DNS service to run entirely from RAM, enhancing security and privacy. This service, which protects DNS queries from third-party snooping, is free for all users, whether or not they are connected to Mullvad's VPN, and is available worldwide with servers running on the same secure Linux kernel as their VPN infrastructure.
ExpressVPN: ExpressVPN completes rollout of built-in password manager, Keys
ExpressVPN has fully rolled out its built-in password manager, ExpressVPN Keys, designed to integrate with the VPN service and available at no extra cost. Keys offers features like generating and storing unlimited passwords, data breach monitoring, Password Health for safer login choices, and secure storage for sensitive information, all protected by zero-knowledge encryption.
Tools of the Week
CloudRecon
CloudRecon is a suite of tools for red teamers and bug hunters to find ephemeral and development assets in their campaigns and hunts. Often, target organizations stand up cloud infrastructure that is not tied to their ASN or related to known infrastructure. Many times these assets are development sites, IT product portals, etc.Mapping Chrome extension IDs to their names
The blog post discusses the challenges of mapping Chrome extension IDs to their actual names, noting that while there is a lot of data available from EDRs and forensic tools, they often lack context for browser extension IDs. The author mentions using a local lookup table, collected over the years from various sources including a now-suspended project, to map nearly 340,000 Chrome extension IDs to names and offers to share this data privately, with an update indicating a later public release.