My Blog
Technology

The best VPN may be no VPN, and other digital security truth bombs

The best VPN may be no VPN, and other digital security truth bombs
The best VPN may be no VPN, and other digital security truth bombs



Comment

This article is a preview of The Tech Friend newsletter. Sign up here to get it in your inbox every Tuesday and Friday.

Perhaps you’ve seen this hack: If you post your email address on your Instagram profile or personal website, skip the symbols and write them out instead — shira dot ovide at washpost dot com.

The idea is to stop spammers from scooping up your email address.

Sorry. This spam-fighting trick doesn’t work. At all. You are not fooling crooks.

If you’re using this technique for your email address, you can stop. But my point is bigger than this one ineffective hack.

This piece of anti-spam fiction is an example of the digital self-protection myths that drain your time and energy and make you less safe. Today, let’s kill off four privacy and security bogus beliefs, including that you need a VPN to stay safe online. (No, you probably don’t.)

I’ll also remind you of better ways to fend off the criminals trying to steal your money or data.

Let me also add my standard line: It’s exhausting to be a human on the internet. Companies and public officials could be doing far more to protect you.

Myth No. 1: Stop spammers by writing out “at” and “dot” in your email address.

Claps to my colleague Andrew Van Dam, who asked me if this anti-spam trick worked. In case you skipped the paragraphs up there: Nope, it doesn’t.

Digital security experts told me that bad guys can use software to easily translate your “at” and “dot” into a regular old email address.

Stop trying to beat scammers [at] their own game.

Myth No. 2: Digital criminals are dumb.

I mock the pathetic emails and texts I receive that are obvious scams. Oh, really, Oprah is texting me a “secret way to lose that gut”??!!

But do not underestimate spammers and scammers. Crime is a big business. The Federal Trade Commission said it received 2.8 million fraud reports in 2021 with reported losses of more than $5.8 billion. That’s likely an undercount. (You can report scams or other fraud to the FTC here.)

Most crooks are savvy about exploiting your fear, greed and hunger for connection.

Scammers might win your trust over weeks or months on LinkedIn or a dating app before asking you to invest in their business. A common crime starts with a phone call that seems to come from your bank or the Internal Revenue Service claiming there’s an emergency with your money and asking for account information or payments. Crooks love sending emails that promise you can win a valuable prize if you click RIGHT NOW on a link.

If you believe that you would never fall for any of these tricks, your overconfidence plays right into the bad guys’ hands.

It’s better if you assume that digital criminals are excellent at their jobs and you might be their next victim, said Girish Chander, partner group manager for Microsoft 365 Security.

[Michelle Singletary: Why knowing how to spot a scam doesn’t always protect you.]

Myth No. 3: You need a VPN to stay safe online.

Virtual private networks are apps or other software that help you hide what sites you’re using.

VPNs are commonly used in countries where governments censor the internet or surveil people online. Many companies make their employees use VPNs to protect their computer networks from intruders. That’s reasonable.

But for most people in the United States and other democracies, “There is no real reason why you should use a VPN,” said Frédéric Rivain, chief technology officer of Dashlane, a password management service that also offers a VPN.

Rivain said he uses a VPN to watch online broadcasts of French rugby matches that aren’t available in the United States. (A VPN can make it look as though you’re logging in from Marseille when you’re really in Denver. I’m not squealing on Rivain, but using a VPN may break the rules of streaming video services and you could be kicked out.)

Many VPNs are also dodgy and may do far more harm than good. Last year, Washington Post technology columnist Geoffrey A. Fowler recommended three VPNs that he found safe. But for most of you reading this, skip the VPN.

If you’re researching sensitive subjects like depression and don’t want family members to know or corporations to keep records of your activities, Rivain said you might be better off using a privacy-focused web browser such as Brave or the search engine DuckDuckGo.

If you use a VPN, that company has records of what you’re doing. And advertisers will still figure out how to pitch ads based on your online activities.

P.S. If you’re concerned about crooks stealing your info when you use WiFi networks in coffee shops or airports and want to use a VPN to disguise what you’re doing, you probably don’t need to. Using public WiFi is safe now in most circumstances, my colleague Tatum Hunter has reported.

Myth No. 4: Your email address and phone number are secrets.

The foundation of the spam-fighting hack from Myth No. 1 is the belief that your email address is private information. It’s not.

If you start with the assumption than anyone might have your phone number or email, you are better prepared to treat anything as a potential trick from a stranger.

What that means in practice is to slow down and “always verify,” Microsoft’s Chander told me.

If you receive an urgent phone call that seems to be from your bank, hang up and dial the phone number from your account statements or from a web search, Chander said. If you’re messaging with a stranger or even someone you think you know over Instagram DMs, be wary — especially if they start asking for money.

If you receive an email that seems to be from Amazon or your real estate agent, pause before you click on a link or document in there. It’s safer to log into your Amazon account from the app rather than clicking on the link in an email. Call your real estate agent to make sure they sent the document.

It’s awful to be suspicious of everyone and to treat every text like it might be a nuclear bomb. But the internet is a nonstop scam machine and a little paranoia is healthy. Ugh.

Everything you’ve been told about passwords is a lie

Yes, it’s a scam: Simple tips to help you spot online fraud

In Tuesday’s edition of The Tech Friend, I asked for your tips for smarter shopping on sites like Temu. It’s America’s hottest shopping app and packed with bargains. But sometimes products are cheap because they’re garbage.

Lisa Peterson from Helena, Mont., responded with her personal list of Temu pro shopping tricks. Peterson’s best advice: Have a ruler handy.

“People complain a lot that they get things smaller than they expected,” she wrote to me. Product dimensions are often included in Temu’s online listings, and it’s worth checking them. You don’t want to buy a doghouse for your pet — and find when the item arrives that it’s made for a doll’s house.

“Don’t expect fast shipping. Orders usually take 10 days or more,” she also advised, and Peterson said not to feel pressured by Temu’s time-limited offers. Artificial urgency is a classic tactic of many e-commerce sites and some retailers like mattress stores. There will always be another sale.

Peterson and others who shop on Temu also told me their bottom line about the Chinese app: You are probably going to buy treasure and some trash. Buyer beware.

It’s your turn! Email me or use this form to tell me about your savvy shopping tip, favorite app or tech trick that made your day. We might feature your advice in a future edition of The Tech Friend.

Related posts

60% of Americans Think Climate Change Is Driving Up Their Energy Bills

newsconquest

The iPhone’s Best Part Is the Experience, Not the Hardware

newsconquest

Apple supplier Foxconn is on the hunt for semiconductor and EV deals in India

newsconquest