When people don’t understand how something works, it can be easy to be afraid of the consequences of that thing not working right. And this also makes them ripe targets for being frightened by hucksters who will then happily sell them a solution for the problem. This was the trade of snake oil salesmen back in the day – selling cures for ailments that didn’t exist or that didn’t actually improve the consumer’s health. The realm of computers is rife with cybersecurity snake oil, as well, and one of the most lucrative products is a virtual private network (VPN) service. Today I’m going to help you understand just what a VPN is and (perhaps more importantly) what it is not.

In other news: T-Mobile tried to buy their hacked customer data back (and failed); the feds have discovered a troubling and powerful new hacking toolkit for industrial control systems; 8 million Cash App users may have had their data exposed; Pegasus spyware was discovered on the devices of EU officials; a company is offering to install chips under your skin that will allow you to pay for stuff with your hand; a scathing article about a security failure by Wyze web cams; and hackers are using fake Emergency Data Requests to get your data from tech companies.

1. T-Mobile Secretly Bought Its Customer Data from Hackers to Stop Leak. It Failed. https://www.vice.com/en/article/k7w9mv/tmobile-hacked-bought-data-mandiant 
   
2. Feds Uncover a ‘Swiss Army Knife’ for Hacking Industrial Control Systems https://www.wired.com/story/pipedream-ics-malware/ 
   
3. Over 8 Million Cash App Users Potentially Exposed in a Data Breach After a Former Employee Downloaded Customer Information https://www.cpomagazine.com/cyber-security/over-8-million-cash-app-users-potentially-exposed-in-a-data-breach-after-a-former-employee-downloaded-customer-information/ 
   
4. Pegasus spyware hacked iPhones of senior EU officials, who were alerted by Apple https://9to5mac.com/2022/04/11/pegasus-spyware-hacked-iphones-of-senior-eu-officials/ 
   
5. The microchip implants that let you pay with your hand https://www.bbc.com/news/business-61008730 
   
6. I’m done with Wyze https://www.theverge.com/23003418/wyze-cam-v1-vulnerability-no-patch-bitdefender-responsible-disclosure 
   
7. Hackers Using Fake Police Data Requests against Tech Companies https://www.schneier.com/blog/archives/2022/04/hackers-using-fake-police-data-requests-against-tech-companies.html 
   
8. VPNs are digital ‘snake oil,’ expert claims — here’s why https://www.tomsguide.com/news/vpn-big-claims-truth-shmoocon22 
   
9. What a VPN Is (and Isn’t): https://firewallsdontstopdragons.com/what-a-vpn-is-and-isnt/ 
   

• John Oliver on data brokers: https://www.youtube.com/watch?v=wqn3gR1WTcA 
  
• Mullvad VPN: https://mullvad.net/
  
• IVPN: https://www.ivpn.net/
  
• ProtonVPN: https://protonvpn.com/ 
  
• Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/
  
• Become a Patron! https://www.patreon.com/FirewallsDontStopDragons 
  
• Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-Speaker
  
• Generate secure passphrases! https://d20key.com/#/