Category: Security

Posted on

The Real Cost of VPN Bans

Over the last few months, a troubling trend has cropped up in state legislatures—including right here in Michigan. Lawmakers are proposing bills that would effectively ban or cripple the use of VPNs, the privacy tools millions of people rely on every day. The stated goal is to “protect children” from harmful content.

That’s a goal every reasonable person supports.

But the methods being proposed show a serious misunderstanding of how the internet works—and they risk doing far more harm than good.

Before we let policymakers break the tools that protect our privacy, security, and even our livelihoods, we need to talk about what’s happening and why it matters.

Poster showing a VPN shield cracked by a gavel labeled “State Bills,” with icons for work, security, and family beneath it and the text “VPN Bans Break More Than They Fix.”

What’s Going On in Wisconsin and Michigan

Wisconsin

Wisconsin’s bill (A.B. 105 / S.B. 130) requires websites offering anything that might be considered sexual content to:

  1. Implement age verification, and
  2. Block access for all VPN users in Wisconsin.

Here’s the problem:

There’s no way for a website to reliably detect “Wisconsin VPN users” versus VPN users from anywhere else. If Wisconsin forces sites to block VPNs, most sites will simply block all VPN traffic nationwide—or stop serving Wisconsin entirely.

VPN users lose.

Remote workers lose.

Journalists, activists, and vulnerable people lose.

All because a legislature doesn’t understand how routing and encryption work.

Michigan

Michigan has been weighing a similar proposal, framed as an adult-content bill—but with language that would make ISPs liable if they “enable circumvention tools” like VPNs.

What do you do if your ISP could be punished because you used a VPN?

Simple: the ISP blocks VPN traffic.

Not just for adult sites—for everything.

Remote work? Tough.

Secure client data? Not possible.

Privacy for everyday citizens? Gone.

The intention may be to keep minors away from explicit content, but the real outcome is a de facto state-level ban on encryption tools that everyday people depend on.

VPNs Aren’t a Loophole—They’re a Lifeline

Lawmakers keep talking about VPNs like they’re some shady way to sneak around the rules.

In reality, VPNs are basic digital hygiene.

  • Businesses use them to secure remote employees
  • Universities use them to protect research and records
  • Medical professionals use them for patient confidentiality
  • Survivors of domestic abuse use them to hide their location
  • LGBTQ+ people in hostile environments rely on them for safety
  • Journalists and whistleblowers use them to stay alive
  • Normal citizens use them to prevent advertisers, stalkers, and data brokers from profiling them

This is not fringe technology.

This is core infrastructure—like seatbelts for your data.

Trying to ban VPNs because some minors might use them to bypass age restrictions is like banning curtains because someone could hide behind them.

You Cannot Secure Children by Making Everyone Less Safe

Here’s the heart of the matter:

Protecting children is important.

Breaking the privacy and security of millions of adults is not the way to do it.

There are ways to help kids stay safe online:

  • Parental controls built into devices
  • Filtered profiles for teens and younger kids
  • Open communication within families
  • Tools created by platforms themselves
  • Optional content restrictions
  • Screen time management
  • Education, not surveillance

But requiring adults to hand over government IDs to random websites—and then banning VPNs so people can’t protect their privacy—doesn’t protect anyone. It simply encourages data breaches, government overreach, and mass surveillance.

No parent I know wants the state to build a database of what their family watches online.

No ordinary adult wants to scan their driver’s license to look at legal content.

No business wants remote employees suddenly unable to log in securely.

We can keep children safe without turning private lives inside out.

The Technical Reality: VPN Bans Won’t Work

The bills assume a site can identify and block VPN users on a state-by-state basis.

It can’t.

VPNs route traffic through encrypted tunnels.

Users from ten different countries may emerge from the same VPN server.

Sites have two practical choices:

  1. Block all VPN users, everywhere.
  2. Shut down access to the state entirely.

That’s why digital-rights groups are warning that these laws could break remote work, break online privacy, and break basic internet functionality.

You don’t secure children by crippling the internet for everyone else.

The Dangerous Precedent

If a state can ban privacy tools to enforce morality laws, what comes next?

  • Banning VPNs to block political speech?
  • Blocking out-of-state news sites?
  • Tracking residents’ browsing habits?
  • Requiring ID for all “harmful” information, however that gets defined next session?

This is exactly the slippery slope countries like China, Russia, and Iran have taken—where blocking VPNs is step one toward broader censorship systems.

That is not the road we want to start down in the United States.

A Better Approach: Privacy and Protection Together

We can absolutely help parents and guardians keep minors away from material they shouldn’t see.

But we can do it without:

  • logging IDs
  • tracking everyone’s activity
  • dismantling remote work
  • exposing people to harassment
  • weakening cybersecurity
  • or restricting access to legal content for adults

Privacy does not have to disappear for protection to exist.

A healthy society needs both.

Where We Go From Here

If you live in Michigan or Wisconsin, this is the moment to reach out to your representatives and say:

“Protect children, absolutely.

But do not dismantle privacy tools.

Do not break the internet to solve a problem we can address in better ways.”

Groups like the EFF and Fight for the Future are already sounding the alarm, but lawmakers need to hear directly from the people who rely on these tools — people like us.

I use a VPN every day to protect my work, my clients, and my privacy. Many of you do too.

Privacy isn’t something only criminals want.

It’s something every adult deserves.

Further Reading & Sources

Official Bill Text

Here are direct links to the proposed state bills discussed in the post.

Wisconsin

These bills contain the requirement for websites to perform age verification and to block access to users connecting through VPNs.

Michigan

Michigan has had multiple proposals connected to age-verification and VPN restrictions.

Electronic Frontier Foundation (EFF)

Fight for the Future

  • Campaign Against VPN Restrictions (2025)
    https://www.fightforthefuture.org/
    (Look for their action page “Don’t Ban VPNs” which launched in response to these bills.)

News Coverage

TechRadar

PC Gamer

CyberNews

Yahoo News / Detroit Free Press syndication

Wired Magazine

  • “VPNs, Age Verification, and the Future of Online Privacy”
    https://www.wired.com/
    (Search “VPN age verification”—several Wired pieces explain why VPNs are essential to digital safety.)

Broader Context on Age Verification Laws

Tools for Parents (A Better Approach)

Posted on

AI Unchained Podcast: The Dark Side of AI

I firmly believe that AI is, ultimately, a good thing for the world. However, it also has a dark side. Our best approach to handle it is to learn as much as we possibly can.

I just listened to the podcast episode “AI Unchained”: #003 – The Dark Side of AI by Guy Swann, featuring Alex Lewin, a pro in software development and cybersecurity. This podcast seriously made me stop and think.

It dives deep into the vast possibilities of AI—from enhancing our productivity and creativity to opening up potential threats that are dauntingly magnified. As AI swiftly progresses to manage larger goals through task hierarchies, the concept of a broad, self-spreading, and malicious AI becomes frighteningly more conceivable every day.

Imagine an out-of-control wildfire—that’s how bad the aftermath could be. But what’s our plan, and what can we do to prevent this?

I highly recommend giving this episode a listen. It’s a compelling discussion that highlights the lesser-known aspects of AI. Trust me, it’s eye-opening!

If you want to learn more about AI, I suggest subscribing to AI Unchained.

Stay informed, friends!

Listen on Apple Podcasts here: AI Unchained Episode #003

Posted on

The Future of Online Security: The Power of Passkeys

The realm of online security has come a long way from the early days when ‘password123’ would suffice as a security measure. Fast forward to the current digital landscape where we deal with a multitude of online accounts, and the demands for a stronger, more efficient method of authentication is greater than ever. Enter passkeys, the revolutionary login solution that provides a more streamlined, secure, and straightforward approach to online authentication.

So, what are passkeys?

Imagine signing into your accounts without the need to enter a password. Yes, that’s right, no passwords! Passkeys offer a novel solution to the problem of password creation and memorization. Powered by the API WebAuthn (Web Authentication), a joint project between the FIDO Alliance and the World Wide Web Consortium (W3C), passkeys provide an opportunity for users to quickly create and sign into their accounts without the need for passwords. 

These powerful keys consist of a pair of public-private cryptographic keys. The public key can be shared publicly, stored by the website or app you want to sign in to, while the private key remains secure and secret, used to decrypt data that’s been encrypted with your public key. Importantly, this private key is never shared with the website, enhancing the level of security offered.

One major advantage of passkeys is their ability to deter phishing and social engineering attacks. With this technology, you never share your credentials with untrusted websites, adding an additional layer of protection against cyber threats. 

Transitioning to Passkeys

Companies like Apple, Google, Microsoft, 1Password, and Bitwarden are championing the adoption of passkeys. Services like Bitwarden plan to launch passkey management, allowing users to store passkeys in their vault and sync them among devices. Meanwhile, 1Password is working to integrate passkeys into their password manager, supporting users to manage all that’s important in their digital life.

Many major websites are already supporting passkeys, including Google, eBay, BestBuy, and NVIDIA. This list is expected to grow significantly as we move further into 2023 and beyond. Furthermore, there is a community-driven index at passkeys.directory which provides an extensive list of websites, apps, and services that offer signing in with passkeys.

The Benefits of Passkeys

Passkeys present several key benefits. They offer strong, default security as each passkey is unique and associated with a single account. This eliminates the risk of weak or reused passwords. Additionally, with passkeys, users are protected against phishing attacks since private keys never leave their devices. Also, there’s no need to remember or type out your passkeys; they are stored on your device and retrieved automatically when you need to sign in.

The Impact on Businesses

The transition to passkeys is not just a win for end users, but for businesses too. With stronger account security, businesses are less likely to suffer data breaches. Since passkeys can’t be stolen via phishing attacks, businesses will have less worry about user accounts being compromised.

In a nutshell, passkeys promise to herald a new era in passwordless authentication, simplifying the login process while bolstering online security. As we move towards a future where passkeys become the norm, users can look forward to a more streamlined, efficient, and secure way of managing their online accounts.

Posted on

Avoid Mobile Payment Fraud

The popularity of digital payment methods like Zelle®, Venmo, and PayPal has been shadowed by a rise in associated fraud and scams. It’s vital to distinguish between fraud (unauthorized access and use of your account) and scams (where you’re deceived into making a transaction). Both can be avoided with certain precautions.

Common digital payment scams include social engineering, such as phishing and bank impersonation, and more specific strategies like utility scams, marketplace scams, and “pay yourself” scams. To keep your transactions secure:

1. Only send digital payments to individuals you know and trust.

2. Beware of any request to send money to yourself, a common scam tactic.

3. Confirm that contact details match the intended recipient before transferring funds.

4. Never share sensitive account information like passwords, PINs, or temporary access codes.

5. Remember that legitimate banks, like Fifth Third Bank, will never ask for your login information.

By following these steps, you can ensure your digital transactions are safer and directed to the correct individual or company.

Get more detail from this FifthThird post.

Posted on

Apple Reinforces its Privacy & Security Stance with a Suite of New Features

Today, Apple has once again strengthened its commitment to user privacy and security with the announcement of several powerful new features. These enhancements provide users with even greater control over their data, bolster existing safeguards, and introduce several fresh concepts, all grounded in Apple’s unwavering belief that privacy is a fundamental human right.

Apple’s Privacy-First Approach 

Apple has long held a reputation for valuing user privacy, weaving it into the fabric of every product and feature it creates. The latest announcement by Craig Federighi, Apple’s senior vice president of Software Engineering, confirmed that the company is doubling down on these values, further bolstering its efforts to keep users firmly in control of their data. This philosophy is evident in the significant updates to Safari Private Browsing and the expansion of Lockdown Mode, among other features.

Major Updates to Enhance Data Control and Security
Enhanced Safari Private Browsing

Apple’s pioneering private browsing feature in Safari sees a significant update, offering advanced tracking and fingerprinting protections to further impede websites from identifying a user’s device. A new locking mechanism safeguards browsing data even when users step away from their device.

App and Photos Privacy Improvements

Apple has enhanced app privacy by equipping developers with more data about the practices of third-party software development kits (SDKs) they use. This allows for more accurate Privacy Nutrition Labels and adds an additional layer of protection against misuse. The photos app also sees an update with a new embedded picker feature that ensures only selected photos are shared with apps, keeping the rest of the photo library private.

Communication Safety and Content Warnings

Communication Safety, a feature designed to safeguard children from inappropriate content, now extends to video content. Parents can disable these warnings, which are activated by default for child accounts in their Family Sharing plan. Similarly, Sensitive Content Warning helps adult users avoid unwanted content, using the same privacy-preserving technology as Communication Safety.

Powerful Security Protections

Updates to the password and passkey sharing feature make the process easier and more secure. Users can now share a set of passwords via iCloud Keychain, which is end-to-end encrypted. A new feature in Safari autofills one-time verification codes received in Mail for a more secure and convenient login process.

Lockdown Mode has been expanded to provide additional protections against potential threats from mercenary spyware. The mode offers safer wireless connectivity defaults, optimizes network security, and strictly limits certain functionalities, drastically reducing the attack surface.

Innovative Privacy and Security Features

Check In, a feature designed with user safety in mind, allows users to notify selected contacts when they have reached their intended destination. The NameDrop feature provides a secure way to share contact information via AirDrop. Live Voicemail offers real-time transcription of voicemail messages, providing users with greater control over their call handling.

These security and privacy advancements reiterate Apple’s commitment to user data protection. They demonstrate that the company not only upholds privacy as a fundamental human right, but also leads the industry in implementing practical, user-friendly features that put control back into the hands of the users. Look out for these features coming in free software updates this fall.

You can get more information at Apple.

Posted on

Google Authenticator’s Cloud Backup Feature: A Closer Look

In a recently released video, The CryptoDad, a known voice in the realm of cybersecurity and digital privacy, delves into a feature update on Google Authenticator’s app: the new Cloud Backup function. This addition, while seemingly convenient, raises concerns due to its lack of end-to-end encryption. The question is, should you trust it?

What’s New with Google Authenticator?

As a background, Google Authenticator is a widely used application that provides 2-step verification services. The app generates a six to eight digit one-time password (OTP) used in conjunction with your regular login information, providing an additional layer of security.

Recently, Google has introduced a Cloud Backup feature in Authenticator. This allows users to save their OTP secrets to Google’s cloud servers, which can be beneficial in case of loss or theft of the device on which the app is installed. It eliminates the rather complicated process of reconfiguring 2FA for each account in such situations.

The Controversy: No End-to-End Encryption

However, what has prompted CryptoDad’s insightful discussion is the absence of end-to-end encryption for this new feature. For the uninitiated, end-to-end encryption is a security measure where only the communicating users can read the messages. In principle, this prevents potential eavesdroppers – including telecom providers, Internet providers, and even the provider of the communication service – from being able to access the cryptographic keys needed to decrypt the conversation.

The lack of this encryption means that, theoretically, Google (or anyone who gains access to their servers) could access the backed-up OTP secrets. This opens a potential window for security breaches.

Weighing the Pros and Cons with CryptoDad

In his video, CryptoDad, known for his accessible, honest, and insightful tech commentary, methodically weighs the pros and cons of this new feature. He discusses how the convenience of easy recovery needs to be balanced with the risk of potential security breaches due to the lack of end-to-end encryption.

CryptoDad points out that while Google has an overall strong security record, no system is impervious. He encourages users to be aware of the risks involved and to evaluate if the convenience of the cloud backup outweighs the potential security risks for their personal use case.

CryptoDad’s discussion is not just a critique, but a call for users to be informed and responsible. This conversation, he emphasizes, is not just about Google Authenticator but a broader discussion on online security, data privacy, and trust in tech companies.

Final Thoughts

This video is a must-watch for anyone who uses Google Authenticator or is interested in online security. CryptoDad breaks down the issue into simple terms, making the complex world of encryption and data privacy accessible to everyone.

To stay updated on more tech insights and discussions, do remember to like, share, and subscribe to CryptoDad’s YouTube channel. As he rightfully points out, understanding technology and its implications can make a crucial difference in navigating the digital world securely.

Remember, in an age where our lives are increasingly digital, awareness is the first step towards security. Make sure to stay informed and make tech choices that align with your comfort level of risk and convenience. 

Watch the video here for more on Google Authenticator’s Cloud Backup feature and decide whether it’s the right choice for you.

Proudly powered by WordPress