Insights For Success

Strategy, Innovation, Leadership and Security

Mac OS

Changing Google.com country domain no longer works

GeneralEdward Kiledjian

Google power users knew that changing the Google country top-level domain (ccTLD) would allow you to find results optimized for another country or language (e.g. searching Google.ch instead of Google.com to get more swiss biased results). 

There are a tone of reasons why I used this little trick:

  • Accessing Google.com results when terminating a VPN in another country
  • Travelling to a European country that skews results (right to be forgotten) and wanting "real" information returned
  • and much more

In a blog post, Google announced that results will now be customized based on the user's location (without regard for the country ccTLD input in the URL). So if I am in France and try to access American results by using the Google.com site, I will still get french results.

Google explains that 1/5 searches are location dependent (therefore detecting and using the user's actual location makes sense).  If I am traveling to Paris and search for pâtisserie, the logic motivation is that I am searching for a pâtisserie in Paris, not Toronto (my home city). 

You can still search for results in another location but the process is much more complicated now (you can still go into settings and select the correct country service you want to receive.) 

It’s important to note that while this update will change the way Google Search and Maps services are labeled, it won’t affect the way these products work, nor will it change how we handle obligations under national law.
— Google blog post

Source: Google Blog

KeepSolid VPN Unlimited Review

GeneralEdward Kiledjian

VPN Unlimited is one of the most popular VPN services available and for good reason. It is fast, reliable and competitively priced (deal below).

VPN Unlimited is a USA based provider and offers termination in more than 30 countries (with multiple locations in most countries). VPN Unlimited has good platform support (Windows, Mac, iPhone, iPad, Android) and very well written clients.

Above is a screenshot of the protection menu option on their IOS client. When set to High security, they (in addition to VPN protection) automatically add anti-malware, tracking blocking and ad blocking.) All of this extra security is done at the network layer without the need to configure any additional applications or pay additional fees.

Like most VPN service providers, VPN Unlimited specifically mentions that they do not allow illegal torrenting via their service. They recognise that not all torrents are illegal and allow the use of the BitTorrent protocol on these VPN termination points: US-California 1, Canada-Ontario, Romania, Luxembourg, and France servers.

A question I get asked often is "Does VPN Unlimited support OpenVPN on iOS, iPhone or iPad?" The answer is Yes! As shown in the above screenshot. Additionally, they support a protocol they call KeepSolid Wise (similar to the Chameleon protocol on VyprVPN). KeepSolid Wise uses common ports (TCP 443/USP 33434) which help bypass firewall restrictions and packet shaping control for most environments. KeepSolid Wise is available on iOS, Android, MacOS, Linux and Windows clients.

I setup VPN Unlimited on a Windows machine configured for maximum privacy. I then ran a battery of tests to determine how well it protected my privacy.

  • does not leak DNS queries when in VPN mode (go here to test)
  • does hide your actual IP address (go here to test)
  • does not leak IP or DNS information via JAVA or Flash ( Go here to test)
  • protecting P2P traffic. Although I do not condone or encourage the use of P2P tools to steal protected media, there are dozens of legitimate uses for P2P technology. It is important to ensure your VPN product protects you while using P2P and VyprVPN did. You go to this site and the find the Torrent Address Detection. You download their magnet link into your P2P client of choice then activate the test. If it shows your real IP or DNS, you are not protected. You should only see your VPN address here.
  • VPN Unlimited is not subject to WebRTC leaks when in VPN mode (go here to test

VPN Unlimited seems well written and does offer good protection.

Deal

VPN Unlimited is currently running a couple of specials that are worth considering (I bought the unlimited plan):

  • KeepSolid VPN Unlimited lifetime subscription for only $49.99 (for 5 devices)
  • KeepSolid VPN Unlimited 3-year subscription for only $29.99 (for 5 devices)
  • Add their Infinity Plan (aka 5 additional device licenses) for $14.99  but you must own one of the above subscriptions

Conclusion

The best summary I can give you is that VPN Unlimited has a permanent stop on the first page of my iPhone and I use it regularly. 

VPN Unlimited has decent privacy policies but isn't the super secret spy-proof identity protection service. If you want to protect your connection while out and about, VPN Unlimited is cheap, fast and reliable. If you want a super secret identity protecting connection then create your own VPN service on AWS or Azure using one of the pre-made scripts.

Questions

Does KeepSolid Wise work in China?

China severely controls encryption and in some cases slows down encrypted connections making them barely usable. A friend recently travelled to mainland China and reported that VPN Unlimited (with KeepSolid Wise UDP) worked flawlessly.

Does KeepSolid VPN Unlimited support video streaming?

Some of the cheaper VPN providers limit the quality of video from streaming sites because these stress the technical infrastructure of the provider. VPN Unlimited supports streaming video on all termination points but also makes available streaming optimized termination points which are specifically designed to work "better" with sites like Youtube, Dailymotion, Vimeo and more.

Does KeepSolid VPN limit connection speed?

There are dozens of factors that contribute to your overall internet speed but VPN Unlimited does not have tiered pricing based on speed and does not limit connection speed in any way. On most clients, they even show the workload on each termination point which means you can choose one with the least amount of current load (which should lead to better performance).

Does VPN Unlimited support Chromebooks?

VPN Unlimited has a Google Chrome plugin (which works on Chromebooks) and allows you to protect your web browsing only. Obviously as a proxy, it is less secure and missing many of the additional features you expect from VPN Unlimited but it is a great way to browse quickly (securely) and a great option on a Chromebook that doesn't require Jedi level knowledge to implement. 

VyprVPN Review

GeneralEdward Kiledjian

VyprVPN owns and manages its own networks and servers. During my recent VPN testing shoot-out, VyprVPN consistently ranked as one of the fastest VPN providers out there. 

In addition to raw speed, they have an incredible list of supported clients from traditional PCs (Mac, Windows, Linux), to routers (DDWRT, OpenWRT, AsusWRT), smartphones (iPhone, Android, Blackphone, Network Attached Storage (QNAP, Synology), TVs and the Anonabox

Contrast this to other popular VPN solutions like UnlimitedVPN, which only supports a small number of custom made clients.

It's VPN clients are well designed with easy to use interfaces and useful features (kill switch, auto-connect, etc). A cool and useful feature is called Chameleon. They explain Chameleon as:

Our Chameleon technology uses the unmodified OpenVPN 256-bit protocol and scrambles the metadata to prevent DPI, VPN blocking and throttling.

The first important note is that the Chameleon protocol is not available for IOS due to Apple restrictions on the VPN function. I had the opportunity to test the Chameleon protocol on a Windows laptop from a corporate network with strong VPN restrictions, an ISP that throttles VPN traffic and from a country that severely slows (painfully) down VPN traffic. In all three of these situations, the Chameleon protocol delivered that it promised.

  • It punched through the heavily controlled corporate network
  • When used with the ISP that throttles "normal" VPN traffic, it managed to trick the provider and I was able to use a full speed connection
  • A friend travelling to a highly restrictive country compared VyprVPN to 3 other VPN providers and VyprVPN with the Chameleon protocol was the only one that seemed to operate at normal speed (aka didn't seem to be artificially slowed down)

With more and more internet traffic being encrypted, many companies, organisations and governments have turned to DNS based control tools. DNS is still an unencrypted means to determine web destinations. DNS be used to prevent a user from accessing certain types of sites (religious, political, pornography, etc) and to log web browsing habits. It can also be used to redirect your traffic (quickly without you even realizing it), to inject your session with malicious code and c compromise your device. VyprVPN offers their own self-managed private "no log" DNS solution to protect their customers from DNS snooping and control.

VyprVPN offers a clear and well-written privacy policy. Obviously you aren't anonymous but in summary, they retain " Each time a user connects to VyprVPN, we retain the following data for 30 days: the user's source IP address, the VyprVPN IP address used by the user, connection start and stop time and the total number of bytes used."

And they offer a wide range to termination locations.

VyprVPN and leaktests

I setup VyprVPN on a Windows machine configured for maximum privacy. I then ran a battery of tests to determine how well it protected my privacy.

  • does not leak DNS queries when in VPN mode (go here to test)
  • does hide your actual IP address (go here to test)
  • does not leak IP or DNS information via JAVA or Flash ( Go here to test)
  • protecting P2P traffic. Although I do not condone or encourage the use of P2P tools to steal protected media, there are dozens of legitimate uses for P2P technology. It is important to ensure your VPN product protects you while using P2P and VyprVPN did. You go to this site and the find the Torrent Address Detection. You download their magnet link into your P2P client of choice then activate the test. If it shows your real IP or DNS, you are not protected. You should only see your VPN address here.
  • VyprVPN is not subject to WebRTC leaks when in VPN mode (go here to test

VyprVPN seems well written and does offer good protection.

Beware of the unknown

The only information that we have about the service comes from VyprVPN themselves. Remember that none of the statements about privacy and logging have been reviewed by an independent third party.

They are a US company and therefore they are subject to US data collection laws including the infamous National Security Letter (NSL). 

The above caution statement isn't unique to VyprVPN. I am not aware of any consumer VPN services that have been independently audited but it is still an important factor to consider. 

Some users may want to use a non-US based VPN provider to ensure the company is beyond the legal reach of US laws. The one I am looking into right now is ProtonVPN (which I will be reviewing shortly).

Other users may choose to roll their own VPN solution (lifehacker instructions using the Algo script or you can use anyone of the other scripts that almost automate the creation of a private dedicated VPN instance you control like OpenVPN Road Warrior, streisand, etc.) 

Conclusion

VyprVPN is a fast service with a broad selection of clients and a decent privacy policy. If you are performing illegal activities or are a human rights activist in a questionable region, this probably isn't for you. If you are a "regular" user looking for a decent level or privacy when using the internet, then this is definitely something you should consider. 

For the casual user that only connects to a VPN when using public WIFI, you may want to look elsewhere because VyprVPN isn't cheap. A prepaid annual subscription costs $6,67 a month (or $12.95 paid monthly).A casual user can buy a lifetime subscription to UnlimitedVPN for $49.99 here or a 3-year subscription for $29.99 here.). 

I started testing ProtonVPN recently and will write a review shortly but their offering (plus level) is $8 a month prepaid for 1 year). VyprVPN offers the Chameleon protocol, more servers and their own DNS service (which ProtonVPN does not yet). 

So the price is on the higher end but is in no way the most expensive. For the very casual user, you could be better served by another provider, but for the more security conscious user or traveler, this is definitely a service to evaluate. 

How to protect your PC from infection

GeneralEdward Kiledjian

Think of all the valuable data your PC contains (pictures, files, invoices, contacts, etc). Now imagine losing all of that data Virus' are still a thing but you should be more worried about ransomware, worms and all of the other digital creepy crawlies roaming the net looking to make you their next victim.

Go read my article entitled "How to secure Windows 10".

Backup everything, then back it up again

In 2012, I wrote an article entitled "The best way to protect your data - images, music, documents". The main point is that you should always remember the 3-2-1 rule of backups:

  1. Have 3 copies of all of your important data (1 primary and 2 backups)
  2. Make sure your 2 backups are on separate media technologies (e.g.1 on a hard drive and the other in the cloud or 1 on a hard drive and the other on a tape backup)
  3. 1 of your backups should be offsite in a remote location that would not be impacted by a major disaster that hits your area (e.g. in the cloud).

The advantage of most cloud backups is that they support version control which means if you infect your files with ransomware, you can always go back to  a known good version. My backup strategy involves:

  1. 1 primary version of my data and a local hard drive backup
  2. 1 complete synchronization of my files on a fully encrypted trust no one online storage service
  3. 1 complete backup using a remote backup service (like backblaze or carbonite)

Update everything

WannaCry created an incredibly outcry in the tech world with thousands of companies getting infected in hundreds of countries. The truth is that an update published 2 months prior patched that vulnerability. Updating computers in large companies is complicated but your home PC shouldn't be.

You must must must update your operating system and applications regularly to stay protected.

The latest version of the operating systems from Microsoft, Apple and Ubuntu are all configured to auto-update themselves. In addition to the OS, make sure you periodically check for application updates.

If you use an Apple Macintosh computer, you may even want to use something like MacUpdate Desktop to constantly check if any of your installed apps have updates available.

Leave the built-in firewall on

Some "Security" apps turn off the built in firewall but it is critically important to ensure it is always on. On Windows, you can turn if on/off with these instructions. You can find information about the Apple Mac application firewall here

Use an antivirus

The question I get asked the most often is should I buy a third party antivirus for my home computer and my answer is no. Anytime you add a third party tool, you increase the attack vector therefore rely on what Microsoft bundles with Windows 10. You can follow these instructions to change the Windows Defender Antivirus cloud-protection level to 10.

In February I wrote an article entitled "Companies buying bitcoin to prepare for cyber extortion" and in there included this paragraph:

Companies have started to jump on the Ransomware protection bandwagon. An EDR &”next-generation AV” company called Cybereason offers a free product called RansomFree. They claim it protects against 99% of ransomware by monitoring how applications interact with files on your computer. Did I mention RansomFree is free? I haven’t used their product and thus can’t recommend it but it does seem to be useful and could really help the average consumer ensure they don’t end up getting victimized.

You can run something like RansomFree on your home PC in addition to the Windows antivirus. 

Upgrade the fleshware

The truth is that even the best most advanced technology can't prevent an infection if the user does something stupid. Often users are the weakest link the the corporate security chain and you are no different. 

Using good security hygiene will go a long way to protecting you. Basic tips:

  • never open an attachment from a user you do not know well or that you are not expecting
  • never click on a link embedded in an email
  • never install applications from untrusted sources (including torrents or anything pirated)
  • Remember that you can also get infected from a website so use Google Chrome with the the Ublock Origin plug-in

What to do if you get infected?

If a user's PC or Mac does get infected, their first thought is to find someone that can clean it. The truth is that once your PC is infected, it can' really be cleaned properly or trusted. At that point, you must do  a clean re-installation from a known clean source and then recover your files from a known good backup.

Some technical support companies will offer cleanup services but don't do it. Once your PC is infected, you don't know what else could be lurking in the background waiting to strike again. The best course of action is to start fresh.

Hopefully you have backups and everything will work out just fine. If you don't have backups and your files are encrypted by ransomware, you can always check out a free online site called No More Ransom Project and see if they offer a free decryptor for your ransomware. There are no guarantees your infection strain has a decryptor but it doesn't hurt to check.

 

Why I left Evernote

GeneralEdward Kiledjian

I have been an Evernote user since September 26 2008 (8 years 5 months 8 days). Many of those years were spent as a paying premium customer, but at the end of 2016, I decided it was time to leave. I wanted to share why I am leaving and my plans to replace it.

The Evernote I loved

From the very beginning, Evernote was a wonderful company to support. It was this scrappy upstart that was committed to building a "100 year company" (link) and was incredibly committed to its customers. It believed in openness and came to market with original ideas. It was unlike anything else being offered at the time.

The original founding leaders had this crazy open-dialog podcast that gave listeners an inside look into the company. The freemium model Evernote pioneered worked like a charm. Evernote constantly moved premium features into the free tear and was constantly challenged to make newer & better features for the 5% of their paying premium customer-base. 

Every platform I tested had an Evernote client that worked relatively well and within minutes of setting up a new device, everything I had captured was there waiting for me. It was a wonderful time.

The app was lightning fast and reliable. Sync was blazing and worked every time. Text recognition (even in images and attachments) was super accurate. I was happy.

Even though I didn't need most of the premium features, I started paying a premium membership to support the company. It was my one key app. I used it as my reference folder, as my to do manager (GTD), my list making application, etc. It become an extension to my brain. 

I was an Evernote ambassador, talking about it every chance I had and bringing more and more people into the fold. Everyone that joined Evernote thanked me. Everyone loved it, even those on the free tier. It offered incredible value to everyone that took the time to use it. Search Amazon for Evernote and you get 1,145 products from Moleskin notebooks to books to help organize your life using Evernote. 

Then July 20th 2015, they announced via a blog post that Phil Libin would be leaving the company and his replacement was this polished executive named Chris O'Neill. Other executives also left (such as Max Levchin). Little did we know O'Neill had plans to dramatically change the service we had come to love and depend on.

The Bad Changes

The new Evernote price

The first major shock was the change in pricing. My beloved Premium membership almost doubled in price and the functionality of the free/plus service dropped. 

When prices increase, consumers will evaluate all possible alternatives and determine if the new price is still the best choice for him/her.

For $10 more a year, I can buy an Office 365 home subscription shareable with 5 family members. Everyone on my accounts is entitled to all of the Microsoft Office apps (Word, Excel, Powerpoint, etc), plus each user receives 1TB of online OneDrive storage and of course Microsoft made it's OneNote app free for everyone on all platforms.

As a customer of Evernote, I was asking myself if spending an extra $10 and moving to Office 365 home made sense. For most consumers, it will.

The second was the downgrade if you chose not to pay these new higher prices. You were limited to sync on only 2 devices and your free monthly upload allowance was 60MB which meant it become unusable (for free) for most users.

The junkening

Over the years, Evernote lost its way and tried to become the everything app for everyone (a swiss Army knife). It had a food memories app.

The Evernote Food app allowed you to capture memories of great food you had enjoyed in restaurants (logging pictures, location, friends with you, etc). 

It bought a screen-capture and markup tool called Skitch and after a couple of updates, killed it (moving some of its features into its already bloated core Evernote app).

It had and killed many other apps (A contact app, a meeting app, Flash cards, etc).

Over the years it's main app, the Evernote Client (Mac, Windows), became a bloated mess of slowness and crashing. They migrated from their own data center to the Google Cloud platform ( earloier this year) promising faster and better service. The blog post on February 8 2017 mentions :

Rather than pouring resources into the day-to-day maintenance of equipment and software required for running the Evernote service, we can now focus more of our time and energy into responding to customer needs.

All good sentiments but I haven't seen any benefits as a customer. Evernote is still an expensive bloated mess. 

Breaking their own rules

In 2011, Evernote published the 3 laws of data protection:

  1. Your Data is Yours
  2. Your Data is Protected
  3. Your Data is Portable

The fist rule is clear, my data is mine and the only thing Evernote was going to do to it was normal operational tasks the ensure they can deliver the services I was expecting. The new Evernote wanted to add a machine learning function for its premium users and as part of that change tried to update its Terms of Service. This change was so viciously attacked by its users that in December 2016, they were forced to roll-it back and tried to reframe the conversation.

The worry was that the changed language gave Evernote employees the right to "read" your notes as they attempted to spot check and validate their new Machine Learning tools. The reversal meant the change would now be opt-in. This never should have happened the way it did. It showed clear gap in their change management and product management processes.

The second rules stated that :

Everything you put into Evernote is private by default. We never look at it, analyze it, share it, use it to target ads, data mine it, etc.–unless you specifically ask us to do one of these things.

This seems to conflict with their unilateral attempt to change the privacy language to enable their Machine Learning feature but.... The next part of this rule is:

we take many precautions to protect your data from accidental loss and theft. Everything you put into an Evernote synchronized notebook is stored in our secure data center with multiple redundant servers, storage devices and off-site backups.

Evernote had a couple of issues with data availability but the biggest was one that affected "some Mac users" and caused attachments to get deleted (article here). 

certain sequences of events can cause an image or other attachments to be deleted from notes without warning, but text is not affected.

So far, Evernote has failed on the first 2 of their data protection laws. The third law was about data portability. The law said:

There is no data-lock in Evernote. We are committed to making it easy for you to get all of your data into, and out of, Evernote at any time.

Ask anyone that has a large collection of notes with tags and dozens of folders, there is no graceful way to export your data in a usable format. Attachments are exported with their original file names (not the note name) and all structure is lost (tags and folder are lost).

I as one of the people that asked for Evernote to make a better export feature to ensure they met their own portability commitment. I wasn't sure how it should work, but knew it needed something better.

As you added more and more notes, this feature became more important and the lack of it became a glaring issue. As much as they say you can export in HTML, the exported data is useless. 

So they failed to meet their own 3 rules of data protection. 

No Markdown Support

As a technical Evernote user, I was part of their forums, UserVoice feature request system and always answered their user surveys. A feature I have wanted for years was Markdown formatting support (which would improve note compatibility). Their standard response was always that this was not part of their road-map. I wasn't the only one clamoring for Markdown support. Their forums listed thousands of users asking for it. 

Unfortunately Evernote was clearly not interested. 

Less consumer more business 

In an interview with The Verge,  Chris mentions the wants a more balanced customer base (less consumer and more corporate. This clearly shows in the steps they have taken and ancillary services they have killed.

Consumer services have been killed (Food, Flash Cards, etc) while corporate ones have been maintained (Evernote Work Chat a slack competitor and Presentation mode a Powerpoint competitor).

Changing competitive landscape

As Evernote continues to squeeze its free tier customers and makes paid tiers more expensive, it's primary competitor, Microsoft OneNote, has gone free for everyone on every platform. Additionally Google has its Keep/Google Docs combo and Apple its's Pages/Apple Notes combo. All of its chief competitors are offering more and more functions for free.

Others like Dropbox have launched services like Dropbox paper offering their existing subscribers cool new Evernote competing features. 

When I started using Evernote, it was the defacto standard integration partner for every app or service that I used. Almost every app I had on my Windows, Mac, Android, iPhone or iPad integrated with Evernote. As Evernote alienates its customers and more competitors enter the market, this is becoming less and less true. There was a huge benefit to knowing everything you had would work with Evernote, as this slowly disappears, that advantage also disappears. 

The Best Evernote Alternative

Having tested dozens of services, there isn't a really good alternative an Evernote power user will like but you have to accept this reality and move on. Evernote has clearly shown disdain for its consumer users and so the search for an alternative is ongoing.

The closest to Evernote has been Microsoft OneNote. OneNote is now free for everyone, getting more polished and feature rich with every update and they are clearly targeting Evernote users. It will definitely take some getting use to but it is a close enough alternative that most users will be extremely satisfied.

Microsoft OneNote works on most platforms, even on an Apple watch. 

In my quest to free my notes, I will be testing Clevernote.io more on that in coming weeks. 

I have gone through the period of grief and have accepted the fact that there is no "perfect" migration tool or strategy. I will lose some functionality and context around my Evernote notes but that's the cost of admission.

We are also seeing new companies pop up and try to fill the new Evernote void. One such startup service is called Bear

Bear is a beautiful simple note taking app that reminds me of Evernote's beginnings. It only works on iPhone, iPad and Mac today but who knows what the future will hold. A Bear Pro subscription is $15. 

Conclusion

I don't think the ship has yet sailed for Evernote and they can recapture their glory days if management does the right things but I am doubtful. Many have called Evernote the "broken Unicorn" and I agree. Most companies will stick with the good and trustworthy Microsoft and won't fork over hundreds of thousands a year to Evernote.

And unless Evernote changes course quickly, it will lose its core base of users (those who have been unofficial ambassadors over the years). 

So my recommendation is start the grieving process now and looking at alternatives.