Microsoft offered up a fairly light Patch Tuesday release this month, with 68 patches to Microsoft Windows and Microsoft Office. There were no updates for Exchange or SQL server and just two minor patches for Microsoft Edge. That said, two zero-day vulnerabilities (CVE-2025-33073 and CVE-2025-33053) have led to a “Patch Now” recommendation for both Windows and Office. (Developers can follow their usual release cadence with updates to Microsoft .NET and Visual Studio.) To help navigate these changes, the team from Readiness has provided auseful  infographic detailing the risks involved when deploying the latest updates. (More information about recent Patch Tuesday releases is available here.) Known issues Microsoft released a limited number of known issues for June, with a product-focused issue and a very minor display concern: Microsoft Excel: This a rare product level entry in the “known issues” category — an advisory that “square brackets” or [] are not supported in Excel filenames. An error is generated, advising the user to remove the offending characters. Windows 10: There are reports of blurry or unclear CJK (Chinese, Japanese, Korean) text when displayed at 96 DPI (100% scaling) in Chromium-based browsers such as Microsoft Edge and Google Chrome. This is a limited resource issue, as the font resolution in Windows 10 does not fully match the high-level resolution of the Noto font. Microsoft recommends changing the display scaling to 125% or 150% to improve clarity. Major revisions and mitigations Microsoft might have won an award for the shortest time between releasing an update and a revision with: CVE-2025-33073: Windows SMB Client Elevation of Privilege. Microsoft worked to address a vulnerability where improper access control in Windows SMB allows an attacker to elevate privileges over a network. This patch was revised on the same day as its initial release (and has been revised again for documentation purposes). Windows lifecycle and enforcement updates Microsoft did not release any enforcement updates for June. Each month, the Readiness team analyzes Microsoft’s latest updates and provides technically sound, actionable testing plans. While June’s release includes no stated functional changes, many foundational components across authentication, storage, networking, and user experience have been updated. For this testing guide, we grouped Microsoft’s updates by Windows feature and then accompanied the section with prescriptive test actions and rationale to help prioritize enterprise efforts. Core OS and UI compatibility Microsoft updated several core kernel drivers affecting Windows as a whole. This is a low-level system change and carries a high risk of compatibility and system issues. In addition, core Microsoft print libraries have been included in the update, requiring additional print testing in addition to the following recommendations: Run print operations from 32-bit applications on 64-bit Windows environments. Use different print drivers and configurations (e.g., local, networked). Observe printing from older productivity apps and virtual environments. Remote desktop and network connectivity This update could impact the reliability of remote access while broken DHCP-to-DNS integration can block device onboarding, and NAT misbehavior disrupts VPNs or site-to-site routing configurations. We recommend the following tests be performed: Create and reconnect Remote Desktop (RDP) sessions under varying network conditions. Confirm that DHCP-assigned IP addresses are correctly registered with DNS in AD-integrated environments. Test modifying NAT and routing settings in RRAS configurations and ensure that changes persist across reboots. Filesystem, SMB and storage Updates to the core Windows storage libraries affect nearly every command related to Microsoft Storage Spaces. A minor misalignment here can result in degraded clusters, orphaned volumes, or data loss in a failover scenario. These are high-priority components in modern data center and hybrid cloud infrastructure, with the following storage-related testing recommendations: Access file shares using server names, FQDNs, and IP addresses. Enable and validate encrypted and compressed file-share operations between clients and servers. Run tests that create, open, and read from system log files using various file and storage configurations. Validate core cluster storage management tasks, including creating and managing storage pools, tiers, and volumes. Test disk addition/removal, failover behaviors, and resiliency settings. Run system-level storage diagnostics across active and passive nodes in the cluster. Windows installer and recovery Microsoft delivered another update to the Windows Installer (MSI) application infrastructure. Broken or regressed Installer package MSI handling disrupts app deployment pipelines while putting core business applications at risk. We suggest the following tests for the latest changes to MSI Installer, Windows Recovery and Microsoft’s Virtualization Based Security (VBS): Perform installation, repair, and uninstallation of MSI Installer packages using standard enterprise deployment tools (e.g. Intune). Validate restore point behavior for points older than 60 days under varying virtualization-based security (VBS) settings. Check both client and server behaviors for allowed or blocked restores. We highly recommend prioritizing printer testing this month, then remote desktop deployment testing to ensure your core business applications install and uninstall as expected. Each month, we break down the update cycle into product families (as defined by Microsoft) with the following basic groupings:  Browsers (Microsoft IE and Edge); Microsoft Windows (both desktop and server); Microsoft Office; Microsoft Exchange and SQL Server;  Microsoft Developer Tools (Visual Studio and .NET); And Adobe (if you get this far). Browsers Microsoft delivered a very minor series of updates to Microsoft Edge. The  browser receives two Chrome patches (CVE-2025-5068 and CVE-2025-5419) where both updates are rated important. These low-profile changes can be added to your standard release calendar. Microsoft Windows Microsoft released five critical patches and (a smaller than usual) 40 patches rated important. This month the five critical Windows patches cover the following desktop and server vulnerabilities: Missing release of memory after effective lifetime in Windows Cryptographic Services (WCS) allows an unauthorized attacker to execute code over a network. Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network. Use of uninitialized resources in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network. Unfortunately, CVE-2025-33073 has been reported as publicly disclosed while CVE-2025-33053 has been reported as exploited. Given these two zero-days, the Readiness recommends a “Patch Now” release schedule for your Windows updates. Microsoft Office Microsoft released five critical updates and a further 13 rated important for Office. The critical patches deal with memory related and “use after free” memory allocation issues affecting the entire platform. Due to the number and severity of these issues, we recommend a “Patch Now” schedule for Office for this Patch Tuesday release. Microsoft Exchange and SQL Server There are no updates for either Microsoft Exchange or SQL Server this month.  Developer tools There were only three low-level updates (product focused and rated important) released, affecting .NET and Visual Studio. Add these updates to your standard developer release schedule. Adobe (and 3rd party updates) Adobe has released (but Microsoft has not co-published) a single update to Adobe Acrobat (APSB25-57). There were two other non-Microsoft updated releases affecting the Chromium platform, which were covered in the Browser section above.

Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks. "Several widely used extensions [...] unintentionally transmit sensitive data over simple HTTP," Yuanjing Guo, a security researcher in the Symantec's Security Technology and Response team, said. "By doing so, they expose browsing domains, machine IDs, operating system details, usage analytics, and even uninstall information, in plaintext." The fact that the network traffic is unencrypted also means that they are susceptible to adversary-in-the-middle (AitM) attacks, allowing malicious actors on the same network such as a public Wi-Fi to intercept and, even worse, modify this data, which could lead to far more serious consequences. The list of identified extensions are below - SEMRush Rank (extension ID: idbhoeaiokcojcgappfigpifhpkjgmab) and PI Rank (ID: ccgdboldgdlngcgfdolahmiilojmfndl), which call the URL "rank.trellian[.]com" over plain HTTP Browsec VPN (ID: omghfjlpggmjjaagoclmmobgdodcjboh), which uses HTTP to call an uninstall URL at "browsec-uninstall.s3-website.eu-central-1.amazonaws[.]com" when a user attempts to uninstall the extension MSN New Tab (ID: lklfbkdigihjaaeamncibechhgalldgl) and MSN Homepage, Bing Search & News (ID: midiombanaceofjhodpdibeppmnamfcj), which transmit a unique machine identifier and other details over HTTP to "g.ceipmsn[.]com" DualSafe Password Manager & Digital Vault (ID: lgbjhdkjmpgjgcbcdlhkokkckpjmedgc), which constructs an HTTP-based URL request to "stats.itopupdate[.]com" along with information about the extension version, user's browser language, and usage "type" "Although credentials or passwords do not appear to be leaked, the fact that a password manager uses unencrypted requests for telemetry erodes trust in its overall security posture," Guo said. Symantec said it also identified another set of extensions with API keys, secrets, and tokens directly embedded in the JavaScript code, which an attacker could weaponize to craft malicious requests and carry out various malicious actions - Online Security & Privacy extension (ID: gomekmidlodglbbmalcneegieacbdmki), AVG Online Security (ID: nbmoafcmbajniiapeidgficgifbfmjfo), Speed Dial [FVD] - New Tab Page, 3D, Sync (ID: llaficoajjainaijghjlofdfmbjpebpa), and SellerSprite - Amazon Research Tool (ID: lnbmbgocenenhhhdojdielgnmeflbnfb), which expose a hard-coded Google Analytics 4 (GA4) API secret that an attacker could use to bombard the GA4 endpoint and corrupt metrics Equatio – Math Made Digital (ID: hjngolefdpdnooamgdldlkjgmdcmcjnc), which embeds a Microsoft Azure API key used for speech recognition that an attacker could use to inflate the developer's costs or exhaust their usage limits Awesome Screen Recorder & Screenshot (ID: nlipoenfbbikpbjkfpfillcgkoblgpmj) and Scrolling Screenshot Tool & Screen Capture (ID: mfpiaehgjbbfednooihadalhehabhcjo), which expose the developer's Amazon Web Services (AWS) access key used to upload screenshots to the developer's S3 bucket Microsoft Editor – Spelling & Grammar Checker (ID: gpaiobkfhnonedkhhfjpmhdalgeoebfa), which exposes a telemetry key named "StatsApiKey" to log user data for analytics Antidote Connector (ID: lmbopdiikkamfphhgcckcjhojnokgfeo), which incorporates a third-party library called InboxSDK that contains hard-coded credentials, including API keys. Watch2Gether (ID: cimpffimgeipdhnhjohpbehjkcdpjolg), which exposes a Tenor GIF search API key Trust Wallet (ID: egjidjbpglichdcondbcbdnbeeppgdph), which exposes an API key associated with the Ramp Network, a Web3 platform that offers wallet developers a way to let users buy or sell crypto directly from the app TravelArrow – Your Virtual Travel Agent (ID: coplmfnphahpcknbchcehdikbdieognn), which exposes a geolocation API key when making queries to "ip-api[.]com" Attackers who end up finding these keys could weaponize them to drive up API costs, host illegal content, send spoofed telemetry data, and mimic cryptocurrency transaction orders, some of which could see the developer's ban getting banned. Adding to the concern, Antidote Connector is just one of over 90 extensions that use InboxSDK, meaning the other extensions are susceptible to the same problem. The names of the other extensions were not disclosed by Symantec. "From GA4 analytics secrets to Azure speech keys, and from AWS S3 credentials to Google-specific tokens, each of these snippets demonstrates how a few lines of code can jeopardize an entire service," Guo said. "The solution: never store sensitive credentials on the client side." Developers are recommended to switch to HTTPS whenever they send or receive data, store credentials securely in a backend server using a credentials management service, and regularly rotate secrets to further minimize risk. The findings show how even popular extensions with hundreds of thousands of installations can suffer from trivial misconfigurations and security blunders like hard-coded credentials, leaving users' data at risk. "Users of these extensions should consider removing them until the developers address the insecure [HTTP] calls," the company said. "The risk is not just theoretical; unencrypted traffic is simple to capture, and the data can be used for profiling, phishing, or other targeted attacks." "The overarching lesson is that a large install base or a well-known brand does not necessarily ensure best practices around encryption. Extensions should be scrutinized for the protocols they use and the data they share, to ensure users' information remains truly safe." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Raspberry Pi Imager 1.9.4 released bringing performance improvements, bug fixes and more David Uzondu Neowin · Jun 5, 2025 05:12 EDT Raspberry Pi Imager 1.9.4 is now out, marking the first official release in its 1.9.x series. This application, for anyone new to it, is a tool from the Raspberry Pi Foundation. It first came out in March 2020. Its main job is to make getting an operating system onto a microSD card or USB drive for any Raspberry Pi computer super simple, even if you hate the command line. It handles downloading selected OS images and writing them correctly, cutting out several manual steps that used to trip people up, like finding the right image version or using complicated disk utility tools. This version brings solid user interface improvements for a smoother experience, involving internal tweaks that contribute to a more polished feel. Much work went into global accessibility, adding new Korean and Georgian translations. Updates also cover Chinese, German, Spanish, Italian, and many others. Naturally, a good number of bugs got squashed, including a fix for tricky long filename issues on Windows and an issue with the Escape key in the options popup. Changes specific to operating systems are also clear. Windows users get an installer using Inno Setup. Its program files, installer, and uninstaller are now signed for better Windows security. For macOS, .app file naming in .dmg packages is fixed, and building the software is more reliable. Linux users can now hide system drives from the destination list, a great way to prevent accidentally wiping your main computer drives. The Linux AppImage also disables Wayland support by default. The full list of changes is outlined below: Fixed minor errors in Simplified Chinese translation Updated translations for German, Catalan, Spanish, Slovak, Portuguese, Hebrew, Traditional Chinese, Italian, Korean, and Georgian Explicitly added --tree to lsblk to hide partitions from the top-level output CMake now displays the version as v1.9.1 Added support for quiet uninstallation on Windows Applied regex to match SSH public keys during OS customization Updated dependencies: libarchive (3.7.4 → 3.7.7 → 3.8.0) zlib (removed preconfigured header → updated to 1.4.1.1) cURL (8.8 → 8.11.0 → 8.13.0) nghttp2 (updated to 1.65.0) zstd (updated to 1.5.7) xz/liblzma (updated to 5.8.1) Windows-specific updates: Switched to Inno Setup for the installer Added code signing for binaries, installer, and uninstaller Enabled administrator privileges and NSIS removal support Fixed a bug causing incorrect saving of long filenames macOS-specific updates: Fixed .app naming in .dmg packages Improved build reliability and copyright Linux-specific updates: System drives are now hidden in destination popup Wayland support disabled in AppImage General UI/UX improvements: Fixed OptionsPopup not handling the Esc key Improved QML code structure, accessibility, and linting Made options popup modal Split main UI into component files Added a Style singleton and ImCloseButton component Internationalization (i18n): Made "Recommended" OS string translatable Made "gigabytes" translatable Packaging improvements: Custom AppImage build script with Qt detection Custom Qt build script with unprivileged mode Qt 6.9.0 included Dependencies migrated to FetchContent system Build system: CMake version bumped to 3.22 Various improvements and hardening applied Removed "Show password" checkbox in OS customization settings Reverted unneeded changes in long filename size calculation Internal refactoring and performance improvements in download and extract operations Added support for more archive formats via libarchive Lastly, it's worth noting that the system requirements have changed since version 1.9.0: macOS users will need version 11 or later; Windows users, Windows 10 or newer; Ubuntu users, version 22.04 or newer; and Debian users, Bookworm or later. Tags Report a problem with article Follow @NeowinFeed

ExpressVPN is good at its job. It's easy to be skeptical of any service with a knack for self-promotion, but don't let ExpressVPN's hype distract you from the fact that it keeps its front-page promise of "just working." Outside of solid security, the two best things ExpressVPN offers are fast speeds and a simple interface. Our tests showed only a 7% average drop in download speed and a 2% loss of upload speed, worldwide. And while the lack of extra features may frustrate experienced users, it makes for a true set-and-forget VPN on any platform. This isn't to say ExpressVPN is without flaws — it's nearly bereft of customization options and it's notably more expensive than its competition — but it beats most VPNs in a head-to-head matchup. For this review, we followed our rigorous 10-step VPN testing process, exploring ExpressVPN's security, privacy, speed, interfaces and more. Whether you read straight through or skip to the sections that are most important for you, you should come away with all the information you need to decide whether to subscribe. Editors' note: We're in the process of rebooting all of our VPN reviews from scratch. Once we do a fresh pass on the top services, we'll be updating each review with a rating and additional comparative information. Table of contents Findings at a glance Installing, configuring and using ExpressVPN ExpressVPN speed test: Very fast averages ExpressVPN security test: Checking for leaks How much does ExpressVPN cost? ExpressVPN side apps and bundles Close-reading ExpressVPN's privacy policy Can ExpressVPN change your virtual location? Investigating ExpressVPN's server network Extra features of ExpressVPN ExpressVPN customer support options ExpressVPN background check: From founding to Kape Technologies Final verdict Findings at a glance Category Notes Installation and UI All interfaces are clean and minimalist, with no glitches and not enough depth to get lost in Windows and Mac clients are similar in both setup and general user experience Android and iOS are likewise almost identical, but Android has a nice-looking dark mode Speed Retains a worldwide average of 93% of starting download speeds Upload speeds average 98% of starting speeds Latency rises with distance, but global average stayed under 300 ms in tests Security OpenVPN, IKEv2 and Lightway VPN protocols all use secure ciphers Packet-sniffing test showed working encryption We detected no IP leaks Blocks IPv6 and WebRTC by default to prevent leaks Pricing Base price: $12.95 per month or $99.95 per year Lowest prepaid rate: $4.99 per month Can save money by paying for 28 months in advance, but only once per account 30-day money-back guarantee Bundles ExpressVPN Keys password manager and ID alerts included on all plans Dedicated IP addresses come at an extra price ID theft insurance, data removal and credit scanning available to new one-year and two-year subscribers for free 1GB eSIM deal included through holiday.com Privacy policy No storage of connection logs or device logs permitted The only risky exceptions are personal account data (which doesn't leave the ExpressVPN website) and marketing data (which the policy says should be anonymized) An independent audit found that ExpressVPN's RAM-only server infrastructure makes it impossible to keep logs Virtual location change Successfully unblocked five international Netflix libraries, succeeding on 14 out of 15 attempts Server network 164 server locations in 105 countries 38% of servers are virtual, though most virtual locations are accessed through physical servers within 1,000 miles A large number of locations in South America, Africa and central Asia Features Simple but effective kill switch Can block ads, trackers, adult sites and/or malware sites but blocklists can't be customized Split tunneling is convenient but unavailable on iOS and modern Macs Aircove is the best VPN router, albeit expensive Customer support Setup and troubleshooting guides are organized and useful, with lots of screenshots and videos Live chat starts with a bot but you can get to a person within a couple minutes Email tickets are only accessible from the mobile apps or after live chat has failed Background check Founded in 2009; based in the British Virgin Islands Has never been caught selling or mishandling user data Turkish police seized servers in 2017 but couldn't find any logs of user activity Owned by Kape Technologies, which also owns CyberGhost and Private Internet Access A previous CIO formerly worked on surveillance in the United Arab Emirates; no evidence of shady behavior during his time at ExpressVPN Windows Version 12 leaked some DNS requests when Split Tunneling was active Installing, configuring and using ExpressVPN This section focuses on how it feels to use ExpressVPN on each of the major platforms where it's available. The first step for any setup process is to make an account on expressvpn.com and buy a subscription. Windows Once subscribed, download the Windows VPN from either expressvpn.com or the Microsoft Store, then open the .exe file. Click "Yes" to let it make changes, wait for the install, then let your computer reboot. Including the reboot, the whole process takes 5-10 minutes, most of it idle. To finish, you'll need your activation code, which you can find by going to expressvpn.com and clicking "Setup" in the top-right corner. You can install ExpressVPN's Windows app from the Microsoft store, but we found the website more convenient. Sam Chapman for Engadget Extreme simplicity is the watchword for all ExpressVPN's designs. The Windows client's launch panel consists of three buttons and less than ten words. You can change your location or let the app pick a location for you — the "Smart Location" is the server with the best combination of being nearby and unburdened. Everything else is crammed into the hamburger menu at the top left. Here, in seven tabs, you'll find the Network Lock kill switch, the four types of content blockers, the split tunneling menu and the option to change your VPN protocol. You can also add shortcuts to various websites, useful if you regularly use your VPN for the same online destinations. To sum up, there's almost nothing here to get in the way: no delays, no snags, no nested menus to get lost in. It may be the world's most ignorable VPN client. That's not a bad thing at all. Mac ExpressVPN's app for macOS is almost identical in design to its Windows app. The process for downloading and setting it up is nearly the same too. As on Windows, it can be downloaded from the App Store or sideloaded directly from the expressvpn.com download center. Only a few features are missing and a couple others have been added. Split tunneling is gone (unless you're still on a macOS lower than 11), and you won't see the Lightway Turbo setting. ExpressVPN recommends some servers, but it's easy to search the whole list. Sam Chapman for Engadget Mac users do gain access to the IKEv2 protocol, along with the option to turn off automatic IPv6 blocking — Windows users have to leave it blocked at all times. Almost every website is still accessible via IPv4, but it's useful if you do need to access a specific IPv6 address while the VPN is active. Android Android users can download ExpressVPN through the Google Play Store. Open the app, sign in and you're ready to go. The Android app has a very nice dark-colored design, only slightly marred by an unnecessary information box about how long you've used the VPN this week. ExpressVPN's Android app puts a little more information on the screen than it needs to, but still runs well. Sam Chapman for Engadget There's a large button for connecting. Clicking on the server name takes you to a list of locations. On this list, you can either search or scroll and can choose individual locations within a country that has more than one. We connected to as many far-flung server locations as we could, but not a single one took longer than a few seconds. The options menu is organized sensibly, with no option located more than two clicks deep. You will see a couple of options here that aren't available on desktop, the best of which is the ability to automatically connect to your last-used ExpressVPN server whenever your phone connects to a non-trusted wifi network. There are also a few general security tools: an IP address checker, DNS and WebRTC leak testers and a password generator. These are also available on the website, but here, they're built into the app. With the exception of the latter, we'd recommend using third-party testing tools instead — even a VPN with integrity has an incentive to make its own app look like it's working. iPhone and iPad You can only install ExpressVPN's iOS app through the app store. During setup, you may need to enter your password to allow your phone to use VPN configurations. Otherwise, there are no major differences from the Android process. ExpressVPN looks good on iPhone and iPad. Sam Chapman for Engadget The interface is not quite as pleasing as the dark-mode Android app, but it makes up for that by cutting out some of the clutter. The tabs and features are similar, though split tunneling and shortcuts are absent. Also, both mobile apps make customer support a lot more accessible than their desktop counterparts — plus, mobile is the only way to send email support tickets. Browser extension ExpressVPN also includes browser extensions for Firefox and Chrome. These let you connect, disconnect and change server locations without leaving your browser window. It's nice, but not essential unless you have a very specific web browser flow you like. ExpressVPN speed test: Very fast averages Connecting to a VPN almost always decreases your speed, but the best VPNs mitigate the drop as much as possible. We used Ookla's speed testing app to see how much of your internet speed ExpressVPN preserves. For this test, we emphasized the locations ExpressVPN uses for most of its virtual servers, including the Netherlands, Brazil, Germany and Singapore. Some terms before we start: Latency, measured in milliseconds (ms), is the time it takes one data packet to travel between your device and a web server through the VPN. Latency increases with distance. It's most important for real-time tasks like video chatting and online gaming. Download speed, measured in megabits per second (Mbps), is the amount of information that can download onto your device at one time — such as when loading a web page or streaming a video. Upload speed, also measured in Mbps, is the amount of information your device can send to the web at once. It's most important for torrenting, since the amount of data you can seed determines how fast you can download in exchange. The table below shows our results. We conducted this on Windows, using the automatic protocol setting with the Lightway Turbo feature active — a recent ExpressVPN addition that keeps speed more consistent by processing connections in parallel. Server location Latency (ms) Increase factor Download speed (Mbps) Percentage dropoff Upload speed (Mbps) Percentage dropoff Portland, Oregon, USA (unprotected) 18 -- 58.77 -- 5.70 -- Seattle, Washington, USA (best server) 26 1.4x 54.86 6.7% 5.52 3.2% New York, NY, USA 156 8.7x 57.25 2.6% 5.57 2.3% Amsterdam, Netherlands 306 17x 53.83 8.4% 5.58 2.1% São Paulo, Brazil 371 20.6x 53.82 8.4% 5.65 0.9% Frankfurt, Germany 404 22.4x 55.71 5.2% 5.67 0.5% Singapore, Singapore 381 21.2x 52.76 10.2% 5.64 1.0% Average 274 15.2x 54.71 6.9% 5.61 1.6% These are extremely good results. ExpressVPN is a winner on both download and upload speed. No matter where we went in the world, we never lost more than about 7% of our download speeds, and upload lost an astoundingly low average of 2%. This suggests that ExpressVPN deftly distributes its user load between servers to eliminate bottlenecks. This Ookla speedtest shows you can still get fast internet while connected to ExpressVPN -- our unprotected speeds are around 58 Mbps. Sam Chapman for Engadget The latency numbers look worse, but the rise in the table is less sharp than we projected. Ping length depends far more on distance than download speed does, so we expect it to shoot up on servers more than 1,000 miles from our location. Keeping the average below 300 ms, as ExpressVPN does here, is a strong showing. ExpressVPN security test: Checking for leaks A VPN's core mission is to hide your IP address and make you untraceable online. Our task in this section is to figure out if ExpressVPN can carry out this mission every time you connect. While we can't be 100% certain, the tests we'll run through below have led us to believe that ExpressVPN is currently leak-proof. Available VPN protocols A VPN protocol is like a common language that a VPN server can use to mediate between your devices and the web servers you visit. If a VPN uses outdated or insecure protocols, or relies on unique protocols with no visible specs or source code, that's a bad sign. Not all protocols are available on all apps, but Mac has the full range. Sam Chapman for Engadget ExpressVPN gives you a selection of three protocols: IKEv2, OpenVPN and Lightway. The first two are solid choices that support the latest encryption algorithms. OpenVPN has been fully open-source for years and is the best choice if privacy is your goal. While IKEv2 started life as a closed project by Microsoft and Cisco, ExpressVPN uses an open-source reverse-engineering, which is both better for privacy and quite fast. Lightway is the odd one out, a protocol you'll only find on ExpressVPN, though its source code is available on Github. It's similar to WireGuard, in that both reach for faster speeds and lower processing demands by keeping their codebases slim. However, Lightway was recently rewritten in Rust to better protect the keys stored in its memory. Ultimately, you can't go wrong with any of ExpressVPN's protocol options. 99% of the time, your best choice will be to set the controls to Automatic and let the VPN decide which runs best. Testing for leaks ExpressVPN is one of the best services, but it's not leak-proof (as you can read in the Background Check below). Luckily, checking for DNS leaks is a simple matter of checking your IP address before and after connecting to a VPN server. If the new address matches the VPN server, you're good; if not, your VPN is leaking. First, we checked the Windows app with split tunneling active to ensure the flaw really had been patched. We tested several servers and didn't find any leaks, which suggests the patch worked, though leaks were rare even before ExpressVPN fixed the vulnerability. We checked our IP while connected to the virtual India location, which is run from a physical server in Singapore. Don't worry -- it still looks like India to streaming services. Sam Chapman for Engadget In fact, we didn't find any leaks on any ExpressVPN server we tested on any platform. Though questions remain about iOS, as you'll see later in this section, that's a problem on Apple's end that even the best VPNs can do very little about for now. The most common cause of VPN leaks is the use of public DNS servers to connect users to websites, which can mistakenly send browsing activity outside the VPN's encrypted tunnel. ExpressVPN avoids the risks of the public system by installing its own DNS resolvers on every server. This is the key factor behind its clean bill of health in our leak testing. Two other common flaws can lead to VPN leaks: WebRTC traffic and IPv6. The former is a communication protocol used in live streaming and the latter is a new IP standard designed to expand domain availability. Both are nice, but currently optional, so ExpressVPN automatically blocks both to ensure there's no opportunity for leaks to arise. One note about VPN security on iOS: it's a known and continuing problem that iOS VPNs do not prevent many online apps from communicating with Apple directly, outside the VPN tunnel. This risks leaking sensitive data, even with Lockdown Mode active in iOS 16. A blog post by Proton VPN shares a workaround: connect to a VPN server, then turn Airplane Mode on and off again to end all connections that were active before you connected to the VPN. Testing encryption We finished up our battery of security tests by checking out ExpressVPN's encryption directly. Using WireShark, a free packet sniffer, we inspected what it looks like when ExpressVPN transmits data from one of its servers to the internet. The screenshot below shows a data stream encrypted with Lightway UDP. After connecting to ExpressVPN, HTTP packets were rendered unreadable while in transit. Sam Chapman for Engadget That lack of any identifiable information, or even readable information, means encryption is working as intended. We repeated the test several times, always getting the same result. This left us satisfied that ExpressVPN's core features are working as intended. How much does ExpressVPN cost? ExpressVPN subscriptions cost $12.95 per month. Long-term subscriptions can bring the monthly cost down, but the great deals they offer tend to only last for the first billing period. A 12-month subscription costs $99.95 and includes three months for free with your first payment, costing a total of $6.67 per month. The bonus disappears for all subsequent years, raising the monthly cost to $8.33. You can also sign up for 28 months at a cost of $139.72, but this is also once-only — ExpressVPN can only be renewed at the $99.95 per year level. There are two ways to test ExpressVPN for free before making a financial commitment. Users on iOS and Android can download the ExpressVPN app without entering any payment details and use it free for seven days. On any platform, there's a 30-day money-back guarantee, which ExpressVPN has historically honored with no questions asked. You will have to pay before you can use it, though. In our opinion, ExpressVPN's service is solid enough that it's worth paying extra. Perhaps not this much extra, but that depends on what you get out of it. We recommend using the 30-day refund period and seeing how well ExpressVPN works for you. If it's a VPN you can enjoy using, that runs fast and unblocks everything you need, that's worth a server's weight in gold. ExpressVPN side apps and bundles ExpressVPN includes some special features that work mostly or wholly separate from its VPN apps. Some of these come free with a subscription, while others add an extra cost. Every subscription includes the ExpressVPN keys password manager. This is available under its own tab on the Android and iOS apps. On desktop, you'll need to download a separate extension from your browser's store, then sign in using your account activation code. It's available on all Chromium browsers, but not Firefox. Starting in 2025, new subscribers get an eSIM plan through holiday.com, a separate service linked to ExpressVPN. The baseline 1GB holiday eSIM plans last for 5 days and can apply to countries, regions, or the entire world (though it's not clear whether the package deal applies to the regional and global plans). Longer-term plans include larger eSIM plans. You can add a dedicated IP address to your ExpressVPN subscription for an additional cost per month. A dedicated IP lets you use the same IP address every time you connect to ExpressVPN. You can add the address to whitelists on restricted networks, and you're assured to never be blocked because of someone else's bad activity on a shared IP. Unlike many of its competitors, ExpressVPN doesn't currently offer antivirus or online storage services, but there is a comprehensive bundle of ID protection tools called Identity Defender. We haven't reviewed any of these products in detail, but here's a list for reference: ID Alerts will inform you if any of your sensitive information is leaked or misused online. It's free with all plans, but you'll have to enter your personal information on your ExpressVPN account page or a mobile app. ID Theft Insurance grants up to $1 million in identity theft reimbursement and comes free with new ExpressVPN one-year or two-year subscriptions. It's not yet available to those who subscribed before it launched in October 2024. Data Removal scans for your information in data brokerages and automatically requests that it be deleted. It's also free with one-year and two-year plans. Credit Scanner is only available for United States users. It monitors your activity on the three credit bureaus so you can quickly spot any suspicious transactions. The Identity Defender features are currently only available to new ExpressVPN customers in the US. Close-reading ExpressVPN's privacy policy Although we worry that the consolidation of VPN brands under the umbrella of Kape Technologies (ExpressVPN's parent company) will make the industry less competitive, we don't believe it's influencing ExpressVPN to take advantage of its users' privacy. To confirm, and get a full sense of what sort of privacy ExpressVPN promises its users, we set out to read ExpressVPN's privacy policy in detail. It's long, but thankfully aimed at casual users instead of lawyers. You can see it for yourself here. In the introduction, ExpressVPN states that it does not keep either activity logs (such as a user's browsing history while connected to the VPN) or connection logs (such as the duration of a user's session and their IP address, which can be used to extrapolate browsing activity). It then specifies the seven types of data it's legally allowed to collect: Data used to sign up for an account, such as names, emails and payment methods. VPN usage data which is aggregated and can't be traced to any individual. Credentials stored in the ExpressVPN Keys password manager. Diagnostic data such as crash reports, which are only shared upon user request. IP addresses authorized for MediaStreamer, which is only for streaming devices that don't otherwise support VPN apps. Marketing data collected directly from the app — a "limited amount" that's kept anonymous. Data voluntarily submitted for identity theft protection apps. Of those seven exceptions, the only ones that count as red flags are account data and marketing data. Both categories are highly personal and could be damaging if mishandled. Fortunately, complying with subpoenas is not one of the allowed uses listed for either data category, nor does the policy let ExpressVPN sell the data to other private parties. The only really annoying thing here is that if you ask ExpressVPN to delete your personal data, you won't be able to use your account from then on. You aren't even eligible for a refund in this case, unless you're within 30 days of your initial subscription. As for marketing data, ExpressVPN collects device fingerprints and location data when you sign up for an account on its website. The privacy policy also claims this is anonymized, as its "systems are engineered to decouple such data from personally identifiable information." Audits corroborate this, as we'll see in the next section. So, while it would be better if ExpressVPN didn't collect any personal data at all, its practices don't appear to pose a risk to anything you do while using the VPN — just the ExpressVPN website. Privacy audits VPN providers often get third-party accounting firms to audit their privacy policies. The idea is that a well-known firm won't mortgage its reputation to lie on behalf of a VPN, so their results can be trusted. For the last several years, ExpressVPN has had KPMG look over its privacy policy and relevant infrastructure (see "TrustedServer" below). KPMG's most recent report, completed in December 2023 and released in May 2024, found that ExpressVPN had enough internal controls in place that users could trust its privacy policy. The report is freely available to read. This is a very good sign, though we're looking out for a more up-to-date audit soon. TrustedServer "TrustedServer" is a marketing term ExpressVPN uses for its RAM-only server infrastructure. RAM-only servers have no hard drives for long-term storage and return to a standard disk image with every reboot. This makes it theoretically impossible to store user activity logs on them, even if ExpressVPN wanted to do that. The KPMG audit, linked above, reports that TrustedServer works as advertised. Between its many clean privacy audits and the Turkish server incident in 2017, we're prepared to say ExpressVPN is a private VPN, in spite of its aggravating exception for marketing. Can ExpressVPN change your virtual location? Next, we tested whether ExpressVPN can actually convince websites that you're somewhere other than your real location. Our security tests have already proven it can hide your IP address, but it takes more than leak-proofing to fool streaming sites these days — Netflix and the others have gotten very good at combing through metadata to sniff out proxy users. The process for testing this is a lot like how we handled the DNS leak tests: try several different servers and see if we get caught. We checked five sample locations outside the U.S. to see if we a) got into Netflix and b) saw different titles in the library. The results are below. Server Location Unblocked Netflix? Library changed? Canada Y Y United Kingdom Y (second try; Docklands failed) Y Slovakia Y Y India Y Y (different from UK library) Australia Y Y In fifteen tests, ExpressVPN slipped up only once. Docklands, the UK server it chose as the fastest, wasn't able to access Netflix. We switched to a server labeled simply "London" and unblocked it without issue. ExpressVPN can change your virtual location so you can explore the wonderful world of K-drama. Sam Chapman for Engadget All the other locations got us access to an alternate Netflix library on the first try. We even checked whether the India server, which is physically located in the UK, showed us different videos than the UK servers. It did, which makes us even more confident that ExpressVPN's virtual locations are airtight. Investigating ExpressVPN's server network ExpressVPN users can connect to a total of 164 server locations in 105 countries and territories. These locations are reasonably well distributed across the globe, but as with all VPNs, there's a bias toward the northern hemisphere. There are 24 locations in the U.S. alone and a further 66 in Europe. That isn't to say users in the Global South get nothing. ExpressVPN has IP addresses from nine nations in South America (Argentina, Brazil, Bolivia, Chile, Colombia, Ecuador, Peru, Uruguay and Venezuela) and six in Africa (Algeria, Egypt, Ghana, Kenya, Morocco and South Africa). The network even includes Kazakhstan, Uzbekistan and Mongolia, impressive since central Asia may be the region most often shafted by VPNs. However, many of these servers have virtual locations different from their real ones. For those of you choosing a server based on performance instead of a particular IP address, ExpressVPN's website has a helpful list of which servers are virtual. The bad news is that it's a big chunk of the list. A total of 63 ExpressVPN locations are virtual, or 38% of its entire network. To reduce the sting, ExpressVPN takes care to locate virtual servers as close to their real locations as possible. Its virtual locations in Indonesia and India are physically based in Singapore. This isn't always practical, leading to some awkwardness like operating a Ghana IP address out of Germany. But it helps ExpressVPN perform better in the southern hemisphere. Extra features of ExpressVPN Compared to direct competitors like NordVPN and Surfshark, ExpressVPN doesn't have many special features. It's aimed squarely at the casual market and will probably disappoint power users. Having said that, what they do include works well. In this section, we'll run through ExpressVPN's four substantial features outside its VPN servers themselves. Network Lock kill switch "Network Lock" is the name ExpressVPN gives to its kill switch (though it's called "Network Protection" on mobile). A VPN kill switch is a safety feature that keeps you from broadcasting outside the VPN tunnel. If it ever detects that you aren't connected to a legitimate ExpressVPN server, it cuts off your internet access. You won't be able to get back online until you either reconnect to the VPN or disable Network Lock. ExpressVPN's kill switch is called Network Lock on desktop, and Network Protection on mobile (Android pictured) Sam Chapman for Engadget This is important for everyone, not just users who need to hide sensitive traffic. The recently discovered TunnelVision bug theoretically allows hackers to set up fake public wi-fi networks through which they redirect you to equally fake VPN servers, which then harvest your personal information. It's unlikely, but not impossible, and a kill switch is the best way to prevent it — the switch always triggers unless you're connected to a real server in the VPN's network. Like most of ExpressVPN's features, all you can do with Network Lock is turn it on and off. You can also toggle whether you'll still be able to access local devices while the kill switch is blocking your internet — this is allowed by default. Threat manager, ad blocker and parental controls ExpressVPN groups three tools under the heading of "advanced protection" — Threat Manager, an ad blocker and parental controls. Threat Manager consists of two checkboxes: one that blocks your browser from communicating with activity tracking software and one that blocks a list of websites known to be used for malware. Check any of these boxes to use the pre-set blocklists whenever you're connected to ExpressVPN. Sam Chapman for Engadget You can't customize the lists, so you're limited to what ExpressVPN considers worthy of blocking. They share their sources on the website. While the lists are extensive and open-source, they rely on after-the-fact reporting and can't detect and block unknown threats like a proper antivirus. The adblock and parental control options work the same way: check a box to block everything on the list, uncheck it to allow everything through. In tests, the ad blocker was nearly 100% effective against banner ads, but failed to block any video ads on YouTube or Netflix. The parental control option blocks a list of porn sites. It's an easy option for concerned parents, but only works while ExpressVPN is connected. As such, it's meant to be used in conjunction with device-level parental controls that prevent the child from turning off or uninstalling the VPN client. Split tunneling Sometimes, you'll find it helpful to have your device getting online through two different IP addresses at once — one for your home services and one for a location you're trying to spoof. That's where split tunneling is helpful: it runs some apps through the VPN while leaving others unprotected. This can also improve your speeds, since the VPN needs to encrypt less in total. You can configure split tunneling through either a blocklist or an allowlist. Sam Chapman for Engadget ExpressVPN includes split tunneling on Windows, Android and Mac (though only on versions 10 and below). You can only split by app, not by website, but it's still pretty useful. For example, you can have BitTorrent handling a heavy download in the background while you use your browser for innocuous activities that don't need protecting. ExpressVPN Aircove router By now, it should be clear that we find ExpressVPN to be a highly reliable but often unexceptional VPN service. However, there's one area in which it's a clear industry leader: VPN routers. ExpressVPN Aircove is, to our knowledge, the only router with a built-in commercial VPN that comes with its own dashboard interface. Usually, installing a VPN on your router requires tinkering with the router control panel, which turns off all but the most experienced users — not to mention making it a massive pain to switch to a new server location. Aircove's dashboard, by contrast, will be instantly familiar to anyone who already knows how to use an ExpressVPN client. It even allows different devices in your home to connect to different locations through the router VPN. Aircove's biggest drawback is its price. Currently retailing at $189 (not including an ExpressVPN subscription), it's around three times more expensive than an aftermarket router fitted with free VPN firmware. Some of you might still find the convenience worth the one-time payment. ExpressVPN customer support options ExpressVPN's written help pages are some of the best on the market. Its live chat is more of a mixed bag, and complex questions may cause delays. However, it is at least staffed with human agents who aim to reply accurately, rather than resolve your ticket as quickly as possible. You can directly access both live chat and email from ExpressVPN's mobile apps (on desktop, you'll have to go to the website). Sam Chapman for Engadget We approached ExpressVPN's support features with a simple question: "If I requested that ExpressVPN delete all my personal data, would I be able to get a refund for my unused subscription time?" (Remember from the Privacy Policy section that submitting a full deletion request also cancels your ExpressVPN account.) Our first stop was expressvpn.com/support, the written support center and FAQ page. It's divided into setup guides, troubleshooting, account management and information on each of ExpressVPN's products. The setup guides are excellent, including screenshots and clearly written steps; each one includes a video guide for those who learn better that way. Troubleshooting is just as good — no videos, but the same standards of clarity and usefulness prevail. The section starts with general problems, then delves into specific issues you might face on each operating system. Each article clearly derives from a real customer need. The live support experience To get answers on our refund question, we visited the account management FAQs. This section stated that the refund policy only applies within 30 days of purchase. Pretty clear-cut, but we still wanted an answer on our special case, so we contacted live chat by clicking the button at the bottom-right of every FAQ page. Live chat is in the bottom-right corner of every page of expressvpn.com. Sam Chapman for Engadget Live chat starts with an AI assistant, which is not too hard to get past — just ask it a question it can't answer, then click "Transfer to an Agent." We got online with (what claimed to be) a human in less than a minute. Answering the question took longer and involved an uncomfortable 10-minute silence, but we did get a clear verdict from a real person: refunds are within 30 days only, no matter what. If the live chat agent can't answer your question, you'll be redirected to open an email support ticket. Annoyingly, there's no way to go directly to email support through the website or desktop apps, though mobile users have the option to skip directly there. ExpressVPN background check: From founding to Kape Technologies ExpressVPN launched in 2009, which makes it one of the oldest consumer VPNs in continual operation. In more than 15 years of operation, it's never been caught violating its own privacy policy, though its record isn't free of more minor blemishes. Headquarters in the British Virgin Islands Founders Dan Pomerantz and Peter Burchhardt registered the company in the British Virgin Islands from the start to take advantage of that territory's favorable legal environment for online privacy. The BVIs have no law requiring businesses to retain data on their users, and the process for extraditing data is famously difficult, requiring a direct order from the highest court. In 2021, the BVI implemented the Data Protection Act (DPA) [PDF link], which prevents companies based in the territory from accessing data on their users anywhere in the world. It's a great privacy law in theory, modeled on best-in-class legislation in the EU. However, we couldn't find any evidence that its supervising authority — the Office of the Information Commissioner — has a leader or staff. In other words, while ExpressVPN is not legally required to log any data on its users, there's technically nobody stopping them from doing so. Whether you trust the jurisdiction depends on whether you trust the company itself. Let's see what the other evidence says. Security and privacy incidents Two significant incidents stand out from ExpressVPN's 16-year history. In 2017, when Andrei Karlov, Russia's ambassador to Turkey, was shot to death at an art show. Turkish police suspected someone had used ExpressVPN to mask their identity while they deleted information from social media accounts belonging to the alleged assassin. To investigate, they confiscated an ExpressVPN server to comb for evidence. They didn't find anything. A police seizure is the best possible test of a VPN's approach to privacy. The provider can't prepare beforehand, fake anything, or collude with investigators. The Turkey incident is still one of the best reasons to recommend ExpressVPN, though eight years is a long time for policy to change. The second incident began in March 2024, when a researcher at CNET informed ExpressVPN that its version 12 for Windows occasionally leaked DNS requests when users enabled the split tunneling feature. While these users remained connected to an ExpressVPN server, their browsing activity was often going directly to their ISP, unmasked. The bug only impacted a few users, and to their credit, ExpressVPN sprang into action as soon as they learned about it. The team had it patched by April, as confirmed by the researcher who initially discovered the vulnerability. But while their quick and effective response deserves praise, it's still a mark against them that a journalist noticed the bug before they did. Kape Technologies ownership and management questions In 2021, an Israeli-owned, UK-based firm called Kape Technologies purchased a controlling interest in ExpressVPN. In addition to ExpressVPN, privately held Kape owns CyberGhost, Private Internet Access, and Zenmate (before it merged into CyberGhost). As shown on its website, it also owns Webselenese, publisher of VPN review websites WizCase and vpnMentor, which poses an apparent conflict of interest. When reached for comment, a representative for ExpressVPN said that "ExpressVPN does not directly engage with, nor seek to influence, the content on any Webselenese site," and pointed us to disclosure statements on the websites in question — here's one example. Even so, it's a good reminder not to take VPN reviews at face value without knowing who's behind them (Engadget is owned by Yahoo, which does not own any VPNs). Diving deeper into the background of Kape's ownership will lead you to owner Teddy Sagi. Go back far enough, and you'll see he did prison time in Israel and was mentioned in the Pandora Papers, among other things. More recently, headlines about the billionaire have focused more his businesses in the online gambling and fintech arenas, as well as his real estate ventures. An ExpressVPN representative told us that "Kape's brands continue to operate independently," and our investigation bore that out — we couldn't find any proof that Kape or Sagi have directly attempted to influence ExpressVPN's software or daily operations. Closer to the immediate day-to-day operations of ExpressVPN was the company's employment of Daniel Gericke as CTO from 2019 through 2023. During that time, the US Justice Department announced it had fined Gericke and two others for their previous employment on a surveillance operation called Project Raven, which the United Arab Emirates (UAE) used to spy on its own citizens. The revelation prompted a public response from ExpressVPN defending its decision to hire Gericke, arguing that "[t]he best goalkeepers are the ones trained by the best strikers." ExpressVPN's representative confirmed that the company still stands by that linked statement. Gericke parted ways with ExpressVPN in October 2023, per his LinkedIn profile. While we don't know what we don't know, we can say that ExpressVPN has not notably changed its public-facing security and privacy policies during the time it's been connected to Kape, Sagi, or Gericke. In the end, how much ExpressVPN's history matters to you is a personal choice. If you object to any current or past actions by Kape Technologies or Teddy Sagi, there are other premium VPN options you might prefer. If you need more information to make up your mind, we recommend reading through CNET's 2022 deep dive on ExpressVPN's corporate history. Final verdict ExpressVPN is the VPN we most often recommend to beginners. It takes zero training to use, and consistently gets past filters on streaming sites. It also runs in the background with virtually no impact. If anything is worth the high price of admission, it's the excellent speeds distributed evenly across the worldwide server network. However, for certain specific cases, ExpressVPN may not be the best choice. There's no way to set up your own server locations, like NordVPN offers, and no double VPN connections, like you can build for yourself on Surfshark. Its corporate background is more suspect than the entities backing Proton VPN, and unlike Mullvad, ExpressVPN doesn't work in China — it's so well-known that the government targets its servers specifically. We suggest going with ExpressVPN for general online privacy, for spoofing locations in your home country while traveling, or if you regularly need to unblock sites in other countries. That encompasses 19 of every 20 users, which is fine by us, as ExpressVPN is a great service. It's just more of a reliable old screwdriver than a multi-tool. This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/vpn/expressvpn-review-2025-fast-speeds-and-a-low-learning-curve-160052884.html?src=rss

How far would you go to keep yourself private online? There’s little doubt that advances in technology over the past three decades have eroded traditional concepts around privacy and security: It was once unthinkable to voluntarily invite big companies to track your every move and decision—now, we happily let them in exchange for the digital goods and services we rely on (or are hopelessly addicted to). Most people these days either tolerate these privacy intrusions or outright don’t care about them. But there’s a growing movement that believes it’s time to claim our privacy back. Some are working piecemeal, blocking trackers and reducing permissions where they can, while not totally ditching modern digital society as a whole. Others, however, are as hardcore as can be—a modern equivalent of "going off the grid."  We put out a call looking for the latter—people who are going to great lengths to protect their privacy in today’s mass surveillance world. We received a number of insightful, fascinating, and unique situations, but for this piece, I want to highlight four specific perspectives: "Ed," "Jane," "Mark," and "Jay."Ed is "ruthless" with app choices and permissionsThe first respondent, I’ll call Ed, since their privacy journey began with the Edward Snowden leaks: “I'd known something was likely up…as early as 2006[.] I remember headlines about AT&T possibly spying, but high school me didn't take it too seriously at the time. The Snowden leaks, when I was in college, really opened my eyes. Ever since, I've taken steps to protect my privacy.”Ed says the biggest step they’ve taken towards a digitally private life has been their Proton account. If you’re not aware, Proton is a company that offers apps designed for privacy. Their email service, Proton Mail, is the most famous of the company’s products, but Proton makes other apps as well. Ed uses many of them, including Proton VPN, Proton Calendar, and Proton Drive. Ed pays for Proton Ultimate, which costs them nearly $200 every two years (a new account is now billed yearly at $119.88). You don’t have to pay for Proton, but your experience is much more limited. That’s not totally dissimilar to Google’s offers, which gives you more features if you pay, but most people can definitely get by with a free Google Account. I'm not so sure the reverse is true. Speaking of Google, Ed does have a Google Account, but rarely logs into it. They don’t keep anything attached to it, however—Ed stores all files, for example, in Proton Drive or Tresoirt (another end-to-end encrypted service).Ed uses SimpleLogin for throwaway email addresses. That’s not just for the times Ed wants to avoid giving their email address to someone. According to them, they use an alias anytime an organization asks for their email, and frequently delete it when it’s no longer useful. Each online purchase gets its own alias, and that alias is deleted once the purchase is complete. Whenever Ed travels, they use an alias for any flights, hotels, and rental cars they use. Once the trip is up, they delete the alias. If one of those aliases receives a spam message, they delete it as well.Ed’s smartphone of choice is iPhone, and although Apple arguably has the best reputation for privacy in big tech, Ed is no fan: “Apple is no bastion of privacy of course, but they seem to be the least-worst of the big tech companies.” Ed doesn’t use iCloud for any backups: Any iPhone files are kept in Tresorit. That iPhone, of course, contains apps. But each app is there for a reason, and no app gets access to permissions unless it requires it: “I'm ruthless about apps and app permissions. If I'm not going to use the app regularly, I uninstall it. I grant only those permissions I think the app reasonably needs.” Ed protects his mobile internet traffic with Proton VPN, and only accesses the web via Firefox Focus, a special version of Firefox designed for privacy. Location services are always off on Ed’s iPhone, unless they’re using Apple Maps for navigation. Once they arrive at their destination, Ed disables location services again. They also have an interesting trick for getting back home without revealing their actual address:  “Additionally, when I'm navigating home, I don't enter my home address. I enter the address down the street just as an extra layer so I'm not entering my actual home address…I'll end navigation and turn off location while still driving…if I know the rest of the way home myself."Most of us deal regularly (if not daily) with spam calls. Not Ed: They use the “Silence Unknown Callers” setting on iOS to send all numbers not in the Contacts app to voicemail. They then review all voicemails, and if they didn’t leave a message, they block the number. Our initial call out for this piece referenced how using a VPN can sometimes block incoming phone calls, but Ed isn’t bothered by that: “Since most calls these days are scams or telemarketing, and most people I do want to talk to aren't going to call me anyway, I see this as more of a feature than a bug.” For their desktop computing needs, Ed uses Windows. They admit they aren’t privacy experts when it comes to Microsoft’s OS, but they do what they can, including changing all privacy settings and uninstalling all programs they don’t use. (That includes OneDrive and Edge.) They also run a clean version of Windows 11 after following Lifehacker’s guide. Firefox is their go-to PC browser, and they use a variety of extensions, including:ClearURLs: removes trackers from links.Decentraleyes: blocks data requests from third-party networks. Disconnect: blocks trackers from "thousands" of third-party sites.Firefox Multi-Account Containers: separates your browsing into siloed "containers" to isolate each session from one another.PopUpOFF: blocks pop-ups, overlays, and cookie alerts.Privacy Badger: blocks invisible trackers.Proton VPN: Proton's Firefox add-on for its VPN.uBlock Origin: popular content blocker.Ed didn’t say how much of an impact this array of extensions and settings has on their browsing, save for YouTube, which they admit does sometimes give them trouble. However, Ed has workarounds: “When YouTube wants me to 'sign in to confirm you're not a bot,' changing VPN servers usually does the trick.” Ed also uses the audible clues for ReCAPTCHA prompts, rather than the pictures, since they don’t want to help train Google’s “braindead AI.”Ed deleted all their social media accounts, including Facebook, X, Instagram, and LinkedIn. Though they’ve never had TikTok installed on their phone, they will watch it in Firefox when a friend sends them a video. Jane uses an open-source smartphone OS designed for privacyWhile Edward Snowden may have kicked off Ed’s interest in personal privacy, "Jane" has many strong beliefs motivating their desire for privacy. They are concerned about data brokers and Meta’s practices of tracking internet activity, and how these companies build profiles based on that data to sell to third-parties; they’re concerned about the possibility of telecommunication companies tracking our locations via cellular towers; they worry about US law enforcement and agencies reviewing citizens’ social media accounts accounts and tracking people. Their focus on privacy is fueled by true concern for their own well-being, not only the value of privacy as a concept.      Jane uses a VPN on all of their devices. Instead of Proton, however, Jane opts for Mullvad. They enable ad and tracker blocking, as well as a kill switch, which blocks your internet if you lose connection with the VPN—thus protecting your connection from being leaked out of the secure network.I’m a big advocate for strong and unique passwords and proper password management, but Jane definitely beats me when it comes to secure credentials. Jane uses six to eight-word passphrases generated by diceware, a tactic that chooses words based on dice rolls. Something like this diceware generator will roll a die five times, then find a word in a bank based on that five-digit number. You can repeat this as many times as you want to come up with a passphrase built up with random words. Jane saves all of their passphrases to a password manager, except for the ones for important accounts, like their bank. They commit those to memory, just in case someone breaches their password manager.     Like Ed, Jane uses Mullvad, but instead of just using their VPN, they opt for the web browser, which has those protections built in. Mullvad’s strict privacy settings break persistent logins on websites, so any sites Jane wants to stay logged in on are kept in Brave browser. For both Mullvad and Brave, Jane uses uBlock Origin.“From time-to-time I do run into sites that will block access due to being on a VPN or blocking ads and trackers. Instead of disabling [my] VPN completely, switching my connection to one of Mullvad's rented servers instead of ones they own usually helps. Barring that, I occasionally go into [uBlock Origin] and temporarily whitelist a needed [URL] ([ReCAPTCHA] etc). This works for me to get around site blocks most of the time.”  Jane uses a Mac, and configured macOS based on various privacy guides. But instead of an iPhone, Jane opts for a Google Pixel. That might surprise readers who assumed hardcore privacy enthusiasts would break away from Google entirely. But X doesn’t run Android: Instead, they installed GrapheneOS on their Pixel, an open-source OS designed for privacy. Following a restart, Jane configured the Pixel to only unlock with a seven-word dice passphrase—for general use, they use a fingerprint scan and a six-digit PIN. If the don’t unlock their Pixel for a while, their phone automatically reboots to put it back into this “First Unlock” state. They also keep airplane mode on at all times to disable the phone’s radio communications, but maintain a wifi connection with timed automatic Bluetooth and wireless disabling. Jane also deleted all their social media accounts after downloading all data associated with those platforms.Mark uses phone and credit card masks“Mark” is perhaps the least hardcore of the respondents in this story, but that makes their experience both interesting and relatable. Unlike most of the people we spoke to, Mark is still on Facebook and Instagram. That’s due to their job, which requires them to be on the platform, but they’ve been “systematically” deleting everything they can over their 19-year Facebook history and saving the data to an external hard drive. Mark doesn’t follow anything that isn’t relevant to their job, and only uses Facebook and Instagram inside the DuckDuckGo browser. They don’t react to posts they see, and following their privacy tactics, Facebook doesn’t show them relevant ads anymore. “If there is an ad I'm actually interested in I'll search it up in a different browser rather than click it.”Mark has had four Google Accounts in their time online, and has deleted two so far. Like Facebook, they have to use Google for their job, but they delegate all their work to Chrome. All other browsing runs through Firefox, DuckDuckGo, or Tor. The latter is perhaps best known for being the browser of choice for browsing the dark web, but what makes it great for that is also what makes it a great choice for private browsing.Unlike others in this story, Mark hasn’t de-Googled themselves completely. In addition to using Chrome for work, Mark has a phone mask through Google, and has their contacts, calendar, and maps tied to the company—though they are moving away from Google as much as they can. They've been running through their old emails to find and delete outdated accounts they no longer use. Any accounts they do need now use an email mask that forwards to a Mailfence account, an encrypted email service.   Mark was the only respondent to talk about entertainment in relation to privacy: “I've also been switching to physical media over streaming, so buying CDs and DVDs, locally as much as possible. I'm lucky to have a local music store and a local bookstore...one of the owners of our bookstore wrote a book on how to resist Amazon and why. Any book I want, I can either order through them or on Alibris. For music, I use our local record store and Discogs.”When shopping online, Mark uses a credit card mask, but still uses the card itself when shopping in person. They want to start using a credit card mask in retail locations like Janet Vertesi, an associate professor of sociology at Princeton University, but they haven’t quite gotten there yet.   What really piqued my interest most about Mark, however, wasn’t their perspective on their own privacy concerns, but the concerns around the privacy of their kids: “They each have a Gmail, two of them have Snapchat. Their schools use Gaggle and Google to spy on them. I don't even know how to start disconnecting them from all this...I was a kid during the wild west of the internet and this feels like getting back to my roots. My kids are end users who understand apps and touchscreens, not torrenting their music or coding a basic website. (Is this my version of "I drank out of the garden hose"?) I feel like Big Data has its grip on the kids already and I don't have a guidebook on navigating that as a parent.”  Mark’s current focus on their kids’ privacy includes deleting their health data from their local health system. That’s in part due to a data breach impacting the health system, but also the language about autism from Robert F. Kennedy Jr., the current Secretary of Health and Human Services.Jay de-googled their life and uses a VoIP phone number"Jay's" origin story with personal privacy dates back to 2017. That year, Equifax suffered a major hack, where nearly 148 million Americans had sensitive data stolen and weren’t notified about the breach for months. Jay was frustrated: You don’t choose to give your data to Equifax, or any credit bureau, and yet so many people lost their data. They also felt that companies were not properly held responsible for these events, and lawmakers were simply too out of touch to do what was necessary to protect citizens’ privacy, so they took it upon themselves to protect their own data. Ever since this incident, Jay freezes their credit: “It was frustratingly difficult back then, but nowadays, it is very easy (it just requires an account, which I use a burner email for)...The freeze will not allow anyone to pull credit for large purchases in your name, even if they have your social security number (and because of the data breach, someone probably does). I decided I wanted to pursue some privacy for the things I do have a choice over.”  From here, Jay de-googled their life, including both Google Search as well as YouTube. They’ve found no issue with using alternative search engines, and, in fact, sees Google getting worse, as it tries to show you results based on what it thinks it knows about you, not what is most relevant to your actual query: “The internet was supposed to be a place you went to find information, not where you became the information that companies take instead."Jay uses tools to prevent fingerprinting, where companies identify you and track you across the internet, but worries that going too far with things like ad blockers puts a target on your back as well. Jay chooses to pick “a couple of effective tools,” and runs with those.For their smartphone needs, Jay goes with Apple. Like Ed, Jay doesn’t believe Apple is perfect, and even considers their privacy policies a bit of a gimmick, but sees them as the better alternative to Android. Jay likes the security of the App Store, and the array of privacy features in both Safari and Apple Accounts as a whole. They highlight Safari’s “Advanced Tracking and Fingerprinting Protection” feature, which helps block trackers as you browse the web; iCloud’s Private Relay, which hides your IP address; and “Hide My Email,” which generates email aliases you can share with others without giving your true email address away.Most of us are plagued with spam calls, but following the Robinhood data breach in 2021, Jay started receiving a flood of them. They decided to change their phone number and made a point of never sharing it with businesses. For the times they need to give out their number to parties they don’t trust, they use a number generated by My Sudo, which, for $20 per year, gives them a VoIP (Voice over Internet Protocol) phone number. It works with most services that rely on SMS, but it won’t function for two-factor authentication. (Which is fine, seeing as SMS-based 2FA is the weakest form of secondary authentication.) My Sudo lets you change your number for an additional $1, so if Jay’s number ever was compromised or started receiving too much spam, they could swap it.        Jay, like many respondents, deleted all social media services: “It has its place in society for a lot of people, and is no doubt a great way to connect. However, I found that the fear of deleting it was a lot worse than actually deleting it. The people you care about won’t forget you exist.” That said, Jay doesn't mind any of the obstacles this lifestyle does throw their way: “It is a challenging topic, as most people consider you a little bit 'out there' if you take steps to make your life a little less convenient, but more private. The modern world sells you convenience, while pretending it is free, and harvesting your data for so much more than you actually get out of your relationship to them.”      What it takes to be private on the modern internetThere's no one way to tackle personal privacy. Every one of the respondents to our query had something unique about their approach, and many had different motivations behind why they were so concerned about their privacy.There are plenty of common through lines, of course. Most privacy people love Proton, which makes sense. Proton seems to be the only company that offers a suite of apps most closely resembling Google's while also prioritizing privacy. If you want your email, calendar, word processor, and even your VPN all tied up nicely under one privacy-focused umbrella, that's Proton. But not everyone wants an ecosystem, either. That's why you see respondents using other VPNs, like Mullvad, or other private storage options, like Tresorit. These apps and services exist—they might just not be owned by one company, like Apple or Google (or Proton).Google and Meta are more commonalities, in that most privacy enthusiasts ditch them entirely. Some, like Mark, haven't been able to fully shake off these data-hungry companies. In Mark's case, that's because they need these platforms for work. But while most hardcore privacy people delete their Google and Meta accounts, most of us have trouble de-Googling and de-Metaing our digital lives. In general, though, the keys to privacy success include the following: Use a VPN to protect your internet traffic; prioritize privacy in your web browser, both through the browser itself, as well as extensions that block ads and protect your traffic; shield your sensitive information whenever possible, by using email aliases, alternate phone numbers, or credit card masks; use strong and unique passwords for all accounts, and store those passwords in a secure password manager; use two-factor authentication whenever possible (perhaps passkeys, when available); and stick to end-to-end encrypted chat apps to communicate with others. While there's always more you can do, that's the perfect storm to keep your digital life as private as reasonably possible. Some might read through the examples here and see steps that are too much effort to be worth it. It might seem out of reach to ditch Gmail and Instagram, break certain websites, and force your friends and family to learn new numbers and email addresses to protect your privacy, especially if you don't feel your privacy has that much of an impact on your life. But even if you aren't sold on the concept of privacy itself, there are real-world results from sticking with these methods. Jay no longer receives spam calls and texts; Mark no longer sees ads that are freakishly relevant to their likes. It's a lifestyle change, to be sure, but it's not just to serve some concept of privacy. You can see results by changing the way you interact with the internet, all without having to actually disconnect from the internet, and, by extension, the world at large.

Over the past few weeks, VMware customers holding onto their perpetual licenses, which are often unsupported and in limbo, have reportedly begun receiving formal cease-and-desist letters from Broadcom. The message is as blunt as it is unsettling: your support contract has expired, and you are to immediately uninstall any updates, patches, or enhancements released since that expiration date. Not only that, but audits could follow, with the possibility of “enhanced damages” for breach of contract. This is a sharp escalation in an effort to push perpetual license holders toward VMware’s new subscription-only model. For many, it signals the end of an era where critical infrastructure software could be owned, maintained, and supported on long-term, stable terms. Now, even those who bought VMware licenses outright are being told that support access is off the table unless they sign on to the new subscription regime. As a result, enterprises are being forced to make tough decisions about how they manage and support one of the most foundational layers of their IT environments. VMware isn’t just another piece of enterprise software. It’s the plumbing. The foundation. The layer everything else runs on top of, which is precisely why many CIOs flinch at the idea of running unsupported. The potential risk is too great. A vulnerability or failure in your virtual infrastructure isn’t the same as a bug in a CRM. It’s a systemic weakness. It touches everything. This technical risk is, without question, the biggest barrier to any organization considering support options outside of VMware’s official offering. And it’s a valid concern.  But technical risk isn’t black and white. It varies widely depending on version, deployment model, network architecture, and operational maturity. A tightly managed and stable VMware environment running a mature release with minimal exposure doesn’t carry the same risk profile as an open, multi-tenant deployment on a newer build. The prevailing assumption is that support equals security—and that operating unsupported equals exposure. But this relationship is more complex than it appears. In most enterprise environments, security is not determined by whether a patch is available. It’s determined by how well the environment is configured, managed, and monitored. Patches are not applied instantly. Risk assessments, integration testing, and change control processes introduce natural delays. And in many cases, security gaps arise not from missing patches but from misconfigurations: exposed management interfaces, weak credentials, overly permissive access. An unpatched environment, properly maintained and reviewed, can be significantly more secure than a patched one with poor hygiene. Support models that focus on proactive security—through vulnerability analysis, environment-specific impact assessments, and mitigation strategies—offer a different but equally valid form of protection. They don’t rely on patch delivery alone. They consider how a vulnerability behaves in the attack chain, whether it’s exploitable, and what compensating controls are available.  Read more about VMware security Hacking contest exposes VMware security: In what has been described as a historical first, hackers in Berlin have been able to demo successful attacks on the ESXi hypervisor. No workaround leads to more pain for VMware users: There are patches for the latest batch of security alerts from Broadcom, but VMware users on perpetual licences may not have access. This kind of tailored risk management is especially important now, as vendor support for older VMware versions diminishes. Many reported vulnerabilities relate to newer product components or bundled services, not the core virtualization stack. The perception of rising security risk needs to be balanced against the stability and maturity of the versions in question. In other words, not all unsupported deployments are created equal. Some VMware environments—particularly older versions like vSphere 5.x or 6.x—are already beyond the range of vendor patching. In these cases, the transition to unsupported status may be more symbolic than substantive. The risk profile has not meaningfully changed.  Others, particularly organisations operating vSphere 7 or 8 without an active support contract, face a more complex challenge. Some critical security patches remain accessible, depending on severity and version, but the margin of certainty is shrinking.   These are the cases where enterprises are increasingly turning to alternative support models to bridge the gap—ensuring continuity, maintaining compliance, and retaining access to skilled technical expertise. Third-party support is sometimes seen as a temporary fix—a way to buy time while organizations figure out their long-term plans. And it can serve that purpose well. But increasingly, it’s also being recognized as a strategic choice in its own right: a long-term solution for enterprises that want to maintain operational stability with a reliable support partner while retaining control over their virtualization roadmap.What distinguishes third-party support in this context isn’t just cost control, it’s methodology.   Risk is assessed holistically, identifying which vulnerabilities truly matter, what can be addressed through configuration, and when escalation is genuinely required. This approach recognises that most enterprises aren’t chasing bleeding-edge features. They want to run stable, well-understood environments that don’t change unpredictably. Third-party support helps them do exactly that, without being forced into a rapid, costly migration or a subscription contract that may not align with their business needs.  Crucially, it enables organisations to move on their own timeline. Much of the conversation around unsupported VMware environments focuses on technical risk. But the longer-term threat may be strategic. The end of perpetual licensing, the sharp rise in subscription pricing, and now the legal enforcement of support boundaries all points to a much bigger problem: a loss of control over infrastructure strategy.  Vendor-imposed timelines, licensing models, and audit policies are increasingly dictating how organizations use the very software they once owned outright. Third-party support doesn’t eliminate risk—nothing can. But it redistributes and controls it. It gives enterprises more agency over when and how they migrate, how they manage updates, and where they invest. In a landscape shaped by vendor agendas, that independence is increasingly critical.  Broadcom’s cease-and-desist letters represent a new phase in the relationship between software vendors and customers—one defined not by collaboration, but by contractual enforcement. And for VMware customers still clinging to the idea of “owning” their infrastructure, it’s a rude awakening: support is no longer optional, and perpetual is no longer forever. Organizations now face three paths: accept the subscription model, attempt a rapid migration to an alternative platform, or find a support model that gives them the stability to decide their future on their own terms.  For many, the third option is the only one that balances operational security with strategic flexibility.  The question now isn’t whether unsupported infrastructure is risky. The question is whether the greater risk is allowing someone else to dictate what happens next. 

close New tech helps travelers save on smartphone charges Artificial intelligence is now being used to personalize eSIMS, potentially saving hundreds of dollars for travelers overseas. Your smartphone works hard, but it doesn't always stay in top shape on its own. Over time, storage fills up, apps collect background data and privacy settings fall behind. You might notice slower performance, random glitches or just a general sense that things aren't running as smoothly as they used to. The good news is that a quick digital and physical cleanup can help your device run like new. These simple steps will help you free up space, improve speed and keep your personal data better protected. Woman looking at apps on smartphone (Kurt "CyberGuy" Knutsson)Digital cleanup tips1. Clear out apps and files you forgot existedIf your phone is low on storage or feeling sluggish, start by clearing out apps and files you no longer use. This is one of the fastest ways to improve speed and battery life.For iPhone usersOffload unused apps: Go to Settings > Apps > App Store > Turn on Offload Unused Apps.Review app storage usage: Go to Settings > General > iPhone Storage > Scroll down and select an offload or delete. (Note: Offloading an app will preserve the app’s data and documents, allowing you to reinstall the app later and pick up where you left off. While deleting an app will remove both the app and all its data from your device permanently, unless that data is backed up elsewhere.)Delete large message attachments: Go to Messages > Open a conversation > Tap contact name > Info > See All under Photos > Tap Select > Tap photos you want to delete > Tap Delete on the bottom right > Confirm by tapping Delete Attachment.Enable iCloud photos: Go to Settings > [Your Name] > iCloud > Photos > Turn on Sync this iPhone and Optimize iPhone Storage to save space on your device by storing full-resolution photos in iCloud and smaller versions locally.For Android usersSettings may vary depending on your Android phone’s manufacturer. Delete unused apps: Go to Settings > Apps > [App Name] > Uninstall.Clean out downloads: Open the Files app > Downloads > Select files > Tap Delete.Use Files by Google: Open the Files by Google app > Tap Clean > Use options like Delete downloaded files or Delete duplicate files to free up space. Person viewing storage space on their smartphone (Kurt "CyberGuy" Knutsson)5 DIGITAL CLEANUP HACKS YOU DIDN’T KNOW YOU NEEDED2. Disable background app activity to save power and speed things upMany apps continue running in the background even when you're not using them, draining battery and slowing down your phone. Limiting or disabling background activity can noticeably boost performance and help your device last longer between charges.For iPhone usersLimit background activity:Go to Settings > General > Background App Refresh > Choose Off or Wi-Fi only > Or toggle off individual apps that don't need to refresh in the background.For Android usersSettings may vary depending on your Android phone’s manufacturer.Restrict background activity:Go to Settings > Apps > Select the app > Tap Battery > Choose Restricted or Optimize to limit background usage.Or go to Settings > Battery > Battery usage > Tap on apps using high power > Adjust settings to restrict background activity.Get a free scan to find out if your personal information is already out on the web 3. Organize and remove unnecessary filesDigital clutter adds up quickly. Screenshots, old PDFs, duplicate photos and downloads that were only meant to be temporary. Regular file maintenance helps you stay organized and keep your phone running smoothly.For iPhone usersFind duplicate photos: Go to Photos > Scroll to Utilities > Duplicates (if applicable) > Tap Merge to combine duplicates > Confirm your decision by clicking Merge # Exact Copies.Sort screenshots: Go to Photos > Scroll to Media Types > Screenshots > Tap Select in the upper right > Tap the photo/photos you want to delete and a blue check mark will appear in the bottom right of the image > Then tap the trashcan in the bottom right of the screen > Confirm your decision by clicking Delete or Delete # Photos.Delete old downloads: Open the Files app > Browse > Downloads > Tap the circle with the three horizontal dots in the upper right > Tap Select > Click the files you'd like to delete and a blue circle with a check mark will appear > Tap the trash can icon in the bottom right of the screen.For Android usersSettings may vary depending on your Android phone’s manufacturer.Find duplicate photos: Open Files by Google > Tap Clean > Under Duplicate files, select files to delete.Sort screenshots: Open Photos > Albums or Collections > Screenshots > Tap and hold to select > Delete or the trashcan icon > Click Move to trash.Delete old downloads: Open the Files app > Downloads > Select files by tapping and holding > Tap Delete or the trash can icon.For email cleanupBulk delete emails in Gmail: In the search bar, type older_than:6m > Select all > Delete.Set email rules in Outlook: Go to File > Manage Rules & Alerts > New Rule > Choose criteria like sender, age or subject > Set action to archive or delete.Find old emails in Yahoo: Use the search bar to type before:2025/01/01 messages by clicking the square box next to the message > Delete or click the trashcan icon.Physical cleaning tipsPhones collect bacteria from nearly every surface you touch. From gym equipment to bathroom counters, your phone needs regular cleaning to stay safe and functional.Clean the exteriorUse a dry microfiber cloth to wipe the screen, case and back.For tougher smudges, slightly dampen the cloth with 70% isopropyl alcohol.Never spray liquid directly on the screen or into ports.Avoid harsh chemicals like bleach, ammonia or glass cleaner.Do not use paper towels or abrasive materials that can scratch the screen.Clean ports and speakersUse a soft-bristled brush or wooden toothpick to remove lint and debris from charging ports and speaker grills.Avoid using metal objects or compressed air directly into the port.Clean your caseFor plastic or silicone: Wash with warm soapy water, rinse and air dry.For leather or fabric: Use a surface-appropriate cleaning solution and follow the manufacturer’s care instructions.Before cleaning, always power off your phone and unplug any accessories.GET FOX BUSINESS ON THE GO BY CLICKING HERE Man cleaning smartphone with microfiber cloth (Kurt "CyberGuy" Knutsson)Privacy and security sweepDigital cleaning also means reviewing your privacy settings. Make sure your apps are not accessing more than they need and keep your sensitive data secure.For iPhoneHide private photos: Go to Photos > Select image > Click the three horizontal dots in the circle in the upper right of the screen > Hide > Confirm by clicking Hide Photo.Control lock screen access: Go to Settings > Face ID & Passcode > Adjust Allow Access When Locked settings.Use iCloud Keychain to manage and autofill secure passwords: Go to Settings > [your name] > iCloud > Passwords. Tap Sync This iPhone to enable iCloud Keychain.For AndroidSettings may vary depending on your Android phone’s manufacturer.Review app permissions: Go to Settings > Privacy > Permission Manager > Choose a permission type > Review and adjust access.Enable Find Hub: Go to Settings > Google > All services > Personal & device safety > Find Hub > Turn on Allow device to be located.Set a secure screen lock: Go to Settings > Security > Screen Lock > Choose a PIN, password or pattern.Back up your dataData loss can happen without warning. Whether it is due to damage, theft or an unexpected software issue, having a recent backup can save your photos, contacts and important files.For iPhoneBack up to iCloud: Go to Settings > [Your Name] > iCloud > iCloud Backup > Turn on.Back up using a computer: Connect to Finder (on Mac) or iTunes (on PC) and select Back Up Now.For AndroidSettings may vary depending on your Android phone’s manufacturer.Back up to Google: Go to Settings > Google > Backup > Turn on Backup by Google One > Confirm your backups in the Google One app under Storage > Device Backup.Use smart tools to automate cleanupInstead of constantly managing your phone manually, let trusted tools do the heavy lifting. A top-tier antivirus app doesn’t just protect against malware; it often includes powerful performance boosters designed to keep your device running smoothly. Look for apps that offer:Junk file and cache cleanupApp uninstaller for unused programsDuplicate file finderBrowser cleanup toolsStartup manager to improve device boot timeReal-time protection against malware, phishing and unsafe linksThese features help keep your device fast, secure and clutter-free without constant manual maintenance. Many top-rated antivirus apps offer a combination of security and performance optimization tools to simplify device management and protection. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.Kurt’s key takeawayTaking a little time to clean up your phone can really pay off. Whether you're freeing up space, boosting speed or tightening your privacy, these small steps help your device work better and keep your information safer. Plus, a quick physical clean keeps your phone looking and feeling fresh.What are some of your favorite tips or habits for keeping your phone clean, organized and secure? Let us know by writing us atCyberguy.com/Contact.CLICK HERE TO GET THE FOX NEWS APPFor more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.Ask Kurt a question or let us know what stories you'd like us to cover.Follow Kurt on his social channels:Answers to the most-asked CyberGuy questions:New from Kurt:Copyright 2025 CyberGuy.com. All rights reserved. Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Macworld At a GlanceExpert's Rating Pros Good speed, tools, and customization settings Stopped every piece of malware 30-day trial Cons Tricky installation Web Protection feature does nothing to warn or prevent access to problem websites A disk access error required reinstallation (twice!) Our Verdict When the application works, it’s impressive. There was almost no malware I could get past it, the level of customization is impressive, and while I wish its Web Protection feature added warnings for clear scams and phishing attempts, Trend Micro Antivirus meets the needs of the Consumer market it’s targeted towards quite well. Price When Reviewed This value will show the geolocated pricing text for product undefined Best Pricing Today Best Prices Today: Trend Micro Antivirus for Mac Retailer Price Trend Micro 19,95 € View Deal Price comparison from over 24,000 stores worldwide Product Price Price comparison from Backmarket There’s a certain value in an application not trying to do everything under the sun, but honing in on a set of tasks and performing them well. And while Trend Micro Antivirus for the Mac hasn’t included a ton of revolutionary new features since the last time we reviewed it (in 2023), and while you’re less likely to hear about the program given the company’s focus on the business environment and lack of a marketing blitz towards consumer and home users, there’s something good to be had here. Trend Micro Antivirus for Mac requires macOS 10.13 (High Sierra) to download, currently retails for $29.95/£19.95 a year for one device for the first year (discounted from $39.99/£49.95 a year), and is also readily available as a 30-day trial with no credit or debit card needing to be sent along to Trend Micro. We have tested all the best Mac antivirus software options in our round-up of the Best antivirus software for Mac. Simply download the software, install it, and follow the prompts to add the iCore network extension, add the Safari and other web browser extensions, decide if you want to activate the Folder Shield feature, perform the initial virus definition updates, and allow the software to reboot. From there, Trend Micro will ask for permission to initiate full disk access to your Mac’s hard drive. The user interface is identical to its previous versions, with the home screen focusing on its Overview, Web, Scans, Folder Shield, and Logs modules. Trend Micro Antivirus continues to focus on its bread and butter with what is honestly excellent antiviral protection. Foundry Upon hurling the Objective See Mac Malware collection at it, there was almost nothing that got through, the application recognizing the malware and deleting it, save for a fake Adobe Flash Player extension that installed and was later removed by the macOS operating system. This, combined with a handy scheduling feature that allows for daily, weekly, or monthly setup and execution, allows for the application to run on its own without needing to be babysat.   There’s an interesting level of customization at work here, as Folder Shield offers boosted protection to assorted user folders (such as Documents, Music, Pictures, Movies, Dropbox, Mobile Documents, etc.), and you can create a Trusted Program list. It’s not crucial, but it’s fairly unique, and the application also scans inserted USB drives by default. Foundry The Web Protection module offers Privacy Scanner, Web Threat Protection, and Website Filter elements, which can block controversial content, such as pornography, etc., and users can also add trusted websites and blocked websites.  If there’s one thing that impressed me, it was the quick access to the logs, which cover scan results, unsafe websites found, websites filtered, updates received, folder shield, and dangerous notifications found. While this version of Trend Micro Antivirus isn’t designed for the sysadmin market, there’s nothing more useful than system logs to see what’s going on, and the fact that these logs are pre-sorted comes in handy.  For the final element of the Overview window, and as expected, the user interface hooks into ads for the company’s other wares from its home screen (“Privacy Tools” goes to Trend Micro VPN and “Utility Tools” hooks into its Cleaner One Pro, Unzip One, and AdBlock One utilities) which isn’t surprising, and is at least tucked out of the way as opposed to the application firing this into your eyeballs every two nanoseconds you use it.  Foundry Trend Micro has carved out something good here, even if there are a few wrinkles to iron out. The installation was a little trickier than expected, and you have to double-check the windows and options to make sure you’re enabling the right extensions, as opposed to an installer that does most of this for you. This gets a little bit tricky, but isn’t a deal breaker by any stretch of the imagination. Perhaps the most infuriating element to consider was the fact that the Web Protection feature, although well-hyped, does just about nothing to warn or protect you from websites associated with your spam folder, and I’m still able to go to sites offering me a free $1,000 prepaid Visa card, supposed free Bitcoin payouts, online casino gambling, etc. Finally, and I’m not sure exactly what led to this, but Trend Micro Antivirus stated twice that full disk access hadn’t been granted during testing despite the settings being correct, and needed to be uninstalled and reinstalled twice. This may be a bug between Trend Micro Antivirus and macOS Sequoia 15.5, but it would behoove Apple and Trend Micro to swap notes, brew a few pots of coffee, and see exactly what’s happening that could lead to this.  Should you buy Trend Micro Antivirus? I’m not sure what led to the error and the need for reinstallation, but when the application works, it’s impressive. There was almost no malware I could get past it, the level of customization is impressive, and while I wish its Web Protection feature added warnings for clear scams and phishing attempts, Trend Micro Antivirus meets the needs of the consumer market it’s targeted towards quite well, there’s ready access to Trend Micro’s help and feedback boards from the Overview window, and the options for the company’s additional tools are present but not overwhelming in the sense that a marketing department had gone out of control.