Alex Grant

Author Archives: Alex Grant

Online Shopping Scams During the Holiday Season

Online Shopping Scams Are 62% Higher During the Holiday Season; California and Texas Are the Hardest Hit

For the first time, consumers will do more of their holiday shopping online than they will in brick-and-mortar stores. Fifty-four percent of shoppers plan to do their shopping from their mobile devices this year, as opposed to in-store. 

This year marks the first time the shopping scales will tip in favor of online consumerism, according to research from PricewaterhouseCoopers LLP.

While more people plan to shop online this year, there’s a real threat that consumers have to watch out for: online shopping scams. compiled data and read hundreds of consumer reports to investigate just how prevalent online shopping scams are, and the results are shocking. 

Online shopping scams are 62% higher during the month of December than they are during an average month.

Scams are a problem for residents across the country, but our research revealed several states – California and Texas – are the hardest hit by digital scammers. 

To compile this data, we specifically looked at reported cases of online shopping scams from the Better Business Bureau. Keep in mind these are cases that are reported voluntarily by consumers in an effort to warn others from becoming a victim of the same scam and provide a snapshot of online shopping scams that take place. 

Online shopping scams happen year-round, but they’re more prevalent during the holiday season. This year, consumers should be aware of potential scams as they shop for holiday gifts online. No matter how a scammer pulls it off, every case can result in lost money.

For protection against holiday scams, shoppers must take precautionary steps this season. Be cautious about ordering products from unknown websites, buying products that are priced extremely low, or purchasing a product that you learned about via an email from an unknown company.

What kinds of scams are most popular?

When you think of online shopping scams, several tricks or fraudulent activity might come to mind. However, read hundreds of reported cases of online shopping scams to find out what the most common kinds of online shopping scams are. Here’s what we found:

Consumers pay for an item, but never get it

The most common online shopping scam happens when a consumer buys something from a website, pays for it online, but never gets the item. Consumers usually inquire about the item only to find that the company’s phone number is disconnected, the address is fake, or the website is no longer online.  Money is never returned.

Consumers buy an item, but are told it ran out of stock

In some cases, consumers buy an item during a flash sale, but later received an email that says the product is so popular that the company ran out of inventory. The company apologizes for the inconvenience and tells consumers that they’ll refund their money within 24-48 hours, but the money is never returned. 

Consumers wire a deposit for a foreign item, but get nothing

There are several cases where consumers bought something abroad, either because the product was such a great deal or because it’s not something that’s typically sold in the U.S. In these cases, scammers asked consumers to pay a deposit for the item upfront and then let the consumer pay the rest upon delivery. However, consumers never got the product and don’t get their deposit back either. 

Scammers preferred method of contact

Most of the online shopping scams were initiated through an email. Shoppers received a message about a great product with a low price and that sent them to a specific website where the scam took place. 

In other cases, consumers stumbled upon the site by themselves while searching for holiday items. Websites run by scammers look legitimate, and even mimic the look and feel of other well-known retailers in an effort to lure you in. 

Online shopping scams throughout the year

Now that you understand what kinds of scams were talking about, and how scammers are reaching shoppers, let’s look at the number of scams that were reported in the U.S. in 2018.

Last year, 10,175 online shopping scams were reported to the Better Business Bureau. On average, 848 people reported online shopping scams each month.

A look at the monthly breakdown of online scams shows the drastic spike in online shopping scams during December.  

number of scams nationwide

The number of online shopping scams in each state in December alone

Knowing that online shopping scams climb nationally during December, we started digging through data from the BBB to figure out which states have the most reported cases of online shopping scams. 

We pulled data for every state and looked specifically at the number of reported online shopping scams that took place in 2018 during the last month of the year. 

As you might expect, the number of scams reported varies across the country. To explore how each state is affected, we’ve created a heat map. States in the darkest red have the most reported cases of online shopping scams. States in the lightest red have the least reported cases of online shopping scams. 

online scams in dec by state heat map

Top 5 worst states for holiday shopping scams online

Our research shows that Californians have reported the highest number of online shopping scams during the month of December; reporting 106 scams. Throughout the year, consumers in The Golden State reported 1,128 cases of online shopping fraud. Texas comes in second place, with a reported 86 online shopping scams in December, and several other states are close behind.

top 5 worst states for scams

Top 5 states with the least holiday shopping scams online

We were also able to find the states with the lowest number of reported scams from online shopping. Surprisingly, there were a handful of states that only had one or two cases of online shopping scams reported. 

The states with the least holiday shopping scams are Wyoming and South Dakota. In both of these states, there’s only one reported online shopping scam in the month of December. Three other states only had two reported cases in December. 

Top 5 least holiday scams states

Tips to prevent holiday fraud

To help consumers stay safe while shopping online this season, here are tips to follow:

Don’t shop over public Wi-Fi

Public Wi-Fi connections can be hacked, which gives scammers easy access to personal data. Add a layer of protection by using a mobile VPN, or a virtual private network, to maintain online privacy and anonymity. 

Shop on known sites

During the holidays, stick to popular sites for shopping. If a new site is a must, read reviews online, look for the company’s physical address on their website and run it through Google Maps to make sure it exists. Read the ‘About Us’ section to validate the company’s validity, and call the company’s phone number to make sure a real person answers.

Check grammar and language use in emails

Consumers should read promotional emails carefully. If an email has grammatical errors or doesn’t seem like it was written by someone who really knows the language, it’s a red flag. Emails written by scammers overseas often have misspellings, grammatical errors, or don’t use words in the right context. These emails could be phishing scams used to steal a consumer’s identity. 

Watch the URL

Consumers shouldn’t make any purchases from sites that don’t have ‘http’ in the beginning. Sites with URLs that start with different letters are likely fraudulent.

Be cautious of contact you didn’t initiate

If someone calls out of the blue asking for personal details, it’s cause for concern. If the contact wasn’t initiated by you, be wary of any information you give.

Guide to Password Security

Guide to Password Security

Security breaches are increasingly common — but for many people, password policy is not a serious concern.

This lax approach to data protection is a big problem. Bad password habits can leave people vulnerable to the loss of credit card details and other personal information.

In this article, we’ll explore:

  • Common bad habits to avoid
  • How to enhance online security by using a password manager
  • How to choose a strong but memorable master password

Bad password management habits

There are many easily-avoidable practices that make life easier for cybercriminals. Here are some common password policy problems.

Using weak passwords

Research from the National Cybersecurity Centre (NCSC) shows that millions of people are still using simple passwords, such as “123456” or “password123.” 

Here are some common types of bad passwords.

  • A convenient sequence of keys. According to Use a Passphrase, the password 12345qwerty would take 1 millisecond to guess using common password-cracking software. zxcvb7890 would take 53 seconds.
  • A single word. Password crackers can cycle through the dictionary in a matter of seconds, meaning single dictionary words are not a safe option. However, multiple words, used in a passphrase, can make a robust password.
  • A common word or phrase with numbers substituting letters. For example, whereas newyorknicks takes 1 minute to crack, n3wy0rkn1cks takes 4 minutes — better, but still not tough enough. 
  • A zip code, postcode, or date of birth. Cracking tools can easily guess common number patterns. 98109 takes 2 seconds, SW1A0AA takes 2 hours, 01/06/1985 takes just 8 seconds.

Researchers have published a list of the 100,000 most-breached passwords. It’s worth checking this list to ensure your passwords aren’t included.

Reusing passwords

It’s crucial to use unique passwords for each account — don’t reuse passwords.

Password reuse is a very bad habit. If a person chooses the same password to log into Google, Linkedin, Amazon, etc., they will be especially vulnerable in the event of a data breach. 

Once a cybercriminal cracks a password for one account, they can try the same username and password combination on other online services. This makes it easier to break into high-security online services such as banking and payment platforms.

This is why reusing the same password across multiple online accounts is so risky.

Writing down passwords

Don’t write down passwords. This can easily lead to loss or theft. Passwords must be stored securely.

There are two main ways to securely store passwords:

  • Locally — Physically storing passwords on a computer, USB key, or another device. This is only recommended where the device can be kept completely safe.
  • Remotely — Remotely storing passwords “in the cloud.” Cloud storage services can be hacked, so it’s important to only use a high-security service such as a password manager.

Failing to protect against malware and cybercrime

Cybercriminals can use several techniques to gain access to passwords. For example: 

  • Keyloggers — A type of spyware that records keystrokes on a device. Keylogger software can detect everything a user types on their computer, including passwords.
  • Man-in-the-middle attacks — A hacking technique that exploits public Wi-Fi networks. A hacker can intercept a person’s password data as they log into online accounts.
  • Phishing — A scam involving fake websites and social media accounts. For example, cybercriminals have created fake online banking websites designed to trick people into entering their account details.

It’s possible to defend against such threats by:

  • Installing antivirus software 
  • Using a Virtual Private Network (VPN) on public Wi-Fi networks
  • Keeping software and operating systems up-to-date
  • Using a password manager

Password managers

A password manager is an application that can generate strong passwords, store them securely, and (usually) autofill online forms.

Maintaining a good level of password security is much easier with a password manager.

How do password managers work?

Most password managers work like this:

  • The user downloads a password manager application, and often an accompanying browser extension
  • The user creates a “master password” used to log into the password manager. This is the only password they’ll need to remember once their password manager is set up
  • During setup, the user can import existing passwords from a browser or anywhere else they’re stored
  • The password manager can generate unique, secure passwords for each of the user’s accounts
  • The passwords are stored in encrypted storage
  • A browser extension can autofill the user’s passwords whenever they wish to log in to an online account

Many password managers optionally allow two-factor authentication (or multi-factor authentication) for an extra layer of security.

To log into a password manager using two-factor authentication, a user must present something they know (their master password) and something they have (i.e., a mobile device). For example, they might be sent a verification code via text message.

What are the benefits of using a password manager?

Using a password manager has the following cybersecurity benefits:

  • They generate strong passwords
  • They store passwords in highly-encrypted storage (usually industry-standard 256-AES) 
  • They provide each of a user’s accounts with a unique password
  • They allow for two-factor authentication
  • They reduce the threat posed by keyloggers

The password manager industry has grown substantially in recent years, and there are now over 50 different password managers to choose from. Many top brands provide bonus features, such as secure cloud storage, to attract users.

What are the risks of using a password manager?

Generally speaking, a password manager is the most secure way to store and retrieve passwords. However, handing over sensitive personal information to a third party always has some risks attached.

There have been some security vulnerabilities exposed among password managers. Most notable was a 2015 hack of LastPass which resulted in some users’ email addresses and certain authentication data being compromised.

No major password manager has reported an incident in which hackers gained access to their users’ passwords. However, some people prefer to keep total control over their passwords by only storing them locally (e.g., on their computer).

Certain password managers, such as KeePass and Bitwarden, allow local password storage. This can make it more difficult to sync and back up passwords. However, for the most security-conscious people, it’s worth the inconvenience.

What’s the best password manager?

Password managers vary in terms of their cost, user-friendliness, and extra features. Here’s a run-down of some of the most popular password manager brands. 


KeePass is an open-source password manager that has developed a large and loyal following since its first release in 2003.

There are several reasons why many people love KeePass:

  • It’s completely free
  • It stores passwords locally — a user’s passwords need never leave their device
  • It’s open-source, so software developers and other technically-minded people can develop and customize it

“Out of the box,” KeePass is quite basic. It doesn’t even include an auto-fill function or browser extension by default. Syncing passwords between devices can be complicated.

However, there are many third-party plugins available for KeePass. These are additional tools that expand KeePass and make it more versatile. KeePass apps for iPhone and Android are also available as third-party software.

Unlike commercial password managers, KeePass is not very user-friendly, and there’s no customer support team to help if things go wrong. Therefore, KeePass is only suitable for people who are confident with technology.


Dashlane offers a very user-friendly experience for paying users and an abundance of free features, including:

  • Unlimited access to a Virtual Private Network (VPN)
  • 1 GB secure file storage
  • Dark Web Monitoring service

Like most commercial password managers, Dashlane operates a “freemium” model — the company offers a stripped-down version of its product for free, then gives users the option to upgrade to an annual subscription.

Unfortunately, the free version of Dashlane is extremely limited. Dashlane’s non-paying users are only able to save up to 50 passwords, and can only use Dashlane on one device. 

This means anyone wishing to log into their online accounts on both a phone and a laptop would find Dashlane’s free product virtually unusable. 

However, for those willing to pay a subscription, Dashlane is one of the very best password managers available.


LastPass is another popular commercial password manager operating a freemium model. 

LastPass’s free version is one of the best free password managers, providing the following features:

  • Unlimited password storage
  • Use on unlimited devices
  • Password auto-fill
  • Secure notes storage (simple text notes, such as credit card numbers, etc.)

This means LastPass’s non-paying users can generate and store unlimited passwords across unlimited devices.

Premium users get some bonus features, including 1 GB secure file storage, emergency access, and advanced multi-factor authentication options. 


1Password is a popular password manager operated by Canadian company AgileBits. 

1Password is not a freemium product — it’s only available to paying subscribers (there’s a 30-day free trial available). 

So how does 1Password compete with top-quality freemium password managers? Well, along with offering many of the same features as the rival products, 1Password also has the following benefits:

  • It uses a great-looking, easy-to-use interface that many people prefer to other password managers
  • It has a highly secure master password login method
  • It offers some great features for families
  • It provides a “Travel Mode” that allows users to temporarily wipe sensitive data when crossing borders

These factors make 1Password a top-quality product that its users are happy to pay for.

How to choose a strong but memorable password

A password manager will generate new passwords for each of a user’s accounts, using random letters, numbers, and special characters. This means that there’s no need to remember each password — in fact, it would be impossible to do so. 

Here’s a random password generated by Dashlane, for example — }fn(\]?,64mJ. Not exactly memorable.

However, there are times when it’s necessary to create a memorable password. For example, when choosing a master password.

In such situations, it’s better to choose something complex but memorable, so as to avoid the need to record it.

Here are some tips for creating a strong but memorable password:

Consider adapting the lyrics of a favorite song. For example, DyKtIhItTgV?1968. This password is adapted from a Marvin Gaye line — “don’t you know that I heard it through the grapevine?”. The suffix is “1968” — the year that song was released.

Choose a passphrase, rather than a password. Check out Use a Passphrase, a tool to generate memorable but tough-to-crack passphrases. 

Here’s an example of a memorable passphrase:

  • NineHandedWobbleMobile —This passphrase would take roughly 600 years to crack using common password-cracking software.
  • NineHandedWobbleMobile(9-5) — This passphrase would take over 5.2 trillion years to crack!

Adding additional words and special characters to a password or phrase may not make it much harder to remember — but it could make it millions of times harder to crack.

Virgin Media blocks VPNs

Virgin Media is one of the big four internet service providers (ISPs) in the UK, delivering internet services to 5.9 million homes. The company has a lot of power over the access that the British public has to the World Wide Web. has recently discovered that Virgin Media ISP is secretly operating its own block on access to VPN sites. Not only are the websites of VPNs blocked but sites that review VPNs and promote internet privacy are also quietly banned.

VPNs are not illegal in the UK. In fact, the British government’s foreign office, intelligence services, police services, and military forces use them regularly. There is no law against the usage of VPNs or responsibility on the part of ISPs to block access to them. However, Virgin Media has decided, as a matter of policy, to prevent its customers from accessing VPNs through its network.

The choice of VPNs that are blocked is random. The names and content of the VPN review sites also seem to show no selection pattern.

Which sites are being blocked?

Virgin Media sends back three different blocking messages that users trying to access banned sites will see in their browsers instead of the hoped-for site. These are:

  •         Web Safe parental control block
  •         A system SSL error message
  •         A system connection reset message

The assignment of which banned sites are blocked by which error message is completely random. They also change over time, but always, the visitor sees one of those three blocking messages – never any other.

VPN sites blocked with a Web Safe message

Access to some sites is blocked with the Virgin Media Web Safe parental controls page, which is shown below.

Web Safe Message

VPN sites blocked by Web Safe:

  •         VikingVPN
  •         Hide.Me

VPN review sites blocked by Web Safe are:


The Web Safe message is supposedly generated as a parental control. Implying that the site was blocked because it contained one of a list of undesirable content types, including pornography. Not all real pornography sites are blocked with the Web Safe message. For example, is blocked with an SSL error message.

VPN sites blocked with an SSL error message

Error message screens are generated by browsers when they receive an error code back from the web server. Some errors are raised by the browser itself if a problem occurred during the session establishment process.

The SSL error gets raised when the browser discovers that the security certificate of the website is not in order. Chrome shows the following screen under these circumstances.

SSL Error

Access to the following VPN sites are blocked with an SSL error when accessed through Virgin Media:


Only one VPN review site is currently blocked with an SSL error:


The SSL error implies that the site being visited is a scam or isn’t professional because its owner and administrator have failed to keep up the certificate that supplies security on connections. As you will find out later in this report, this is a slur that is untrue.

VPN sites blocked with a connection reset message

A connection reset message is usually generated by a browser when the connection procedure at the beginning of the process to request a web page gets interrupted and the connection gets dropped.

The browser produces an error screen when this problem arises. The message displayed by Chrome is shown below.

Reset Message

The following VPN sites get blocked with the connection reset message.


The following VPN review site are blocked by the reset condition:


The reset error should be a very rare occurrence. There is no way a connection should get dropped regularly to so many professional websites.

VPN sites not blocked by Virgin Media

The mystery over how Virgin Media selects the sites that it will block is deepened by the VPN sites that it doesn’t block. If Virgin Media wants to prevent all of its customers from subscribing to a VPN, why doesn’t it block all of the VPN websites in the world? It blocks a few VPN review sites but overlooks a long list of others.

The VPN review sites that aren’t blocked are impacted almost as severely as those rivals that can’t get their sites delivered to the general public. This is because the top two sites that all VPN review sites recommend are blocked. These are ExpressVPN and NordVPN. Many of the other top VPNs in the world are also blocked.

Anyone visiting a VPN review site that isn’t blocked will be constantly frustrated when they try to follow the links through to the sites of the best VPNs.

Here is a list of VPNs that Virgin Media does not block the websites for:

  •         VPN.Asia

The following sites that contain VPN reviews are not blocked by Virgin Media:


It could simply be that Virgin Media hasn’t got around to blocking these sites yet. The list of sites that are currently blocked includes the most successful VPNs and VPN review sites in the world.

Investigating Virgin Media

As a Virgin Media customer and an expert in VPN’s, as soon as I received blocking error messages, I turned on a VPN. With the VPN connection active, those websites that appeared to have connection or SSL problems suddenly became available. VPNs are well known as a method to bypass system blocks, such as the Web Safe system.

To check on whether this error was being caused by my computer, I turned off the data access to my phone, connected it to the house Wi-Fi and tried one of the problematic sites. It was blocked. I then disconnected from Wi-Fi, turned on the data plan, and tried again. The connection went through.

This told me that the problem wasn’t with those sites that couldn’t be reached, it wasn’t my computer or phone, it was Virgin Media causing the problem.

Why does Virgin Media block some VPN sites?

There seems to be no pattern to the blocking practice of Virgin Media. The five most successful VPNs in the world that are recommended by VPN sites more than the others are:

  •         ExpressVPN
  •         NordVPN
  •         IPVanish
  •         PrivateVPN
  •         CyberGhost

These are all blocked by Virgin Media.

HideMyAss, TunnelBear, GooseVPN, VPN Area, PureVPN, Windscribe, and PrivateInternetAccess are also frequently recommended and have high customer satisfaction ratings. Of these, all are blocked, except for PureVPN and VPN Area.

One possible reason for the block on VPNs is that they hide access to torrent sites. Virgin Media blocks access to all of the prominent torrent index sites, such as The Pirate Bay.

However, all VPNs allow access to torrents, not just those that Virgin Media has decided to block. Some of the sites not blocked by Virgin Media, notably TorGuard, VPN Area, and VyprVPN prominently advertise their services for unblocking torrent sites.

The same story occurs with the review sites. Yes, the blocked sites feature articles on using VPNs for torrenting, but so do all of the sites that aren’t blocked.

Investigating Virgin Media blocking techniques

I contacted NordVPN to see whether the company realized that they were being blocked from advertising their services to around a quarter of all internet users in the UK. Mauricio Rubio of the Customer Success Team told me: “We are aware that some of the ISPs tend to block VPN websites or even the servers. Unfortunately, there is not really anything to resolve this issue.”

Repressive governments, such as those in China and Iran, are well known to block VPNs. In some countries, such as Russia, VPNs are illegal. However, neither is the case in the UK. Other major ISPs allow access to VPN sites. This is not an official government policy; it is a decision taken by Virgin Media.

I asked Mr Rubio to tell me which other ISPs he knew were blocking VPN access. However, he didn’t want to say. What he did tell me however was the method that most blocking ISPs use to prevent access to certain sites. That method is a DNS sinkhole.

What is a DNS sinkhole?

“DNS” stands for “domain name system.” It also stands for “domain name server.” The domain name system translates the web addresses that internet users type into a browser into the actual address of the server that hosts the code for that site.

When you enter an address into your browser or click on a link, the first thing the browser does is send a request to a domain name server to get the address it should go to for the site. Every ISP decides where to direct DNS requests. Virgin Media has its own.

A DNS sinkhole is also called a blackhole DNS. In order to block access to certain sites, the Virgin Media DNS server doesn’t omit an entry for the banned site. The site has a record there. However, instead of giving the correct internet address for that site’s web address, it returns an address that isn’t associated with any computer.

The Virgin Media blocking method

I checked the DNS entries for (blocked by Web Safe), (returns an SSL error), and (connection reset error). The results of queries to the Virgin Media DNS server gave the following results.

DNS Query Virgin

Every computer on the internet must have a unique address, which called an IP address. As you can see from the illustration above. My DNS queries for three separate sites returned identical IP addresses.

I entered the IP address into my browser’s address bar. The request did not receive a response. That means that the destination does not exist.

I checked who the owner of the address is with an online IP lookup. The owner is Virgin Media. So, Virgin Media’s DNS server gives the same address for all of those blocked VPN sites. That address is owned by Virgin Media and leads nowhere. This is a classic DNS sinkhole.

How to avoid a DNS sinkhole

Fortunately, if you specify a DNS server in the network settings of your computer, that setting overrides the DNS choice of your ISP. That is, your browser will use the DNS server you nominate. If none is set, it will use the DNS server of the ISP.

Cloudflare offers a free DNS service. The address of its server is easy to remember: To define the DNS server in the network settings, implement the following steps.

Step 1

Click on the Wi-Fi symbol in the system tray of your desktop. Click on Network and Internet Settings.

Access Network Settings

In the Network Settings screen, click on Change adapter options. This opens the Network Connections list.

Step 2

Right click over the icon that represents your Wi-Fi connection. Select Properties in the pop-up menu to get the connection properties window.

Step 3

Click on Internet Protocol Version 4 (TCP/IPv4) and press the Properties button. This opens an Internet Properties window.

WiFi Properties

Step 4

Look to the bottom half of the Internet Properties window and press the Use the following DNS server addresses radio button. Enter and into the two address fields. Check the Validate settings on exit box. Press the OK button to close the window and press the Close button in the Wi-Fi Properties window.

Check your new DNS settings

After naming a DNS server, try to access those sites blocked by Virgin Media. They should work. The DNS lookup output shown below reruns the earlier queries I performed. This time, the queries return the correct IP addresses. The sinkhole address has gone.

Virgin Media problem

Virgin Media is owned by Liberty Global, which is the largest broadband internet service outside of the USA. It is possible that other Liberty Global divisions are using the same DNS sinkhole trick to block access to VPN sites.

I am only able to check my own ISP. Have you experienced problems similar to the blocks I outlined about? Try nominating a DNS server in your network settings. If this fixes the problem, leave a message in the Comments section below and tell the community which internet service provider you use. 

Best Legal Torrent Sites – 2020

Best Legal Torrent Sites – 2020

Torrents are downloading systems that use a file sharing architecture, called “Peer-to-Peer.” This is different from traditional download methods because there is no central server. 

Instead of connecting to a service from which you browse and download files, the torrent method reaches out to other users directly and you can download segments of a file from different correspondents all at the same time.

The torrent methodology is very efficient and it speeds up downloads by allowing simultaneous copying of sections of files. The fact that your torrent client only attempts to download one small slice of each file at a time means you don’t have to restart the whole download again if the computer that you are transferring data from gets turned off.

The torrent client will keep checking for the availability of other sources for a file and keep contacting them to acquire more slices of the desired file. As soon as a segment download completes, you become a source of that section for others to copy from. So, each owner of a file doesn’t need to have a complete copy in order to make part of the file available to others.

The Peer-to-Peer file sharing system opens up a whole new world of entertainment access. There is just one problem: most torrent sites are illegal.

The torrenting concept is a good idea that it’s a shame to leave it only to the illegal distributors of entertainment. The system is lightweight and fast and it requires a lot less administration than the classic online video library format.

Torrent legality

It stands to reason that the companies that invest lots of money into producing movies, TV shows and music aren’t going to let those assets go for free. This is why copyright laws exist. When you pay to download a movie or song, you don’t get the right to distribute it to others.

If you make a media file available to others, you are breaking the law. For example, in the USA, Peer-to-Peer file sharing is a criminal offense and you could be prosecuted for “conspiracy to commit copyright infringement” under the Family Entertainment and Copyright Act

Also in the USA, entertainment companies have formed the US Copyright Group, which exists solely for the purpose of prosecuting those who copy and watch copyrighted material without paying for it.

Downloading entertainment is illegal in a large number of countries in the world. In many places, the producing companies don’t bother pursuing individuals for copyright infringement. However, in those countries, Internet service providers are given the responsibility of blocking access to illegal content sites – this is the case in the UK, for example.  

So, in many places in the world, you will find it impossible to reach illegal torrent sites; in other countries, you might get into legal hot water. In short, it is better to avoid illegal torrent sites.

How torrents work

The access point to the torrent system is through a torrent search on a website that lists available torrent downloading files. When you select an option from the list, a small file gets downloaded onto your computer. There are several methods for starting off a torrent depending on which protocol you use. The most widely used is called BitTorrent. This is mediated by a BitTorrent file, or a magnet link. You need to load either into a “client” in order to access the file that you hope to download.

Torrent trackers

The BitTorrent file and the magnet link point to a tracker file, which is stored somewhere on the internet. The tracker file contains details about the file you want to download. The most important bit of information is a list of the addresses of all of the computers in the world that have copies of that file. Your torrent client works through that list and contacts each of them in turn, hoping to find one that is online.

File segments

Each file is treated as an array of segments. Your client will contact the active client on a computer that has the desired file and ask for one segment. Once that download starts, your client will contact another correspondent and ask for a different segment. When each segment finishes downloading, the client will ask that source for another segment. The client is able to download many segments from different sources simultaneously. This method greatly speeds up the downloading process.

Peer types

In torrenting terminology, any computer with which your computer is in connect with is called a peer. Your client might be sending to a peer or receiving from a peer. The client can send out segments and receive in segments simultaneously. It is also capable of sending and receiving segments of several files all at once – you don’t have to wait for one download to finish before starting another one.

A person that makes a complete copy of a file available to others is called a Seeder. A person that is still in the process of downloading but has completed segments to dish out to others is called a Leecher. In the availability list of files on a torrent site, you will see the number of seeders and leechers alongside the entry for each file. Sometimes the column headings are just “S” and “L.”

A file will download faster if there are more sources available for it and the more seeders there are, the better because that also means it is more likely that the entire file is available from a popular torrent.

Torrenting systems and clients

The most widely used torrenting system in the world is called BitTorrent. This system is available through BitTorrent clients, including:

  • BitTorrent
  • uTorrent
  • qBittorrent
  • Vuze
  • BitLord
  • Xunlei
  • Deluge
  • Tixati
  • Transmission

BitTorrent and uTorrent are both products of the same organization, which is owned by the creator of the BitTorrent protocol. The qBittorrent project was started up specifically to create an open source alternative to the BitTorrent client. 

Another system for file sharing is called eDonkey, which is also known as eDonkey2000 and eD2k. This is the second most popular file sharing system in the world. Access to it is through a client called eMule. This has several adaptations, called iMule, IMule, JMule, xMule, and eMule Plus.

Kademlia, or Kad, was developed by the same group that create eDonkey. This is a better system than eDonkey but has fewer users. Clients that can operate eMule can usually also use Kad.

The BitTorrent and eDonkey systems are not compatible with each other, so if you are on one network, ordinarily, you can’t get segments of a file from the other. There are torrent clients that can handle multiple protocols. However, they can’t mix sources, so you will be downloading one file entirely with one protocol while downloading another file with a different protocol. Multi-platform clients include:

  • Morpheus
  • BitComet
  • Shareaza
  • MLDonkey
  • Lphant
  • Jubster
  • qMule

There are many other torrenting protocols in the world and a lot of other clients. However, BitTorrent and eMule are by far the largest. All of the torrent clients mentioned above are free to use.

Some video streaming apps use torrents as their backend file delivery system. However, most of these access copyrighted material without permission and so are illegal. The streaming systems combine all of the phases of sourcing and watching a media file. However, they only download files temporarily, so if you want to watch something again, you will have to copy it over live on the Internet all over again. Popcorn Time and the browser-based Torrent-Time are the two most widely used torrent-based streaming systems in this category.

All of the above software is available in versions for Macs as well as for Windows, iOS, Android, and Linux. 

Legal torrent sites

There are many sources for illegal torrents, such as the Pirate Bay. However, these are often blocked, frequently get taken down and every now and then one of them disappears forever.

It isn’t worth running the risk of downloading files illegally, so we have compiled this list of legal torrent sites, so you can access entertainment without having to worry about the consequences.

Here is our list of the best legal torrent sites:

1. Legit Torrents: As the name suggests, this site only lists legally downloadable files.

2. Vuze StudioHD Network: Associated with the Vuze torrent client.

3. Public Domain Torrents: A free service that gives access to older entertainment content.

4. Bitlove: Includes a large podcast library.

5. Internet Archive: Movies, TV shows, books, and music.

6. Vodo: Specializes in indie movies uploaded by their creators.

1. Legit Torrents

Legit Torrents holds torrents that give access to more than 3,800 files that can be downloaded legally. The content available through the site includes video, music, ebooks, games, software, anime, and data sets.

Don’t expect to find the latest Hollywood blockbusters on this site – big name films will only be available on pay streaming sites. However, as far as free stuff goes, Legit Torrents probably outranks all of the competition with its library. It is particularly good source for gaming torrents and anime.

The site doesn’t offer magnet links. All downloads initialize with a .torrent file. The information page for each torrent includes a brief synopsis of the content and shows the number of seeds and leechers for the file.

2. Vuze StudioHD Network

Although resident on the main Vuze website, there is no link through from the Vuze Homepage to this content torrent location service. All the files accessible through this site are free to download and available legally.

If you have the Vuze torrent client, you can access the Studio through that environment without having to open a browser. This configuration also removes the need to download the torrent file and then open it in a client as two separate actions. If you have Vuze Plus, you can watch content within the client while it is still downloading.

3. Public Domain Torrents

The interface of the Public Domain Torrents free legal torrent site is not as sophisticated as the two options above. However, the navigation of the site is very straightforward. The content of the files available for download through this site is overwhelmingly classic movies.

There is no search facility on the site. However, you can browse the library by movie category. You don’t need to be a member in order to access the torrents. There is a forum and people also post comments on the pages of each movie and you need to create an account in order to do that.

A section of the site allows you to watch a limited list of movies within a player on the site. This player is Flash based, so your browser might block it from running.

4. Bitlove

Bitlove is specifically a platform for distributing podcasts, so don’t expect to be able to access any movies on the site. Individual torrents are difficult to identify because the directory is organized by the ID of the person who registered the file with the site, which is very rarely an identifiable name. However, there is a search engine field at the left of the site’s headline bar.

As well as hosting podcasts for download through the BitTorrent protocol, the site also includes listings for live feeds. However, remember that this site is all about voice and not music or shows.

5. Internet Archive

Internet Archive is part of, which runs the Wayback Machine, which stores snapshots of websites at various dates in the past. The service also stores videos, audio files, and ebooks. This library is very large. It contains 4 million videos. These are mostly very old movies.

Media can be played in a viewer within the site or downloaded with the assistance of torrents. All torrents offered on this site are in the BitTorrent format.

6. Vodo

Vodo is an exciting concept for independent filmmakers. The site is a platform for Specializes in indie movies uploaded by their creators. Content is categorized to make it easier for you to locate the kind of entertainment that you like. You can stream entertainment on the site or download video files through the BitTorrent protocol. Films are free to watch, but you are asked to make a voluntary contribution.

Most Secure Web Browsers – 2020

Most Secure Web Browsers - 2020

A web browser is your gateway to the internet — and a gateway into your devices and network. If your browser isn’t secure, attackers can access your system, exploit your privacy and steal your personal and financial data.

Cybercrime grows more sophisticated by the day. A secure browser must defend against a wide variety of security and privacy threats, including:

  • Phishing scams.
  • Malicious web content.
  • Intrusive tracking practices.

However, some web browsers are much more secure than others. Here’s what you should expect from a secure web browser:

  • Secure design — For web browsing to be secure, developers must integrate security measures into the architecture of their browser software.
  • Security features — Users should have access to optional advanced security and privacy features.

  • Regular updates — A secure browser requires an active team of developers responding quickly and effectively to any reported security issues.
  • Privacy protection — Security and privacy go hand-in-hand. You should be able to trust your browser to keep your online activity private.
  • Usability — Even if a browser is completely secure, it shouldn’t be slow, awkward, or buggy. 

What makes a web browser secure?

Secure browsers use many security tools and privacy features to keep you safe online. 


Sandboxing involves running an application in isolation. If malware infects the application, or if a piece of code wants to access secure parts of your device, it can’t do so without first escaping the sandbox.  

Browsers are a key entry-point for malware. Malicious websites run scripts that seek to damage your hardware and steal your data. 

A good browser loads websites in a sandbox. A sandbox ensures that, even if the browser lets malicious code run, that code will be restricted to the browser. 

HTTPS upgrading

HTTPS is the secure version of HTTP. A secure web browser automatically upgrades websites to HTTPS where possible, meaning that your connection to most sites will be private and encrypted.

HTTP is what makes most communication over the web possible. HTTP responds to user requests and transfers data from websites to users. HTTPS encrypts traffic flowing to and from a website, making it less prone to interception (so-called “man-in-the-middle attacks”). 

Not all sites have made the shift yet to HTTPS yet. But in October 2019, the proportion was around 80 percent

Active content protection

Active content lets your browser display audio and video integrated into web pages, It includes software based on Java, Adobe Flash, Silverlight, etc. 

Active content can enable certain elements of a web page to function properly — but it can be a security threat. Active content can act as malware: logging your activity, accessing sensitive parts of your system, or installing unauthorized software on your device.

Many browsers are stopping support for the use of plugins, particularly Adobe Flash. A secure browser should block most active content by default.

Phishing protection

Phishing is where someone tries to obtain another person’s sensitive information online by fraudulently earning their trust. 

Most browsers include some protection against a type of phishing called “domain spoofing,” where criminals set up fake websites to trick people into giving up their personal information. Effective domain spoofing protection prevents you from visiting fraudulent sites. 

A 2019 study by Venafi looked at the websites of 20 major online retailers to determine the extent of the domain spoofing problem. Venafi found that for every genuine web page belonging to these retailers, there were more than 200 fakes.

Tracking protection

Businesses harvest data about you by observing your online activity, IP address, and browsing history — even your bookmarks. Tracking protection guards your online privacy. 

Although privacy and security aren’t the same thing, they overlap in many respects.

Many secure browsers contain in-built ad and cookie blockers. Blocking ads matters for privacy. Advertisers can use technology such as cookies and web beacons to gather and collate large amounts of information about you.

Fingerprinting protection is also common in privacy browsers. Fingerprinting lets websites identify your device by observing its unique characteristics — much like the police might identify you by taking your fingerprint. Browsers can prevent this by blocking JavaScript.

How to stay secure online using any browser

Any of the secure browsers on our list will keep users safe online. And there are certain other techniques and privacy tools that will enhance privacy even further:

  • Incognito Mode — A private browsing window will mask your identity to some extent. It lets you browse without cookies, browsing history, or signed-in accounts for the length of that session.
  • Virtual Private Network (VPN) — Many VPN providers offer a browser add-on that lets you mask your IP address and location with a single click.
  • Ad-blocker — Ad blocking browser extensions stop pop-ups and ads to make your online experience faster, and also protect your privacy by blocking cookies and other trackers.

1. Brave: Best all-round secure browser

Brave browser lets you browse the web with security, privacy, and speed. 

Brave turns security settings up high. It uses Chromium, Google’s open-source browser, which integrates strong sandboxing techniques. Brave also features automatic HTTPS upgrading and turns off plugins by default.

Brave’s primary focus is privacy. It excels at blocking ads and tracking cookies — the main threats to online privacy. Brave even lets you open private browsing tabs using Tor for maximum protection.

Whereas most popular browsers allow you to install ad-blocker browser extensions, Brave blocks most automatically. Brave’s “Brave Shield” feature blocks ads, third-party cookies, and scripts with ruthless efficiency.

Brave browser 1

Brave Shields provides powerful protection against intrusive ads and tracking techniques.

This privacy-centric approach doesn’t impact on Brave’s functionality — its in-built ad-blocker is so efficient you’ll forget that third-party ads ever existed. In fact, Brave is faster than Chrome or Firefox because it blocks resource-hungry ads. 

Brave gets quick and regular updates, and its team are busy trying to ensure the browser is credible. But it’s an ambitious project, and occasionally the development team have had to trade some degree of privacy for functionality.

However, Brave is generally stable and bug-free. While blocking scripts and cookies can cause issues on certain sites, you can turn off Brave Shields easily. Brave provides a great user experience and should quickly become your favorite browser.


  • Strong security by design.
  • Maximum protection against online trackers.
  • Exceptionally fast and user-friendly.


  • Occasional bugs and controversial development choices

Is Brave browser secure?

Brave is secure by design and effectively shields you from online trackers. While some browsers provide maximum privacy at the expense of usability, Brave strikes a perfect balance between security, privacy, and functionality.

2. Tor Browser: Extremely private (but very slow)

Tor is, at its core, a network of volunteers that are dedicated to internet privacy. These volunteers run a network of around 7000 servers. Using the Tor network encrypts your web traffic three times — bouncing it across three relays, so it’s harder to track.

Tor Browser is a version of Mozilla Firefox that automatically routes web traffic through the Tor network. Tor Browser is the safest way to use Tor — in fact, the Tor Project team claim Tor Browser is the only safe way to use Tor (the team behind Brave might disagree).

Tor browser 1

Tor Browser even warns users against maximizing the browsing window for unparalleled privacy.

Tor Browser incorporates several security add-ons, including NoScript (which automatically blocks active content) and HTTPS Everywhere (which forces websites to upgrade to HTTPS). Its default search engine is the privacy-focused DuckDuckGo.

Tor Browser provides a highly private and secure online experience. But there’s a major drawback that makes it impractical for everyday use. Tor is extremely slow.

Tor Browser’s slowness is hardly surprising. After all — your web traffic is bouncing all over the world, and is triple-encrypted before it reaches its destination. But you’ll probably only want to use Tor when you’re doing something really secret online, like accessing the dark web.


  • Makes it near-impossible for anyone to spy on your web activity.
  • Incorporates some great security add-ons for additional privacy protection.
  • An important project to use and support if you care about online freedom.


  • Impractically slow for day-to-day use.

Is Tor browser secure?

Using the Tor network is the most secure method of browsing the web. And Tor Browser is the best way to access the Tor network. But while Tor Browser is secure and private, its unbearable slowness means you might not want to use it very often.

3. Epic Privacy Browser: Strong privacy through brute force

Anyone can have a small online footprint if they take certain precautions. Regularly clearing cookies, blocking ads and scripts, using a Virtual Private Network (VPN) — these are all effective ways to stay private online almost using any browser.

Epic Privacy Browser takes this one step further. It maintains a secure and private session every time a user browses the web, using the following methods: 

  • It routes all web traffic through a proxy server, so websites don’t see a user’s true IP address.
  • It automatically blocks trackers and cookies, including analytics and social media widgets.
  • It clears the browsing history at the end of each session.
Epic browser 1

Epic blocks intrusive cookies and plugins automatically.

All of this means that Epic Privacy Browser lacks much of the usability of many other browsers. And it’s not just clearing the history that makes it less user-friendly — Epic doesn’t allow add-ons, so users can’t enjoy password managers, mail checkers, or other conveniences.

This can cause bugs on certain websites — but Epic does let users turn off certain filters if they experience problems, which usually works.

Ultimately, Epic Privacy Browser provides an impressively smooth browsing experience, considering how much hard work it’s doing behind the scenes to hide its users’ activity. Epic could even a primary browser for people who are serious about privacy.


  • Reroutes web traffic through a VPN to hide user location.
  • Blocks all possible tracking methods.
  • Clears history automatically after each session.


  • Lacks the convenience and ease-of-use of a regular browser.

Is Epic Privacy browser secure?

Epic calls itself “the world's only private and secure web browser.” This nearly true. Tor Browser beats Epic on privacy, and Brave beats it on user-friendliness — but Epic Privacy Browser sits confidently between the two. It’s a good choice for anyone who wants true privacy without sacrificing too much convenience.

4. Mozilla Firefox: Private and profit-free

Mozilla Firefox is a great example of what open-source, community-based development can achieve. 

Firefox’s share of internet users has fallen in recent years, partly due to Chrome’s increasingly dominant market position — but it remains the second-most popular desktop browser in 2019

Up until recently, Firefox did not have a sandbox, leading to concerns about its security. However, Mozilla introduced sandboxing to Firefox in November 2018

More recently Mozilla has introduced crypto-jacking protection to its latest version, Firefox Quantum. This stops cryptocurrency miners from using Javascript to hijack your CPU. The latest versions of Firefox also provide protection against fingerprinting.. 

Like many browsers, Firefox displays a padlock icon to let you know whether your connection is secure. However, Firefox’s padlock icon is surprisingly subtle. It’s easy to miss that your connection is unsecured.

Mozilla Firefox browser 1

Firefox’s HTTPS indicator is easy to miss, leaving you potentially vulnerable.

This aside, Mozilla provides regular updates to Firefox, ensuring that any security flaws get patched quickly. If you’re seeking a private and secure browsing experience, combined with a quick and user-friendly interface, you should still consider Firefox.


  • Excellent privacy protection.
  • In-built crypto-jacking prevention.
  • Effective sandboxing technique.


  • A flaw in Firefox’s interface means you might miss unsecured connections.

Is Firefox secure?

Mozilla wants you to be “empowered, safe, and independent” online, and it takes every possible step to make Firefox private and secure. Firefox has and effective sandbox, regular updates, and built-in protection against intrusive practices. It’s also the last bastion against Chrome’s dominance of the web browser market.

5. Google Chrome: Seriously secure (but not private)

As of late 2019, Google Chrome has a 69 percent market share rate among desktop browsers. The main reason for this is that Chrome provides a smooth and user-friendly experience. 

Chrome gets fast and regular updates, uses a strong sandboxing method, and blocks Adobe Flash by default (Flash was previously a security weakness for Chrome). And if you stray onto an unsecured web page, Chrome makes sure you know about it.

Google Chrome browser 1

Chrome gives users a clear indication that they’re visiting an unsecured website.

Google ensures Chrome users are safe from malicious third parties who wish to access their system or spy on their internet activity. But Chrome users are still vulnerable to intrusive practices — from Google and its marketing partners,

Google makes no secret about its intention to gather as much data about the world as possible. Chrome is one of the tools Google uses to achieve this. This is perhaps why Chrome lets websites place tracking cookies on your device without impediment.

It’s possible to install add-ons and extensions to make your browsing more private. But these features aren’t available on Chrome by default — mostly because they would restrict Google’s ability to learn what you’re doing online.

If you don’t care about surveillance by Google and its partners, Chrome might be the best browser ever made. But if you believe that privacy and security are inseparable, Chrome is not a good choice.


  • Very few security vulnerabilities.
  • Interface displays a clear warning if you visit an unsecured web page.
  • Many add-ons available to improve privacy.


  • Lets Google track your online activity.

Is Google Chrome secure?

Google Chrome is updated frequently and employs cutting-edge secure browsing technology. It will do a great job of defending you against cybercrime. But it doesn’t defend you against intrusion by Google itself. If you’re concerned about keeping your online activity private, Chrome is not the browser for you.

6. Microsoft Edge: Strong phishing protection

Edge is Microsoft’s replacement for Internet Explorer. It’s not much of an improvement in terms of usability and design, but Edge is much more secure than Internet Explorer. 

Edge's Windows Defender SmartScreen does a great job of blocking malicious sites. In 2018, CA Security Council found that SmartScreen outperformed Google Safe Browsing in its independent phishing tests.

Microsoft Edge browser 1

Edge offers effective protection against phishing via its SmartScreen filter.

Edge has experienced some security issues. In 2017, for example, Microsoft introduced a back-end feature called Arbitrary Code Guard to prevent attackers loading malicious code into its memory space. The following year, however, Google’s Project Zero team found an exploit.

However, Edge runs smoothly and integrates well with Windows operating system. It receives regular updates. It’s not the best-looking or most user-friendly browser, but this may change when Edge switches to a Chromium engine.


  • Excellent phishing protection from Windows Defender SmartScreen.
  • Regular and quick updates.
  • Fast and lightweight.


  • Unattractive user-interface.

Is Microsoft Edge secure?

Although it’s not the best-looking browser available, Microsoft Edge is a major improvement on Internet Explorer in terms of security, offering the best protection against phishing. Edge is not likely to be many people’s first choice. But as the default browser in Windows, it’s reassuring that Edge is secure.

7. Safari: Secure, but not as secure as you might think

Safari is the default browser for macOS and iOS, and isn’t available as a standalone product. A Windows version was released in 2007, but it soon fell victim to various security issues and Apple discontinued it in 2012.

It might be surprising that Safari appears so far down our list of secure browsers. Apple’s well-earned reputation for good security and privacy practices suggest that Safari should be one of the most secure browsers available. But the reality is more complicated.

There have been many exploits of Safari. Apple promptly patches security vulnerabilities —  but nonetheless. they keep arising. As recently in March 2019, “white hat” (ethical) hackers managed to gain complete control of a Mac after escaping Safari’s sandbox.

Privacy activists also criticize Apple for prohibiting certain third-party ad-blockers and tracking protection extensions. Such browser extensions are an important way to stay private online. However, Apple argues that they interfere with Safari’s strong in-built privacy protection.

Safari’s privacy protection involves Intelligent Tracking Protection. This prevents websites from tracking users across sites and limits the duration of certain cookies to one day. Despite the controversy, Intelligent Tracking Protection is an innovative way to enhance privacy.

As is typical for Apple, Safari is very user-friendly. Users receive a clear warning when they visit an unsecured website, and also receive notification of whether the site owns an Extended Validation certificate (this is a good sign that a site is not a phishing website).


  • Innovative built-in tracking protection.
  • Keeps you away from unsecured websites.
  • Regular updates.


  • Questionable security record.
  • Incompatible with many privacy-enhancing browser extensions.

Is Safari secure?

Hackers have compromised Apple’s Safari browser several times. But Safari earns a place on our list for its innovative security and privacy features. Apple also provide frequent security patches, so Safari users are unlikely to have any issues so long as the browser is up-to-date.

Dishonorable mention: Microsoft Internet Explorer — The least secure web browser

Internet Explorer is not one of the most secure web browsers of 2019. It’s on this list because we need to warn you not to use it

Internet Explorer once had a staggering 95 percent of market share. But with less than 2 percent of people choosing Internet Explorer in 2019, its golden years are clearly over. 

Internet Explorer has had some deservedly bad press over the years. For example, Microsoft once left a known vulnerability for more than 600 days before patching it

And Internet Explorer is now less secure than it once was. Microsoft turned off Enhanced Protected Mode in IE 11 — reducing Internet Explorer’s ability to sandbox components and defend against certain attacks.

But most concerning of all is that Microsoft is neglecting Internet Explorer and pushing users towards its newer browser, Edge. In fact, Microsoft’s own security chief has warned people against the “perils” of continuing to use Internet Explorer

Internet Explorer browser 1

Microsoft makes no secret of the fact that it is phasing out Internet Explorer.

For an application to be secure, it requires regular updates. Microsoft hasn’t abandoned Internet Explorer completely. But it’s not Microsoft’s focus — and this means there’s no guarantee that updates will be effective or timely.


  • Still receiving security updates, however infrequent.


  • New features are not in active development.
  • Poor sandboxing capabilities.
  • Microsoft itself has advised against using it.

Is Internet Explorer secure?

Internet Explorer once ruled the web, but it’s now the least popular mainstream browser. Its security features are weak, and they won’t get any stronger. As Microsoft prepares to put the final nail in Internet Explorer’s coffin, there’s really no reason to use it.