Last week, social network Tea experienced a data breach that exposed personal information for its users. The dating safety app for women said at the time that "there is no evidence to suggest that current or additional user data was affected." However, 404 Media reports that the problem is bigger than originally stated. The site credits independent security researcher Kasra Rahjerdi, who found that content from the platform as recent as last week has been exposed.

Additionally, this source claims that the compromised information could allow hackers to view messages between Tea users. DMs might include other sensitive information, such as personal phone numbers, discussions of cheating and experience obtaining abortions. 

"As part of our ongoing investigation into the cybersecurity incident involving the Tea App, we have recently learned that some direct messages (DMs) were accessed as part of the initial incident," a spokesperson for the company told Engadget. "Out of an abundance of caution, we have taken the affected system offline. At this time, we have found no evidence of access to other parts of our environment." In addition, Tea said it will offer them free identity protection to users whose personal information was involved in the breach.

Tea's security issues come during a surge in popularity. The app allows women to anonymously share personal stories about their dating experience, with the intended goal of letting others know if the men they are meeting might be a risk to their personal safety, were engaged in catfishing, or were already in a relationship.

Update, July 29, 2025, 1:08PM ET: Added statement from Tea.

This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/data-breach-at-tea-reportedly-contains-images-and-dms-from-last-week-224823984.html?src=rss

©

© Apple App Store

Earlier this year, Google rolled out AI Mode to Search users in the US. Now, the notoriously inaccurate "tool" is coming to the UK. While Google's AI overviews have been available in the UK since last summer, AI Mode provides more conversational responses and fewer links to other pages. 

Google touts AI Mode as a more intuitive method for asking multi-part questions or follow-ups. It uses Google's Gemini 2.5 model to detail how-tos, compare products or plan a trip. Instead of searching for something under the "All" tab, users activate it by clicking "AI Mode" and issuing a prompt with text, voice or a photo. 

AI Mode uses something called a "query fan-out" technique, meaning it does "multiple related searches concurrently across subtopics and multiple data sources and then brings those results together." However, there's two issues: The possibility of hallucinations — which Google admits to — and a reduction in click through rates. Both have occurred with AI Overviews on Google Search.

A new Pew Research Center report found that users who receive an AI summary after their search click on a traditional result almost 50 percent less (8 percent of the time, compared to 15 percent). On top of that, only one percent of users clicked on the link provided within the AI summary. This pattern can cause problems both for website traffic and for ensuring that AI-generation information is accurate. 

This article originally appeared on Engadget at https://www.engadget.com/ai/google-searchs-ai-mode-is-rolling-out-in-the-uk-110011893.html?src=rss

©

© Google

The United Kingdom's Online Safety Act took effect on July 25th. Among other provisions, the new law makes websites responsible for protecting UK children from content deemed harmful, like pornography or the promotion of eating disorders. This has resulted in many of the most-used websites, including Pornhub, X and Reddit, either putting up or planning to put up age verification barriers to restrict access by minors.

Age-restricting laws put broadly popular websites in a difficult position. Sites like Reddit that rely on user-generated content have no good way of making sure nobody under 18 ever sees restricted material anywhere on the platform, so it's usually simpler to just ban minors altogether. But this creates a knock-on problem: underage users relying on unvetted free virtual private networks (VPNs) to get back on their favorite platforms.

UK residents are using VPNs to change their apparent locations to other countries and circumvent the Online Safety Act. In the few days since the law went into force, five of the 10 most-downloaded free apps in the UK have been VPNs. We like two of the five, Proton VPN and NordVPN, but NordVPN does not have a free plan — just a seven-day free trial, after which you have to pay. The other three are unvetted, untested and suspiciously generic (VPN Super Unlimited Proxy, FreeVPN.org and Unlimited VPN Proxy).

When you use a VPN, all your web traffic goes through one of the VPN's servers before moving on to its ultimate destination. Every time you connect, you're trusting the VPN not to abuse its access to your information, and some VPNs unfortunately abuse that trust. A free VPN is generally safe if it's supported by paid subscriptions, like Proton is. If there is no paid tier, or the free tier comes with no restrictions, you have to ask yourself where the money is coming from. 

The saying that "if the product is free, then the real product is you" holds true here. For example, Hola VPN admits in its terms of service that its sister company Bright Data can sell free users' residential IPs as proxy servers, and Hotspot Shield was the subject of an FTC complaint in 2017 that charged it with providing personally identifiable information to advertisers. And one of the services on the UK's top 10 list, FreeVPN.org, has no address on its website and a frighteningly sparse privacy policy.

Malware is the other significant risk. A 2016 study analyzed 283 Android apps with VPN capability, and found malware in 38% of them. Nor has the threat diminished in the 10 years since — just this year, threat analysts at CYFIRMA reported on a free VPN shared on GitHub being used as a malware vector. 

In the end, a fully free VPN has no real reason to protect you or your rights, and every incentive to milk you for profit. Whatever you choose to do with a VPN, make sure you're picking one that will keep you save without exploiting you. Green flags include a clear pricing structure, audits from independent firms in the last three years, a specific physical location on the VPN's website and a thorough privacy policy. Some trustworthy free VPNs include the aforementioned Proton VPN, plus hide.me, TunnelBear and Windscribe.

This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/vpn/vpns-are-booming-in-the-uk-after-age-restriction-laws-but-free-options-carry-big-risks-060036636.html?src=rss

©

© Steve Dent for Engadget

Microsoft is implementing an age verification system on Xbox accounts to comply with the UK's Online Safety Act, and in a new blog post announcing the move, the company suggests it'll come to other countries, too. 

Players in the UK who indicate on their account that they're 18 years or older will now "begin seeing notifications encouraging them to verify their age," Microsoft says. The process is optional for now, and players will be able to enjoy playing Xbox games until "early 2026," when verification will become mandatory to "retain full access to social features on Xbox, such as voice or text communication and game invites." If you don't verify, you'll still be able to make purchases, play games and earn achievements, but social features will be limited to your friends.

Microsoft says its hopes to learn from its UK program, and "roll out age verification processes to more regions in the future." The company cautions that the version it introduces in other regions might look different than the "proof of government-issued ID, age estimation, mobile provider check and credit card check" options it's offering in the UK, but age verification will be the norm.

The UK's Online Safety Act was signed in to law in 2023 to ban nonconsensual deepfake porn and create rules preventing children from being exposed to adult content. As regulators have defined ways companies can comply with the law, implementing an age verification system has become the solution most platforms that host adult content have settled on. That's why Microsoft, Bluesky, Reddit, Discord and others have announced age-verification programs in the last few months.

The problem is, no age verification system is foolproof, and in some cases all they take is a photo to circumvent. The Verge reports you can fool Reddit's age gate with the photo mode in Death Stranding 2: On the Beach, for example. Using a VPN has also proven to be a way to get around age verification tools. If companies take Microsoft's approach and introduce age verification in more regions, it might get harder to avoid, but widespread adoption has privacy and security implications of its own.

This article originally appeared on Engadget at https://www.engadget.com/big-tech/microsoft-plans-to-bring-xbox-age-verification-to-countries-outside-of-the-uk-201953614.html?src=rss

©

© Microsoft

Google just announced a neat little feature for its Chrome web browser. It'll now show AI-generated reviews of online stores, to make buying stuff "safer and more efficient."

The feature is available by clicking an icon just to the left of the web address in the browser. This creates a pop-up that spills the tea about the store's overall reputation, with information on stuff like product quality, pricing, customer service and return policy. The AI creates these pop-ups by scanning user reviews from various partners, including Reputation.com, Reseller Ratings, ScamAdviser, Trustpilot and several others.

Google

It's only for US shoppers at the moment, with English being the only language available. It's also currently tied to the desktop browser. We've reached out to Google to ask if and when the feature will come to mobile. The company didn't confirm anything when asked a similar question by TechCrunch.

This could help Google compete with Amazon, which already uses AI to summarize product ratings and the like. This is just the latest move the company has made to cram AI into the shopping experience. Google recently introduced the ability to virtually try on clothing and makeup and it has been developing tools to provide personalized product recommendations and improved price tracking.

This article originally appeared on Engadget at https://www.engadget.com/ai/chrome-will-now-display-ai-reviews-of-online-stores-190032205.html?src=rss

©

© Unsplash/Rubaitul Azad

The US Senate has granted the Internet Archive federal depository status, making it officially part of an 1,100-library network that gives the public access to government documents, KQED reported. The designation was made official in a letter from California Senator Alex Padilla to the Government Publishing Office that oversees the network. "The Archive's digital-first approach makes it the perfect fit for a modern federal depository library, expanding access to federal government publications amid an increasingly digital landscape," he wrote. 

Established by Congress in 1813, the Federal Depository Library Program is designed to help the public access government records. Each congressional member can designate up to two libraries, which include government information like budgets, a code of federal regulations, presidential documents, economic reports and census data. 

With its new status, the Internet Archive will be gain improved access to government materials, founder Brewster Kahle said in a statement. "By being part of the program itself, it just gets us closer to the source of where the materials are coming from, so that it’s more reliably delivered to the Internet Archive, to then be made available to the patrons of the Internet Archive or partner libraries." The Archive could also help other libraries move toward digital preservation, given its experience in that area. 

It's some good news for the site which has faced legal battles of late. It was sued by major publishers over loans of digital books during the Coronavirus epidemic and was forced by a federal court in 2023 to remove more than half a million titles. And more recently, major music label filed lawsuits over its Great 78 Project that strove to preserve 78 RPM records. If it loses that case it could owe more than $700 million damages and possibly be forced to shut down. 

The new designation likely won't aid its legal problems, but it does affirm the site's importance to the public. "In October, the Internet Archive will hit a milestone of 1 trillion pages," Kahle wrote. "And that 1 trillion is not just a testament to what libraries are able to do, but actually the sharing that people and governments have to try and create an educated populace."

This article originally appeared on Engadget at https://www.engadget.com/general/internet-archive-is-now-an-official-us-government-document-library-123036065.html?src=rss

©

© SOPA Images via Getty Images

Intel provided more detail about the scope of its planned job cuts and other business changes while sharing its second-quarter earnings results. Reports in April suggested that Intel could eliminate around 20 percent of its staff in a restructuring plan. Today, the chipmaker said it anticipates having a core workforce of 75,000 employees by the end of 2025, down from 99,500 at the start of the year.

The numbers are even more dramatic when considering the company's downsizing efforts as a whole. This time last year, the chipmaker employed 116,500 across the globe, not including workers at its subsidiaries, and that number has fallen precipitously since. As of June 28, the company had 96,400 workers, meaning it's planning a reduction of more than 20,000 employees over the second half of the year.

These cuts are part of the company's current goal to bring its non-GAAP operating expenses down to $17 billion this year, then to $16 billion at the end of 2026. The effort to rein in spending is also leading Intel to abandon some previously announced expansions. The business will no longer embark on new projects in Germany and Poland, and it said it will consolidate its Costa Rican testing and assembly operations into existing efforts in Vietnam and Malaysia. Finally, it will also "slow the pace" of its stateside growth at a construction site in Ohio.

"Our operating performance demonstrates the initial progress we are making to improve our execution and drive greater efficiency," said Lip-Bu Tan, who has been forthright about his plans to downsize since assuming the CEO title in March. Tan was brought in to replace Pat Gelsinger in an effort to turn around Intel's business following a long, slow slide into financial trouble.

Update, July 25, 3:30PM ET: This story has been updated multiple times since publish to provide more context around the layoffs. The employment numbers were also simplified by removing some mentions of employees at Intel subsidiaries.

This article originally appeared on Engadget at https://www.engadget.com/big-tech/intel-confirms-it-will-cut-a-third-of-its-workforce-by-the-end-of-2025-215014365.html?src=rss

©

© REUTERS / Reuters

Google's latest AI adventure is a new option for search. Web Guide is a new way that Google will organize search results based on analysis by a dedicated version of its Gemini artificial intelligence tool. The claim in the announcement is that AI can help surface the most relevant content, but it could also be a new way for Google to control what websites get prime billing in results. 

In the graphic shared alongside the blog post announcing this Search Labs experiment, the company showed clusters of results to the query "how to solo travel in Japan." Web Guide displayed a few hits each under different headers, such as "Comprehensive Guides for Solo Travel in Japan," "Personal Experiences and Tips from Solo Travelers" and "Safety and Destination Recommendations," with an option to reveal more for each grouping. It does seem to provide some AI-generated summaries at the top of each heading, but at least with this example, there are fewer instances of copy/pasting another publication's words wholesale.

Web Guide has some similarities to Google's AI Mode, which looped artificial intelligence more tightly into the search experience. The presence of AI Mode for all US users has already prompted outcry from publishers; News/Media Alliance called it "theft." Pew Research Center recently issued a report confirming that the presence of an AI summary at the top of a search led to fewer people clicking through to read published content from a source. The group's survey of 900 adults who shared their browsing history revealed that for users who did not see an AI summary, 15 percent of them clicked on a link from search results and 16 percent ended their browsing session. In contract, only 8 percent of users who saw an AI summary clicked a link in the search results, and 26 percent ended their browsing session. And while Google has been working to improve their accuracy, let us never forget that those AI-penned summaries once gave us glue pizza.

It's too early to know if Web Guide will encourage more people to actually visit and support sites other than Google. For now, it's only available for opted-in users in the Web tab for search, but it will appear elsewhere down the line. Given that Google is already in the legal dog house for anticompetitive behavior with its search business, it should be interesting to see how this latest AI rollout goes.

This article originally appeared on Engadget at https://www.engadget.com/ai/google-will-use-ai-to-organize-search-results-with-web-guide-191135024.html?src=rss

©

© Reuters / Reuters

Since last June, when DuckDuckGo introduced AI Chat, you've been able to use chat bots like Claude directly through the browser. Now the company is making it easier to tweak the system prompts of those AI models while retaining your privacy. For the uninitiated, system prompts are a set of instructions given to a chat bot at the start of a conversation to guide things along. Often they'll set the tone of the dialogue, and can sometimes cause a chat bot to be overly sycophantic as was the case with GPT-4o this past March. 

Both Anthropic and OpenAI give users a way to customize the responses of their respective chat bots, but if you don't know where to look for those settings, they can be tricky to find. DuckDuckGo's new system setting is available directly through Duck.ai's prompt bar and works a bit differently. Whatever customization you add is appended to the default system prompt for each model you chat with, meaning you don't need to set them independently of one another. Moreover, your tweaks are stored locally on your device, with no data being sent to Anthropic, OpenAI or any other model provider. It's a small addition, but if you use Duck.ai to compare the responses between different models, now you'll get more consistency in tone.

This article originally appeared on Engadget at https://www.engadget.com/ai/duckduckgo-now-lets-you-customize-the-responses-of-its-duckai-chatbots-151521930.html?src=rss

©

© DuckDuckGo

DuckDuckGo is making it easier to wade through some of the AI slop that has taken over the internet in recent months. This week, the company introduced a new filter for removing AI-generated images from search results. The next time you use the browser, you'll see a new dropdown menu titled "AI images." From there, you can set whether you want to see AI content or not. 

The filter relies on manually curated open-source block lists maintained by uBlockOrigin and others. According to DuckDuckGo, the filter won't catch every AI-generated image out on the internet, but it will greatly reduce how many you see. The company says it's working on additional filters.  

You'll notice the example DuckDuckGo uses to demo the feature in the GIF it provided involves a search for images of a "baby peacock." That's not by accident. People first started noticing how much Google Search results had been overrun by AI slop about a year ago, and one of the worst examples was any query involving the showy birds. Google has since addressed the situation somewhat, but AI slop in search results remain a problem on the platform. So it's good to see DuckDuckGo adopt a simple but effective solution to the issue. 

This article originally appeared on Engadget at https://www.engadget.com/ai/duckduckgo-now-allows-you-to-filter-out-ai-images-in-search-results-144326213.html?src=rss

©

© DuckDuckGo

Uber is investing hundreds of millions of dollars in Nuro and Lucid, the latest step in the company’s plan to build an extensive robotaxi program that can roll out globally. Uber’s partnership with EV manufacturer Lucid will see it deploy at least 20,000 of the Newark-based company’s vehicles over a period of six years. These will be equipped with the AI-powered Nuro Driver autonomous technology. The vehicles will be owned and operated by Uber or one of its third-party partners, and the service will be exclusive to Uber users.

The robotaxi service is expected to launch in late 2026 in an unnamed "major US city," and Uber said that a prototype of an operational autonomous Lucid-Nuro vehicle is currently being tested on a closed circuit at a Nuro facility in Las Vegas. According to the new partners, the robotaxi will benefit from the Lucid Gravity SUV’s "advanced technology platform, redundant electrical and controls architectures, and long range," with the latter estimated to be around 450 miles.

Nuro will be responsible for overseeing the extensive safety checks. These range from simulations to on-road testing and are marked on "dozens" of categories. The approved Lucid Gravity robotaxi will operate at level 4 autonomy, which essentially makes it almost fully self-driving and able to perform the majority of its functions without any human intervention.

Uber has spent much of this year expanding its robotaxi ambitions through various team-ups with the likes of Volkswagen and British AI company Wayve, with whom it plans to bring robotaxis to the UK for the first time next year. Back in March, Uber launched its robotaxi service with Waymo in Austin, building on the existing offering in Phoenix, Los Angeles and San Francisco. Waymo One covers 37 square miles of the city, and Uber users can ride in one by ordering an UberX, Uber Green, Uber Comfort or Uber Comfort Electric.

Earlier this week, Uber also announced a new partnership with China-based Baidu, which will see the two companies bring Baidu’s Apollo Go autonomous vehicles to mainland China and other non-US (no surprise there) markets around the world.

This article originally appeared on Engadget at https://www.engadget.com/transportation/evs/ubers-latest-robotaxi-plan-involves-20000-lucid-evs-145943920.html?src=rss

©

© Uber/Lucid

Jack Dorsey has been back in the news lately after unveiling a pair of new apps he worked on, Bluetooth-based messenager Bitchat and UV exposure tracker Sun Day. The Block CEO put those together under the auspices of a new development collective called "and Other Stuff," a nonprofit that he is backing with a $10 million cash injection through his StartSmall foundation, as TechCrunch reports.

The group plans to work on open-source projects, including ones that could become consumer social media apps, along with app-development tools. The developers met on Nostr, a social networking protocol Dorsey has also backed financially. 

The "and Other Stuff" collective aims to support Nostr's "transition from an experimental protocol to a widely adopted, sustainable ecosystem through collaborative growth and funding." In addition to Nostr projects, the collaborators plan to experiment with building tools based on the likes of ActivityPub — which powers Mastodon — and Cashu. That e-cash platform's creator, dubbed Calle, is part of the "and other Stuff" team alongside Twitter’s first employee, Evan Henshaw-Plath.

The projects that "and Other Stuff" has worked on so far include voice note app heynow, a private messenger app called White Noise and social community +chorus. They have also created Shakespeare, which is designed to help developers build Nostr-based social apps with AI.

Dorsey has long fostered an interest in open-source protocols. In 2019, during his second stint as Twitter CEO, the company set up a team that was tasked with forming an open, decentralized standard for social media. Dorsey had hoped to eventually shift Twitter onto that protocol, but of course that didn't pan out. Instead, Twitter spun out that project — Bluesky — as a public benefit corporation in 2022. Last year, after leaving Bluesky's board, Dorsey claimed that the team there was "literally repeating all the mistakes" he made while running Twitter such as, uh, setting up moderation tools (which are, in reality, a critically important aspect of any successful social platform).

On an episode of Henshaw-Plath's new podcast, Dorsey reiterated a point he had made previously, that Twitter was beholden to advertisers (an issue that X is contending with under Elon Musk's ownership). "It’s hard for something like [Twitter] to be a company, because you have corporate incentives when it wants to be a protocol," Dorsey said. "If [Twitter] were an open protocol, if it were truly an open project, you could build a business on top of it, and you could build a very healthy business on top of it."

He was also once again critical of Bluesky's structure, adding that, "I want to push the energy in a different direction... which is more like Bitcoin, which is completely open and not owned by anyone from a protocol layer. That’s what I see in Nostr as well. That’s where I want to push my energy... rather into the more corporate direction, even if it is a public benefit corporation."

This article originally appeared on Engadget at https://www.engadget.com/social-media/jack-dorsey-backs-an-open-source-development-collective-with-10-million-140052825.html?src=rss

©

© revolution.social

TikTok is in more regulatory hot water. Only a couple of months after it slapped TikTok with a hefty fine over data transfers to China, Ireland’s Data Protection Commission (DPC) is opening a fresh investigation into the platform. 

During the previous probe, TikTok claimed that European Economic Area (EEA) user data was stored on servers outside China. It said that TikTok staff in China accessed such data remotely. The DPC concluded the investigation on April 30 and fined TikTok 530 million euros ($620 million at current exchange rates). But that investigation and subsequent penalty didn't take into consideration any storage of EEA users data stored on server in China.

However, earlier in April, TikTok informed the DPC it discovered in February that "limited EEA user data" had been stored on servers in China after all, though it claimed that it had deleted the information. This revelation, which the DPC said "is contrary to TikTok’s evidence to the previous inquiry," prompted the latest investigation. The DPC is seeking to determine whether TikTok has breached the European Union's General Data Protection Regulation.

TikTok, like many other major tech enterprises, has its European headquarters in Ireland. As such, the DPC is the EU's primary regulator for the platform.

This article originally appeared on Engadget at https://www.engadget.com/big-tech/eu-regulators-are-once-again-investigating-tiktok-over-data-transfers-to-china-124658844.html?src=rss

©

© ASSOCIATED PRESS

OpenAI is said to be almost ready to unleash its own web browser, which could be out in the wild within weeks. According to Reuters sources, the company is aiming to more deeply integrate its services into users’ work and personal lives, and the browser is part of that strategy (as is its push into hardware). Naturally, the browser is slated to have a ChatGPT-style chatbot baked in.

OpenAI is reportedly looking to use the browser to capture more user data — a strategy that has worked out to Google's benefit with Chrome. The browser is also expected to have agentic AI features such as Operator, which are billed as tools that can carry out actions (such as booking reservations) on a user’s behalf. Having direct access to information like web browsing data may make it easier for OpenAI to pull that off.

The browser is said to be designed to keep many interactions within an AI chatbot interface rather than directing users to websites. As with Google’s AI Overviews, this could dissuade people from clicking through to the sources of information that the likes of ChatGPT rely on, potentially depriving website operators of valuable traffic.

If OpenAI does start offering users access to its own browser, it would be following Perplexity, which released a browser with agentic AI functions on Wednesday. That browser, Comet, is currently only available to those with a $200 per month Perplexity Max subscription. Opera also released a "fully agentic" browser back in May.

While ChatGPT has more than 500 million weekly active users that OpenAI can market Its browser to, the company will face a tough battle if it truly wants to challenge Chrome, which is estimated to have more than 3 billion users. As it happens, OpenAI’s browser is reportedly built on Chromium, Google’s open-source code on which Chrome, Comet, Microsoft Edge and Opera run. Reports last year suggested that OpenAI may build its own browser after hiring two former Google execs who helped create Chrome.

Google has long tapped into data garnered through Chrome to help with ad targeting. However, the Department of Justice late last year said it wanted Google to sell off Chrome. A judge ruled earlier in 2024 that Google was a "monopolist" in the search sector and that it violated the Sherman Act (Google plans to appeal the ruling). OpenAI has said that were Google forced to sell off Chrome, it would be interested in snapping up the world's most popular browser.

This article originally appeared on Engadget at https://www.engadget.com/ai/openais-own-web-browser-could-arrive-within-weeks-120039766.html?src=rss

©

© REUTERS / Reuters

Everyone’s been hit with a bitingly pass-agg "?" text after waiting just a bit too long to reply. And you might soon get similar (though likely more upbeat) treatment from AI chatbots you’ve previously engaged with on Meta platforms like Instagram or WhatApp. A new report from Business Insider claims that the Mark Zuckerberg-owned company is trialling a proactive feature in customizable chatbots created using its no-code AI Studio software, that will enable them to send unprompted follow-up messages based on previous conversations.

Known internally to data labeling firm Alignerr as "Project Omni", the training project will "provide value for users and ultimately help to improve re-engagement and user retention," according to guidelines in the documents BI claims to have seen. Meta advertises AI studio as a platform where "anyone can create an AI character based on their interests" and encourages creators to view the bots as an AI extension of themselves. You can customize a chatbot’s appearance, choose the content it’s trained on and decide which Meta-owned application you want it to appear in, all without "any technical expertise."

According to the BI report, Alignerr’s Project Omni guidelines use the example of a film-focused AI bot it calls "The Maestro of Movie Magic" that might send a user message such as: "I hope you're having a harmonious day! I wanted to check in and see if you've discovered any new favorite soundtracks or composers recently. Or perhaps you'd like some recommendations for your next movie night? Let me know, and I'll be happy to help!"

As BI notes, there is a business incentive for Meta to keep people engaged with its chatbots. Prolonged engagement is vital for increasing revenue, and this year Meta expects to bring in $2 billion to $3 billion from its generative AI products alone. By 2035, the company estimates that figure could be as high as $1.4 trillion. Those kinds of forecasts will only be possible if its AI tools are being used consistently, so a friendly reminder from a chatbot every now and then feels like an obvious move.

The proactive messages are currently still just a test feature. And while it definitely feels like remembering conversations and initiating new ones without invitation is approaching a user consent gray area, a Meta spokesperson told BI that the AI will only send a follow-up message if a user has first initiated the conversation, and it won’t send another message if the first one is ignored. Responses must also be consistent with the AI’s personality and the nature of the previous conversation, maintaining a positive tone while staying away from controversial or sensitive topics unless the user themself has mentioned them.

Last month, Meta started warning its users not to share intimate details in Meta AI’s public feed after it emerged that a large number of users appeared to be doing so unwittingly.

This article originally appeared on Engadget at https://www.engadget.com/big-tech/meta-is-reportedly-training-its-ai-chatbots-to-send-unprompted-messages-143229039.html?src=rss

©

© Reuters / Reuters

You can add Perplexity to the growing list of AI companies offering $200+ per month subscription plans to users who want unlimited access to their most advanced products and tools. As of today, Perplexity Max is available on iOS and the web. 

The subscription comes with unlimited monthly usage of Labs, the agentic creation tool Perplexity released this past May. People can use Labs to generate spreadsheets, presentations, web applications and more. Perplexity is also promising early access to new features, including Comet, a new web browser the company claims will be a "powerful thought partner for everything you do on the web." The company adds Max subscribers will receive priority customer support, as well as access to top frontier models from partners like Anthropic and OpenAI.     

Perplexity will continue to offer its existing Pro plan, which remains $20 per month. Admittedly, the company is courting a small demographic with the new subscription, noting it's primarily designed for content designers, business strategists and academic research.  

OpenAI was the first to open the floodgates of very expensive AI subscriptions when it began offering its ChatGPT Pro plan at the end of last year. Since then, Anthropic, Google have followed suit. 

This article originally appeared on Engadget at https://www.engadget.com/ai/perplexity-joins-anthropic-and-openai-in-offering-a-200-per-month-subscription-191715149.html?src=rss

©

© Perplexity

The software used by EU border security forces to prevent undocumented immigrants and suspected criminals from travelling in the region is allegedly riddled with holes and vulnerable to cyber attacks. The Second Generation Schengen Information System (SIS II) is an IT system and database shared between most EU states for law enforcement and public security purposes. And according to a new collaborative report between Bloomberg and investigative non-profit Lighthouse Reports, SIS II — which has been used since 2013 — is plagued with "thousands" of cybersecurity issues, to the extent that an EU auditor flagged them to be of "high" severity in a report filed last year.

The report notes that there is no evidence of any data theft, but the "excessive number" of accounts that unnecessarily have access to the database means it could be fairly easily exploited. During its initial rollout, SIS II’s major additions included fingerprint technology and photographs in alerts, and in 2023 the software was updated with upgraded data and enhancements to its existing functionality, including the ability to signal when someone has been deported from a country. Bloomberg reporters spoke to Romain Lanneau, a legal researcher at an EU watchdog called Statewatch, who warned that an attack would be "catastrophic, potentially affecting millions of people."

Right now SIS II operates within an isolated network, but will soon be rolled into the EU’s Entry/Exit system (EES), which will make registering biometric details a requirement for individuals travelling to Schengen-associated areas when it comes into effect, likely later this year. As the EES will be connected to the internet, a hack on the SIS II database will become significantly easier.

Bloomberg and Lighthouse note that while most of the SIS II system’s estimated 93 million records pertain to objects such as stolen vehicles, there are around 1.7 million linked to people. It adds that people usually aren’t aware that their details are logged in the database until law enforcement gets involved, so if the information was leaked, wanted individuals may find it easier to evade the authorities.

SIS II’s development and maintenance is managed by a Paris-based contractor called Sopra Steria. According to the report, as vulnerabilities were reported, they took between eight months and upward of half a decade to resolve. This is despite it being contractually obligated to fix issues deemed to be of critical importance within two months of releasing a patch.

A spokesperson for Sopra Steria did not respond to Bloomberg regarding the detailed list of allegations concerning SIS II’s security holes, but said in a statement printed in the report that EU protocols had been adhered to. "As a key component of the EU’s security infrastructure, SIS II is governed by strict legal, regulatory, and contractual frameworks," it said. "Sopra Steria’s role was carried out in accordance with these frameworks."

EU-Lisa, the EU agency that oversees large-scale IT systems like SIS II, regularly farms out duties to external consulting firms as opposed to building its own in-house tech, according to the investigation. The audit accused the agency of not informing its management about security risks that had been flagged, to which it responded by saying that all systems under its management "undergo continuous risk assessments, regular vulnerability scans, and security testing."

This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/the-eus-border-security-software-is-reportedly-full-of-holes-162033816.html?src=rss

©

© REUTERS / Reuters

When we say that NordVPN is a good VPN that's not quite great, it's important to put that in perspective. Building a good VPN is hard, as evidenced by all the shovelware VPNs flooding the market. NordVPN may not be perfect, but it's easily top-five caliber and excels in certain use cases.

First, the bad: NordVPN's apps could all stand to undergo a little more quality control, with elements distracting from other elements and inconsistent designs from platform to platform. At least one of its FAQ pages directly contradicts itself. And while all the server locations could unblock Netflix, the one in Nigeria still showed U.S. content, indicating that our real location might have leaked.

However, there's a lot of good to balance that out. Speeds are fantastic and we saw no other hint of any kind of leak. Its server network is expansive and not overly reliant on virtual locations. The vast majority of servers are ideal for unblocking foreign websites. The real draw, though, is the extra features, including the innovative and flexible Meshnet, plus a malware blocker that acts more like a full antivirus and forward-looking quantum resistant encryption.

Findings at a glance

Check out a summary of our NordVPN review in the table below.

Category	Notes
Installation and UI	Connections happen quickly and features are easy to use on all platforms UI sometimes gets in the way; map screens can be clunky and apps come with unnecessary notifications Surprisingly, the best UI may be in the browser extension
Speed	Extremely fast download speeds with only a 6.4-percent average drop Good latencies on nearby servers, but farther ones have some lag Fast upload speeds, but losses spiked in a few locations
Security	Uses acceptable protocols with uncracked encryption NordWhisper obfuscated protocol recently implemented on Windows, Android and Linux No DNS, WebRTC or IPv6 leaks on five test servers
Pricing	Best plan is the 2-year Basic for $81.36, or $3.39 per month Basic gives you the complete VPN If you get a multi-year plan, be sure to manually renew in order to keep the promotional rates
Bundles	Plus tier adds advanced malware protection and NordPass password manager Complete plan adds NordLocker cloud storage Prime tier adds ID theft protection and insurance features
Privacy policy	NordVPN does not log user activity on the VPN, a policy backed up by several third-party audits However, it does log potentially identifiable device information unless you opt out in settings Some concerning liberties taken in the overall Nord policy, but no documented malfeasance
Virtual location change	Four out of five test servers unblocked Netflix three times running, including virtual India location Location in Nigeria got into Netflix, but didn't change available titles
Server network	153 server locations in 117 countries and territories Server network is about 40 percent virtual, including all locations in Africa
Features	Extra servers grant additional privacy (double VPN, Onion over VPN, obfuscation) or specific optimizations (P2P, dedicated IP) Meshnet directly connects two devices without a NordVPN server mediating Threat Protection blocks dangerous domains and the Pro upgrade has some antivirus capability Dark Web Monitor reports to you when any sensitive information has appeared on clandestine leak sites Presets let you activate several settings with one clickPost-quantum encryption is nice, but not necessary yet Kill switch is a useful safety feature on all appsSplit tunneling by app on Windows and Android, and by URL on browser extensions
Customer support	Written FAQs, live chat and email support Live chat connected to an expert human within a minute FAQs are poorly organized and contain some conflicts, but well-written on average
Background check	NordVPN is headquartered in Panama, while its parent company Nord Security is based in the Netherlands 2018 theft of public keys was a mistake, but NordVPN did almost everything right in response Claims of law enforcement collaboration are overblown — NordVPN will comply with requests, but that doesn't mean they'll have information to provide

Installing, configuring and using NordVPN

NordVPN's biggest strengths are its speeds and the range of options it puts at your fingertips. User experience is important, but it's not quite as front-and-center as it is with ExpressVPN and Proton VPN. Here's how the apps run on all the major platforms.

Windows

The Windows app is the first instance of NordVPN's UI being not bad enough to complain about, but not good enough to be considered excellent. The initial connection process is a little slow, and it's far easier to connect than it is to disconnect (click the power button while connected to shut the VPN off). The map takes up space that would have been better allocated to the server list.

Sam Chapman for Engadget

The minor problems continue in the settings list, which makes the mistake of not keeping all its tabs visible in the window — if you open one, you have to click back to the main menu to reach another page. The pages themselves are easy to use; it's just a bit clunkier than it could have been.

Mac

Setup is swift and easy on Mac, but the full NordVPN interface is a little awkward. The vast majority of the main window is taken up by a large map, which is mostly useless. There's no way to zoom out to see the whole world, and you can't choose between servers in each country unless you zoom way in. The server list on the left-hand side is almost always more useful.

Sam Chapman for Engadget

The preferences panel is better. All the tabs come with clear explanations of their function, and are laid out so the menu is always visible, unlike the Windows app. The gear icon at the bottom includes its own set of tabs that encompass most of the common functions, including changing your VPN protocol, activating the kill switch and setting the VPN to automatically connect on untrusted networks.

Android

NordVPN on mobile can be described in much the same way as its desktop apps: generally great, occasionally getting in its own way. On Android, the map screen is much more helpful. It's expandable to the entire world and allows you to choose between servers within a country. On the other hand, the important settings are buried in the Profile tab, and the app notifies you about your "security score" to pressure you into activating certain settings.

Sam Chapman for Engadget

To find the general settings page on Android, tap the bottom-right Profile tab and scroll down. Except for Threat Protection, which has its own tab on the main window, every feature is located here. It's probably necessary to keep the main app from getting cluttered, but still mildly frustrating.

iOS

The NordVPN iOS app resembles a compressed version of the macOS client, for better or worse. As with Android, most of its features are in the bottom-right Profile tab. It works well most of the time, but often feels slightly cumbersome. There's a bit too much on the screen, and a bit too much of the stuff has nothing to do with the VPN's core function.

Sam Chapman for Engadget

As an example, you can't log into your account within the app — you have to load your Nord account page in a web browser. Forced app switching is a design choice that truly needs to die. That said, VPN connections happen quickly. If you tend to simply leave your VPN active, you probably won't notice any of this stuff.

Browser extensions

Most VPN browser extensions consist of the same features on a smaller scale, and NordVPN's — on Chrome, Firefox and Edge — are no exception. They are important for one reason, though: they're the only way to split tunnels by URL and the only split tunneling at all on macOS and iOS. Despite being more compact, they're also easy to use, making for an excellent quick-start VPN solution.

Sam Chapman for Engadget

NordVPN speed test

All VPNs slow down your average browsing speeds by adding extra steps into the connection process. When we test speed, we're looking for the VPN to drag as little as possible on your unprotected speeds. Download speed will be the most important stat for most users, since that determines how fast web pages load and how quickly videos can buffer.

Latency is important for live connections like video chats, games and live streaming. Latency increases with distance — in the test below, data packets were sent to the remote server, then back to our home network. Upload speeds likewise influence your live two-way communications and are also vital for torrenting. Let's see how NordVPN performs on all three metrics.

Server location	Latency (ms)	Increase factor	Download speed (Mbps)	Percentage drop	Upload speed (Mbps)	Percentage drop
Unprotected (Portland, OR, USA)	22	--	59.20	--	5.86	--
Seattle, WA, USA (Fastest)	44	2x	57.21	3.4	5.62	4.1
New York, NY, USA	177	8x	56.90	3.9	5.60	4.4
Stockholm, Sweden	371	16.9x	55.94	5.5	5.63	3.9
Istanbul, Turkey	411	18.7x	53.02	10.4	5.78	5.9
Hong Kong	350	15.9x	56.18	5.1	5.72	2.4
Johannesburg, South Africa	602	27.4x	53.26	10.0	5.67	3.3
Average	326	14.8x	55.42	6.4	5.54	4.0

To summarize: NordVPN's download speeds are the fastest we've seen and its upload speeds and latency tie with the best. Downloads only dropped by an average of 6.4 percent across the globe and readings were mostly consistent — the servers in question performed much the same in each test. We even threw in Turkey and South Africa, two locations that commonly cause problems, but NordVPN still kept the drop to 10 percent.

Sam Chapman for Engadget

Latency is more a product of physical distance than VPN infrastructure, but you can still see differences between services. When tested on a similar range of locations, ExpressVPN and Proton VPN both kept average latencies under 300 ms. NordVPN's average came out to 326 milliseconds, though we should note that its latency increased less than Proton's on the closest server.

Upload speeds declined an average of four percent, but there were a few anomalously high readings in Istanbul that skewed those numbers up. Without that location, NordVPN's upload rates would also have been the industry's current best.

NordVPN security test

No matter how well-built a VPN looks from the outside, there are several ways its security can fail. The most common problems are outdated protocols with weak encryption, failing to block IPv6 traffic or inadvertent leaks from sending DNS requests outside the encrypted tunnel. We'll start by looking for those common leak sources, then check whether NordVPN's encryption might be failing in less traceable ways.

VPN protocols

A VPN protocol is a set of rules used to get data quickly and safely from your device to a VPN server and back, even while that data is encrypted. Different protocols are connected with different encryption algorithms and can impact the speed, security and stability of your connection.

When testing VPN security, the first step is to see if it's using any protocols like PPTP that are outdated and crackable, or homebrewed protocols with unclear security. NordVPN users have four options for protocols: OpenVPN, IKEv2 (not available on Mac or iOS), NordLynx and NordWhisper (available on Windows, Android and Linux only). 

Sam Chapman for Engadget

OpenVPN and IKEv2 are both standard protocols you'll find on most VPN providers. Both use various strengths of the Advanced Encryption Standard (AES), with OpenVPN defaulting to AES-256 and IKEv2 to AES-128. OpenVPN can be set to UDP (faster but less stable) or TCP (more reliable but slower). So far, so secure.

NordLynx is unique to NordVPN, but it's not that far off the beaten track — it's just WireGuard with extra security. WireGuard normally works by saving a stable IP address for each connection, which raises the very slight risk of exposing a user. NordLynx adds a second layer of abstraction that means those stable addresses are never revealed. Since NordVPN strongly recommends it for most situations, we used it for all our tests in this review.

Finally, there's NordWhisper, a new protocol introduced in early 2025 that disguises your VPN traffic as normal web traffic to evade blanket web blocks. It's likely to be slower than the other protocols, so don't use it unless everything else has been blocked. We also don't recommend counting on it too much in general — large-scale censorship technology, like the Great Firewall of China, tends to rely on blocklists of known VPN servers, whose identity NordWhisper can't disguise.

Leak test

Our first order of business was to check five test servers to see if they leaked our real IP address — staying away from the ones in the speed test in order to get as comprehensive a picture of NordVPN's security as possible. With help from ipleak.net, we found all five to be free of the three major types of leaks.

• DNS leaks occur when a VPN sends DNS requests (in short, how your browser knows which websites to show you) outside its encrypted tunnel. By default, NordVPN uses its own private DNS servers, which our tests showed to effectively prevent leaks.

• WebRTC leaks are caused by real-time communication protocols sending information outside the VPN, which may reveal your real IP address. NordVPN is consistently successful at keeping WebRTC inside the tunnel, but you can have your browser block it if you're still worried.

• IPv6 leaks happen when a VPN only blocks IPv4 traffic and lets v6 through. NordVPN automatically blocks IPv6 traffic while it's active, so an IPv6 leak is all but impossible.

Sam Chapman for Engadget

Although that's all great news, it is still possible for leaks to occur without a clear explanation, so we ran one final test on NordVPN.

Encryption test

Wireshark is a program that captures detailed images of information sent over a device's internet connection. Even though our tests showed NordVPN to be free of leaks, we wanted to inspect it at the most granular level. Using WireShark, we recorded the traffic sent to an unencrypted HTTP site, before and after connecting to each NordVPN test server.

Every server showed the same pattern: readable plaintext before, encrypted ciphertext after. If there is a security flaw remaining in NordVPN, it's unlikely to be relevant to the overwhelming majority of users.

How much does NordVPN cost?

NordVPN's pricing structure looks convoluted at first, but it's much simpler than it appears. A Basic subscription gets you full VPN functionality, and all the other tiers just add more features. If all you need is a VPN, you only need to concern yourself with the left side of the table below.

The best deal for a Basic NordVPN subscription, which lets you connect to NordVPN with up to 10 devices at once, costs $81.36 for two years when you pay upfront ($3.39 per month). One year of the same plan costs $59.88 in advance ($4.99 per month) or $12.99 for one month at a time. The table below shows the complete cost; for more information on plans above Basic, see "side apps and bundles" in the next section.

Plan	1-month cost	1-year cost	2-year cost
Basic	$12.99	$59.88 ($4.99/month)	$81.36 ($3.39/month)
Plus	$13.99	$71.88 ($5.99/month)	$105.36 ($4.39/month)
Complete	$14.99	$83.88 ($6.99/month)	$129.36 ($5.39/month)
Prime	$17.99	$107.88 ($8.99/month)	$177.36 ($7.39/month)

The longer plans save money, but be careful: if you let them expire, you'll automatically renew at the more expensive one-year plan. Enough customers claim to have been auto-renewed at the higher rate that they've launched a class-action lawsuit against NordVPN, accusing the company of deceptive pricing practices and making renewals too difficult to cancel. A NordVPN PR rep said they could not comment on ongoing legal action, "other than to state that we are and always have been very clear about the recurring nature of our services." No court date has been set so far.

That said, there's a fairly straightforward workaround in the meantime: To prevent the auto renewal, log out of your NordVPN account, then sign up for a discounted plan again using the same email. As long as you do this before your subscription expires, your new account should link to your old one, keeping you subscribed at the introductory rate.

Free trials and refunds

Every NordVPN plan comes with a 30-day money-back guarantee. If you cancel and request a refund before 30 days are up, you'll get the full cost back. The only way to try it for free without paying is to get the app on Android, where there's a seven-day trial through the Google Play Store.

NordVPN side apps and bundles

NordVPN is part of a larger family of Nord Security products, which you can save money on if you need more than one. We won't review all of them here, but for reference, here's everything you'll get from the higher subscription tiers. 

• Basic: VPN on 10 devices, specialty servers, DNS ad-blocking, Meshnet

• Plus: All Basic features, plus malware scanning, extra scam blocking, tracker blocking, NordPass password manager, data breach scanner

• Complete: All Plus features, along with 1TB of NordLocker encrypted cloud storage

• Prime: All Complete features, plus NordProtect features like dark web monitoring, credit monitoring, ID theft insurance and extortion insurance

Another tier called Ultra includes a subscription to Incogni, a data removal service run by Nord's partner Surfshark. The Ultra bundle is only available in certain countries, since NordVPN is still testing it; users outside the test countries can still add Incogni service at checkout. There also used to be a NordVPN family plan, but it seems to have been eliminated after Nord expanded the devices per subscription to 10.

You can get a dedicated IP address on NordVPN to ensure you have the same IP every time you connect. This lets you configure remote firewalls to let you through while you're connected to the VPN. A dedicated IP costs $8.99 per month, $70.68 for a year ($5.89 per month) or $100.56 for two years ($4.19 per month).

The NordVPN pricing page lists access to a Saily eSIM plan as a perk, though mysteriously, none of the existing plans seem to include it yet. A lot of VPNs are expanding into the eSIM space, so this may change soon.

Close-reading NordVPN's privacy policy

A VPN privacy policy isn't just empty words — it's a contract between the provider and its users. If a service openly defied its own policy, it could be sued for false advertising. VPNs tend to sneak loopholes into their privacy policies instead of flouting them outright; these loopholes can shed light on how the provider actually views your privacy.

We combed through NordVPN's privacy policy to see whether it tries to take any such liberties. The policy has two parts: the general Nord Security policy and an addendum specific to NordVPN.

General Nord privacy policy

This policy applies to all Nord Security apps. It's impossible to create an account without a valid email address, but you can use a separate email masking service to make that anonymous. The policy also explicitly says that your email address will be added to a marketing mailing list, though you can opt out. Irritating, but not a privacy risk in itself.

We're more concerned about the later statement that it may process data without the user's consent "under the legal basis of our or third parties' legitimate interest." This clause covers some cases we'd agree are legitimate, such as identifying people who launch cyberattacks from NordVPN servers. But Nord also considers it "legitimate interest" to process your personal data "to improve or maintain our services and provide new products and features."

Reached for comment, a NordVPN representative said that using personal data in this way "generally involves aggregated, depersonalized or technical information." That's somewhat reassuring, but the "generally" leaves a bit too much wiggle room. Ideally, we'd prefer that personal data exist wholly in the "consent only" section.

The section on sharing your data with third parties only lists "some of" the service providers who may receive your information. Among these are Google Analytics, which is known to store personal data on U.S. servers — all of which are potential security risks in the age of DOGE. Other unnamed "third parties" are involved in targeting ads at users of Nord websites.

The NordVPN representative said that "since some partners, such as payment processors, can vary by region or specific service and may change over time depending on our operational needs, we do not publish a fixed list." They added that all third parties are "contractually required to handle personal data in accordance with applicable laws and industry standards."

We aren't using this to condemn Nord; many of these practices are fairly standard in the VPN industry. But it's important to know about all the potential leakage points before trusting your deepest secrets to any company.

NordVPN specific policies

The NordVPN privacy policy doesn't add much atop the general Nord notice. It does track session activity connected to your username to make sure you're staying within the 10-device limit, but it automatically deletes these logs 15 minutes after you disconnect. The logs also don't include your IP address or the addresses of VPN servers you used.

Sam Chapman for Engadget

The only real problem we found is that NordVPN apps collect information about your activity on the app by default. This doesn't include information about your browsing habits, but it does include unique traits that could conceivably be used for "device fingerprinting" — in which a third party can deduce a user's identity through clues about their device. You can turn this off in the General settings.

A NordVPN spokesperson told us that the data collected is "not personally identifiable," and that the company takes "deliberate steps to strip out anything that could be linked back to a specific person." This presumably means the data is aggregated so it only shows general trends, not any one device's activity. That's a lot less risky, but we still recommend switching the setting off.

Third-party privacy audits

NordVPN has passed five independent audits of its privacy policy so far, most recently from Deloitte in late 2024. Annoyingly, you can only read the entire report by logging into a Nord account, but it at least doesn't have to be a paid account.

The audit found that NordVPN was following its own no-logs policy. Specifically, the Deloitte Lithuania investigators concluded that "the configuration of IT systems and management of the supporting IT operations is properly prepared, in all material respects in accordance with the NordVPN's description set out in the Appendix I." (Appendix I of the report is identical to NordVPN's privacy policy.)

Can NordVPN change your virtual location?

You'll be most interested in this section if you mainly use a VPN to change their location for streaming. To see if NordVPN could unlock new streaming libraries, we picked a new batch of five test servers, then logged onto Netflix. Since Netflix tries to block all VPN servers to prevent copyright issues, our first question was whether we'd get through at all.

Our second question: would connecting to a NordVPN server actually change what Netflix library we saw? It should, given that NordVPN seems leak-proof, but thoroughness demands we check anyway. Here's what we found.

Server location	Netflix unblocked?	Content changed?
Canada	Yes	Yes
Argentina	Yes	Yes
Germany	Yes	Yes
India	Yes	Yes
Nigeria	Yes	No

Four out of five locations worked perfectly. On a Canadian server, we were able to stream Star Trek: The Next Generation, which left American Netflix years ago. The Argentine server gave us access to something called Pasion de Gavilanes, which we'd never heard of but sounds great.

Sam Chapman for Engadget

The only problem was Nigeria. We tested it several times, connected to multiple different Nigerian locations, but saw our American Netflix library every time. We then ran a leak test on Nigeria, which wasn't one of our security test locations, and found it to be working normally. It's hard to say what happened, especially since the Nigeria server doesn't appear to be virtual, but we can confirm that it wasn't working.

Investigating NordVPN's server network

NordVPN has servers in 153 cities in 117 countries. Out of all total options, 62 are virtual locations (about 40 percent), where the server is really located somewhere else. This makes it possible to get servers into more places, but depending on your actual location relative to the server, it may perform differently than you expect.

Sam Chapman for Engadget

Virtual locations have allowed NordVPN's server network to grow quite extensive, with lots more locations in South America, Africa and Asia than the industry standard. Check out the distribution in the table.

Region	Countries and territories with servers	Total server locations	Total virtual server locations
North America	15	36	12
South America	10	10	6
Europe	48	57	11
Africa	10	10	10
Middle East	7	7	4
Asia	24	26	18
Oceania	3	7	1
Total	117	153	62 (40.5 percent)

The relatively low proportion of virtual locations (nearly identical to that of ExpressVPN) is a good sign, as it means NordVPN has been growing its server network thoughtfully. Some VPNs — looking at you, HMA — inflate their server lists as a marketing point without seriously considering what it takes to maintain such a large network. That thankfully doesn't seem to be the case here.

Extra features of NordVPN

Here's everything you get with a NordVPN app other than the VPN itself. There's a lot going on here, so we'll limit ourselves to a sketch of each feature.

Specialty servers

As soon as you load NordVPN, you'll see a list of special servers near the top of the right-hand column. We'll go over each of them in order.

• Dedicated IP: As discussed in the bundles section, a dedicated IP address costs extra. With this, you'll always connect with the same IP, which is private to you alone. It may be worth the price if you find yourself getting asked for CAPTCHAs a lot more while connected to NordVPN — though for what it's worth, that didn't happen to us.

• Double VPN: This sends your connection through a second VPN server before it reaches your ISP. The second server is your apparent location. There are 10 endpoints to choose from. As you might imagine, your internet will run slower with two VPN servers in the mix, so only use this if you seriously need security.

• Obfuscated servers: These are only available on OpenVPN. Obfuscation can help you get around firewalls that seek out and block VPN traffic. If you can't get online with NordVPN when you're on a certain network, obfuscated servers might work.

• Onion Over VPN: After encrypting your data as normal, these servers send it through several nodes of the Tor network, granting you the total anonymity of onion routing while keeping you safe from malicious relays. It's available in two locations, Netherlands and Switzerland, and — like double VPN — is best used only when you need the utmost privacy.

• P2P: NordVPN only allows torrenting on its peer-to-peer servers, but fortunately, it's got P2P servers in 114 countries — only three fewer than it has in total. NordVPN keeps your download and upload speeds very fast on average, so you shouldn't have trouble torrenting from any location.

Meshnet

Meshnet is NordVPN's most unique and exciting feature by a long shot. By logging into the same NordVPN account on multiple devices, you can connect those devices directly through a NordLynx tunnel without needing a NordVPN server in between.

Sam Chapman for Engadget

Essentially, you're using your own devices as VPN servers — obviously not great for privacy, but amazing for accessing web services in other countries. While two devices are connected, you can transfer files between them through the NordLynx tunnel. You can even invite friends and use their devices.

Threat Protection

NordVPN has two levels of antivirus: Threat Protection and Threat Protection Pro. The former is a simple DNS filter that stops your browsing from loading unsafe web pages while NordVPN is active. It's the highest level available on Android, iOS and Linux, or on any Basic subscription.

Sam Chapman for Engadget

Threat Protection Pro, which Plus subscribers or higher can set up on Windows and Mac, can work even when you aren't connected to a NordVPN server. It acts more like a standalone antivirus by scanning downloaded files for malware, and can even block trackers. Basic Threat Protection (without Pro) can block some trackers by filtering out domains known to use them, but doesn't block the trackers directly.

Dark Web Monitor

While active, Dark Web Monitor continually searches known data breach dump sites on the dark web and notifies you if it ever finds your account email address. If you get that notification, change any passwords associated with the address. With a Prime subscription, you can also have it search for your phone number, social security number or other financial information.

Presets

Presets let you set up one-click VPN connections with a desired group of settings, a lot like Proton VPN's Profiles. NordVPN comes pre-loaded with presets that optimize for "Downloads," "Speed" and "Browsing," which sounds to us like the same thing three times.

More usefully, you can create presets for particular countries, then add website shortcuts that will appear once you've connected. You could, for example, set one that connects to a specific location, then add a shortcut to a streaming site available in that location.

Post-Quantum encryption

Experts widely believe that quantum computers will eventually make our current encryption algorithms obsolete, but there's almost no consensus on when that will actually happen — except that it hasn't happened yet. Knowing that, NordVPN's "post-quantum encryption" feature comes across as a bit premature, but it's reassuring that someone is thinking about it.

Having said that, we don't recommend using post-quantum encryption yet. It works by layering one of the known quantum-proof encryption standards on top of a standard NordLynx session, which makes your VPN connection slower and more erratic. Until we can verify a real quantum cyberattack, post-quantum encryption is a needless precaution.

Kill switch

A kill switch cuts off your internet the instant you lose your connection to a NordVPN server. This protects you in case a server unexpectedly fails, and as a side benefit, prevents you from connecting to any fake VPN servers. You should keep the kill switch on at all times.

Split tunneling

Split tunneling is available on NordVPN's Windows and Android apps (and Android TV by extension), along with its browser extensions. On Windows and Android, it splits by app: you can determine which apps get online through the VPN and which go unprotected. The browser extensions let you split by URL, so the VPN only protects certain sites.

NordVPN customer support options

NordVPN's apps link directly to its online help center. As always, we went in with a specific question in mind: whether the basic level of Threat Protection could block trackers, and if so, what kind. We found the categories on the written support page difficult to parse, especially the troubleshooting section — would the average user appreciate the difference between "app issues," "connection issues" and "errors"?

We correctly guessed that our question would be under "Using NordVPN -> Features," but the introductory article on Threat Protection and Threat Protection Pro was buried at the bottom of the list. Unfortunately, that made things more confusing, as this article says that Threat Protection (not Pro) both does and doesn't block trackers. In NordVPN's favor, however, using the search bar brought us instantly back to that article without any confusion.

The live support experience

Using NordVPN's live chat was a smooth and reassuring experience. From the time we decided to ask directly, it took us less than a minute to connect with a real person, who quickly cleared up the confusion and promised to update the confusing support page (we'll check back to see if they actually do).

Sam Chapman for Engadget

One other option is an email support form, which can be found both on the website and in the help sections of NordVPN apps. This is best for complex problems that require screenshots to explain, and promises a response within 24 hours.

NordVPN background check

NordVPN was founded in 2012. Launching with its desktop apps, it moved to iOS and Android in 2016, then added apps for browser extensions and smart TVs. Its developer, Nord Security, has no parent company, and its history is relatively uncontroversial. We've documented two notable incidents below, plus more about Nord Security's operations.

Headquarters and ownership

Nord Security was founded in Lithuania, and maintains offices there. Although Nord Security is registered in Amsterdam, NordVPN operates under a separate license in Panama, which makes any data requests subject to Panama's courts.

Finland server breach

The first serious incident in NordVPN's history began in March 2018, when unidentified hackers managed to steal three private keys from one of Nord's data centers in Finland. Researchers didn't notice the leak until October 2019, well after the stolen keys had expired, but NordVPN's encryption was still technically vulnerable for several months.

We say "technically," because it was really only the outer layer of encryption — and even if they'd broken through it all, the hackers would only have seen browsing activity, not usernames, passwords or anything else sensitive. If anything, NordVPN's response actually makes us trust it more. It ended its relationship with the contractor who ran the Finnish data center and revamped its policies to eliminate the kind of negligence that led to the breach.

Arguably, its only real error was not immediately disclosing the breach. NordVPN learned about the leak and started addressing it in May 2018, but the news didn't break until more than a year later. That timing probably made it look more suspicious than any actual mishandling did.

Law enforcement compliance

Another minor controversy erupted in 2022, when PCMag and other outlets reported that NordVPN had edited its website to say that it would comply with data requests from law enforcement. NordVPN responded with a new post that said nothing had changed: their policy was always to comply with lawful requests, which — provided the requests were lawfully submitted through a Panamanian court — is literally their only option.

We're inclined to agree. VPNs are legal companies. They wouldn't last long if they openly declared their intent to break the law. The key is that when law enforcement comes calling, there shouldn't be anything to show them, as with the Turkish seizure of ExpressVPN. That's why verifiable no-logging policies are so important.

Final verdict

NordVPN is a great service on its own merits. It only suffers from having to be compared with the likes of ExpressVPN and Proton VPN. For example, its P2P servers are good for torrenting, but not as useful without Proton's port forwarding. It's fast, but speed tests fluctuated just a little more than Express.

NordVPN's extra features are the best reason to pick it over its rivals. With Meshnet, you can theoretically set up a VPN connection anywhere in the world, and no other VPN has anything close to Meshnet's file transfer powers. Threat Protection Pro is also great if you can get it, adding file scanning to bolster the typical approach of just blocking suspicious DNS addresses. Specialty servers round out the offering, with double VPN maintaining good speeds with extra safety and Onion over VPN being among the safest ways to use Tor.

This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/vpn/nordvpn-review-2025-innovative-features-a-few-missteps-163000578.html?src=rss

©

© NordVPN

This week, I chat with Sam Chapman, Engadget’s new security reporter who’s been reviewing VPNs and related products. He dives into what led him to security, the VPNs he likes the most and his thoughts on potential cyberattacks. Additionally, we discuss Microsoft’s latest news around the Windows 10 Extended Security Update, and Devindra explains why M3GAN 2.0 absolutely rules.

Subscribe!

• iTunes

• Spotify

• Pocket Casts

• Stitcher

• Google Podcasts

Credits 

Host: Devindra Hardawar
Guests: Sam Chapman
Producer: Ben Ellman
Music: Dale North and Terrence O'Brien

This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/engadget-podcast-reviewing-our-favorite-vpns-and-m3gan-20-190657030.html?src=rss

©

© Dan Nelson/Pexels

"ExpressVPN never keeps data that could tie you to any online activity," the VPN provider claims on its website. An independent audit from late February supports those claims. Accounting firm KPMG found "reasonable assurance" that the VPN provider's system prevents the logging of user activity. The product is one of Engadget's top VPN picks.

RAM-based VPN servers

The firm's audit put ExpressVPN's TrustedServer system under a microscope. That's the company's RAM-based system. In theory, this approach means user data is wiped with every server reboot. (Doing so would prevent even the possibility of long-term storage.) Some competitors, including NordVPN, also use RAM-based servers. Meanwhile, ProtonVPN counters that properly encrypted hard drives are just as secure.

Another counter-argument to RAM-based servers is that they're only effective if they're rebooted. In theory, a company could run RAM servers for marketing purposes, but then never restart them. That's where audits can help.

KPMG's findings

KPMG has a high level of confidence that the no-logging system functioned as advertised in late February. "Controls provide reasonable assurance that the ExpressVPN TrustedServer does not collect logs of users' activity," KPMG's paper reads. That included "no logging of browsing history, traffic destination, data content, DNS queries or specific connection logs."

KPMG's assessment was an ISAE 3000 Type I audit. That means it focused on ExpressVPN's control design and implementation at a specific point in time. (Meanwhile, a Type II audit would have gone farther, testing the effectiveness of those controls over an extended period.) If you aren't familiar, KPMG is one of the Big Four accounting firms. It's a trusted name that corporations shell out big bucks to for audits like this.

The assessment looked at several factors. These included documentation reviews, observing the system at work and interviewing ExpressVPN personnel. The audit's conclusion applies "as of February 28, 2025." So, it represents KPMG's conclusions for a specific point in time rather than a blanket statement of permanent trust. The assessment also didn't include stress-testing the entire system or a full-fledged security analysis of the company.

You can read KPMG's full paper for a more detailed breakdown.

This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/vpn/expressvpns-external-auditors-confirm-no-logs-policy-as-of-february-171957335.html?src=rss

©

© ExpressVPN