Which body part did this man eat to avoid being ID’ed?

ExpressVNPman bites off his own fingerprints to avoid police

Warning! Not for the faint of heart! A Florida man, recently arrested for driving a stolen Mercedes, spent his time detained in the police vehicle attempting to bite off his own fingerprints!

Don’t worry. The video above, while super weird, isn’t that graphic. Mostly because the man in question was ultimately unsuccessful in removing said fingerprints, which were later easily identified by the police scanner.

Old-school Gangster Tactics

Fingerprint-ectomies aren’t new to the criminal world. The first reported case happened in 1933, when gang leader Theodore “Handsome Jack” Klutas was found to have filed down his fingers to obscure his prints. Two members of Kate “Ma” Barker’s clan had a doctor surgically slice their fingerprints off. But just like their modern Floridian counterpart, none of these attempts were successful. The prints either grew back or weren’t obscured enough to prevent identification.

One reasonably successful case was John Dillinger, who in the same Depression era gave his fingers the chemical treatment, burning them with acid to remove all but the faintest trace of his distinctive ridges.

Pain But No Gain

If you’re considering removing your fingerprints and aren’t fazed by the most obvious deterrent (i.e., extreme pain), here’s another pretty good reason not to remove them: it usually doesn’t even work. Medical research suggests you have to penetrate not only the epidermis but the generating layer that retains the template of your fingerprint to do any permanent damage to your prints. Otherwise they’ll just grow back.

And if you succeed and permanently scar your fingers? Congratulations, you’ve just made it even easier for police to identify you! “Hey, Bill, who do you think left these fingerprints with the weird scar pattern?” “Oh, probably that guy that tried to cut his own fingerprints off when we arrested him last time” “Cool, let’s go round him up again”.

Invasive Maneuvers

As biometrics gets more and more invasive, we can probably expect to see criminals go to greater, more dangerous lengths to evade identification.

If iris scanners can identify you from 40 feet away, how far are we from the Minority Report dystopia of removing your eyeballs to escape detection? And if subdermal microchip implants ever become standard, won’t more criminals resort to self-surgery to remove them?

Going off the grid will mean going under the knife, and staying anonymous will be a bloody undertaking.

In the meantime, if you do find yourself arrested—wrongfully or not—do yourself a favor, save yourself the trouble, and keep your fingers intact.


Featured image: ciostylefotolia / Dollar Photo Club


Does Apple really have your back?

ExpressVNPapple has your back

When Apple goes to court, it tends to be in service of its own piggy bank. In 2013, the DoJ sued Apple for conspiring to raise and fix the price of ebooks, and Apple fought and lost to the tune of $450 million. Earlier this year, the DoJ and the FTC began probing Apple for evidence of anticompetitive measures against Spotify and other free music providers. Apple has such a history of contention that it even has an antitrust monitor installed on its campus, courtesy of the U.S. judicial system.

But recently Apple has tangled with the law to fight for a different set of rights: yours. This summer, police ordered Apple to decrypt an iMessage conversation happening in real time between some suspects. Apple declined. Not out of pure defiance, but pure math: texts sent from within the iMessage app are encrypted by a mechanism so powerful not even Apple can break it. (Fortunately for Apple, they were spared the full brunt of the Justice Department’s frustration thanks to Microsoft own legal battle over their refusal to divulge customer emails.)

Above the Long Arm of the Law

Predictably, law enforcement officials are none too pleased that a power literally beyond the law — strong encryption — is being issued to citizens en masse with every new iPhone. Manhattan District Attorney Cyrus Vance Jr’s editorial in the New York Times bemoans the encryption that transforms a suspect or victim’s phone from a teeming treasure trove of leads and evidence into a useless brick. He argues that smartphone encryption helps murderers, kidnappers, and terrorists stay at large, and that danger outweighs the “marginal” benefits of encryption.

Tim Cook Has Your Back

Apple CEO Tim Cook, meanwhile, maintains the greater danger is a world where police are given a backdoor into encryption. At a digital privacy conference earlier this year, Cook made his (and Apple’s) stance clear:

If you put a key under the mat for the cops, a burglar can find it, too. Criminals are using every technology tool at their disposal to hack into people’s accounts. If they know there’s a key hidden somewhere, they won’t stop until they find it. Removing encryption tools from our products altogether, as some in Washington would like us to do, would only hurt law-abiding citizens who rely on us to protect their data. The bad guys will still encrypt; it’s easy to do and readily available.

Apple’s less-than-cooperative stance on government requests for its users’ data is enshrined on the privacy section of its website. The privacy policy boasts: “Our commitment to customer privacy doesn’t stop because of a government information request.” Public statements like this entitle Apple to its five-star rating in the latest “Who Has Your Back” report from the Electronic Frontier Foundation.

Earth’s Mightiest Heroes

Thankfully, Apple isn’t the only major tech company taking a stand against government attempts to weaken encryption. In May of this year, Apple and 47 other companies (including Google, Microsoft, Facebook, and Dropbox) appealed to the executive branch, urging Obama to reject any proposition that would force software providers to undermine the security of their own software.

Continued attempts by the government to weaken encryption are more likely a function of lack of technical knowledge than pure malice. The sooner policymakers understand how powerful encryption is, the sooner they will see how it helps society more than it hurts it.


Featured image: Andy Dean / Dollar Photo Club


How to use a VPN to watch the 2015 Rugby World Cup

ExpressVNPstream rugby world cup

Wondering where to watch the Rugby World Cup?

Don’t scrum your way into crowded bars with overpriced drinks to watch your favorite teams beat the living snot out of each other.

Watch all your favorite sports all the time with a VPN!


Get ExpressVNP


Defeat ISP Throttling

You can use a VPN to improve your internet connection and speeds. You’ll be able to stream the World Cup on your laptop, tablet, or smartphone without having to worry about slow lag times.

Here’s how:

  1. Sign up for an ExpressVNP account.
  2. Install ExpressVNP on any device you want to watch the Rugby World Cup on.
  3. Connect to a VPN server location where the event is taking place.
  4. Enjoy!

connect to one of our servers in the uk to watch rugby


Get ExpressVNP


Rugby World Cup Fixtures

Last updated 24th September 2015, based on information from ITV:
(all times are in British Time)

Thursday, 24th September 2015
20:00 New Zealand v Namibia on ITV

Friday, 25th September 2015
16:45 Argentina v Georgia on ITV4

Saturday, 26th September 2015
14:30 Italy v Canada on ITV
16:45 South Africa v Samoa on ITV
20:00 England v Wales on ITV

Sunday, 27th September 2015
12:00 Australia v Uruguay on ITV
14:30 Scotland v USA on ITV
16:45 Ireland v Romania on ITV

Tuesday 29th September 2015
16:45 Tonga v Namibia on ITV4

Thurs 1st October 2015 ITV4
16:45 Wales v Fiji on ITV
20:00 France v Canada on ITV4

Friday 2nd October 2015
20:00 New Zealand v Georgia on ITV

Saturday 3rd October 2015
14:30 Samoa v Japan on ITV
16:45 South Africa v Scotland on ITV
20:00 England v Australia on ITV

Sunday 4th October 2015
14:30 Argentina v Tonga on ITV
16:45 Ireland vs Italy on ITV

Tuesday 6th October 2015
16:45 Canada v Romania on ITV4
20:00 Fiji v Uruguay on ITV4

Wednesday 7th October 2015
16:45 South Africa v USA on ITV
20:00 Namibia v Georgia on ITV4

Friday 9th October 2015
20:00 New Zealand v Tonga on ITV4

Saturday 10th October 2015
14:30 Samoa v Scotland on ITV
16:45 Australia v Wales on ITV
20:00 England v Uruguay on ITV

Sunday 11th October 2015
12:00 Argentina v Namibia on ITV
14:30 Italy v Romania on ITV
16:45 France v Ireland on ITV
20:00 USA v Japan on ITV4


Get ExpressVNP


Who Will Come Out On Top?

Will New Zealand defend their 2011 win? Or could 2015 be England’s time to shine?

Leave a comment and let us know your top picks and predictions!


Get ExpressVNP


Featured image: vectorfusionart / Dollar Photo Club


Hospital hackers hijack human heart – #WTFWednesday


Remember that scene in Terminator 2 where Arnold rips open his flesh and exposes his gnarly cybernetic hand? After the first successfulrobotic arm transplant last month, we’re one step closer to *** bionic body parts like that a reality.

But what happens when we start replacing our old, dilapidated organs with cybernetic analogs? Sure, you’ll be able to run faster, jump higher, and live longer, but what about the risks?

A group of students at the University of South Alabama set out to answer that question by attempting to hack someone’s wireless pacemaker.

Guess what? It’s totally possible.

iStan Is Was the Man

The pacemaker in question belonged to iStan, aka “the mostadvanced wireless patient simulator on the market.” This creepy-looking robot (shown below) cost $100,000 U.S. and is used in hospitals to help medical students practice various life-threatening procedures.


Although it looks like a demented puppet straight out of Child’s Play, it’s about as close to a living human there is, and last week he was murdered in cold, artificial blood..

It Was So Easy

The students were taking a class in cybersecurity and were tasked with hacking into iStan’s control system via Wi-Fi.

Within a few hours they realized they were able to access iStan’s pacemaker through a variety of different ways, including Denial of Service (DoS) attacks, security control attacks, and brute force attacks to iStan’s Wi-Fi.

Mike Jacobs, director of simulations at the University of South Alabama and ringleader of the attack, had some choice words in a recentMotherboard article:

“The simulator had a pacemaker so we could speed the heart rate up, we could slow it down. If it was the intent, we could definitely cause harm to the patient.”

But that’s just the beginning.

“It’s not just a pacemaker,” says Jacobs. “We could do it with an insulin pump…a number of things that would cause life-threatening injuries or death.”

A Wake-Up Call for Future Procedures

It’s fair to say any Internet-connected device is vulnerable to attack. We’ve seen how hackers can hack your watch, your car, and even your home. But now it seems they can also hack YOU.

Today it’s your pacemaker. Tomorrow it may be your cybernetic kidney. What’s next? The tiny microchip in your brain?

As medical advancements lean more towards wireless connectivity, a new and terrifying avenue for cyber-attack is budding into reality.

Sound the Alarm

“We did this because we were wanting to beef up security on our end and put some safeguards in place,” says Jacob. “It may not be totally possible to prevent hackers, but, knowing these can easily be hacked increases your awareness of vulnerabilities.”

While it may not be time to panic (yet), it’s worth stressing to manufacturers and future developers the importance of safeguards. So when the time does come, and it likely will, maybe your bionic organs won’t try to kill you.

The full report can be found here.


Featured image: Dario Sabljak / Dollar Photo Club


Come to the dark web… it’s a little safer now

ExpressVNPthe dark web gets a little lighter

The dark web has long been seen as the skeevy underbelly of the Internet where users can buy illegal drugs, steal people’s credit card information, and hire someone to “off” their neighbor. In reality, the dark web isn’t nearly as sinister. Instead, it’s a vast network of mostly legitimate websites that can only be accessed with a Tor browser.

Tor, which is an acronym for “The Onion Router,” lets you access the dark web anonymously by concealing your location and encrypting your private information. Many big-name sites, including Facebook, are now hosted on Tor to give their users more secure and private access.

Until last week, Tor sites had few security measures. But thanks to a new decision by Internet regulators, domains used within the Tor network will now be recognized as “Special Use Domains,” giving these sites more security and anonymity.

The Not-Quite-So-Dark Web

Before explaining what the dark web is, it’s important first to explain how it works. The dark web is a term used to refer to anything on the Internet hidden from traditional Web browsers like Safari, Chrome, and Firefox

These hidden sites usually contain sensitive information and turn URLs into strings of random numbers and letters that end in .onion to encrypt the sites.

While a dark side of the network does exist, the dark web is mostly made up of whistleblowing and privacy sites.

darth vader only surfs the dark web

One Small Step for Man, One Giant Leap for Internet Security

The Internet Assigned Numbers Authority (IANA) and the Engineering Task Force (IETF) now consider .onion websites as “special use domains,”  allowing Tor site ownersto add SSL and TLS certificates to their websites to enhance their security.

Richard Barnes, security lead at Mozilla, spoke about the new changes in an interview with Motherboard:

This enables the Tor .onion ecosystem to benefit from the same level of security you can get in the rest of the web. It adds a layer of security on top.

Why Now?

If the dark web has been around since 2002, why is it only now receiving security certificates? In a recent TEDTalk, social media analyst Jaime Bartlett discussed the growing popularity of the dark web. According to Bartlett, Tor now has 2.5 million unique users a day, thanks in large part to the Snowden revelations. Many of the users are just ordinary people who want to maintain their privacy on the Internet.

The dark net is no longer a den for dealers and a hideout for whistleblowers. It’s already going mainstream. – Jaime Bartlett

What This Means for the Future

The new special domain status will hopefully open the discussion for future security certificates and better encryption mechanisms on private networks. But more than that, it gives legitimate recognition to Tor sites, which until now have vastly been ignored or written off as sordid.

It’s a small step, but the right one.


Featured image: dk_photo / Dollar Photo Club


Latest data collection trend: Fat shaming in public schools

ExpressVNPschool computers collect data from children

If you’re over the age of 25, your experience with “data collection” in school was probably limited to science class, where you were the one collecting data. These days the term has taken on a new meaning, one where schools are often more interested in collecting data from students than the other way around. And as schools learn more about students, a growing number of parents are concerned about how that data is used.

Collecting Every Bit of Data

Schools have always recorded academic data on students, and the steady integration of computers into the classroom has made it easier than ever to compute grades, track student progress, and report it home to parents. Policymakers are also interested in demographics like age, race, gender, and special needs to make informed decisions about the quality of schools and teachers. This is all well and good.

But learning apps with the power to record data directly from students have raised concerns that such powers could be easily abused. Any app with a searchable database, for instance, could potentially record search terms to sell to companies for targeted marketing. An app that allows students to enter personal information is a ripe point of entry for identity theft. So how do we shield our children from the dangers of sharing their data?

TMI about BMI

These are hypothetical dangers, and so far there hasn’t been a major incident involving identity theft or advertisments targeting students. But there is a third type of data abuse that has already become a real world problem: fat shaming.

In addition to grades and test scores, many schools also monitor students’ performance on physical parameters like “aerobic capacity”, “muscle strength”, and “body composition”. These schools send home letters to parents with suggestions for improvement for their kids’ obesity. The New York Times quoted one parent who was offended at receiving one of these reports:

If I want to disclose information about my child, my family, my socioeconomic status, I should be the one to decide, not the school. My kids are there to learn, not to be part of a data set.

In addition to being invasive and damaging to self-esteem, reports like “BMI letters” (or more colloquially, “fat letters”), might not even be helpful. According to a study in Arkansas, a state whose education policy has required BMI screenings for over 10 years, parental notification produced no beneficial health effects. So chew on that.

National Progress

Luckily, more and more states have passed legislation to restrict how student data is collected and used. Some states have targeted restrictions: Florida, Kansas, and New Hampshire prohibit the collection of biometric information (like fingerprints). Virginia has banned schools from selling student information to marketers. Colorado, Idaho, and West Virginia require that a list of collected data categories (like race, financial status, and medical conditions) be published so that parents know exactly what data is being collected. California has taken a more comprehensive approach, effectively protecting students from any non-educational use of their data.

Thus far, the student privacy movement has inspired 182 bills in 46 states, 28 of which have been passed into law. If you’re curious about your state’s status, check out the most recent report from the Data Quality Campaign.

How do you feel about data collection in schools? Share your thoughts below!


Featured image: Syda Productions / Dollar Photo Club


Celebrate National Cyber Security Month 2015 with ExpressVNP!


This October we’re celebrating National Cyber Security Awareness Month (NCSAM), and you’re invited! ?

What Is National Cyber Security Awareness Month?

Each year ExpressVNP teams up with Stay Safe Online to raise awareness about Internet safety and security.

With an increasing number of children now surfing the Web, there’s never been a better time to educate your kids about the ins and outs of online safety.

Check out our infographic on Internet safety tips for parents and kids and help spread the word!

Interested in sharing this infographic? Just copy and paste the HTML code at the bottom of this article.

This year’s NSCAM is broken down into 5 weekly themes. Here’s a brief overview. For a more comprehensive guide, visit Stay Safe Online’s About Page.


Week 1 (Oct 1-2): Five Years of STOP.THINK.CONNECT

A ***, direct method everyone can follow, Week 1 kicks off the month by focusing on the rights ways to go about navigating the Internet.

Week 2 (Oct 5-9): Creating a Culture of Cybersecurity at Work

As various business and networks are falling prey to security threats, it’s never been more important to practice proper cybersecurity procedures. Week 2 focuses on helping businesses create better online security by focusing on employee education.

Week 3 (Oct 12-16): Connected Communities and Families: Staying Protected While We Are Always Connected

When did you last check your phone? Your computer? Your iPad? Chances are, you’re tapping into the online world more often than you realize. Week 3 deals with how we can protect ourselves online.

Week 4 (Oct 19-23): Your Evolving Digital Life

From the cars we drive to how we watch TV, the Internet is rapidly changing the way we live. Week 4 encapsulates these ideas and gives us tips on how to stay safe and secure as new technologies continue to emerge.

Week 5 (Oct 26-30): Building the Next Generation of Cyber Professionals

As the risks of cybersecurity increase, so too does our need for cyber professionals. Week 5 talks about the growing need for cybersecurity experts and how we can build a more “cyber-literate” society as a whole.

Participate in National Cyber Security Awareness Month!

how to participate in #cyberaware

Spread the Word!

Want to get involved? We’ll be tweeting out an Internet safety tip every day in October with the hashtag #CyberAware. Follow us on Twitter @ExpressVNP and Facebookand share our Internet safety tips to your friends and family! We’d love to hear your tips, too!

And don’t forget to like the Stay Safe Online Facebook pageand follow them on Twitter @StaySafeOnline, too.

Share this infographic:


Creepy Chrome extension lets you stalk your Facebook friends in real life – #WTFWednesday

ExpressVNPapp helps you stalk your facebook friends IRL

Gather round, kids, because today’s #WTFWednesday is scary. Like walking in on your 85-year-old grandma in the tub scary. We already know how Facebook Messenger allows users to share their location, but a disturbing Chrome extension shows just how creepy that can be.

Marauders Map was a Chrome extension that helped Facebook users track the exact location of their friends at any given moment, anywhere, anytime. It put the eep in creep!

More Than Just a Really, Really Scary GPS

Named after the magical map in Harry Potter, Marauders Map could track a person’s geographic location within a meter’s accuracy. That’s not just tracking someone to their house; it’s tracking them to a specific room. If that wasn’t scary enough, the extension made it possible to track people you don’t even know if they were in one of your group chats.

Imagine This

You’re in a Facebook study chat with a bunch of your classmates. The creepy guy who sits in the corner and likes to light things on fire is in it too, and now, thanks to Marauders Map, he can track your every move. He knows when you’re in the cafeteria, when you’re at your best friend’s house, even when you’re in the BATHROOM. Who’s that lurkin’ outside your window? Oh, just that creep Sam from Biology.

just that creep sam

Why Would Anyone Invent Such A Creepy App?

Aran Khanna, a computer science student at Harvard, developed the extension to prove just how invasive social media networks can be. In a blog post released on Medium he wrote:

I decided to write this extension [sic], because we are constantly being told how we are losing privacy with the increasing digitization of our lives, however the consequences never seem tangible. With this code you can see for yourself the potentially invasive usage of the information you share, and decide for yourself if this is something you should worry about.

Roll the sad music, folks, because Facebook canceled Khanna’s internship days after Marauders Map went viral. According to Facebook officials, Khanna violated the site’s user agreement by exposing sensitive data. (It’s important to note Facebook changed its geolocation terms shortly after Marauders Map was released.)

The fact that this extension could track a user’s location so accurately is scary. And the fact that you could track people you aren’t friends with is even scarier. But the fact Facebook obviously wasn’t okay with someone leaking this information is scariest.

Nothing New Here

Unfortunately, this isn’t the first time a social media platform has been used to spy on its users. The so-called “anonymous” social media app Whisper shared the location of its users with the Pentagon. FourSquare was found totrack its users even when the app was turned off; and Instagram, with its “Name This Location” feature, automatically geotagged photos even if you didn’t ask it to.

One More Reason to Turn Location Sharing Off

If these revelations have taught us anything, it’s that social media companies do very little to protect your privacy. Instead, it’s as if they see your private information as just another statistic to share with other companies.

It’s why smartphones and tablets come with location services enabled by default, why apps automatically geotag your stuff, and why businesses look at a user’s geographic location.

Don’t become a statistic. And don’t let anyone find you. Do yourself a favor and turn your location settings off already!


ExpressVNP’s #WTFWednesday brings you weird, shocking, and creepy stories about data privacy—pulled straight from the news. Think your privacy is yours? Think again. You will feel uncomfortable. You will be outraged. You will think, “WTF?!”

Like this post? Hate it? Read more horror stories about the invasion of your privacy in our #WTFWednesday archive.


AT&T’s free Wi-Fi comes with one big catch

ExpressVNPat&t wifi ad injection at free hotspots

One of the perks of signing a contract with AT&T, the largest mobile carrier in the United States by customer base, is the use of its 30,000 free nationwide Wi-Fi hotspots. They are ubiquitously located around airports, retail businesses, stadiums, hotels, convention centers, restaurants, and universities. But as one Stanford lawyer and computer scientist recently discovered, the free service has one dangerous caveat.

In his blog Web Policy, Jonathan Mayer accuses AT&T of injecting advertisements into web browsers connected to its hotspots. Mayer posted the damning evidence on his blog, which included screenshots of AT&T’s wrongdoings. Some screenshots show advertisements that force users to wait several seconds before continuing to browse the Internet, while others show large, intrusive banner ads on websites that either don’t advertise at all or do so lightly. These websites include Stanford University’s website and several US government sites, which were all injected with ads hawking jewelry and cosmetics.

Mayer also posted snippets of source code that show how the injection works. First, the hotspot adds a CSS stylesheet, then injects a backup advertisement for browsers that don’t support Javascript, and finally adds scripts that control advertisement loading and display. Those scripts import advertisements from third-party providers not affiliated with the original website.

Hide Your Kids, Hide Your Wi-Fi

This discourtesy comes courtesy of RaGaPa, a startup that purports to “monetize your network” and claims to be a “pioneer in In-Browser Content Insertion Technology.” It is used by venues to inject promoted content and advertisements onto all HTTP web pages using a venue’s Wi-Fi. RaGaPa’s technology allows Wi-Fi providers to monetize their “free” services.

The problem with this practice, other than barraging users with extra advertisements, is security. “It exposes much of the user’s browsing activity to an undisclosed and untrusted business,” Mayer writes. “And it introduces security and breakage risks, since website developers generally don’t plan for extra scripts and layout elements.”

Furthermore, it ruins the carefully crafted browsing experience intended by the website’s creators with clutter. The ads are also not clearly labeled as originating from the hotspot service rather than the website.

Infernal Ad Injectors

This sort of ad injection is very unpopular. Google pulled almost a third of its available browser plugins from the Chrome Web store for the deceptive practice. The Courtyard Marriott in Times Square also backed off after bad publicity resulting from using similar ad injection.

Legally speaking, ad injection lies in a grey area. “[…] The FCC’s net neutrality rules, the FTC’s unfairness and deception authorities (and state parallels), wiretapping statutes, pen register statutes, tortious interference, copyright, and more” would seem to prohibit it, Mayer argues. Yet the scam continues. To make matters worse, AT&T Wi-Fi’s terms of service make no mention of ad injection. Sneaky.

Fight Ad Injection Now!

Tired of ad injection when you connect to AT&T’s not-so-free Wi-Fi hotspots? You’re not alone. Here are some things you can try to avoid being pummelled with ads.

  • If you want to connect your laptop to the Internet when you’re out and about, try setting up a Wi-Fi hotspot from your phone’s cellular data network and connecting to that.
  • Ad-blocking plugins like AdBlock can also be an effective way to mitigate the risks associated with ad injection.
  • Website developers can prevent ad injection by switching to the more secure HTTPS protocol, as software like RaGaPa’s can only affect HTTP pages.


Featured image: ACP prod / Dollar Photo Club