Daily Archives: September 5, 2025

BMW kills home assistant integration access to paid ConnectedDrive API to “protect security”

Posted on by

So you pay hundreds yearly for access to the Connected Drive API. You use Home Assistant to set the charging times of your BMW depending on when the price of electricity is low. BMW shuts you down (no re-imbursement, of course) and forces you to use one of their Charge Point providers. BMW then says it’s because of security.

I guess things are going very badly for BMW when they are making deals like this one as well as charging you subscriptions to use stuff in your car that you already paid for.

18 popular VPNs turn out to belong to 3 different owners – and contain insecurities as well

Posted on by

A new peer-reviewed study alleges that 18 of the 100 most-downloaded virtual private network (VPN) apps on the Google Play Store are secretly connected in three large families, despite claiming to be independent providers. The paper doesn’t indict any of our picks for the best VPN, but the services it investigates are popular, with 700 million collective downloads on Android alone.

The study, published in the journal of the Privacy Enhancing Technologies Symposium (PETS), doesn’t just find that the VPNs in question failed to disclose behind-the-scenes relationships, but also that their shared infrastructures contain serious security flaws. Well-known services like Turbo VPN, VPN Proxy Master and X-VPN were found to be vulnerable to attacks capable of exposing a user’s browsing activity and injecting corrupted data.

Titled “Hidden Links: Analyzing Secret Families of VPN apps,” the paper was inspired by an investigation by VPN Pro, which found that several VPN companies each were selling multiple apps without identifying the connections between them. This spurred the “Hidden Links” researchers to ask whether the relationships between secretly co-owned VPNs could be documented systematically.

[…]

Family A consists of Turbo VPN, Turbo VPN Lite, VPN Monster, VPN Proxy Master, VPN Proxy Master Lite, Snap VPN, Robot VPN and SuperNet VPN. These were found to be shared between three providers — Innovative Connecting, Lemon Clove and Autumn Breeze. All three have all been linked to Qihoo 360, a firm based in mainland China and identified as a “Chinese military company” by the US Department of Defense.

Family B consists of Global VPN, XY VPN, Super Z VPN, Touch VPN, VPN ProMaster, 3X VPN, VPN Inf and Melon VPN. These eight services, which are shared between five providers, all use the same IP addresses from the same hosting company.

Family C consists of X-VPN and Fast Potato VPN. Although these two apps each come from a different provider, the researchers found that both used very similar code and included the same custom VPN protocol.

If you’re a VPN user, this study should concern you for two reasons. The first problem is that companies entrusted with your private activities and personal data are not being honest about where they’re based, who owns them or who they might be sharing your sensitive information with. Even if their apps were all perfect, this would be a severe breach of trust.

But their apps are far from perfect, which is the second problem. All 18 VPNs across all three families use the Shadowsocks protocol with a hard-coded password, which makes them susceptible to takeover from both the server side (which can be used for malware attacks) and the client side (which can be used to eavesdrop on web activity).

[…]

 

Source: Researchers find alarming overlaps among 18 popular VPNs

Batshit crazy UK judge rules you can’t be fired for calling your bosses dickheads

Posted on by

Managers and supervisors brace yourselves: calling the boss a dickhead is not necessarily a sackable offence, a tribunal has ruled.

The ruling came in the case of an office manager who was sacked on the spot when – during a row – she called her manager and another director dickheads.

Kerrie Herbert has been awarded almost £30,000 in compensation and legal costs after an employment tribunal found she had been unfairly dismissed.

The employment judge Sonia Boyes ruled that the scaffolding and brickwork company she worked for had not “acted reasonably in all the circumstances in treating [her] conduct as a sufficient reason to dismiss her”.

“She made a one-off comment to her line manager about him and a director of the business,” Boyes said. “The comment was made during a heated meeting.

“Whilst her comment was not acceptable, there is no suggestion that she had made such comments previously. Further … this one-off comment did not amount to gross misconduct or misconduct so serious to justify summary dismissal.”

The hearing in Cambridge was told Herbert started her £40,000-a-year role at the Northampton firm Main Group Services in October 2018. The business was run by Thomas Swannell and his wife, Anna.

The tribunal heard that in May 2022 the office manager had found documents in her boss’s desk about the costs of employing her, and became upset as she believed he was going to let her go.

When Swannell then raised issues about her performance, she began crying, the hearing was told.

She told the tribunal that she said: “If it was anyone else in this position they would have walked years ago due to the goings-on in the office, but it is only because of you two dickheads that I stayed.”

She said Swannell retorted: “Don’t call me a fucking dickhead or my wife. That’s it, you’re sacked. Pack your kit and fuck off.”

[…]

Boyes found that Herbert was summarily fired because of her use of the word “dickheads” and ruled that the company had failed to follow proper disciplinary procedures.

She concluded that calling her bosses dickheads was not sufficient to fire Herbert and ordered the firm to pay £15,042.81 in compensation.

In her latest judgment she also ruled it had to pay £14,087 towards her legal fees.

Source: Calling boss a dickhead was not a sackable offence, tribunal rules | Employment tribunals | The Guardian