Skip to main content

Many big VPNs have glaring security problems

MacBook Keyboard
Image used with permission by copyright holder
A new study to come out of the Sapienza University of Rome and Queen Mary University of London has found that a large number of commercial virtual private network (VPN) providers utilize systems that are wide open to attacks. The potential is there, the researchers say, for those using VPN services to have their browsing history and other Internet-related traffic viewed by external actors, without too much difficulty.

Of all the 16 services considered as part of the study, only one was protected from DNS hijacking. However even that one fell down when it came to IPv6-leaks, along with 13 of the other VPN companies.

vpns
Image used with permission by copyright holder

To make matters worse, over half of the services looked into used the Point-to-Point Tunnelling Protocol with MS-CHAPv2 authentications, which, as TechReport points out, makes them vulnerable to brute force hacks.

These revelations are problematic for the VPN industry — and specifically the companies named and shamed — as their whole job is to obfuscate a user’s Internet traffic. If that is as obvious when using a VPN as without, then it’s technically worse to use one of these services, since those hoping to infiltrate their servers know that the person behind the traffic doesn’t want to be found.

This is also sad news for those that were hoping to hide their traffic from an overintrusive government. While some VPN providers would be unlikely to work directly with the authorities of any nation, the NSA and GHCQ have shown a penchant for hacking and the use of malware to garner information, so it wouldn’t be surprising to learn that some of these VPNs have been infiltrated by government organizations.

Do any of you use these VPN services? If so, do you plan to continue doing so after these revelations?

Jon Martindale
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
The best VPN for torrenting for 2021
Surfshark interface displayed on a Mac screen.

A virtual private network is an excellent way to protect yourself and your family from the various dangers you can encounter when using the internet, but there are some extra considerations involved when choosing the right VPN for torrenting. It is also very easy to set up and use. While you don't have to look too far to find the best VPN service for your needs, choosing the right torrenting VPN among the variety of providers out there today can be a bit challenging if you don't know what to look for.

Let us ease your burden a bit. If you're looking for a good VPN for torrenting and online privacy and none of the best free VPNs are quite robust enough for your needs (and they rarely are), we've put together a quick and handy guide that lays out the best torrenting VPN providers broken down by pricing and features. We also delve a little deeper into what particular things to look for when choosing a VPN for torrenting.
Best VPN for torrenting in 2021

Read more
Are free VPNs safe? What you need to know
Man holding phone running VPN to browse anonymously.

You've probably at least heard of virtual private networks (more commonly referred to as VPNs) and if you're at all concerned with digital privacy and security, you might have already done a bit of research on them and have been pricing them out a bit. You've likely also noticed that there are some free VPN plans out there, which might seem too good to be true -- after all, if these services cost money to operate, why would anybody offer it for free?

That's a fair question, and as you can imagine, there's a pretty big catch with those "free" VPNs. Virtual private networks require hardware infrastructure to run (which means money), and free providers have to recoup their costs somehow. They typically do this by collecting and selling your data to marketers, which means they're likely keeping some sort of activity log. This defeats much of the purpose of using a VPN -- protecting your online activity, habits, and information from third parties and other assorted snoops -- in the first place. And in any case, are you really willing to risk your online security just to save a few bucks each month?

Read more