VPNs won't protect you from state spooks and cyber crooks
VPNs are secure lines of communication that set up a private network between devices across public networks. They protect users' privacy by setting up an encrypted tunnel between the device being used and the VPN provider's servers when accessing online services, in theory making it more difficult for hackers to siphon or steal data mid-transit. You can download a VPN as a browser extension if you want to make it harder for others to see what you're looking at on the web.
The research was published by Queen Mary University in London, in a paper titled "A Glance Through the VPN Looking Glass: IPv6 Leakage and DNS Hijacking in Commercial VPN Clients."
The scientists examined the Hide My Ass, IPVanish, Astrill, ExpressVPN, StrongVPN, PureVPN, TorGuard, AirVPN, PrivateInternetAccess, VyprVPN, Tunnelbear, proXPN, Mullvad, and Hotspot Shield Elite services' security.
Disturbingly, the researchers found that a staggering 11 out of the 14 VPNs are vulnerable to an "IPv6 leakage issue."
IPv6 provides and manages the IP addresses devices used to connect to the internet. It's the next generation replacement to IPv4, but more robust. IPv6 was developed to allow more users and devices to communicate on the Internet using a number of under-the-hood changes, including the move to use longer IP addresses.
The leakage issue reportedly stems from the way the VPN's handle Internet Protocol Version 6 (IPv6) traffic. Specifically, the researchers claim the affected VPNs are only able to reliably deal with IPv4 traffic and can leave their users potentially unprotected when visiting sites running the newer IPv6 protocol.
The news is troubling as VPNs are commonly viewed as one of the best ways web users can protect their digital privacy and the use of IPv6 is becoming more widespread.
Controversial whistle blower Edward Snowden listed VPNs as a key way people can protect themselves from government surveillance, such as the NSA's PRISM campaign, during a privacy discussion at the SXSW conference in Texas in March 2014.
Cracking VPN defences has been an ongoing goal of numerous intelligence agencies, including the NSA and GCHQ, according to Snowden documents leaked to Der Spiegel.
Security firm Alienvault reported uncovering similar evidence the Chinese government is working to track VPN users in a JSONP hijacking report in June.
Queen Mary University scientists cited the research and attacks as proof web users need to stop looking for a "silver bullet" technology solution to their privacy concerns and adopt more robust defence strategies.
"A common misconception is that the word 'private' in the VPN initialism is related to the end-user's privacy, rather than to the interconnection of private networks," read the report.
"In reality, privacy and anonymity are features that are hard to obtain, requiring a careful mix of technologies and best practices that directly address a well-defined adversarial/threatmodel. In other words, there is no silver bullet within this domain."
- Facebook and Microsoft aren’t the only ones creating a metaverse — here are five popular coins looking to create digital worlds
- Qatar Airways says it is not accepting passengers on its flights from 2 African nations immediately due to the new Omicron variant
- Gautam Adani, the man who may soon be Asia's richest person, is a college dropout who survived the 2008 Mumbai terrorist attacks and says he was once kidnapped for ransom
- Paytm Q2 result — Operational revenue crosses ₹1000 crore, loss widens by ₹37 crore
- These Indian states have the highest number of international airports; UP tops the list
- Centre raises Bengal labour budget for creation of 27 cr man-days
- Over a million Ethereum tokens have been burned since the big upgrade, but transaction costs are still a pain point for the network
- Loaded Lion NFT sells for $1 million — three days after launching at $200