cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Community Champion

The BEST VPN Ever!

A VPN provider knows who you are and sees what you get up to, even if the routers through which your encrypted VPN packets travel do not. Many VPNs tell you that “they don’t keep any logs at all”, and therefore that they would have nothing on you that they could hand over to law enforcement even if they wanted to, but many countries have legal mechanisms whereby various authorities – with without a warrant, depending on the jurisdiction – can compel a service provider not only to start keeping logs for specific individuals, but also to keep quiet about the fact – in other words, they have to keep logs of your traffic, but they are gagged from warning you up front, and they can’t tell you even if you ask.

 

In a report published by VPNmentor.com it details precisely how Free VPNs expose user identities, activities and much, much more. The study examines how VPNs are ‘white-labeled’ apps, created by one entity and rebranded for use under multiple names. That's problematic especially when there is a breach. Case in point with the apps listed in the article where activity data on than 20 million users was exposed.

1 Reply
Highlighted
Community Champion

Re: The BEST VPN Ever!


@AppDefects wrote:

A VPN provider knows who you are and sees what you get up to, even if the routers through which your encrypted VPN packets travel do not. Many VPNs tell you that “they don’t keep any logs at all”, and therefore that they would have nothing on you that they could hand over to law enforcement even if they wanted to, but many countries have legal mechanisms whereby various authorities – with without a warrant, depending on the jurisdiction – can compel a service provider not only to start keeping logs for specific individuals, but also to keep quiet about the fact – in other words, they have to keep logs of your traffic, but they are gagged from warning you up front, and they can’t tell you even if you ask.

 

In a report published by VPNmentor.com it details precisely how Free VPNs expose user identities, activities and much, much more. The study examines how VPNs are ‘white-labeled’ apps, created by one entity and rebranded for use under multiple names. That's problematic especially when there is a breach. Case in point with the apps listed in the article where activity data on than 20 million users was exposed.


Thank you for spotting this report, Rachel.  A lot of good information in it. A few thoughts come to mind.

 

1. Server farms and backbone connections are not free. Someone must be paying the bills.

2. If the service is completely free, you are not the customer, you are the product. (We all knew this, right?)

3. Free service might be legitimate if it is clearly a loss-leader marketing tool, set up to introduce customers to the upgrade for the full service paid subscription. See the second article linked from the report, 10 Best (REALLY FREE) VPN Services That Still Work in 2020

4. Internet services and downloadable applications set up for malicious purposes, as opposed to just by ignorant or naive programmers, will outright lie about their features, or use carefully misleading wording (can you say "ZOOM," Children?), to claim quality they have no intention of providing.

5. Hmmm, maybe this "white label" VPN service set is intentionally openly hackable, so the real client can easily scrape the date into the master spook database. 

6. Given the severe government control of all technology in China, and the current political mess in Hong Kong, there might be some interesting corporate linkages for these "companies" crossing the border to the mainland even before the latest fiats from Beijing.

7. The report author strikes me as a bit naive to believe he can influence these miscreant companies to correct their "errors" in programming and configuration.

 

Stay healthy, y'all!

 

Craig

 

 

 

Dr. D. Cragin Shelton, CISSP
Dr.Cragin@iCloud.com
https://CraginS.blogspot.com/
My Community Profile
My LinkedIn Profile
href="Not Passing a Cert Exam is Not the Same as Failing" target="new";;https://cragins.blogspot.com/2018/08/pass-rates-for-professional-exams.html