Using Free VPN? Be Aware Of High Security Risks!
Majority Of Sketchy Apps Can Be Traced To Asia, Study Finds
Metric Labs’ Top10VPN conducted a rare investigation into the ownership structure and responsiveness of top VPN providers who distributed their services on iOS and through Google’s Play Store. 86 per cent are deemed to have substandard security policies that failed to disclose how the data was used. And 59 per cent are either Asia-backed, or actually based in Asia.
“It was often very challenging to verify who was actually behind these VPN apps, due to the great lengths companies went to in order to hide their ultimate ownership, and far beyond the means of the typical consumer to discover,” concluded head of research Simon Migliano, who collated the data.
A VPN Provider Can Potentially Track And Manipulate Your Internet Activities
VPNs act like a bridge: netizens’ network traffic is routed through the VPN provider so that for all intents and purposes, each user appears on the internet at the location of the VPN’s gateway. So, someone in the USA can use a VPN in the UK to appear as though they are using the web from Blighty. This obscures the true public IP address of the user. Also, connections to and from the user and the VPN are typically encrypted so if you’re worried about your hotel or airport Wi-Fi being spied on, the VPN tunnel will mask it.
However, this means you place an enormous amount of trust in your VPN provider, which becomes effectively a second ISP. By carrying your network traffic, the VPN provider can potentially snoop on and tamper with your web browsing and internet activities. Websites and other online services that use HTTPS, or similar encryption, with mitigations to prevent man-in-the-middle eavesdropping can evade snooping VPNs.
Why You Shouldn’t Trust A Stranger’s VPN? Plenty Leak Your IP Addresses
Anything in plain-text or non-HTTPS is absolutely fair game. In any case, the VPN provider can see which websites you’re attempting to connect to by looking at clear-text DNS look-ups and destination IP addresses. Ads and dodgy downloads can be injected into unsecured web pages, and any personal data siphoned off can be sold – these free apps have to make money somehow.
And yet despite the dangers, it’s trivial to operate a server and post a wrapper to one of the two popular app stores.
Many Popular Free VPNs Are Sketchy Operations With Dubious Privacy Policies
The VPNs Migliano studied were traced to China, Israel and Ukraine. One singled-out operator distributes the SnapVPN and Turbo VPN apps with over 10 million downloads.
“It is disturbing that so few of these companies even had a website while those that did avoided revealing any information about themselves and yet were able to gain credibility by virtue of being approved by Apple and Google for listing in their app stores,” Migliano said.
He found that half (52 per cent) of customer support emails were personal accounts, such as Gmail or Yahoo addresses. Over eight in 10 (83 per cent) app customer support requests for assistance were ignored.
He called Apple and Google’s failure to curate the apps “a dereliction of duty.”
Photography: Joseph Gruenthal
December 29, 2018