Some VPN Services Are Leaving Users Vulnerable
The news has some serious implications for activists and journalists that rely on its protections.
VPNs (Virtual Private Networks) are a wonderful means of accessing censored data outside your geographical location. When I was in Italy, I used one in order to gain access to Netflix, which was not available in that country. Others use it as a tool to throw off surveillance bots. But a recent study has some disturbing news, revealing some of the top VPN services have been leaking user data.
The expectation with these services is anonymity — a user's traffic will be encrypted and can't be traced. But researchers from the Queen Mary, University of London found that after examining 14 of the top VPN services, 11 of them had been leaking user information. It's a vulnerability called “IPv6 leakage.”
Websites have been switching to use the new IPv6 protocol. But these VPNs haven't made the upgrade and only protect traffic up to IPv4. The researchers report the information leaked ranged from metadata (e.g., pages the user went to) to the content of their online communications. Fortunately, the researchers say that users who stuck to HTTPS sites would not be affected.
Dr. Gareth Tyson, co-author of the study, explained the heavy implications of this find:
"There are a variety of reasons why someone might want to hide their identity online and it's worrying that they might be vulnerable despite using a service that is specifically designed to protect them."
We're most concerned for those people trying to protect their browsing from oppressive regimes. They could be emboldened by their supposed anonymity while actually revealing all their data and online activity and exposing themselves to possible repercussions."
As a solution for anyone using a vulnerable VPN service, I recommend downloading Tor. It works similar to a VPN. It bounces your traffic across several nodes across the globe, making it difficult to trace. For instance, all web pages I'm visiting right now think I'm a PC user from Sweden, when I'm actually a Mac user from America. If you want to double your efforts to protect your anonymity, the search engine DuckDuckGo has a no-track policy. After all, you can never have too many layers of security.
It's upsetting that attaining some semblance of privacy in this day and age must be sought after through VPN services or finding alternative utilities, like Tor. Brad Templeton would agree. He argues that we're all a part of a surveillance apparatus that would even be beyond the imagination George Orwell.