Subj : 6 reasons why VPNs are in danger of dying
To   : All
From : TechnologyDaily
Date : Wed Aug 23 2023 23:00:03

6 reasons why VPNs are in danger of dying

Date:
Wed, 15 Nov 2017 09:18:15 +0000

Description:
VPN services can be a valuable tool for ensuring your online security, but 
they arent without weaknesses.

FULL STORY
======================================================================

The internet is a virtual minefield of hazards, and you need to protect 
yourself. VPNs continue to increase in popularity, and many users are turning 
to the best VPN services as a way to keep their communications secure and to 
protect their privacy. 

VPNs arent just for helping defend yourself when using insecure public Wi-Fi, 
either  they remain an important tool in keeping a home network secure. 

As weve seen WPA2 (wireless) exploits like Krack , those using a VPN  even 
with a compromised home network  would still have protected their data from 
potential hackers. This is important, as it seems were still a long way away 
from adopting the more secure WPA3 standard on wireless networks. Weve also 
debunked 6 common myths concerning VPNs 

Despite all the numerous advantages and uses for a VPN, there are potential 
downsides, too. 

In this article were going to discuss six clear weak spots of VPN services, 
from the level of anonymity theyre supposed to guarantee, to issues revolving 
around user data, and the ever-present specter of mass decryption. 1. 100% 
anonymity  or not 

A VPN creates a private tunnel for a users encrypted data to travel down, but 
cannot guarantee complete or even 99% anonymity. Firstly, while the VPN 
service may promise that it does not log or share data, it is impossible to 
know if this is really the case. There is no way of seeing behind-the-scenes, 
as it were, to view how the VPN really works. (See below for more about 
logging) 

Furthermore, there are multiple ways in which the data can be breached, 
including IP leaks (which can mostly be protected against with a VPN kill 
switch ), and DNS leaks. 

Even if a VPN provider uses their own DNS servers, you must have their 
software set up properly on your device to protect yourself, otherwise the 
requests you make to visit websites will be available to anyone with access 
to your ISPs records, even if you do use a VPN. For more information, see our 
guide What is a DNS leak . 

Most modern web browsers also support WebRTC (Real-time communication). In 
theory this is a useful school that allows you to place voice and video calls 
via your browser without installing additional tools. In practice, it needs 
to broadcast your IP address to do this and in some cases it doesnt do this 
through the encrypted data tunnel to your VPN provider. The bottom line is 
that your real IP address can leak onto the internet. Luckily this is quite 
easy to fix, either through changing your browser settings or by using a 
browser add-on. Make sure you know all about WebRTC leaks and how to prevent 
them . 

For those users who truly want to take their level of online anonymity to the 
next level, weve looked at combining Tor and VPN , although this introduces 
its own set of issues (including whether the VPN or Tor browser should be 
started first for maximum privacy and anonymity). 

Using Tor also comes with its own privacy issues, particularly if youre 
accessing the clear internet via an exit relay instead of a tor hidden 
service (.onion address). 2. Geo-blocking working against the user 

We were promised decades ago that the internet would enable the exchange of 
ideas and content without any barriers. However, these days thats hardly the 
case, and one prime example of a barrier is geo-blocking . This is where 
content is restricted on the basis of the users location. 

There are plenty of examples of the best streaming VPNs being used to access 
geo-blocked content, such as enabling access to the BBCs iPlayer from outside 
of the UK, or using the purpose-made VPN Getflix , which is purpose-built for 
circumventing Netflixs geo-restrictions. 

While a VPN can be useful as a workaround to bypass geo-blocking, it can also 
be a double-edged sword, in some cases making the internet frustratingly 
difficult to use. 

This can occur when using a VPN with an offshore server, and then attempting 
to access a local map, local traffic data, or even the online circular for a 
local merchant, none of which will be accessible. 

Also, with the VPN directing the tunnel to a server outside of your home 
country, you could lose access to popular country-specific websites such as 
Amazon. 

Furthermore, you can get geo-blocked when you try to watch online video from 
your cable carrier, or access your local newspaper. Sure, a better VPN will 
have plenty of servers in your own country to run your tunnel through, but 
this still becomes one more thing you have to pay attention to, with 
potential for hassles therein. 

You can overcome this issue by using a VPN provider which supports split 
tunneling . This involves setting up a specific app like Netflix to connect 
via a VPN server, leaving the rest of your traffic unaffected. 

This has privacy implications, as if you use another app which is not 
connected to the VPN, your IP address will be available to the Internet at 
large. Your data also wont necessarily be encrypted. Still, it does save the 
trouble of manually switching servers each time you want to appear to be in a 
different country. 3. Logs kept by VPN services 

The concern with a VPN is that it may keep user data, specifically your data, 
and have a log of internet activities to provide to authorities. In the end, 
if you choose the wrong VPN, the record of your online activity may be hidden 
from your ISP, but instead it could be maintained by your VPN. So all youve 
done is change who is monitoring you. 

The solution is to seek out a no log VPN - effectively, the most private VPNs 
you can get - which means that the provider promises user data is not logged, 
and therefore not stored, so there is nothing to hand over to anyone down the 
road. Some VPN services even market themselves with their no log feature, and 
a good example of this is NordVPN . 

Unfortunately, if you look deeper into the issue, you may find that one no 
log policy differs from another. For example, while NordVPN clearly states it 
has a no log policy, its exact stance on session logging is not clear  in 
other words, some of this may occur. Session logging does not record the 
actual data transferred, but just the time of logging on and off, as well as 
the IP addresses visited. But that data could still be used against someone. 
And this does happen. 

Want a real-world example? Popular VPN HideMyAss responded to a court order 
back in 2011, and provided session logs for a hacker that was a member of 
LulzSec, and this resulted in an arrest. Furthermore, this is not an isolated 
example  theres a more recent one of PureVPN collaborating with the FBI  so 
these logging policies and practices can potentially have serious 
implications. 

The gold standard when it comes to logging is to find a provider which 
regularly submits to audits by a trusted third-party to ensure their no 
logging claims are true. 4. Free VPNs arent worth it 

Many folks want to save money, obviously enough, and the best free VPNs can 
sound really tempting. 

However, take a step back for a moment and realize that any business that 
wants to stick around has to make money at some point. Even free VPNs need to 
make a profit. 

In one case, the VPN service Hola was accused of taking the bandwidth of 47 
million users of the free offering, and allegedly selling this through a 
separate service known as Luminati (also owned by Hola). This plan allowed 
users IP addresses to be used for exit nodes. 

In fact, selling user data to cover costs is a popular way for free VPNs to 
operate. As worrying as this, the apps are sometimes used to distribute 
malware. 

In November 2022 security researchers found that a free VPN Android app, 
which had been downloaded multiple times via links in Telegram message boards 
contained the spyware Sandstrike, which harvests user information. The scary 
part is that the app wasnt a virus per se: it did function as a VPN app 
should, just also harvesting data about certain users. 

In short, tread carefully if youre picking a free VPN. When it comes to 
software, consider using an open source VPN client like OpenVPN Connect if 
the provider supports it. Make sure to download VPN programs only from 
official sources such as the Google Play or Apple App Stores and verify all 
web links. 5. Data mining 

While VPNs promise a high level of privacy, this isnt consistently the case. 
With so much data going through a VPN, there are plenty of opportunities to 
use it for nefarious purposes. Also remember that the VPN has the key to 
decrypt the data that goes through its server. 

Only the reputable VPNs will keep all of your info private, and there are 
multiple access points that can be compromised, including IP addresses, MAC 
addresses, geo-location data, and DNS requests. Furthermore, its nigh-on 
impossible to know what is really going on with your data behind the scenes  
until a scandal story hits the news headlines. 

Of course this is no more true of a VPN Provider than your ISP but remember 
when you start a VPN subscription, youre simply shifting your trust from one 
company to the other. 

Admittedly VPN Providers entire business model relies on respecting user 
privacy, so they may not willingly hand over information. Still, some 
jurisdictions allow VPN services to be served secret court orders where they 
have to start recording information like your IP address and DNS requests 
without telling you. 

If youre concerned about this, consider using a VPN which has a  warrant 
canary . This simply involves the provider confirming at regular intervals 
e.g. through a monthly video address that they have not been subjected to any 
secret warrants or subpoenas. If they fail to regularly confirm this, youre 
then free to close your account and use another service. 6. Mass decryption 

The truly colossal number-crunching power of todays supercomputers raises 
concern around the issue of who else has the power to peek inside a users VPN 
tunnel. 

This process is termed mass decryption and the likes of government 
cybersecurity agencies certainly have the massive power needed to crack 
current levels of encryption used by modern VPN protocols. 

In September 2013 Edward Snowden leaked NSA documents which seemed to show 
they had deliberately weakened an open source RNG (random number generator) 
used for elliptic curve cryptography, which is commonly employed in VPNs. 
Theoretically this would allow the NSA to break encryption keys generated 
using the algorithm. 

This was apparently part of their  Bullrun  program, whereby intelligence 
agencies spend hundreds of millions of dollars every year deliberately 
weakening encryption standards. 

So, the short answer is yes, the likes of the NSA might well be able to break 
into VPN tunnels. 

Therefore we must bear in mind that while using a VPN certainly boosts your 
level of privacy, it is far from a guarantee of avoiding government 
surveillance, at least. 

The best thing to do is adopt a layered approach to your security. Consider 
the VPN as the outer layer, then see what you can do to protect your data if 
someone breaks through it. 

Your second layer, for instance, could be to use messaging apps employing 
E2EE end to end encryption. In short this is where the encryption keys used 
to protect a chat, voice or video call never leave your device or that of the 
person youre talking to. 

That means that while a company like Apple might see your data moving through 
their servers, they wont know exactly what youre saying, even if your VPN 
protection is broken. 

E2EE has become so popular that many mainstream apps like Microsoft Teams and 
Zooms Cloud Phone Service supposedly use it. However as these are proprietary 
products its difficult to take big corporations at their word. Try instead to 
use open source apps like Signal Messenger . If the codes publicly available, 
it can be reviewed by security experts to check for any bugs or backdoors. 

The NSA can also only target you if they know youre using a VPN. Some 
providers like NordVPN and VyprVPN support obfuscation technology , whereby 
they try to hide your VPN traffic as regular internet traffic. This can be 
done through specialist servers and or custom protocols, though theres no way 
of knowing if those fools intelligence agencies.



======================================================================
Link to news story:
https://www.techradar.com/news/6-reasons-why-vpns-are-in-danger-of-dying


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.