VPNs Have Been Known to Run into Trouble
No Software is Immune to VulnerabilitiesOrdinarily, when you connect to a website from your computer, you do so from your IP address. However, when you use a VPN, rather than sending the message out directly, your data first gets sent to one of the VPN’s servers and is only then routed to its final destination. That means that instead of seeing your IP address, the website you’re visiting sees the IP address of the server, and no one – not your internet security provider, the government, or hackers – is able to trace your online activity back to you. In other words, the whole concept of achieving web security through a VPN is based on keeping your real IP address hidden. That’s why it was so disconcerting when a recent investigation revealed a vulnerability in three major VPNs that caused users’ IP addresses to be leaked. That’s not to say that IP addresses were revealed every time a customer used the VPN, just that under certain conditions it was possible for a hacker to divert the user’s traffic to the hacker’s server instead of the VPN’s and gain access to the user’s real IP address. Although this was obviously not good news, vulnerabilities like this crop up all the time in the cybersecurity world. What’s important is how proactive companies are in identifying and fixing them. Fortunately, two of the providers implicated in the study have since created a patch for the updated versions of their VPNs.
Certain VPN Mobile Apps Have Been Found to Contain MalwareA study by the Commonwealth Scientific and Industrial Research Organisation found that of 283 VPN Android apps examined, 38% showed indications of being infected with some form of malware. That said, once the researchers controlled for a high probability of false positives, they reduced that number to four percent. Almost half of this malware was for the purpose of advertising. In addition, 82% of the apps requested permission to access sensitive data, such as user accounts and text messages, and 18% used tunneling technologies that aren’t encrypted. What may be more disconcerting to some is how little VPN users are aware of potential risks. Because VPN apps require the ability to manipulate all of your phone’s web traffic, Android sends users two warnings notifying them of the change to their device. However, few users are likely to understand the full implication of granting such permission to a third party. Moreover, VPN users tend to give favorable reviews, and even when they don’t, security is low on their list of gripes. In fact, less than one percent of negative reviews for the VPN apps studied were related to security concerns.
Steps You Can Take to Improve Your SecurityIt’s clear from many of the above examples that the primary reason VPNs might put users’ privacy at risk is for the benefit of advertisers. From this, we can deduce that – because they don’t need to rely on advertising for revenue – VPNs that you have to pay for might be more trustworthy than free VPNs. That said, there do exist reputable free VPNs that manage to keep their doors open without selling your data. Generally, these make their money by openly displaying advertisements or by limiting features in order to encourage users to upgrade to a paid plan. And in the case of both paid and free VPNs, there are steps you can take to ensure your privacy and security:
- Make sure you have antivirus software installed on your device.
- Seek out objective third-parties that test and review VPNs.