Disclosure: Privacy Australia is community-supported. We may earn a commission when you buy a VPN through one of our links. Learn more.
New VPN Report Finds Mixed Levels of Security
Consumer Reports discovers most virtual private networks don’t hold up to their promises, after it reviews several.
We all know that virtual private networks protect our privacy online. You’ve probably also heard rumours that they don’t actually work and may even install malware. Who is correct?
The Debate 📢️
VPNs have been advertised as a way to mask your online activities from ISPs and governments, as by tunnelling your internet traffic through special private servers.
They’ve actually been around since the inception of the internet, and are a proven cryptographic technology. Which is why we’ve invested six-figure sums in seeking to understand the anatomy of the best virtual network privacy security tools available to Australians – that are effective in our current climate.
But they have also been a source of debate, due to variations in the level of dependability of service providers. Now Consumer Reports has added a latest bookmark in this chapter, with its recently published white paper on VPNs. The 48-page-long review evaluates the security and privacy measures of 16 well-established providers.
White paper findings 📄️
The initial research took on 51 separate companies, but then focused-in on the most established, leading providers among them.
The review was a mixed bag, with the report echoing a long line of past criticisms of the industry – centrally, the lack of transparency, exaggerations used in PR campaigns, and some lack of rigorous regulations in the best security practices. On the other hand, a small number of VPN’s seemed to pass its test standards.
Let’s go over some of the key takeaways:
Much PR in the VPN world is completely useless
CR’s research highlights the fact that VPN services commonly use hyperbole to make snazzy but falsified claims about the real-world effectiveness of its offerings – typically painting a utopianistic picture and under-delivering by a mile.
For instance, consumers may be led to believe VPNs make them totally untraceable online, with companies making statements such as “unparalleled internet anonymity,” with assurances that not only will browsing be private but that they will remain out of the clutches of online surveillance and hackers…among other claims.
Truth is, there are still a host of methods advertisers and companies can employ to track activities across the internet – regardless of if your IP address is masked from inside a virtual tunnel. As the report explains:
Websites often request data that can pinpoint people’s geographic location, such as WiFi networks, device location based on GPS, cell tower identification (CDMA or GSM cell IDs), and more. Various companies collect wide-ranging data, beyond IP addresses, and sell that information to data brokers. Many of the risks that consumers use VPNs to try to protect against are already largely mitigated through the use of HTTPS. And many risks, such as social engineering, are not mitigated by using a VPN.
In short, IP addresses are just one component that telecommunication networks and their affiliates can use to triangulate your location. While VPNs use very impressive sounding terminologies, such as “military grade encryption” – one phrase that gets recycled a lot in VPN digital marketing and PR circles – the report presents a much franker picture.
Some of the more candid VPN providers do admit there is no set encryption standard that militaries use; instead of roughly 42 separate implementations, that vary by armful segment, are used today. So there are more honest VPN services.
Not every VPN is trustworthy
A good cybersecurity program remains your foundational security tool when going head-to-head with the sum landscape of the internet. VPNs cannot always match up to the standards – with many VPN companies not having the best track record for safeguarding customer and PII data from itself.
CR’s report cites research from the University of Michigan, where its researchers were able to develop a tool, known as the “VPNanalyzer” test suite, which discovered numerous security gaps apparent when connecting to some VPNs.
The Michigan research team concluded that “malicious and deceptive behaviors by VPN providers such as traffic interception and manipulation are not widespread but are not nonexistent. In total, the VPNalyzer team filed more than 29 responsible disclosures, 19 of which were for VPNs also studied in this report, and is awaiting responses regarding its findings.”
There were also some instances of data leakages. But CR did not discover much evidence that VPNs were interfering with user networking traffic, when it looked for proof of TLS interference.
It isn’t news that any VPN claiming to be “free” should almost definitely be avoided, and we also have reasons to suspect some of the more established VPNs such as Hola VPN and the new kid on the block, BrightVPN.
Best VPNs ➡️
CRs report gave 4 of the 51 VPN providers top spots for more security and privacy practices. Which were:
- Mozilla VPN
Each of these companies was selected because they did not make exaggerated claims about their deliverables, and also showed great dependability for security and transparency.
Most of the companies also went through published audits by third-party companies to prove they have good security measures in place.
We’ve written in the past about PIA, which stands for Private Internet Access.
You Might Also Like: