Are VPNs really private?

In countries where internet censorship and surveillance are government policies, online safety is essential for risky users. Journalists, activists, politicians and others with a large online presence can face serious consequences, even for the websites they visit.

virtual private networks, or vpn, are designed to protect user data from surveillance, but that they do what they claim is of utmost importance to those whose lives may depend on their effectiveness. VPNs’ ability to protect users is also inspiring research conducted by Jedidiah Crandall, an associate professor of computer science at Arizona State University.

Crandall explains that VPNs hide your Internet Protocol or IP address by linking it to a server other than yours and making it appear as if you’re accessing the Internet outside of your normal network.

VPNs were originally designed to access a secure network, but companies have repurposed them so you can escape a restrictive ISP you don’t trust and access a free and secure provider at home.“, says Crandall. “So, the way people use VPNs today is a bit the other way around. »

Crandall notes that this access is useful when users are concerned that their browsing data may be monitored by their ISP or ISP, or when users are in a country that censors their Internet content.

Resources like OpenVPN, a leading global private network and cybersecurity company and the most popular resource for commercial VPN services, provides access to tools that quickly and easily connect to private networks and protect assets. But Crandall’s research aims to reveal privacy claims and reveal whether VPNs can create a false sense of security for their users.

We’re just asking basic questions like, ‘When you reuse VPNs like this, do they have the security features that people expect? “, he says, reiterating the focus of his work on risky users who suffer from strict censorship and surveillance policies. “The first part of the research we did was to look at the VPN tunnel itself, which is an encrypted tunnel between the VPN server and the client, to see what kind of damage attackers can do from there. »

To find out how attacks can be launched, Crandall and a group of researchers simulated a series of attacks from two potential threat paths: client-side, or direct attacks on user devices, and server-side, or attacks on the VPN server accessed by the user. the user’s device. The group detailed their findings in a paper titled ” Blind in/on-path attacks and applications for VPNs “.

The team concluded that traffic can still be attacked from the tunnel in the same way as if a VPN was not usedwith attackers able to redirect connections and deliver malware that users believe a VPN is protecting them from.

“For people around the world, the stakes can be high when VPN providers market false claims about their services. Our research has revealed how VPN-based services, including those that market their VPN service as “invisible” or “unblockable”, can be effectively blocked with little security damage “, explains Ensafi, assistant professor in electrical engineering and computer science.

Leave a Comment