Are Virtual Private Networks Actually Private?

by
mrpg
from SoylentNews on (#6581V)

hubie writes:

VPNs do not provide the security properties people expect:

"VPNs were originally designed to get into a secure network, but companies have repurposed them so you can escape a restrictive internet service provider you don't trust and access a free and safe one instead," Crandall says. "So, the way people use VPNs today is kind of backwards."

Crandall notes this access is helpful when users are worried about their browsing data being monitored though their internet service provider, or ISP, or when users are in a country that censors their internet activity.

[...] "We're really just asking the fundamental questions like, 'When you repurpose VPNs in this way, do they actually have the security properties that people expect?'" he says, reiterating his work's focus on at-risk users who face severe consequences from censorship and surveillance policies. "The first part of the research that we did was looking at the VPN tunnel itself, which is an encrypted tunnel between the VPN server and the client, to see what kind of damage attackers can do from there."

[...] The team concluded that traffic can still be attacked from the tunnel in the same ways as if VPN were not being used, with attackers able to redirect connections and serve malware, which is what users believe VPN protects them from.

[...] "For people around the world, there can be a lot at stake when VPN providers market with false claims about their services. Our research exposed how VPN-based services, including the ones marketing their VPN service as 'invisible' and 'unblockable,' can be effectively blocked with little collateral damage," says Ensafi, an assistant professor of electrical engineering and computer science. [...]

"As VPNs continue experiencing increased usage, repressive countries have developed some of the most sophisticated censorship and surveillance technology in response," Mixon-Baca says. "This work is crucial to make progress toward understanding how these systems operate and developing defenses for attacks on the users who depend on VPNs."

USENIX presentation slides as well as a ten-minute video of the talk

Original Submission

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments