VPNs (virtual private networks) are a popular choice for sidestepping censorship and geographic restrictions on services like Netflix with more than 20 percent of Europeans using them. However, researchers at the Queen Mary, University of London recently examined 14 of the region’s most popular VPN providers and found nearly all of them leaked information about their users to some degree.
These leaks ranged from minor, ie what site you visited, to major infractions including the actual content of your communications.
The researchers believe this vulnerability is due to network operators updating to the new IPV6 protocol while the 11 leaking VPNs still only support IPV4 traffic. It should be noted, however, that sites using HTTPS were immune to the team’s hacking attempts — both passive traffic sniffing and active DNS hijacks. Additionally, the team found that VPNs running on iOS devices leaked far less info than their counterparts on Android.
“There are a variety of reasons why someone might want to hide their identity online and it’s worrying that they might be vulnerable despite using a service that is specifically designed to protect them,” Dr Gareth Tyson, the study’s co-author, said in a statement. “We’re most concerned for those people trying to protect their browsing from oppressive regimes. They could be emboldened by their supposed anonymity while actually revealing all their data and online activity and exposing themselves to possible repercussions.”
source: engadget.com by Andrew Tarantola