Over the past few years, we’ve seen a veritable avalanche of security breaches and data leaks, while Congress has passed laws demolishing what little regulation existed to control how ISPs gather and sell your data. This has led many people to look for third-party privacy solutions. Virtual private networks (VPNs) offer a solution to some of these issues by masking one’s browsing habits, but only if the VPNs are themselves secure. New security research suggests many of them aren’t.
VoidSec tested a total of 70 VPNs thus far and found that 16 of them leak data via this known WebRTC bug. He also set up a website you can use to test if your VPN leaks information, demo code you can run if you don’t want to submit your IP address to a web host, and a Google document where users can submit their own findings. In order to function, a VPN has to know both your real IP address and the public IP address it has assigned to you. WebRTC shouldn’t be allowed to query that information, but thanks to this bug, it can. This means the protocol can be used to unmask anyone using a VPN. VoidSec writes:
WebRTC allows requests to be made to STUN servers which return the “hidden” home IP-address as well as local network addresses for the system that is being used by the user.
The following VPNs leak IP addresses:
As for browser-level vulnerability, be advised that most browsers rely on WebRTC and enable it by default. BleepingComputer also notes that another recent investigation by TheBestVPN.com found that many prominent VPN providers also log critical user details, including VyprVPN, Anonymizer, HideMyAss, and HolaVPN. Different companies log different things, but personal details, IP addresses, connection timestamps, device types, payment information, and the various websites you visit are all logged by at least some of these companies. In short, don’t assume that just because you’re using a VPN your data is actually being kept private in any meaningful way.
No Flying Cars Yet, But How About a $300 Toaster With a Touch Screen?
As 2020 draws to a close, there's still no word on flying cars, but don't worry: We found something even better. For a certain definition of the word "better."
Current x86 vs. Apple M1 Performance Measurements Are Flawed
There's an intrinsic difference between x86 and ARM CPU designs that makes comparing performance difficult — and it didn't get noticed in the initial wave of coverage.
Leaked Benchmarks Paint Conflicting Picture of Intel’s Rocket Lake
Rumors about Rocket Lake have pointed in two opposite directions recently, but the more competitive figures are more likely to be true.
Google Pixel Slate Owners Report Failing Flash Storage
Google's product support forums are flooded with angry Pixel Slate owners who say their devices are running into frequent, crippling storage errors.