Advertisement

Active Hackathon

Are VPNs As Safe As We Thought?

On June 5, the Nigerian government announced an indefinite ban on Twitter. Google searches for virtual private networks (VPN) saw a 14X spike on the same day in the African country. Last year, a similar surge in demand for VPNs was observed in Hong Kong after China proposed strict new national security laws. 

VPN offers users a secure and private channel to communicate over the internet. It encrypts users’ internet traffic to mask their online identity making it difficult for third parties to track their online activities and steal data. The encryption happens in real-time.

THE BELAMY

Sign up for your weekly dose of what's up in emerging technology.

What are VPNs?

A VPN hides the user’s IP address and allows the network to redirect it through a specially configured remote server run by a VPN host: Think of it as a private tunnel over the open network. When a user tries to surf online, the VPN server becomes the source of the data. Some VPNs encrypt the user’s connection to the internet, disguise IP addresses preventing it from getting tracked by internet service providers or even the government about the virtual whereabouts of the user. A VPN also works like a filter that turns all data exchanged on the network gibberish, rendering it unreadable.

Advantages of VPNs:

  • VPN hides online activities even on public networks
  • VPN servers hide the user’s actual location because the demographic location data comes from servers in a different location.
  • Many services and websites are accessible only from certain parts of the world. With VPN location spoofing, a user can switch to a server in another country and virtually ‘change’ their location.
  • In remote working environments, VPNs can offer a secure network to access important and confidential files on the company’s network.

Challenges

VPN being entirely secure is a myth. A 2016 study of 283 Andriod VPN apps by the Commonwealth Scientific and Industrial Research Organisation in Australia found that as many as 67% of the apps embedded at least one tracking library in their code to track users’ online activities. 84 percent of these apps were unable to encrypt the online data of the users properly. The study also revealed that these dangers are amplified in cases of free VPN apps.

It is a common misconception that VPN is a free pass for nefarious activities under the cloak of anonymity. While it is difficult to trace the origin to the local address, it is still possible to see what you are doing online.

VPNs can also be hacked. Recently, the Colonial Pipeline came under a ransomware attack disrupting the fuel supplies to the US Southeast. DarkSide broke into the company’s systems by taking advantage of a compromised password for the VPN. This particular VPN account was not in use during the attack but still provided access to Colonial’s network. Company’s CEO Joseph Blount told a US Senate committee, “In the case of this particular legacy VPN, it only had single-factor authentication.”

In April, cybersecurity firm FireEye alleged hackers tried breaking into US and Europe-based government agencies, defence companies, and other financial institutions. The hackers, purportedly from China, took advantage of a vulnerability in the Pulse Secure VPN, a widely used remote connectivity tool.

When it comes to VPNs, an important factor to consider is regional based legality associated with its use. As many as ten countries, including China, Belarus, and North Korea, have banned VPNs for reasons including censorship, information control, and muzzling dissent. Port blocking and deep packet inspection are two main methods of VPN blocking.

Moving beyond VPNs

Zero trust is being increasingly favoured in corporate settings in place of VPNs. Unlike the traditional VPN model that uses a one-time authentication process and automatically assumes that all users within the network are genuine, zero trust authenticates each user or device that accesses the network. This gives zero trust an edge over VPNs in terms of security.

Apple, during its ongoing WWD conference, introduced iCloud Private Relay. Several tech pundits are calling it ‘VPN killer’. This new feature encrypts users’ traffic through two internet relays without letting any entity see the content of the user’s browsing data. It hides user traffic from ISPs, advertisers, and even Apple itself.

More Great AIM Stories

Shraddha Goled
I am a technology journalist with AIM. I write stories focused on the AI landscape in India and around the world with a special interest in analysing its long term impact on individuals and societies. Reach out to me at shraddha.goled@analyticsindiamag.com.

Our Upcoming Events

Conference, Virtual
Genpact Analytics Career Day
3rd Sep

Conference, in-person (Bangalore)
Cypher 2022
21-23rd Sep

Conference, in-person (Bangalore)
Machine Learning Developers Summit (MLDS) 2023
19-20th Jan, 2023

Conference, in-person (Bangalore)
Data Engineering Summit (DES) 2023
21st Apr, 2023

Conference, in-person (Bangalore)
MachineCon 2023
23rd Jun, 2023

3 Ways to Join our Community

Discord Server

Stay Connected with a larger ecosystem of data science and ML Professionals

Telegram Channel

Discover special offers, top stories, upcoming events, and more.

Subscribe to our newsletter

Get the latest updates from AIM
MOST POPULAR

Council Post: How to Evolve with Changing Workforce

The demand for digital roles is growing rapidly, and scouting for talent is becoming more and more difficult. If organisations do not change their ways to adapt and alter their strategy, it could have a significant business impact.

All Tech Giants: On your Mark, Get Set – Slow!

In September 2021, the FTC published a report on M&As of five top companies in the US that have escaped the antitrust laws. These were Alphabet/Google, Amazon, Apple, Facebook, and Microsoft.

The Digital Transformation Journey of Vedanta

In the current digital ecosystem, the evolving technologies can be seen both as an opportunity to gain new insights as well as a disruption by others, says Vineet Jaiswal, chief digital and technology officer at Vedanta Resources Limited

BlenderBot — Public, Yet Not Too Public

As a footnote, Meta cites access will be granted to academic researchers and people affiliated to government organisations, civil society groups, academia and global industry research labs.