VPN Shame

A Compiled List of VPN Services That Have Been Caught Logging, Lying or Hacked

StrongVPN is Wrapped Up in the IPVanish Logging Scandal — 07/08/2018

StrongVPN is Wrapped Up in the IPVanish Logging Scandal

When looking at the IPVanish logging situation and relating what companies are caught up in this anti-privacy scandal, we need to look for specific company names. IPVanish, its parent company StackPath, and the line of company acquisitions that led to StackPath. IPVanish was owned by a parent company, HighWinds, who also acquired a company who has hosting and routing resources called BandCon. Recently, all of these involved companies were acquired by StackPath.

So we have BandCon = IPVanish = HighWinds = StackPath. When we say any of these names pop up, we know that the VPN service is using StackPath/HighWinds infrastructure and can be wittingly or unwittingly logging all of their users.

When looking at IPs and Domains that are owned by StrongVPN, the name ReliableHosting comes up everywhere. Their customer support even comes from a @reliablehosting.com domain.

Here’s an example:

If we look up IP ranges that are assigned to StrongVPN, A lot of them are directly using StackPath infrastructure:

Exhibit A:

Exhibit B:

Exhibit C:

We can also see that StackPath is one of their primary peers for network connectivity here:

One might think that this link between StrongVPN and StackPath isn’t very strong. But a simple Google search gives you a number of employees that work for StackPath and ReliableHosting, or StackPath and StrongVPN.

Either StrongVPN is owned by StackPath outright, or the companies are so close that they share a significant number of employees. StrongVPN, like IPVanish, claims that they do not log any user information.

After it has been proven that IPVanish logs, we should not trust any StackPath company, any company that shares employees with StackPath, nor any company that is using StackPath infrastructure as it can be knowingly or unknowingly logging their users and violating their privacy.

ExpressVPN Had Their Servers Seized – They Contained No Logs —

ExpressVPN Had Their Servers Seized – They Contained No Logs

ExpressVPN had one of their servers seized in Turkey by the authorities who were investigating an assassination of an official in Ankara.

According to the Turkish authorities, some information about a police officer (their Gmail and Facebook) was deleted remotely by someone using the ExpressVPN service. The server that they had seized contained no logs and did not help with the investigation.

This is one of the rare cases where we get to see if a VPN is telling the truth when they assert that they do not keep any logs.

While it is unfortunate when a VPN acts as a roadblock to a genuine investigation, we also have to consider the enormous benefit that the public has by not allowing unfettered access to all of our internet traffic.

The threat of parties using our information for reasons outside of our own interests is far greater than the downside of authorities needing to conduct investigations with more traditional police-work. It is absolutely crucial that no-log services like these remain vigilant about protecting our privacy.

In a statement, ExpressVPN commented:

“While it’s unfortunate that security tools like VPNs can be abused for illicit purposes, they are critical for our safety and the preservation of our right to privacy online. ExpressVPN is fundamentally opposed to any efforts to install “backdoors” or attempts by governments to otherwise undermine such technologies.”

The Hola VPN Browser Plugin Shares Your Internet Connection with Botnets — 01/07/2018

The Hola VPN Browser Plugin Shares Your Internet Connection with Botnets

The Hola VPN Browser Plugin Shares Your Internet Connection with Botnets

The popular Hola VPN extension is funded by reselling the bandwidth of the people on the network, allowing malicious users to stage attacks from your home IP address.

Further, it contains / contained serious security vulnerabilities that can compromise the systems of Hola users.

Security firm Vectra writes (source TorrentFreak):

“First, the Hola software can download and install any additional software without the user’s knowledge. This is because in addition to being signed with a valid code-signing certificate, once Hola has been installed, the software installs its own code-signing certificate on the user’s system.”

If the implications of that aren’t entirely clear, Vectra assists on that front too. On Windows machines, the certificate is added to the Trusted Publishers Certificate Store which allows *any code* to be installed and run with no notification given to the user. That is frightening.

Furthermore, Vectra found that Hola contains a built-in console (“zconsole”) that is not only constantly active but also has powerful functions including the ability to kill running processes, download a file and run it whilst bypassing anti-virus software, plus read and write content to any IP address or device.[see update]

“These capabilities enable a competent attacker to accomplish almost anything. This shifts the discussion away from a leaky and unscrupulous anonymity network, and instead forces us to acknowledge the possibility that an attacker could easily use Hola as a platform to launch a targeted attack within any network containing the Hola software,” Vectra says.

Finally, Vectra says that while analyzing the protocol used by Hola, its researchers found five different malware samples on VirusTotal that contain the Hola protocol. Worryingly, they existed before the recent bad press.”

Hola has a bad security reputation and sells your bandwidth to the highest bidder.

Even worse, Hola logs pretty heavily, according to their own privacy policy:

And if you sign up with a social media account, they harvest everything that is public as well:

So to sum up Hola VPN: Botnets, Selling Your Bandwidth, Security Vulnerabilities, Data Harvesting for “Analytics.”