Friday, March 29, 2024

7 VPN Services With Supposed No-Logging Policy Leaked Their Users Data

When you use a VPN, you do so because you are concerned about security and privacy. One of the key features of a VPN is its ability to create a secure tunnel between two endpoints and then encrypt the information that is being transmitted.

A common refrain that is heard when discussing VPN services is that if you use a free VPN service, you are what is being sold. Free VPN services will sell your private information to interested parties. That is why most people who are serious about their security opt for paid VPNs that have a no-logging policy.

Seven VPN Services Betray Their No Logging Policy

Will Ellis from Privacy Australia who analyzed some of the most popular VPN solutions explained in his 2020 report that when VPN has a no logging policy that means that the VPN does not keep track of any personally identifiable information. This way, if the VPN servers were hacked or if government institutions tried to get information about people using VPNs, they couldn’t get anything from the VPN company because nothing was recorded. 

Unfortunately, recent reports have shown that seven well-known virtual private network providers who promised their customers a strict no logging policy have been found to keep logs of their users’ online activity. Understandably, users feel betrayed as information they thought was private was actually being stored.

There were 1.2 TB of private user data left on a server that was shared by seven VPN providers. These providers were:

•             Rabbit VPN

•             Secure VPN

•             Flash VPN

•             Super VPN

•             Free VPN

•             Fast VPN

•             UFO VPN

Some information that was exposed included user’s home addresses, email addresses, passwords, and IP addresses. The server was a treasure trove of Internet activity logs. All of this puts in serious doubt the VPN provider’s strict claim of no logs.

The seven above-mentioned VPNs are all part of a Hong Kong-based service. They have the same developer and app. Basically, they are a white label solution that repurposes the same service under unique brands for multiple companies. The seven services are hosted on the same asset. All seven share the same recipient for payment, and all share the same Elasticsearch server.

Verifying the accusations against these seven VPNs, researchers used some of them to connect to servers around the globe. They found that their Internet activities were being recorded in the database. Personal information including email addresses, IP addresses, the servers they were connected to, and the devices they were connecting with were also recorded. Passwords used to create the accounts and usernames were stored.

If that was not enough, the VPN provider was storing tech information about the devices on which the VPN was installed. This was personal information that could easily be used to identify the individual connecting to the VPN. Things like the device model, the ID of the device, the ISP the user was connected to, their actual location, and the name of the user’s network were recorded. This made the VPN worthless.

How Users Are Affected by the Breach of No Logging Policies

Now, most people understand that when they use a VPN, they need to do their due diligence and read the privacy policy and the logging policy of the VPN. When you use a VPN, you are giving the VPN provider access to all the private information you transmit through their servers. You trust that the VPN service you are using will not record your activity. If they will record it, you have every right to expect them to be transparent about their activities.

This is what has so many people up in arms about the activity of these seven VPNs. When you read their logging policies, they promise to keep no logs. The fact that they kept logs could spell serious trouble for the individuals who use these VPNs. It all goes back to the reason why people use a VPN. Some simply want to access streaming services like Netflix from a country where Netflix doesn’t stream. Others use a VPN as an additional level of privacy and security. Some use a VPN because government restrictions prevent them from freely accessing the news.

If the true identity of a person using the VPN, their true location, their true IP address, and other information became public, these individuals might find themselves under government scrutiny, targeted by blackmail, arrested, or victims of fraud.

Understanding the seriousness of these lapses by the above-mentioned seven VPNs, the researchers who examined the case notified the VPN providers on July 5, 2020. Government officials in Hong Kong were notified on July 8, 2020. By July 15, the server was closed.

Things to Consider before Trusting a VPN Service

Before trusting a VPN with your private information, take time to do research. Just because a VPN service says that they have a no log policy, this does not mean that they are not storing information about you. It’s important to verify what is meant by a no logging policy. For some VPNs, it means that while they may not keep your actual IP address, password, and username, they are still storing other information about you that could be used by nefarious individuals to identify who you are and where you are located.

Cheap and free VPN services are to be avoided at all costs. There is a reason a VPN service is free or cheap. Remember, VPN services require servers that need to be maintained. Server maintenance technicians and engineers earn a good salary. If their salary is not being paid through VPN subscribers, one must ask where the money is coming from. In most cases, it comes from your private information being sold.

There are several reputable VPN services that have a reputation for protecting their client’s information. There have been a few notable cases in countries with repressive governments that verify that these reputable VPN services do not keep logs. In one case, the government seized the servers of a VPN. However, the government walked away empty-handed because the reputable VPN service stayed true to its no logging policy. Although the government had the servers, they could not find any private information on any of their clients.

VPNs are becoming more popular, especially as businesses are asking their employees to work from home. Do not be fooled, and do not put your private information at risk. Only use VPN services that have a track record of staying true to their no logging policy.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Website

Latest articles

Beware Of Weaponized Air Force invitation PDF Targeting Indian Defense And Energy Sectors

EclecticIQ cybersecurity researchers have uncovered a cyberespionage operation dubbed "Operation FlightNight" targeting Indian government...

WarzoneRAT Returns Post FBI Seizure: Utilizing LNK & HTA File

The notorious WarzoneRAT malware has made a comeback, despite the FBI's recent efforts to...

Google Revealed Kernel Address Sanitizer To Harden Android Firmware And Beyond

Android devices are popular among hackers due to the platform’s extensive acceptance and open-source...

Compromised SaaS Supply Chain Apps: 97% of Organizations at Risk of Cyber Attacks

Businesses increasingly rely on Software as a Service (SaaS) applications to drive efficiency, innovation,...

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles