SoylentNews is people
SoylentNews
Three popular VPN services have been found to leak private user information, which if exploited could be used to identify users.
The report, published Tuesday, reveals several vulnerabilities in Hotspot Shield, Zenmate, and PureVPN -- all of which promise to provide privacy for their users.
But the research reveals bugs that can leak real-world IP addresses, which in some cases can identify individual users and determine a user's location.
In the case of Hotspot Shield, three separate bugs in how the company's Chrome extension handles proxy auto-config scripts -- used to direct traffic to the right places -- leaked both IP and DNS addresses, which undermines the effectiveness of privacy and anonymity services.
http://www.zdnet.com/article/more-privacy-busting-bugs-found-in-popular-vpn-services/
-- submitted from IRC
(Score: 2) by cocaine overdose on Friday March 16 2018, @04:26PM (7 children)
Trusting Hotspot Shield of all things, if a bug in-and-of itself of the brain.
(Score: 4, Insightful) by Runaway1956 on Friday March 16 2018, @04:42PM (6 children)
Yeah, but - if you don't trust ANYONE, you might as well just melt your computer down to slag. And, maybe yourself along with it.
Using a VPN is alright, if people understand that the VPN is just one tool in the fight to secure your network, and/or to stay anonymous. The person who presumes that he is "safe" because he has a VPN is in for a rude awakening.
To date, I've not found any real reason to distrust PIA. And, I notice that they aren't on this list of buggy VPN's. https://www.privateinternetaccess.com/ [privateinternetaccess.com]
Hail to the Nibbler in Chief.
(Score: 0) by Anonymous Coward on Friday March 16 2018, @04:45PM
PIA is superior in many ways to all the half assed charlatans out there.
(Score: 3, Informative) by cocaine overdose on Friday March 16 2018, @05:03PM
(Score: 0) by Anonymous Coward on Friday March 16 2018, @11:04PM (2 children)
Aren't they the one's that sold out the kid who hacked Sarah Palin's email ages ago?
(Score: 2) by Runaway1956 on Saturday March 17 2018, @01:39AM (1 child)
https://en.wikipedia.org/wiki/Sarah_Palin_email_hack [wikipedia.org]
Depending on which direction we start splitting a hair, maybe a VPN can be called a proxy. But, no, PIA is not a simple proxy. The kid was relying on proxies, and apparently he didn't know the difference between an anonymous proxy, and a logged proxy. Either way, just one proxy sure as hell isn't enough to be called "secure". Typical state actors jump around the globe before reaching their targets.
Hail to the Nibbler in Chief.
(Score: 0) by Anonymous Coward on Saturday March 17 2018, @04:23PM
Everyone knows that you have to have 7 proxies.
(Score: 2) by Gaaark on Friday March 16 2018, @11:31PM
+1 for PIA!
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 1) by fustakrakich on Friday March 16 2018, @06:05PM (1 child)
They are features!
Sorry, it just seemed to fit this time.
La politica e i criminali sono la stessa cosa..
(Score: 0) by Anonymous Coward on Saturday March 17 2018, @06:47AM
Indeed. Pretty funny for somebody using a proprietary browser by the biggest spy master around to care about lack of privacy...
Protip: The small print in EULAs and TOSes isn't small by accident.
(Score: 3, Informative) by NotSanguine on Saturday March 17 2018, @12:54AM
The report referenced by TFA [vpnmentor.com] includes details on the vulneabilities as well as CVE IDs (CVE-2018-7880, CVE-2018-7878, CVE-2018-7879 although MTIRE hasn't filled in any details yet).
The issues appear to be implementation related problems (poorly written PAC [wikipedia.org] scripts), rather than vulnerabilities in software or hardware.
No, no, you're not thinking; you're just being logical. --Niels Bohr