"Are Virtual Private Networks Actually Private?"

Jedidiah Crandall, an associate professor of computer science at Arizona State University (ASU), is conducting research on the effectiveness of Virtual Private Networks (VPNs). Crandall explains that VPNs conceal a user's Internet Protocol (IP) address by connecting it to a server other than their own, giving the impression that they are accessing the Internet outside of their normal network. VPNs were originally designed to get into a secure network, but companies have repurposed them so that a user can avoid a restrictive Internet Service Provider (ISP) they do not trust and instead access a free and safe one, according to Crandall. As Crandall points out, the way people use VPNs today is somewhat backward. According to Crandall, this access is useful when users are concerned that their browsing data is being monitored by their ISP or when users are in a country that censors their Internet activity. OpenVPN, a leading global private network and cybersecurity company, as well as the most popular resource for commercial VPN services, provides tools for connecting to private networks and safeguarding assets. Crandall's research aims to debunk privacy claims and determine whether VPNs give their users a false sense of security. The study aims to determine whether VPNs have the security properties that people expect when they are repurposed in this manner. The first section of the study examines the VPN tunnel itself, which is an encrypted tunnel between the VPN server and the client, to see what damage attackers can do from there. Crandall and his colleagues simulated a series of attacks from two potential threat paths: client-side, or direct attacks on the user's devices, and server-side, or attacks on the VPN server accessed by the user's device, or the VPN tunnel. The team found that traffic from the tunnel can still be attacked in the same ways as if a VPN was not used. Attackers can still redirect connections and serve malware, which goes against users' expectations of VPNs. The researchers shared their findings in a paper titled "Blind In/On-Path Attacks and VPN Applications." This article continues to discuss the research on VPN security and privacy. 

Full Circle reports "Are Virtual Private Networks Actually Private?"

Submitted by Anonymous on