3 Popular VPN vendors Tested - Conducted by vpnMentor (Updated)

[Ink]

Read more: https://www.vpnmentor.com/blog/vpn-leaks-found-3-major-vpns-3-tested/

"We tested 3 popular VPNs: Hotspot Shield, PureVPN, and Zenmate with accredited researchers to find if the VPNs could leak data.

We regretfully found that all of them leak sensitive data.

On the positive side, after we contacted the VPN vendors, we saw Hotspot Shield was fast to respond and release a patch within days. We are still waiting to hear from the other two VPN vendors, and have decided to publish the information in hope that they will hurry up and fix the underlying issues for the benefit of their users."

Hotspot Shield vulnerabilities (PATCHED)

• CVE-2018-7879 meant that the Hotspot Shield Chrome extension could be used to hijack traffic
• CVE-2018-7878 leaked sensitive data
• CVE-2018-7880 was the most serious, leaking the real IP address of users

ZenMate VPN and PureVPN vulnerabilities

• Similar issues, but no details revealed due to the risk posed to users

Hotspot Shield response

"The researchers hired by vpnMentor did not find any vulnerabilities in the mobile or desktop versions of Hotspot Shield. The vulnerabilities they reported were present only in the free Chrome plug-in. Neither mobile nor desktop users of the Hotspot Shield app were affected by these vulnerabilities. We appreciate and commend vpnMentor’s initiative to improve the security of consumer VPN applications, and look forward to seeing more research from their side involving more VPN products in the near future.”​

PureVPN response

"The Firefox browser, by default, has an inherent limitation where it makes it almost impossible to identify and differentiate remote and local hosts. Our intention was to allow users the freedom to access all local domains conveniently while using our extension.
The tests that were carried out were not on PureVPN's latest Firefox extension build, since it has already been patched.
The Firefox store clearly shows that our extension was last updated on March 07, 2018, and this update included the fix for the above mentioned issue."​

ZenMate response

Awaiting comment​

via Privacy: Hotspot Shield, PureVPN, and ZenMate found to leak sensitive data

 

[AlanOstaszewski]

I am very surprised that they only selected these three VPN providers. All three are known for data saving and therefore not recommended.

 

[RejZoR]

People should be more aware of Swiss Proton VPN (and ProtonMail).

 

[insanity]

I personally wouldn't call these providers as major vendors. When I read the title "major VPN vendors", I thought they had tested the likes of PIA, NordVPN, Torguard etc. And the three vendors discussed in the article are probably some of the least recommended VPN providers, because they log too much user data.

 

[Ink]

I personally wouldn't call these providers as major vendors. When I read the title "major VPN vendors", I thought they had tested the likes of PIA, NordVPN, Torguard etc. And the three vendors discussed in the article are probably some of the least recommended VPN providers, because they log too much user data.

Corrected typo in thread title.

I would say Hotspot Shield and ZenMate are well-known and quite popular for the average web user. Not forgetting a reputable Antivirus firm using the desktop version of Hotspot Shield in their consumer packages.

 

[L0ckJaw]

Perfect Privacy is the best, very good speed , awesome support and located in Switserland.
Bit pricey, but no problem if you want the best!

 

[AlanOstaszewski]

People should be more aware of Swiss Proton VPN (and ProtonMail).

Nah... Protonmail's encryption is based on JavaScript, but JS is not a language for cryptography. With Gmail and PGP encryption you can do more encryption and even better! Besides, the 50€ for a VPN are not worth it. Windscribe you can get forever for this price and Cyberghost for 2 years and they are really very good.

 

[ForgottenSeer 55474]

Hello,I like Proton VPN(and Proton Mail Plus),Nord-VPN and Vypr-VPN,just recently purchased TorGuard(Large Package)

 

[RejZoR]

Nah... Protonmail's encryption is based on JavaScript, but JS is not a language for cryptography. With Gmail and PGP encryption you can do more encryption and even better! Besides, the 50€ for a VPN are not worth it. Windscribe you can get forever for this price and Cyberghost for 2 years and they are really very good.

What kind of nonsense is this? "JavaScript not a language for cryptography"? Are you feverish? You can create cryptographic algorithm using abacus or some paper and pencil. And then you go on and say GMail is good for privacy. A Google product good for privacy. That's like saying poison is good for the common cold. It makes it go away, sure...

 

[AlanOstaszewski]

"JavaScript not a language for cryptography"? Are you feverish? You can create cryptographic algorithm using abacus or some paper and pencil.

Yes, this is true, but JavaScript is not suited for cryptography - just like a pen and paper. I know JavaScript and do the whole encryption only via php.
"Javascript cryptography is considered as harmful."
A Criticism of JavaScript Cryptography
Javascript Cryptography Considered Harmful • r/privacy

And then you go on and say GMail is good for privacy. A Google product good for privacy. That's like saying poison is good for the common cold. It makes it go away, sure...

Do you even understand my post? It was about encryption. With OpenPGP and e.g. Gmail or Outlook you can achieve a higher encryption than with ProtonMail. This is not possible (a high encryption) with ProtonMail, even if the recipient supports it. And if you use OpenPGP, Gmail can't read the emails either.
The same goes for Tutanota. Of course, these email services have a few advantages, but other services are much more recommendable like Posteo, Mailbox or Mailfence. I doubt you've used OpenPGP at least once in your life.