HarborFront

Level 46
Verified
Content Creator
16 commercial VPN clients were evaluated and their results published in the below paper

Abstract

Commercial Virtual Private Network (VPN) services have become a popular and convenient technology for users seeking privacy and anonymity. They have been applied to a wide range of use cases, with commercial providers often making bold claims regarding their ability to fulfil each of these needs, e.g., censorship circumvention, anonymity and protection from monitoring and tracking. However, as of yet, the claims made by these providers have not received a sufficiently detailed scrutiny. This paper thus investigates the claims of privacy and anonymity in commercial VPN services. We analyse 14 of the most popular ones, inspecting their internals and their infrastructures. Despite being a known issue, our experimental study reveals that the majority of VPN services suffer from IPv6 traffic leakage. The work is extended by developing more sophisticated DNS hijacking attacks that allow all traffic to be transparently captured.We conclude discussing a range of best practices and countermeasures that can address these vulnerabilities.

Is The Report Reliable?

Overall, the report can be seen as an interesting point of discussion and as an opportunity for VPN providers to enhance their technology and address any possible issues. However, it can be seen as an accurate portrait of the weaknesses of VPN providers since many of the facts included are out of date and don’t reflect the quality of some of the providers mentioned in the document.

Download the paper, here

https://www.google.co.jp/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwiwsJqi6snYAhXHmZQKHflsCHUQFggsMAA&url=https://www.eecs.qmul.ac.uk/~hamed/papers/PETS2015VPN.pdf&usg=AOvVaw2ZxQrYg8dAUWuvnNKRm05s

Some discussions here

A Glance through the VPN Looking Glass: IPv6 Leakage and DNS Hijacking in Commercial VPN clients. • r/netsec