Home » Blog » Popular VPNs Are Leaking IP Addresses of Users

Popular VPNs Are Leaking IP Addresses of Users

  • News
  • 6 min read

The Internet is a public space. Everyone is sharing, consuming, and exchanging information. Everything becomes public whenever you are using the internet. Your data and online activities are public and have the tendency to be monitored or intercepted by other people or organization. That is why the demand for online security is high.

One of the best tools that can help you hide your data and online movements is installing VPNs.

VPNs – Virtual Private Networks

Normally, once you connect to the internet, your web traffic go to a public server. This public server is hackable and can be monitored. However, if you install a VPN, web traffic will be protected. Instead of going directly to a public server, your web traffic will go to an encrypted tunnel and this encrypted tunnel will put your web traffic into different servers, making you anonymous and hard to track or hack.

It does not only protect your online activities, but it also hides your location. Hackers can actually identify your location using your IP address. But if you have an installed VPN to your computer or mobile device, your IP address is not public. It is hidden. So you can surf the internet without the fear that someone is snooping on you.

However, recently, security researchers have found out some bugs and weaknesses on popular VPN providers. Some of these VPN services have been known to leak their clients real IP addresses. Not only that, they are also leaking their users’ sensitive data.

Many people are using VPN primarily is to hide their location and their IP addresses and maintain their anonymity. However, some VPNs fail to do this. The VPN that they thought are protecting them from possible data leak and hack is the one that is putting them at risk.

Research on Popular VPNs

VPN mentor, a privacy advocate organizations, has hired three professional and ethical hackers to research and analyze the activities of popular VPN providers. Security hacker Paulos Yibelo, and an ethical hacker with the alias “File Descriptor”, are the two people who did the study. The other member of the team chose to remain anonymous.

The VPN providers that were included in the study are Zenmate, HotSpot Shield, and PureVPN. These VPN service providers have millions of clients and users.

In the research, security researchers found a bug or a vulnerability in their system that can potentially cause harm to their user’s privacy.

The first is PureVPN’s no log policy. According to them, they have a strict no-log policy. However, they were able to provide logs of a man in Massachusetts to FBI. The man’s logs were connected to a cyberstalking case that made it possible for the FBI to arrest him.

This is not just one instance. The security researchers and ethical hackers did some series of privacy test. And on the test, all three of them are keeping logs of their users’ IP addresses. They are not just keeping logs. They are leaking their IP addresses which include the users’ real identity and actual locations.

This is very concerning as any organizations, whether good or bad, can trace someone with just the use of VPNs.

According to the study, ZenMate VPN has lesser vulnerabilities as compared to Pure VPN and HotSpot Shield. And ZenMate VPN and PureVPN did not disclose if they are fixing the bug or not.

On the other hand, three bugs were found in HotSpot Shield and they are now fixing these bugs. The bug CVE-2018-7879 is found in HotSpot’s Chrome extension. Hackers or attackers can hijack user’s web traffic and put it in a malicious site.

The bug CVE-2018-7878 is a DNS leak that exposes user’s original IP address. This bug makes it possible for attackers to monitor and track user’s online activities.

The last bug found CVE-2018-7880 reveals the user’s real identity and location. These bugs were found on HotSpot’s plugin and not on the computer or mobile apps itself. These bugs were also found out on Zenmate and PureVPN but they refuse to disclose the details of the bugs since they have not fixed the bugs yet.

Based on this research, it can be concluded that not only these three are suffering from the same bugs. Other VPNs may also have these vulnerabilities.

Check Your VPN Carefully

If you are choosing VPNs, it is important to read their privacy policy and terms of use. Make sure to go for VPN service providers that take privacy very seriously as it is the main purpose of their service and product.

Ask them or read their privacy policy if they are keeping logs of your activities, sessions, timestamps, and other related data.

Also, note if they are in partnership with other third-party data centers. Most VPN service providers partner with other data centers to supply their growing server demand. It is okay if the provider you choose is partnering with a third party. Just make sure that this party is legal and has passed quality and security requirements.

Another thing that you should also look at and consider is if the VPN has a kill switch feature. This kills switch feature is necessary in the event that there is a connection leak on the VPN server. You can easily sleep or shut down your device so your activity and data will not leak.

Take note also the places that the VPN service providers serve. Most of them serve a lot of countries and locations. Thus, they need to have hundreds and even thousands of servers to cater to these large users. Also, take note if they are catering to virtual locations or fake locations.

Another thing to consider is if they are allowing p2p. P2P or peer to peer sharing is allowing web traffic from file-sharing sites like BitTorrent. Some VPN service providers believe in the concept of an open internet that is why they allow this kind of web traffic on their servers. Others create separate servers for this kind of traffic to ensure security.

So if you are looking for the right VPN, make sure to think about these considerations before booking in a long-term plan with them.

It is really frustrating if the VPN you choose fails to provide you the protection and anonymity that you expect them to do.