A Flaw In Hotspot Shield Can Expose VPN Users, Locations

An anonymous reader quotes a report from ZDNet: A security researcher has found a way to identify users of Hotspot Shield, a popular free virtual private network service that promises its users anonymity and privacy. Hotspot Shield, developed by AnchorFree, has an estimated 500 million users around the world relying on its privacy service. By bouncing a user's internet and browsing traffic through its own encrypted pipes, the service makes it harder for others to identify individual users and eavesdrop on their browsing habits. But an information disclosure bug in the privacy service results in a leak of user data, such as which country the user is located, and the user's Wi-Fi network name, if connected. That information leak can be used to narrow down users and their location by correlating Wi-Fi network name with public and readily available data.

Yeah

Ya get whatcha pay for.

Re:Yeah

[godel_56]

I have used Hotspot Shield a couple of times to get around simple geoblocking of articles on sites, but no one in their would use it for anything requiring serious security.

Too Popular

Hotspot Shield still exists? Everyone savvy enough has switched to a more obscure VPN already.

Re:Too Popular

Q: What's the preferred VPN for hipsters?

A: It's pretty obscure, you've probably never heard of it.

Other ways too

Since the file on the local web server exists, couldn't you just use a JavaScript call to get the data and use it in a http post to send the data to the target site, rather than messing with dns rebinding?
Granted it won't work if they block JavaScript, but is it a viable option?

Re:That's nothing!

Creimertard. Mod down.

Generic WiFi Names

What are best generic wifi names to try avoid giving away your location? We have language differences and therefore it depend on your country. Let us use numerals. 12345

Re:Generic WiFi Names

What are best generic wifi names to try avoid giving away your location? We have language differences and therefore it depend on your country. Let us use numerals. 12345

Hey! Those numbers look suspiciously ARABIC!

Re:Generic WiFi Names

Netgear, D-Link, Starbucks

Why worry?

[Mister+Liberty]

Isn't this just 'metadata'.

More proof that VPN is just "security theater"

...and you can bet that VPN networks are being monitored and hacked.

Re: That's nothing!

The permissive TOS allows it, get over it fatso.

You get what you pay for

Only morons use a "free" VPN service and expect actual anonymity and privacy. Because, just like Google and Facebook, they make $$$$ out of collecting your data.

Re:You get what you pay for

But making a payment to a vpn service puts you under suspicion straight away.

Come find me

My SSID is "Linksys"

Re:Come find me

Based on population spread, you're likely in the Northern Hemisphere. If you are, and your SSID matches the router brand, I'd guess the United States, in a medium sized city. Maybe Salt Lake City or Boise.

Depends on the VPN

That's why finding out a VPN's verified track record and involvement in user rights' issues is important.

Re: That's nothing!

I'm just training the mods to come to the right decision every time: creimertard = down vote.

Get use to it.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re: That's nothing!

Creimertard. Mod down.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re: That's nothing!

This meme is getting very old and was shit to start with. Just fuck off the lot of yez.

- Everybody else on slashdot who's not obsessed with creimer

Comment removed

[account_deleted]

Comment removed based on user account deletion