Slashdot Mirror
Many Free Mobile VPN Apps Are Based In China Or Have Chinese Ownership
A new study has found that more than half of the top free mobile VPN returned by Play Store and App Store searches are from developers based in China or with Chinese ownership, raising serious concerns about data privacy. "Our investigation uncovered that over half of the top free VPN apps either had Chinese ownership or were actually based in China, which has aggressively clamped down on VPN services over the past year and maintains an iron grip on the internet within its borders," said Simon Migliano, Head of Research at Metric Labs, a company that runs the Top10VPN portal. ZDNet reports: The researcher says he analyzed the top 20 free VPN apps that appear in searches for VPN apps on the Google and Apple mobile app stores, for both the US and UK locales. He says that 17 of the 30 apps he analyzed (10 apps appeared on both stores) had formal links to China, either being a legally registered Chinese entity or by having Chinese ownership, based on business registration and shareholder information Migliano shared with ZDNet.
The expert says that 86 percent of the apps he analyzed had "unacceptable privacy policies." For example, some apps didn't say if they logged traffic, some apps appeared to use generic privacy policies that didn't even mention the term VPN, while some apps didn't feature a privacy policy at all. On top of this, other apps admitted in their policies to sharing data with third-parties, tracking users, and sending and sharing data with Chinese third-parties. Almost half of the free VPN apps also appeared to take the privacy policy as a joke, with some hosting the policy as a plain text file on Pastebin, AWS servers, or raw IP addresses, with no domain name. In addition, 64 percent of the apps also didn't bother setting up a dedicated website for their VPN service, operating strictly from the Play Store.
The expert says that 86 percent of the apps he analyzed had "unacceptable privacy policies." For example, some apps didn't say if they logged traffic, some apps appeared to use generic privacy policies that didn't even mention the term VPN, while some apps didn't feature a privacy policy at all. On top of this, other apps admitted in their policies to sharing data with third-parties, tracking users, and sending and sharing data with Chinese third-parties. Almost half of the free VPN apps also appeared to take the privacy policy as a joke, with some hosting the policy as a plain text file on Pastebin, AWS servers, or raw IP addresses, with no domain name. In addition, 64 percent of the apps also didn't bother setting up a dedicated website for their VPN service, operating strictly from the Play Store.
Why would someone give you a free service without getting something in return? Friggin millennials man, lol, of course they are funneling a their traffic through China.
If you haven't figured out by now that Android and its parts are nothing but crap-laden spyware, you probably never will. Until something happens to you.
Honestly, having my data mined by the Chinese is probably safer than having it mined by a company here in the US. I don't work for an industry anyone would want to steal data from anyway, and my personal information wouldn't be safer in the US.
Now, if it were a VPN in India, then I'd be more concerned about theft of personal information instead.
I think proton is swiss?
Some drink at the fountain of knowledge. Others just gargle.
If anyone ever thought a free VPN came with privacy, I have a bridge to sell them too.
What a joke!
It seems like standard supply-demand economics at play here. Demand for VPNs is especially strong in markets where the government is blocking access to popular overseas services, so it makes perfect sense that the companies offering them would pop up in the same place.
Jiiina!
Table-ized A.I.
I've done absolutely NOTHING wrong & just try to make everyone's lives better w/ my work that stops ads & malware.
... he says, between rounds of changing his apparent IP address to evade Slashdot's filters so he can spam the hell out of so many discussions. Your free hosts program is a product. You are sending unsolicited messages promoting that product. You are a spammer. Giving a spammer a hard time is not "bullying", it's a reasonable response. It's like complaining "that guy kicked my ass, what a bully! All I did was walk up to him and punch him in the face, why is this happening to ME?!"
If you're catching so much flak why don't you go someplace else? I never understood this insistence of some people to be where they are not wanted. Life is too short to waste your time and energy like that.
Have you ever been diagnosed by a licensed professional with any kind of mental/emotional illness? In the past you seemed reluctant to directly answer that question with a "yes" or "no". Your behavior suggests that perhaps you should be evaluated by a licensed therapist.
Who did people think were paying for the servers and bandwidth? If you're not paying, then you're not the customer. Real VPN providers are cheap; if you don't spring the couple bucks a year that one of them costs, well, you sort of deserve what you get.
I use a VPN to download music/movies while keeping my ISP off my back. Who could possibly care less than I do about Copyright?
Oh yeah, that would be the Chinese.
Projection and irony.
You said it ZIP: Where's your work everyone can see/use? It's not. It's HOTAIRWARE/NOTWARE (lol) "I'm a much better programmer than APK" - by Anonymous Coward ZIP on Monday October 08, 2018 @11:27PM (#57449082) FROM https://yro.slashdot.org/comme...
The BETTER PROGRAMMER w/ no programs, lol - @ least you can say your "code" has NO BUGS - of course, it also does ZERO (like you) since it does nothing @ all, lol!
You hotair BLOWHARD talker, lol!
You f'd up ZIP https://tech.slashdot.org/comm...
Yet 100,000++ users of my ware & dozens of even REGISTERED /.ers like/use/praise MY work https://news.slashdot.org/comm... vs. your HOTAIR talk punk!
* LMAO!
(Let's see how YOU take it when I publicly SHIT ALL OVER YOU by letting FACTS of YOUR FUCKUPS vs. ME https://science.slashdot.org/c... do the job for me)
APK
P.S.=> You STUPID & LAZY all talk chimpanzee... apk
Classic seeing ZIP \ Zach squirm unable to back his bs eating his words foot in his mouth ramming them down with a bitter taste of SELF-defeat his big mouth bit off more than it could chew impersonating apk, attacking him and failing hugely https://tech.slashdot.org/comm... and saying he is a better programmer but with nothing to show for himself. ZIP is on the receiving end of his big mouth. Poetic justice. What goes around comes around and now Zach's on the receiving end getting what he dished out and can't take eating crow and his words he can't back up.
The study authors seem to be under the impression that these privacy policies (or lack thereof) are directed at people installing the apps. Can't imagine what gave them this idea. The policies are there (or not) for the customers - the advertisers and the state actors, and for them they are close to perfect.
I'm normally pretty contemptuous of the snide, know-it-all geektards who infest places like Linux help forums. You go there for help when you're just starting out with some kind of software, and you get sneered at and disparaged for asking simple questions.
But this is a bit different. If you're computer savvy enough to know why you need a VPN, you already know enough to figure out why some are better than others. Even few minutes of research should tell you what you need to look for in the policies and practices of any VPN you're thinking of entering a relationship with.
What you see right up front should tell you that some of the free ones, especially if they're owned by the Chinese (who seem dedicated to making Big Brother look like a Libertarian), are a bad, bad idea. They're probably worse than nothing at all, actually, because like a leaky condom, they're just going to give you a false sense of security while you're getting screwed.
I've calculated my velocity with such exquisite precision that I have no idea where I am.
Most Chinese users uses VPN regularly not for privacy or even hiding their copyright infringing habits. They use it for side-stepping geo restrictions so they can watch videos on youtube, download games in Japan playstore, activate Steam keys from Russia, etc. So anonymity wasn't a concern.
Of course I'm sure many of these apps are spyware, but some are just careless and not malicious. I know of people who ran their own free VPN by renting VPS overseas and installing some vpn server they found online, and then made some basic apps to make some of the cost back thru ads. It was crude and insecure, plus it was stupid and they got into trouble with the law due to the vpn ban, but it wasn't malicious.
Please mod parent up.
Il n'y a pas de Planet B.
My daughter had a Chinese friend contact her on Instagram, which required a VPN. Nothing sinister, just chat. If I were Chinese and using a VPN, I would want to use one that is probably monitored by the government so that they do not think I am doing something hostile to them.
If I was doing something hostile I would not use any VPN at all, and be very, very wary of anything I did use. Using a VPN is flashing a bright beacon. Using a non-Chinese VPN is adding a siren to the beacon.
I guess the implication of this article is that there's something bad or dangerous about the fact that these apps are Chinese in origin or ownership. But why is that worse than anywhere else? Do the big US internet companies not work closely with the US government? Or the UK? Why is it that if it's Chinese it's sinister? Fu Manchu is dead.
Simple solution: don't use a free VPN.
Here's a VPN to set you free from government intrusion.OK it's illegal but we're getting away with it. Go on, you can speak your mind now!
This doesn't bother me much, I doubt China is going to come after me.
I feel bad from those under Chinese jurisdiction that get tricked into using these, but that is their issue to work through, not mine.
To me a Chinese VPN is likely as good as anything, as China has limited power over my life.
And I know that one of those companies is shopping their raw data to ad networks. While they mention in their terms that they donâ(TM)t log IPâ(TM)s, I got real IPâ(TM)s in the sample set.
Wow, still no Unicode support?
What I tried to say is that the so-called American VPN companies are owned by Russians.
You are installing basically an 'untrusted' app voluntarily. They could use the app to compromise your phone, use it to spy on the things around you, use up your phone's resources, etc., etc.
I also never understood the acceptance of the false choices that people give on this... "I'm going to be pwned anyways. Might as well be pwned by China." ...er, what about not choosing to be pwned? Have you tried that? A laissez-faire attitude towards security never ends well.
They may not come after you but they might come after your country or your business that you work for. What if China applies a little more pressure to one of these VPN companies to add a little more to their network code. Boom... your phone could be sending out malicious network packets on your local network, used in a denial of service attack, used to compromise other machines on your network. Maybe not your specific machine but it could affect the things and people around you. I feel like I'm talking to an anti-vaxer... "So what if my child isn't vaccinated?".
You are installing a VPN app on your phone. An app can do many things. Even at the simplest level... you've given it permission to handle network traffic b/c it's a VPN app. It could send malicious packets, do denial of service attacks, relay local traffic, be used as a way to exploit local machines on your network, etc. You and your phone might not contain anything you are worried about... but what about everything around you? Sorry, what am I missing? I'm not sure why this seems unclear. I'm not being sarcastic... I still don't know how that would NOT be bad.(?)
See how STUPID "ZIP" (Zach Patterson) the CHIMP is (tried to take credit for what I solved before him) https://tech.slashdot.org/comm... (he needs to LEARN TO READ)!
I even SHOW ways to do it YOURSELF https://tech.slashdot.org/comm... (he couldn't).
Delphi/FreePascal/ObjectPascal HAS no issue w/ null-term'd string bufferoverflows - C does, C++ can UNLESS you do what I said 1st loser.
Tell us about CODE SIGNING (which has been STOLEN & ABUSED) https://www.helpnetsecurity.co... MY METHOD CAN'T BE (upmodded +2 INTERESTING in CODING FOR DEFCON no less) https://it.slashdot.org/commen...
"I'm a much better programmer than APK" - by Anonymous Coward ZIP on Monday October 08, 2018 @11:27PM (#57449082) FROM https://yro.slashdot.org/comme...
BIG TALK - Yet ZIP has nothing to show in programs. I can https://news.slashdot.org/comm... from registered /.ers liking/using/praising my work (& 100k users worldwide too). He can't.
LIAR ZIP says he has no account "I don't have an account, so I don't have mod points" https://news.slashdot.org/comm...
Yet LIAR ZIP says he downmods my posts (IMPOSSIBLE MINUS AN ACCOUNT on /.): "I down-modded a few of your post on other threads" - by Anonymous Coward "ZIP" on Thursday October 11, 2018 @11:31AM (#57461058) FROM https://yro.slashdot.org/comme...
APK
P.S.=> KEEP IMPERSONATING ME CHIMP - this comes out every time, lol!... apk
You said it ZIP: Where's your work everyone can see/use? It's not. It's HOTAIRWARE/NOTWARE (lol) "I'm a much better programmer than APK" - by Anonymous Coward ZIP on Monday October 08, 2018 @11:27PM (#57449082) FROM https://yro.slashdot.org/comme...
The BETTER PROGRAMMER w/ no programs, lol - @ least you can say your "code" has NO BUGS - of course, it also does ZERO (like you) since it does nothing @ all, lol!
You hotair BLOWHARD talker, lol!
You f'd up ZIP https://tech.slashdot.org/comm...
Yet 100,000++ users of my ware & dozens of even REGISTERED /.ers like/use/praise MY work https://news.slashdot.org/comm... vs. your HOTAIR talk punk!
* LMAO!
(Let's see how YOU take it when I publicly SHIT ALL OVER YOU by letting FACTS of YOUR FUCKUPS vs. ME https://science.slashdot.org/c... do the job for me)
APK
P.S.=> You STUPID & LAZY all talk chimpanzee - KEEP IMPERSONATING me - I'll expose your BLOWHARD INCOMPETENCE publicly, lol... apk