Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Large Number of Top Free VPN Apps Either Have Chinese Ownership or Are Based in China (hackernoon.com)

Posted by msmash on from the closer-look dept.

William Chalk, reporting for HackerNoon: After big names like Whatsapp, Snapchat, and Facebook, VPNs are the most searched-for applications in the world. "VPN" is the second-highest non-branded search term behind "games", and free apps completely dominate the search results. The most popular applications have amassed hundreds of millions of installs between them worldwide, yet there seems to be very little attention paid to the companies behind them, and very little scrutiny done on behalf of the marketplaces hosting them. We investigated the top free VPN apps in the App Store and Google Play Store. We found that very few of these hugely popular apps do anywhere near enough to deserve the trust of those looking to protect their privacy online. We recorded the top 20 free apps in the search results for "VPN" in the App and Play Store for UK and US locales. In total, these applications have been downloaded 80 million times from Google and 4 million times each month from Apple. Our investigation discovered that over half of the top free VPN apps either have Chinese ownership or are actually based in China, which has aggressively clamped down on VPN services in recent years and maintains an iron grip on the internet within its borders. Furthermore, we found the majority of these apps have insufficient formal privacy protections and non-existent user support.

7 of 92 comments (clear)

  1. Obviously cannot be t'rusted' by rickb928 · · Score: 5, Insightful

    No Chinese software can be trusted. None. And 'Free VPN' software cannot really be trusted.

    Actually, thinking it over, no software can be 'trusted'. Not any more. At best they sell whatever they can to whoever they can. At worst, they sell out to LE or intelligence agencies because if they don;t they will have their franchise revoked, or distribution severed, or be found committing suicide with a bullet in the back of the head.

    No software or hardware an be trusted. Ever. Again.

    --
    deleting the extra space after periods so i can stay relevant, yeah.
    1. Re:Obviously cannot be t'rusted' by nine-times · · Score: 4, Insightful

      Open source software can be "trusted" to a fair extent. At least then, experts can look at the code and see what it's doing.

      Of course there are still risks. Open source software can still have bugs. Malicious code can be obfuscated. Compiled binaries might be different from the source. Hosted services based on FOSS can still be used by the host for malicious purposes. And I don't think it can count as "open source" in situations like Android phones, where you have to run the OEM's version that has unknown alterations, and you can't just wipe it and install your own version.

      Still, any real hope for trusting our hardware and software would be for us to have control of it and know what it's doing.

    2. Re:Obviously cannot be t'rusted' by Dan1701 · · Score: 4, Insightful

      The UK Government have recently decided, in their great, mighty and beneficent wisdom, that they shall do something to "protect children from internet pornography". Their Cunning Plan is to force all adult-themed websites to verify that users are of adult age, using one of a number of age verification services, some of which may well be UK government-sponsored. Needless to say, very few people actually care to self-register on what amounts to a register of masturbators, nor would many people care to have a list of which sites they visit available for a vast array of Government agencies, prodnoses and tabloid journalists to see. UK civil servants have a long-standing record for being quite incredibly bad at keeping sensitive information under wraps. Tricks such as encrypting data on a CD (because regulations say they must) and writing the password on the CD (because whoever wrote the regulations did not foresee such creative stupidity) have been seen in the past.

      Furthermore, the age-clade of 13-18 year olds (mostly males) will also wish to view such sites and will for the most part be unable to do so, not being able to lay hands on hacked age verification credentials. So, both people who value their privacy, and adolescents who cannot obtain the age verification tokens, will be looking to use VPNs to get at the, err, reading materials.

      People are for the most part cheapskates. A free VPN would seem like a wonderful gift to them, but a logged Chinese VPN is very much a poisoned chalice, especially when those doing the logging realise what a wonderful source of blackmail material they have on their hands.

  2. One of my worries by nine-times · · Score: 4, Insightful

    One of my worries about VPN apps (those used for privacy) is that, although they protect your privacy against your ISP, they hand over control to the VPN provider. They can say they'll keep your information private and they won't keep logs, but you're placing a lot of trust in that provider. If they have malicious intentions, or even if their security is bad and there's a method of compromising people's privacy that they're unaware of, then you're making it very easy for your privacy to be violated.

    In fact, it can be worse than whatever spying your ISP can do. With a VPN app, they'd be able to monitor your traffic anywhere you go, all tied to a specific identity, tied back to whatever credit card you've used to pay for it.

    1. Re:One of my worries by AmiMoJo · · Score: 4, Interesting

      I tend to trust my VPN provider more than I trust my ISPs, especially the mobile ones. There is also value in routing your traffic to a different legal jurisdiction, because it makes it much harder for law enforcement to bypass due process.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  3. Chinese VPN's are more secure than European by Anonymous Coward · · Score: 4, Interesting

    UK and Europe based VPNs mean they don't need a search warrant to look at your traffic. Using a UK VPN is the worst thing you can do, since they cooperate closely with our law enforcement, but don't have to use warrants to spy on US citizens. The Chinese might be spying on you while you buy weed on the darkweb and torrent pornos, but the Chinese aren't going to cooperate with the US authorities.

  4. This could be a lot of fun for Chinese intel by MikeRT · · Score: 4, Insightful

    And you bet your ass that the Ministry for State Security has met with the company owners and said that as long as they log and turn over the logs of foreigners, they have the blessing of the MSS. Because you can bet that Chinese intelligence is pouring over those logs, looking for kompromat on people who matter to their work.