Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Senators Ask DHS To Look Into US Government Workers Using Foreign VPNs (zdnet.com)

Posted by msmash on from the tussle-continues dept.

Two US senators have asked the Department of Homeland Security (DHS) to look into the possible dangers of US government workers using VPN apps that are owned by foreign companies and which redirect sensitive government-related traffic through servers located in other countries -- namely China and Russia. From a report: "If U.S. intelligence experts believe Beijing and Moscow are leveraging Chinese and Russian-made technology to surveil Americans, surely DHS should also be concerned about Americans sending their web browsing data directly to China and Russia," said Senator Ron Wyden (D-OR) and Marco Rubio (R-FL) in a letter sent to Christopher Krebs, Director of the DHS' newly founded Cybersecurity and Infrastructure Security Agency (CISA). The two would like the DHS to issue an emergency directive and ban the use of foreign VPN apps if intelligence experts deem them a national security risk.

3 of 93 comments (clear)

  1. Re:catching up to private business practices by Austerity+Empowers · · Score: 3, Interesting

    At my corporation I sure as hell am not allowed to use third-party VPN or traffic anonymizer services.

    Allowed? No. But in companies with strict firewalls and web proxies, many people who have the know-how to do it, are doing it. I have never used a VPN, I always have been able to create an SSH tunnel to a server I own, one way or another. But given the popularity of VPNs for bypassing other forms of spying and eavesdropping, it's not a surprising this ends up being the more popular way of doing the same thing... just not a good idea whether you work for the government or the corporate world. Plenty of shady Chinese companies are looking for the opportunity to steal trade secrets, don't open the door for them.

    If your companies forces web proxies, or lets your bosses spy on your browsing habits, or has some other ridiculous oppression over their network, expect it to happen.

  2. You seem to know little about this. by Anonymous Coward · · Score: 0, Interesting

    My ISP is Comcast, which actively mines traffic. My VPN service has an extensive list of things it DOES NOT DO in the EULA. My ISP makes no such guarantees and operates in much the opposite fashion.

    In fact yes, I am 100% sure that my traffic is safer from prying eyes in the VPN than outside of it. That's as close to a verifiable fact as one can get in security.

    Read about it if you like :

    https://nordvpn.com/terms-of-service/

  3. Re:"Almost nobody" needs a VPN? GO FUCK YOURSELF by Anonymous Coward · · Score: 0, Interesting

    This is better then just using https/secure protocols directly over your ISP?

    Yes, it is radically better!

    I have no choice regards my ISP, because there is only one in the local area. I can pick any VPN provider i want. I can find one with acceptable TOS and a good street rep. I can switch out to a different VPN provider if they screw up. There are hundreds to pick from, so there is competition to keep them on the up-and-up. I can chain multiple VPN providers. I have flexibility and control.

    I question the motivations of those who argue against VPNs. Virtually everyone should be using a VPN these days.