Popular VPNs may dodge China's Great Firewall, but also 'leak sensitive data': report
Fourteen of the world's most popular virtual private network (VPN) services may be leaking sensitive customer data, a new report has revealed.
According to researchers from the Queen Mary University of London and the University of Rome, VPN users may not be safe from snooping as they think.
| Provider | Countries | Servers | IPv6 leak | DNS hijacking |
|---|---|---|---|---|
| Hide My Ass | 62 | 641 | Y | Y |
| IPVanish | 51 | 135 | Y | Y |
| Astrill | 49 | 163 | Y | N |
| ExpressVPN | 45 | 71 | Y | Y |
| StrongVPN | 19 | 354 | Y | Y |
| PureVPN | 18 | 131 | Y | Y |
| TorGuard | 17 | 19 | N | Y |
| AirVPN | 15 | 58 | Y | Y |
| PrivateInternetAccess | 10 | 18 | N | Y |
| VyprVPN | 8 | 42 | N | Y |
| Tunnelbear | 8 | 8 | Y | Y |
| proXPN | 4 | 20 | Y | Y |
| Mullvad | 4 | 16 | N | Y |
| Hotspot Shield Elite | 3 | 10 | Y | Y |
Table: VPN services subject to the study (Source: QMUL/UR)
The VPNs in question include popular services Hide My Ass, IPVanish and Astrill.
A spokeswoman for Hide My Ass said that the company was aware of the report and had solved an issue with DNS configuration, she added that the company was working to address issues with IPv6. Astrill and IPVanish did not respond to requests for comment.
The main vulnerability identified in the report was “IPv6 traffic leakage". IPv6 is the latest version of the communications protocol that provides an identification and location system for routing traffic across the web.