Some VPNs or virtual private network service providers have a strict “no log” policy. This means they are not keeping logs of your online activities, sessions, timestamps, and IP addresses, to name a few. However, some
It was found out that the bug was WebRTC. This WebRTC has affected over 20% of VPNs in the market today. This started since January 2015. And surprisingly, most
A security researcher hiding under the name of VoidSec, was the one who discovered the bug. He found a WebRTC IP leak when he audited 83
He created a report and put it in a Google Docs spreadsheet. However, VoidSec was not able to complete his audit since he does not have the financial capacity to put every commercial
VPNs Infected with WebRTC Bug
That is why he is encouraging users to test their commercial VPNs for potential bug and asking them to send the result to him. He even created a demo web page, that users can use to test their VPNs. They just need to use a browser while their
This WebRTC bug was first discovered in January of 2015 by another security researcher with the name of Daniel Roesler. This is where VoidSec based its code in identifying bugs on the VPNs that he audited.
The WebRTC found in 2015 take public IP address of the user. Aside from that, if the user is behind a
The problem with this is that attackers or hackers have already disclosed this information to all WebRTC connected servers. Because of this bug, advertisers and law enforcement agencies were able to acquire users IP addresses and real locations.
Surprisingly, many browsers have been using WebRTC since then. They have been integrating WebRTC on their code, features, extensions and special add-ons. With the belief that it will prevent IP leak, while it disables some of WebRTC’s features that include real-time communications.
It was found out that WebRTC is still enabled by default in some major browsers. The browsers that are not affected are Tor Browser, Edge, and Internet Explorer. Some of the
These are VPNs that has WebRTC enabled browsers – SOCKS Proxy, SumRando Web Proxy, and TOR as PROXY. According to the study, there are still 80 commercial VPNs that are left untested. You can always refer to the Google Spreadsheet’s of VoidSec for reference.
There are so many commercial VPNs on the market today. Some are free and some are available via flexible monthly or annual subscription. Most of the trusted
Choosing the right VPN
Some of the considerations that users need to keep in mind when looking for a
- Their security or keeping logs policies. Read their security policies very well, and note if they are documenting or keeping logs of their client’s information – may it be sessions, timestamps, IP addresses, etc.
- The
VPN service provider has the ability to monitor usage. Sometimes users tend to overuse their connection to servers.VPN service providers should be able to identify this as this can lead to connection leak or connection abuse. - A kill-switch feature is also something you need to consider and look for in a
VPN service. It should have a kill switch that will allow you to terminate sessions, systems or programs in the event of connection leak or DNS leak or any malicious activities in your system. - Payment options are also something that you need to consider. Are they flexible in accepting payment? How do they keep sensitive information? The most common payment plan for
VPN providers is PayPal. They also accept cryptocurrencies like Bitcoin, if the user wants to be more anonymous on the transaction. - Look to see if the
VPN provider is connected to a third party or if it is outsourcing its servers. Many do this. But make sure they are partnering with a credible third-party data center.
Lastly, that you should think about when choosing a
These are just some of the important things that you should consider when picking VPNs. VPNs are getting stronger and stronger, but bugs are getting stronger too. Bugs and system vulnerabilities are also getting stronger and wiser. So extra careful.