VPN provider Windscribe said its servers were not encrypted, enabling authorities to create decoy servers and snoop on web traffic.
The Ontario, Canada-based company said earlier this month that two servers hosted in Ukraine were seized as part of an investigation into activity that had occurred a year earlier. The servers, which ran the OpenVPN virtual private network software, were also configured to use a setting that was deprecated in 2018 after security research revealed vulnerabilities that could allow adversaries to decrypt data.
Oh come on, VPN servers that weren’t encrypted?
Check It Out: Ukraine Authorities Seize Unencrypted Windscribe VPN Servers
Andrew:
Thank you for continuing to provide important news updates on the still-unregulated VPN industry. These strike me as being this century’s new honey pot. Were I a state actor, paranoid about an unhappy populace, I would have long ago directed my spooks to monitor every VPN on the market, and even if they were not nakedly vulnerable, to test and exploit every possible weakness until I could at least know what traffic was coming from my country, who they were, and with whom they were communicating, even if I could not decrypt their content. And this is even without exploiting the potential greed of the VPN owners, who might be willing to sell user data to my goons posing as private sector advertisers.
Then, I’d rely on the authoritarian staple of arrest, device seizure and interrogation to get any specifics necessary to neutralise any resistance cells that could threaten my reign.
If one lives under authoritarian rule, this article underscores the present fact that the VPN value proposition remains questionable, if not dicey.
True if you live in a dictatorship and want to keep your data out of the hands of the authorities. I use Nord to prevent my employer from seeing what I look at on my iPad, to protect my data if I’m using a public WiFi, and to occasionally change my country of a video is blocked here in Canada. For that sort of thing VPNs are great. If you’re really worried about security though, TOR or something like it is much more secure.
@geoduck:
Having lived the better part of my life in parts of the world where autocracy was the standard, and government activities tended towards the sinister, and today this seems to be more prevalent than government of and by the people in free societies; it’s good to be reminded that there are still parts of the planet where all someone wants to do is to keep their employer from seeing what sites they visit while at work. Good stuff.