VPN Security Vulnerabilities Exposed

What if we were told that the secure network that was used to handle business, personal tasks, or daily activity was not as secure as it seemed? Virtual Private Networks or VPNs used in security today have led many to question how secure they really are. VPNs are meant to provide secure connections for users over the internet in order to prevent hackers/attackers from taking advantage of their system(s), but that doesn't mean that they always work as intended.

The types of VPNs and how they work may vary, but they all fail to provide complete protection. The future use of VPNs has even come into question as to whether it will be relevant or still exist. It becomes a matter of spending more, or less money to somewhat protect yourself. Their ethical and legal issues will continue to be present, alongside their global implications. Initially though, it helps to understand the problem itself and how exactly it works.

Get quality help now

writer-Charlotte

Verified writer

Proficient in: Network

4.7 (348)

“ Amazing as always, gave her a week to finish a big assignment and came through way ahead of time. ”

+84 relevant experts are online

Hire writer

VPNs allow the user to utilize the internet or internet related functions through a secure connection that is meant to prevent potential attackers from viewing their information. Compared to standard internet browsing, VPNs are meant to provide a safer experience and have become very popular over the past decade. There are lots of reasons people around the world use VPNs: to hide location, to access work networks, even to avoid government censorship (Silverman, 2017). While some may think that in order to use a VPN they would have to go through some lengthy process of connecting wires and setting up a complicated network scheme, in reality after downloading or installing the software/hardware all that is needed is the click of a mouse.

The process for how a VPN client works is generally pretty simple, as described by Rob Mardisalu (2019) from thebestvpn.com:

This software encrypts your data, even before your Internet Service Provider or the coffee shop WiFi provider sees it. The data then goes to the VPN, and from the VPN server to your online destination anything from your bank website to a video sharing website to a search engine. The online destination sees your data as coming from the VPN server and its location, and not from your computer and your location. (Mardisalu, 2019).

With this information in mind, the next step is to decide exactly what kind of VPN is needed and what its capabilities are.

VPN technology has come a long way since its inception near the end of the 20th century. VPNs are deployed in a number of different ways, leveraging a variety of technologies, platforms, and protocols (Stewart, 2014). However, while the options for VPNs may be numerous, many of them still have their own issues that the user will have to deal with. Software VPNs for example run the issue of operating over the public network leaving themselves available to a larger variety of attacks, while hardware VPNs are generally more expensive and can have potential software coding issues. Depending on the Operating System (OS) the user has, their VPN of choice may not run as effectively as opposed to another OS possibly due to version differences, development lag from one OS to another, or through firmware compatibility issues. Even many of the protocols used by VPNs can have their drawbacks depending on which one is used by the VPN.

Layer 2 Tunneling Protocol (L2TP) is an older protocol that can still be found in older machinery and is not as effective as some of the newer protocols on its own. Internet Protocol Security (IPSec) on the other hand has several enhanced capabilities over its predecessors but can be costly to clients and may not be as flexible as say the Secure Sockets Layer (SSL) protocol. Thought also needs to go into how often these technologies, platforms, and protocols are maintained to even support full VPN use. For example, Cisco no longer updates their legacy IPsec client (Banks, 2015). And if companies are not updating their products or services, then that can potentially leave the future of said items in a dark light.

Despite what some might think, the future of VPN technology may not be as bright as expected. With other technologies conducting services like VPN technology or VPN companies trying to play catch-up with other competitors, VPNs might not be around much longer. Eventually, users may find themselves having to utilize another product with a VPN service like a bundle and could end up costing them twice as much as just the standard VPN. While they may not be gone tomorrow or the next day, the lifetime of VPNs is becoming numbered. Christian Cawley (2019) of MakeUseOf.com provides seven reasons why VPNs might die out by 2020 under an article of the same name:

1. The NSA Can Break VPN Encryption

2. Your ISP Can Block VPN Connections

3. Free VPNs Are Ruining Reputations

4. Geo-Blocking Targets Known VPN Server Addresses

5. Logless VPNs Are a Myth

6. Data Mining Your Personal Information

7. Are VPNs Completely Anonymous? (Cawley, 2019)

A short summary of this list would entail: 1) the NSA showing that they have the ability to bypass VPN encryption to reach the user, 2) Internet Service Providers (ISPs) have the potential to ignore a VPN if its trying to access specific content like streaming media, 3) many free-to-use VPN services have been made as alternatives to subscription VPNs but can be very unreliable in the long run, 4) some services still block content in other countries despite the use of a VPN, 5) VPNs will always log some amount of information of what the user does despite what the creators may say, 6) some free and even low-cost VPN services may potentially sell your usage information as a means to gain more revenue, and 7) VPNs do not provide compete anonymity despite user trust in the products.

But VPNs were never designed to be either privacy or geo tools in the first place, they've just morphed into those roles over time (Price, 2018). VPN technology has always been playing catch-up to get where it is today, but other services may make VPNs obsolete in the coming years. Despite VPNs making their way to mobile platforms, the amount of memory required for them to run properly can not always keep up with standard service. Network Access Control (NAC) prevents VPNs from being operated on an internal network without certain guidelines being met, and Cloud services are even being developed to handle storage of information along with VPN services that normal VPNs cannot yet do. But even worse may be when an individual or organization chooses a VPN in good faith, thinking they've set in place an encryption process that will protect their data and online security but unknowingly puts their data at greater risk by choosing a disreputable VPN provider (Dinha, 2018).

Several different companies and independent retailers offer VPN services, but even the versions that require a payment are not as safe as they let on. The biggest culprit for this is due to the use (or supposed lack there of) of logging user data. Plenty of VPN companies say they don't keep logs of user data, but it's a hard claim to substantiate, absent an international incident that puts it to the test (Oremus, 2019). Add in that not all free or paid VPNs are created equal and there is plenty of reason to worry. Consumers rely on the security of their data and internet usage from VPN providers, but even a consistent monthly payment cannot guarantee that. Many VPNs  including those that claim not to keep any logs retain some information about their users and may reserve the right to provide this and any other relevant data to authorities, if requested (Parkyn, 2019). Whether their products really do keep logs of their customer's information, companies will still try to pump out many different VPNs to compete and get as much business as possible. With that said, one type of VPN you should definitely avoid is the one that promises big, only to disappoint with a sketchy, poorly-written privacy policy that clashes with the initial claim (Greenberg, 2019). Issues like this may lead some to believe that VPNs might not even be very legal or ethical to use.

Over the years since their inception, VPNs have gained the public eye regarding how legal and/or ethical they really are. Before we dive into the legality of VPNs, it's important to note that while VPNs might be legal, doing an illegal activity with them is not permissible (Maurya, n.d.). Illegal activities being perpetrated through legal means are still illegal, but perception ultimately determines the boundary between legal and illegal in some countries. What one individual or group may consider illegal may only be stretching the boundaries of the legal system to another. Many VPN users will turn to a VPN to help remain anonymous so that they can effectively engage in illegal or legally gray area streaming activities (Cook, 2017). While there are more countries that favor the use of VPNs, in some countries their use is banned if not punishable by law. Restrictions like these are not only bad for the producers of VPNs, but potentially for the customers as well. Restriction to VPN access often goes hand-in-hand with extreme government censorship, such as is seen in China and Russia (O'Driscoll, 2019).

The ethical side of VPNs can be seen in the purpose as opposed to the act. If a VPN is being used in an area where it is illegal, but it is for the purpose of gaining beneficial knowledge or for others, then could it be considered ethically just or not? Other questions could be if the government is using their power to bypass security, then is it ethically just to use VPNs to do the same or similar on a more personal scale? Given the prevalence of snooping by government agencies and other bad actors, consumers who value privacy are wise to consider the use of VPNs (Snyder, 2016). Questions like these are considered for the ethical use of VPNs, not just on a small scale but potentially worldwide.

Global implications for VPNs ultimately come down to the country or area that they are being used in. Much like the legal use discussed earlier, certain countries are almost completely against the use of VPNs. A recent example in history of this is the Great Firewall of China. China has been cracking down on VPNs being used in their country for years now that were not already designed by the Chinese government for approved use. China's hotel and service industry has tended to provide government-approved VPN services to business travellers in a bid to facilitate often necessary communications with the world beyond the firewall (Eva, 2017). Many outside VPNs used in China fail, while only a few remain usable in the country. Some may wonder why to even bother using VPNs at all in places like this, but for many they may not have a choice. All of them boil down to a provider being detected by Chinese anti-privacy measures at the firewall, then blackholed by an established system of government censorship (Phillips, 2019). Other countries where VPN use is limited include Russia, North Korea, Turkey, Iran, and the United Arab Emirates (UAE).

For all their good, VPNs are not an infallible technology. While they were designed to provide the common user with protection from snooping and attackers, the truth is that no VPN technology can provide 100% protection from all threats. Like any service, VPNs will be limited by the technology of their time, and if that technology is faulty then the same could be said for the VPNs. Free VPN services should always be taken with a grain of salt and subscription services will only provide so much. As newer technology grows and VPNs encounter more resistance from legal, ethical, and global realms, the future of VPN services may soon be a thing of the past. While some protection may be better than no protection, never assume that the service being used is completely secure.