Over half the top free VPN apps on iOS and Android are linked to China
A report published by Top10VPN indicated that a great deal of “Free” VPN apps for mobile device (phones & tablets) owned by or are housed in China. Considering China moved to ban all VPN’s being used there by 2018; that statistic might sound curious.
The key findings of the report are :
59%of apps have links to China (17 apps)
86%of apps had unacceptable privacy policies, issues include:
Lack of important detail around logging policies that could lull people into false sense of security
Generic policies with no VPN-specific terms
No policy at all
Tracking user activity or sharing with third parties
Several privacy policies explicitly stated that they share data with China
55%of privacy policies were hosted in an amateur fashion
Free WordPress sites with ads
Plain text files on Pastebin
Text files on Amazon servers
Text files on raw URLs, such as IP addresses
64%of apps had no dedicated website – several had no online presence beyond app store listings.
Vast majority of companies make it very difficult to find out where they are based and who is involved – for a minority it was impossible to track down the provider.
Over half (52%) of customer support emails were personal accounts, ie Gmail, Hotmail, Yahoo etc
83%of app customer support email requests for assistance were ignored
Facebook used Onavo to watch which apps users were using on their phones then records and transmit data back to Facebook. The data included what apps were used, how often, where you used them, when you used them, which websites you visited and what data was sent including text messages. Exactly the same details people look to secure from observation when they choose and use VPN’s.
The VPN industry grows by billions of dollars each year. New entrants, changes in advertising, and other market factors are turning the space into one of tech’s most hotly competitive markets.
Virtual private networks(VPNs) have become a necessary tool for many internet users around the world. Regardless of theprimary reasons consumers use VPNs, whether to access entertainment content or to maintain anonymity and security while browsing, VPN usage has skyrocketed over the past several years and is trending nowhere but up.
Ever get annoyed with the constant CAPTCHA challenges that come up while you are using a VPN or Tor ?
The reason you see so many of them is down to the VPN provider you use. The IP address of the VPN services exit node will be the same for all other customers using it; so when websites see large amounts of traffic coming from a particular single IP address it deploys defences because it thinks that the traffic could be coming from bots. This is further confirmed when it tries to identify you – and because you are using a VPN that strips most common characteristics – if they use the Cloudflare DDoS service, it will then put up a CAPTCHA challenge to test if you are a bot or just a very busy human.
Annoying, yes, but also fixable.
Cloudflare are smart enough to recognise this problem and have written a browser plugin that bypasses the CAPTCHA challenge for VPN & Tor users.
Privacy Pass is a Chrome/Firefox browser extension to make browsing Cloudflare-protected websites a better experience for users. In particular, if a user IP address is designated to have a poor reputation then the user may have to solve a Cloudflare CAPTCHA page before they can gain access to such websites.
Privacy Pass uses elliptic curve cryptography to generate ‘anonymous’ tokens after a single CAPTCHA page is solved. These tokens can be used in future engagements with Cloudflare websites to prevent having to solve more CAPTCHAs. The extension generates 30 tokens for each CAPTCHA solution and thus can be used to reduce CAPTCHA pages for each user by a similar factor.
Your IP address is your identifier on the internet. It can identify which continent, country, state and city you are in. It can also identify who your Internet Service Provider is; which means it’s possible for companies or law enforcement to contact them and request details about you (name, address, phone number & billing details).
Changing your IP address is relatively difficult, but fortunately its pretty easy to trick internet services into thinking you are using a different one.
Using A Proxy
When you use a proxy server, you redirect all your internet traffic through an intermediary server. Depending on the service you use, it’s possible to select the location of the proxy server (country or city).
When you use a proxy server to connect to a website, the website sees the IP address of the proxy server – not your real IP address in your home country & city. This is very useful if you were looking to use services that were geographically restricted to certain countries:
Video streaming services
We have a list of free web proxy services here.
Using a VPN
The concept of using a Virtual Private Network (VPN) is very similar to using a Proxy server. Your internet traffic is directed through a specific server in a country you choose and websites you visit thereafter see the IP address of the VPN server; not your real home IP address. The important difference in using VPN is that all your data is encrypted and cannot be intercepted / spied on by hackers, your Internet Service Provider (ISP) and Governments.
Orbot is a free Android proxy app developed by the Tor Project that secures all browsing and mobile app traffic on your device.
Orbot uses Tor to encrypt your Internet traffic and then hides it by bouncing through a series of computers around the world. Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis. Orbot creates a truly private mobile internet connection.
Unlike Tor itself, Orbot does have the ability for you to manually select the exit node country you want (just like a proxy or VPN) from a short but fairly well represented list.
In the very detailed settings menu, you have the option to enable Orbot to start automatically when you reboot your phone or table, as well as a sleep option when no internet traffic is detected. Another very important feature Orbot has, is the VPN function. When this is enabled, all internet traffic from the apps on your Android phone or tablet will be rerouted through the encrypted connection. This is especially useful when you need to use online banking while out and connected to a public wifi network or anywhere you can’t fully trust the hotspot or network you are using.
Your IP address is what ties you to all of the websites, videos, emails and social media posts you view, send and receive on the internet.
It can reveal some very detailed information about your location:
Who your ISP is
It’s possible to identify where you are, the websites you regularly go to, you’re interests, what streams you watch, any files you’re torrent, who you email, contents of your emails. Google for example uses all of this and more from tracking cookies to present you with targeted content and advertisements.
The websites you visit gather even more information about you. By combining your IP address with other information gleaned from metadata, cookies, trackers, and browser-fingerprinting tactics, website owners, marketers, and advertisers can build quite a thorough profile about you. Most ISP’s make a LOT of money selling your internet activity data on to data brokers.
And because you are a customer; your ISP already knows a whole lot more about you…
Your Phone Number
Your Credit Card & Number
Your Bank Account Details
Your Credit Rating & History
How Many Internet Connected Devices (PC’s, Laptops, Tablets, Phones, Games, SmartTV’s Consoles, Smart Watches, all other Internet of Things devices)
How Many People Live In Your House
What Car You Drive
Your Car Insurance, Accident & Speeding Fine History
Your Internet Browsing History
What Time You Use The Internet
What Apps You Use
The Make & Model Of Each Devices You Use
Who You Send Email To (and their contents)
Who You Receive Emails From (and their contents)
What Kind Of Music You Like
What Films You Like
Your Favourite Fast Food
If you bundle your TV and Mobile packages with your internet connection – this list grows dramatically longer !
Because you are a customer, your ISP knows your name, address, phone number, credit card number, bank account details, credit history, browsing history, busy and active times on the internet, which devices you own and how many friends and family live & visit you.
In some countries, ISPs are required by law to keep detailed logs of customers internet activity, these can be requested and seized by law enforcement at any time without a warrant.
When you visit websites that are not secured with HTTPS, your ISP can see every single unencrypted page, its contents and how long you spend looking at it.
Even if you’re browsing websites that are secured with HTTPS, your ISP can still monitor the URL you’re visiting (but not the individual pages).