もっと詳しく

Surfshark VPN is one of six popular virtual private network services that have failed security tests, and many others have failed so-called “spoofers” tests…

It is reported by TechRadar.

Several well-known VPN providers, including Surfshark, TurboVPN and VyprVPN, are among the six brands called for risky behavior that could potentially undermine user security.

As part of its Deceptor program, security research firm AppEsteem has found that provider applications install a trusted root certification authority (CA) certificate on users’ devices, and some providers do not even get users’ consent to do so. […]

TechRadar Pro security expert Mike Williams stated, “Installing trusted root certificates is not a good practice. “If it’s compromised, the attacker can forge more certificates, impersonate other domains, and intercept your communications.”

This is a rather glaring flaw in a product specifically designed so that you don’t have to trust third party companies like ISPs to protect your privacy.

When a VPN provider installs an additional root CA certificate, you are only relying on the provider’s encryption and authentication checks because a trusted root certificate can overwrite the encryption and authentication checks of the actual service you’re using (eg Mozilla Firefox, WhatsApp).

This allows the VPN provider to intercept and monitor virtually all of your traffic in the worst case.

SharkVPN says it’s working on removing the need for a certificate.

see also

AppEsteem is working to identify apps that engage in “deceptive and risky behavior that could harm customers.” The number of VPNs that fail these tests is overwhelming.

Sight

The whole point of a VPN is that your privacy and security is protected, even if third-party companies like ISPs or Wi-Fi hotspot providers cannot be trusted not to engage in sketchy activities.

The problem is that instead you trust the VPN service itself. Free VPNs are particularly questionable as they are more likely to use data for their own purposes. But it is important to be careful even when choosing a paid service. The key points to look out for are zero logs and independent reviews of the company’s security claims. Personally, I use NordVPN, one of the few VPNs that meet these criteria.

The post Surfshark VPN and other popular VPNs fail security tests appeared first on Gamingsym.