Former malware distributor Kape Technologies now owns ExpressVPN, CyberGhost, Private Internet Access, Zenmate, and a collection of VPN “review” websites
https://restoreprivacy.com/kape-technologies-owns-expressvpn-cyberghost-pia-zenmate-vpn-review-sites/
https://alternativeto.net/news/2021/9/kape-technologies-buys-expressvpn-for-936-million/
#vpn
https://restoreprivacy.com/kape-technologies-owns-expressvpn-cyberghost-pia-zenmate-vpn-review-sites/
https://alternativeto.net/news/2021/9/kape-technologies-buys-expressvpn-for-936-million/
#vpn
RestorePrivacy
Kape Technologies (Formerly Crossrider) Now Owns ExpressVPN, CyberGhost, Private Internet Access, Zenmate, and a Collection of…
Kape Technologies (formerly Crossrider) has now acquired four different VPN services and a collection of VPN “review” websites that rank Kape’s VPN holdings at the top of their recommendations. This report examines the history of Kape Technologies and its…
VPN Provider Agrees to Block Torrent Traffic and The Pirate Bay on U.S. Servers
VPN Unlimited has settled a copyright lawsuit filed by several movie companies. The VPN provider stood accused of failing to take action against subscribers who were pirating films. As part of the settlement, the company agreed to block BitTorrent traffic and prominent pirate sites including 'Pirate Bay,' 'YTS', and 'RARBG' on U.S. servers.
https://torrentfreak.com/vpn-provider-agrees-to-block-torrent-traffic-and-the-pirate-bay-on-u-s-servers-220117/
#vpn #torrent
VPN Unlimited has settled a copyright lawsuit filed by several movie companies. The VPN provider stood accused of failing to take action against subscribers who were pirating films. As part of the settlement, the company agreed to block BitTorrent traffic and prominent pirate sites including 'Pirate Bay,' 'YTS', and 'RARBG' on U.S. servers.
https://torrentfreak.com/vpn-provider-agrees-to-block-torrent-traffic-and-the-pirate-bay-on-u-s-servers-220117/
#vpn #torrent
Torrentfreak
VPN Provider Agrees to Block Torrent Traffic and The Pirate Bay on U.S. Servers * TorrentFreak
To resolve a piracy lawsuit, VPN Unlimited has agreed to block torrent traffic and pirate sites including 'Pirate Bay,' 'YTS', and 'RARBG.'
The at least until recently CIO of big #VPN #ExpressVPN is one of the three former U.S. intelligence operatives who agreed today not to fight charges they illegally helped UAE hack people. Kind of makes you think.
Sep 14, 2021
https://twitter.com/josephmenn/status/1437885720169836544
Sep 14, 2021
https://twitter.com/josephmenn/status/1437885720169836544
Twitter
The at least until recently CIO of big VPN ExpressVPN is one of the three former U.S. intelligence operatives who agreed today not to fight charges they illegally helped UAE hack people. Kind of makes you think.
LiquidVPN Ordered to Pay Filmmakers $14m in Copyright Damages
A group of filmmakers has won over $14 million in damages from VPN provider LiquidVPN. The default judgment finds the company guilty of copyright infringement and DMCA violations, in part by promoting the Popcorn Time app. The order also awards $250,000 in trademark damages in favor of 42 Ventures, which owns the Popcorn Time trademark.
https://torrentfreak.com/liquidvpn-ordered-to-pay-filmmakers-14m-in-copyright-damages-220330/
#vpn #liquidvpn
A group of filmmakers has won over $14 million in damages from VPN provider LiquidVPN. The default judgment finds the company guilty of copyright infringement and DMCA violations, in part by promoting the Popcorn Time app. The order also awards $250,000 in trademark damages in favor of 42 Ventures, which owns the Popcorn Time trademark.
https://torrentfreak.com/liquidvpn-ordered-to-pay-filmmakers-14m-in-copyright-damages-220330/
#vpn #liquidvpn
Torrentfreak
LiquidVPN Ordered to Pay Filmmakers $14m in Copyright Damages * TorrentFreak
With a default judgment, a group of filmmakers has won over $14 million in damages from VPN provider LiquidVPN.
India Orders VPN Companies to Collect and Hand Over User Data
A new government order will force virtual private networks to store user data for five years or longer.
In India, virtual private network companies will be required to collect extensive customer data -- and maintain it for five years or more -- under a new national directive from the country's Computer Emergency Response Team, known as CERT-in. It's a policy that will likely make life more difficult for both VPN companies and VPN users there.
The body, under the country's Ministry of Electronics and IT, announced Thursday that VPNs in the country will have to keep customer names, validated physical and IP addresses, usage patterns and other forms of personally identifiable information. As first reported by Entracker, those who don't comply could potentially face up to a year in prison under the governing law cited in the new directive.
The directive isn't limited to VPN providers. Data centers and cloud service providers are both listed under the same provision. The companies will have to keep customer information even after the customer has canceled their subscription or account. And, in all case, CERT-in will require the companies to report on their users' "unauthorized access to social media accounts."
https://www.cnet.com/news/privacy/india-orders-vpn-companies-to-collect-and-hand-over-user-data
#india #vpn #userdata #privacy
A new government order will force virtual private networks to store user data for five years or longer.
In India, virtual private network companies will be required to collect extensive customer data -- and maintain it for five years or more -- under a new national directive from the country's Computer Emergency Response Team, known as CERT-in. It's a policy that will likely make life more difficult for both VPN companies and VPN users there.
The body, under the country's Ministry of Electronics and IT, announced Thursday that VPNs in the country will have to keep customer names, validated physical and IP addresses, usage patterns and other forms of personally identifiable information. As first reported by Entracker, those who don't comply could potentially face up to a year in prison under the governing law cited in the new directive.
The directive isn't limited to VPN providers. Data centers and cloud service providers are both listed under the same provision. The companies will have to keep customer information even after the customer has canceled their subscription or account. And, in all case, CERT-in will require the companies to report on their users' "unauthorized access to social media accounts."
https://www.cnet.com/news/privacy/india-orders-vpn-companies-to-collect-and-hand-over-user-data
#india #vpn #userdata #privacy
CNET
India Orders VPN Companies to Collect and Hand Over User Data
A new government order will force virtual private networks to store user data for five years or longer.
https://gadgets360.com/internet/news/expressvpn-vpn-servers-india-removed-cert-in-government-order-3031361
#VPN #India #gov #expressVPN
#VPN #India #gov #expressVPN
Gadgets 360
ExpressVPN Rejects Government's Demands, Removes VPN Servers in India
ExpressVPN said the government's order was "incompatible with the purpose of VPNs."
Android leaks connectivity check traffic
An ongoing security audit of our app identified that Android leaks certain traffic, which VPN services cannot prevent. The audit report will go public soon. This post aims to dive into the finding, called MUL22-03.
We researched the reported leak, and concluded that Android sends connectivity checks outside the VPN tunnel. It does this every time the device connects to a WiFi network, even when the Block connections without VPN setting is enabled.
We understand why the Android system wants to send this traffic by default. If for instance there is a captive portal on the network, the connection will be unusable until the user has logged in to it. So most users will want the captive portal check to happen and allow them to display and use the portal. However, this can be a privacy concern for some users with certain threat models. As there seems to be no way* to stop Android from leaking this traffic, we have reported it on the Android issue tracker.
https://mullvad.net/en/blog/2022/10/10/android-leaks-connectivity-check-traffic
#Android #VPN #mullvad
An ongoing security audit of our app identified that Android leaks certain traffic, which VPN services cannot prevent. The audit report will go public soon. This post aims to dive into the finding, called MUL22-03.
We researched the reported leak, and concluded that Android sends connectivity checks outside the VPN tunnel. It does this every time the device connects to a WiFi network, even when the Block connections without VPN setting is enabled.
We understand why the Android system wants to send this traffic by default. If for instance there is a captive portal on the network, the connection will be unusable until the user has logged in to it. So most users will want the captive portal check to happen and allow them to display and use the portal. However, this can be a privacy concern for some users with certain threat models. As there seems to be no way* to stop Android from leaking this traffic, we have reported it on the Android issue tracker.
https://mullvad.net/en/blog/2022/10/10/android-leaks-connectivity-check-traffic
#Android #VPN #mullvad
Mullvad VPN
Android leaks connectivity check traffic | Mullvad VPN
An ongoing security audit of our app identified that Android leaks certain traffic, which VPN services cannot prevent. The audit report will go public soon. This post aims to dive into the finding, called MUL22-03.
MAPPING OF EGRESS POINTS USED BY VPN PROVIDERS
Introduction
This is a follow up on my previous article about
“Are VPN providers more trustworthy than your local ISP?“.
In this article I was mapping different VPN provider’s internet egress points.
The mapping candidates
The countries I’m mapping against are the same as in my previous article.
Sweden
Netherlands
Germany
Switzerland
United Kindom
When selecting VPN providers, I have this time used a wider collection of providers, compared to my last article.
Including this time:
F-Secure Freedome
AirVPN
ExpressVPN
NordVPN
Private Internet Access (PIA)
PureVPN
IPVanish
OVPN
Kaspersky Secure Connect (Hotshield)
AzireVPN
PrivateVPN
MullvadVPN
Kaspersky is not maintaining it’s own VPN service. It’s using the service from HotShield
https://www.skadligkod.se/vpn/mapping-of-egress-points-used-by-vpn-providers
#vpn #archive #as9009 #m247
Introduction
This is a follow up on my previous article about
“Are VPN providers more trustworthy than your local ISP?“.
In this article I was mapping different VPN provider’s internet egress points.
The mapping candidates
The countries I’m mapping against are the same as in my previous article.
Sweden
Netherlands
Germany
Switzerland
United Kindom
When selecting VPN providers, I have this time used a wider collection of providers, compared to my last article.
Including this time:
F-Secure Freedome
AirVPN
ExpressVPN
NordVPN
Private Internet Access (PIA)
PureVPN
IPVanish
OVPN
Kaspersky Secure Connect (Hotshield)
AzireVPN
PrivateVPN
MullvadVPN
Kaspersky is not maintaining it’s own VPN service. It’s using the service from HotShield
https://www.skadligkod.se/vpn/mapping-of-egress-points-used-by-vpn-providers
#vpn #archive #as9009 #m247
Free Android VPN Security Flaws: 100 Apps Tested
I tested the 100 most popular free VPNs in the Google Play store and found significant security and privacy flaws affecting Android apps that have been installed over 2.5 billion times worldwide.
#Android #VPN #Infosec
I tested the 100 most popular free VPNs in the Google Play store and found significant security and privacy flaws affecting Android apps that have been installed over 2.5 billion times worldwide.
#Android #VPN #Infosec
Forwarded from Pegasus NSO & other spyware
PortShadow.pdf
3.4 MB
"Attacking Connection Tracking Frameworks as used by Virtual Private Networks [ VPN ]", 2024.
ABSTRACT
#VPN
ABSTRACT
In this paper, we examine the connection tracking frameworks
used in common operating systems, identifying a novel exploit prim-itive that we refer to as the port shadow. We use the port shadow to
build four attacks against VPNs that allow an attacker to intercept
and redirect encrypted traffic, de-anonymize a VPN peer, or even
portscan a VPN peer behind the VPN server. We build a formal
model of modern connection tracking frameworks and identify that
the root cause of the port shadow lies in five shared, limited resources.
Through bounded model checking, we propose and verify six miti-gations in terms of enforcing process isolation. We hope our work
leads to more attention on the security aspects of lower-level sys-tems and the implications of integrating them into security-critical
applications. #VPN