A recent survey by VPNpro has revealed that almost one-third of the most popular VPN services are secretly owned by Chinese companies that may be subject to weak privacy laws.
A ‘Virtual Private Network’ (VPN) is used to keep internet activity private, evade censorship / maintain net neutrality and use public Wi-Fi securely e.g. avoid threats such as ‘man-in-the-middle’ attacks. A VPN achieves this by diverting a user’s traffic via a remote server in order to replace their IP address while offering the user a secure, encrypted connection (like a secure tunnel) between the user’s device and the VPN service.
Based In China
The VPNpro research found that the top 97 VPNs are run by only 23 parent companies and that although 6 of these companies are based in China and offer 29 VPN services between them, information on their parent company is often hidden to users.
Metric Labs Research Last Year
The results of the VPNPro research support the findings of an investigation by Metric Labs last year which found that of the top free VPN (Virtual Private Network) apps in Apple’s App Store and Google Play, more than half are run by companies with Chinese ownership.
What’s The Problem?
The worry about VPN services being based in China is that China not only tightly controls access to the Internet from within the country, but has clamped down on VPN services, and many of the free VPN services with links to China, for example, offer little or no privacy protection and no user support. Weak privacy laws in China, coupled with strong state control could mean that data held by VPN providers could be accessed and could enable governments or other organisations to identify users and their activity online, thereby putting human rights activists, privacy advocates, investigative journalists, whistle-blowers, and anyone criticising the state in danger. For other users of China-based VPN services, it could also simply mean that they could more easily be subject to a range of privacy and security risks such as having their personal data stolen to be used in other criminal activity or could even be subject to industrial espionage.
China, Russia, Pakistan and other states whose activities are causing concerns to Western governments all appear to be less trusted when it comes to hosting VPN services or redirecting Internet traffic through their countries. For example, in February this year, US Senators Marco Rubio (Republican) and Ron Wyden (Democrat) asked the Department of Homeland Security to investigate governmental employees’ use of VPNs because of concerns that many VPNs that use foreign servers to redirect traffic through China and Russia could intercept sensitive US data.
What Does This Mean For Your Business?
The reason for using a VPN is to ensure privacy and security in communications so it’s a little worrying that some of the top VPN services are based in countries that have weaker privacy laws than the UK and are known for strong state control of communications.
Fears about security and privacy of our data and communications have been heightened by reports of Russia’s interference in the last US election and the UK referendum, and by the current poor relations between the Trump administration (which the UK has intelligence links with) and warnings about possible espionage, privacy and security threats from the use of equipment from Chinese communications company Huawei in western communications infrastructure. Also, in the UK, there is a need by businesses and organisations to remain GDPR compliant, part of which involves ensuring that personal data is stored on servers based in places that can ensure privacy and security.
It appears, therefore, that for businesses and organisations seeking VPN services, some more desk research needs to be done to ensure that those services have all the signs of offering the highest possible levels of security and privacy i.e. opting for a trusted paid-for service that isn’t owned by or a subsidiary of a company in a state that has weak privacy laws.