Net Neutrality is dead and the Internet is increasingly a playground for data mining schemes, social networks, and identity thieves. The possibility of true online privacy has never seemed more remote.
The use of a VPN (Virtual Private Network) has long been viewed as a silver bullet. Historically, VPNs have been used by dissidents trying to avoid persecution from governments, hackers wishing to cover their tracks, and mainstream consumers looking for ways to redress the ever decreasing anonymity of the web.
One result of the whole “death of privacy” situation is that VPN services have become more popular. But, as a recent vulnerability has shown, their efficacy as a safeguard for your personal data may not be all it’s cracked up to be.
The primary purpose of a VPN is to route internet traffic via an IP address other than the one native to the machine it’s coming from to mask a user’s identity.
A recent bug, discovered and documented by Daniel Roseler, found that 23% of VPN providers “leak” their originating IP address through a vulnerability in a browser-based technology called WebRTC.
Given the fact that the primary (in most cases singular) purpose for VPNs is to obscure these addresses, the vulnerability is a killer. While there are a few different extensions for Chrome and Firefox browsers that block the issue, users should be aware that their location, ISP, and other IP-address related details may be exposed.
Read more about the vulnerability here.