The internet as we know it has become a vast global phenomenon. Data is transmitted to push through financial transactions as well as personal or corporate data, and the devices we use to send this information play an important part in protecting ourselves. One way to protect devices and the communications sent through them is with a VPN. But not all VPNs are equal, and one of the most common ways to pick a wrong VPN is to use a free VPN app.
A letter from Homeland Security’s Cybersecurity and Infrastructure Security Agency director Chris Krebs, confirms that there is no federal law to prevent employees from using free VPNs on the app store that are based in China or Russia.
“The vulnerabilities are the ability of users to download untrusted VPN services and the lack of policy across organizations restricting their download,” Krebs told Wyden. “No overarching US government policy or whitelist restricts users from downloading a foreign VPN application on government-operated mobile devices. Policy restrictions vary across departments and agencies.”
Homeland Security’s Cybersecurity and Infrastructure director Chris Krebs
It sounds like a specific and niche problem, but the use of free VPN apps based in these countries is alarmingly popular and the data sent through these apps is tremendous in scope.
Krebs admits that there is a risk that some sensitive government communications could be intercepted by an overseas VPN service that is controlled by Russian or Chinese governments. The way these apps work could make it possible in theory to reroute government users and their internet activity directly into the hands of the Free VPN provider and its owner.
In a statement to The Register, the senator said, “DHS has confirmed my fears: that using Chinese or Russian VPN services is essentially just taking your private data, wrapping it in a bow and then sending it directly to foreign spies in Beijing or Moscow,” Wyden said of the letter. “US government employees should not be using these apps, and I hope that DHS will take steps to prohibit their use on government-issued smartphones.”
Senator Ron Wyden (D-OR)
The recent Huawei and Kaspersky bans indicate that the US government is aware of how phones and software companies could be stealing sensitive data, but there is no indication of a large scale ban of foreign free VPN apps originating in China or Russia. Since millions of users depend on them and use the VPN daily, it would require a significant undertaking and become hard to implement on a large scale.
It is important for individuals, companies and government employees to evaluate their own threat level and implement effective security protocols day to day. Uninstalling that free VPN app that comes with questionable ownership and security risks is a great way to start. Sure, it can be bothersome, but simple security protocols go a long way in protecting one’s privacy.
If you use a premium VPN service provider like TorGuard VPN which is based in the US, you can be sure that Chinese and Russian governments have no way to get their hands on your data.