Category: Uncategorized

Ninety percent of Americans use the internet, but the majority don’t think they are protected when online: Most people believe the government and private companies access their private information. And while the United Nations declared internet access, protection, and enjoyment a human right in 2016, the U.S. Constitution doesn’t cover internet access – at least not yet. 

We surveyed over 1,000 people to determine if Americans desire an internet bill of rights. Continue reading to see if the average internet user agrees with the U.N. and the types of access they want to see protected. 

Americans Want Online Protection

Right versus privilege: One guarantees protection under the law, and the other can be considered a governmental treat. When Florida Gov. Ron DeSantis tweeted that voting is a “privilege,” he was quickly corrected. Voting is, in fact, a constitutional right. If the U.S. government similarly deems internet access a right, it could become easier to protect Americans online. 

But let us not get ahead of ourselves: Do Americans consider internet use to be a right? The majority do. Our findings show that more than three-fifths of people thought the internet is a right, which is in line with the U.N. resolution. Democrats were more likely than Independents and Republicans to share this sentiment, although a majority of all political affiliations considered internet access a right. 

Data and internet privacy remains a top priority among Democratic leaders. However, in 2017, President Trump signed a bill repealing an internet privacy rule that allowed users to choose what service providers could do with their data. Perhaps this divided party approach is why more than two-thirds of Democrats and 58% of Independents said internet use is a right, while only 53% of Republicans concurred. 

Make It Official

Nearly 56% of participants in our study believed the U.S. needs an internet bill of rights. This document would govern the rights and usage principles of the internet, which would ideally protect people’s online activity and private information. 

Although more than 66% of Democrats said internet use is a right, only 58.4% wanted an internet bill of rights. And Republicans were more likely to desire one than Independents, with 54.1% voting in favor of an internet bill of rights compared to 52.7% of Independents. The majority of those in their 20s, 30s, and 40s stood in support as well, but 55.8% of people aged 50 and older opposed an internet bill of rights.

According to the FBI’s Internet Crime Complaint Center (IC3) 2018 report, Americans lost $2.7 billion as a result of “internet-enabled theft, fraud, and exploitation,” and those aged 50 and older accounted for 42% of internet crimes. So, while older Americans may not overwhelmingly favor an internet bill of rights, it may stand to benefit them the most. 

California Sets the Standard

As previously stated, the majority of Americans believed their online affairs are accessible to companies and the government. The federal government does have laws in place to protect people’s private lives, but they do not apply to data, which means that if Americans want to browse the internet privately, they have to rely on state interference. 

California maintains its reputation as the nation’s lead policy-setter. The Golden State’s strict online privacy law, the Consumer Privacy Act of 2018, gives users control over what companies do with their data and took effect on Jan. 1, 2020. California’s “sweeping” step mirrors Europe’s General Data Protection Regulation rules and reflects how states can step in to protect their residents when the federal government falls short. 

Online Protections

The Bill of Rights includes 10 amendments, each outlining protected freedoms. California Rep. Ro Khanna followed a similar structure when he introduced his 10-point plan for protecting people’s rights on the internet. Following Rep. Khanna’s blueprint, participants in our study were asked to choose up to five rights they would prioritize in an internet bill of rights. 

Roughly 70% of people wished to know when companies are collecting personal data and how it is being used. The Pew Research Center found that 79% of Americans are concerned about the way companies use their data.

California’s Consumer Privacy Act of 2018 was the second most wanted right among survey participants: 48.1% of people desired the right to instruct companies to turn over, correct, or delete their data.

Should information exchange require an opt-in or opt-out consent feature? That question may be one of the most controversial in the data privacy debate because if state law requires internet users to opt in before companies can access their data, tech giants stand to lose money in lawsuits and advertising. Right now, most companies have an opt-out feature, which means companies can collect user data. 

Online Protections, by Political Affiliation

Although Democrats and Alastair Mactaggart seem to be the ones leading the charge in favor of user-friendly data privacy laws, our findings show that people of all political affiliations are in support of the same internet bill of rights.

However, there was nearly a 10 percentage point difference between Republicans and Democrats when it came to social media privacy: Roughly 40% of Republicans desired privacy of social media accounts, compared to 30.9% of Democrats. 

George W. Bush was still president when Jack Dorsey founded Twitter. Barack Obama has become quite popular on the social media platform since the conclusion of his second term. But no president has used Twitter quite like President Donald Trump. Perhaps Trump’s love of tweeting is why Republicans deemed social media privacy more desirable than Democrats and Independents. 

However, Democrats (34.4%) and Republicans (36.9%) joined sides when it came to the opt-in option, but Independents (25.8%) were less likely to desire an opt-in option for the collection of data. 

User-Friendly Internet 

The accepted truth once was that nothing that happens on the internet is private or can be deleted. However, our findings show the majority of Americans believe online privacy is a right and desire to have more control over what companies can do with their data. And they aren’t alone: DuckDuckGo, a search engine, is becoming increasingly popular because it puts people’s privacy first. 

Currently, California is leading the charge with privacy laws structured to protect everyday people. But while you wait for your state or the federal government to catch up, take control of your privacy today. Consider setting up a virtual private network to keep your browsing history and data – your personal information – private. Visit TheBestVPN.com to read our comparison guides and browse our resources. 

Methodology 

We surveyed 1,005 current internet users about their experiences and opinions on the internet and principles that should govern its use. 

Respondents were 47.6% women and 52.4% men. Additionally, two respondents identified as nonbinary, and one respondent reported identifying as genderqueer. The average age of respondents was 37.9 with a standard deviation of 12.1.

Respondents were asked what rights and principles they would want to be included in a bill of rights-style document governing the use of the internet if it existed. They were instructed to select up to five principles that would be most important. A portion of the answer options we provided came from the “Internet Bill of Rights” by Rep. Ro Khanna, D-CA, released to the public in 2018 for consideration. His document can be viewed here. 

Respondents were asked to report their current political affiliations. They were given the following options:

• Democrat
• Republican
• Independent
• Libertarian
• Green Party
• Other

In our final visualization of the data, we excluded respondents who reported Libertarian, Green Party, or Other due to low sample sizes in those groups. 

Limitations 

Parts of this project include data that rely on self-reporting. Common issues with self-reported data include exaggeration, selective memory, telescoping, and attribution. 

Fair Use Statement 

Privacy is a major issue as our world continues to be increasingly tech-driven. If someone you know could benefit from the information in this project, you can share it for any noncommercial reuse. We do ask that you link back here so that people can view the project in its entirety and review the methodology. This also gives credit to our contributors for their efforts.

People spend more than 11 hours per day staring at screens, even when they’re at work. To help increase productivity in the workplace, some employers restrict access to sites designed for shopping, streaming, or social media use. Nevertheless, determined employees find ways to bypass blocked sites.

To understand how workers are breaking through firewalls and why, we surveyed 1,014 employees who worked for companies that placed restrictions on certain websites. Our findings reveal which sites are most often blocked, how employees get around restrictions, and what happens when people get caught. Keep reading to see what we found.

Access Denied

Internet filtering is an accepted practice in most states to protect children from explicit or harmful material. Website blocking at work is also common but mostly done to increase productivity in the workplace.

Sixty-four percent of the participants in our study worked for a business with restrictions on certain websites. But that didn’t stop some: 2 in 5 employees admitted to accessing a restricted site while at work. Adult or mature websites were blocked for 84.7% of survey participants, but websites that contained illegal content (77.9%), gambling sites (71.2%), and dating platforms (59.9%) were also commonly prohibited.

According to recent data from the Pew Research Center, 73% of Americans use YouTube, and 69% use Facebook. Slightly more than half of the employees in our study reported social media websites were blocked at work, but 40% felt it was appropriate for digital socializing to be banned while on the clock.

While listening to music in between tasks could boost productivity at work, we found that 31.8% of workplaces blocked music streaming websites. However, the decision wasn’t supported by employees – the majority (84%) of employees agreed they should be able to listen to tunes while working.

What Makes Bypassing Possible?

Millennials grew up using the internet, and employees in their 20s and 30s admitted to bypassing workplace website restrictions more frequently than others. But 23.4% of people age 50 and older also got passed firewalls at work.

So how did they do it? The use of cellular data was the No. 1 way: 89.7% of people got around restricted sites using their mobile data. Following that, 14.2% used a virtual private network (VPN), which allows private browsing on the internet. Although nearly 52% of employees reported being rarely or only occasionally successful at bypassing their work’s firewall, 54.5% of those who used a VPN were frequently or always successful at accessing restricted websites.

Why People Bypass

Because of social reformer Robert Owen, we now have eight-hour workdays, but some argue that workers are really only productive five to six hours daily. Our findings may support that belief.

Although 80.8% of employees clicked their way around a workplace firewall during a break, 45.9% did so because they didn’t have enough work to complete, 25.1% accessed restricted sites to procrastinate or work on a side hustle, and 17.4% said they needed mental breaks. Our study also found that managers bypassed website restrictions: They were five times more likely to break a workplace firewall when they wanted to hide online activity from people at home.

Do Bypassers Get Caught?

Federal labor laws prevent employers from firing employees who complain about job conditions on social media. But it’s permissible for businesses to bar the use of social media sites, such as Facebook and Twitter, while on the clock.

However, 9 in 10 workers who bypassed restricted websites reported not getting caught. Over 2 in 5 who were caught said their IT department monitored browsing. What happened when they were found out? Forty-two percent were given a warning, and 25.9% were placed on probation. However, less than 10% of people lost their job for bypassing their workplace’s firewall.

Privacy Online, From Anywhere

Ahead of holidays like New Year’s and Valentine’s Day, nonwork-related browsing will likely spike. According to our survey, nearly 1 in 5 employees bypassed their workplace restrictions to keep their online activity a secret from those at home. Whether it was to purchase a gift or to hide buying activity from a partner, some employees wanted to keep their privacy.

While browsing at work may not alarm a parent or spouse, breaking workplace firewalls doesn’t guarantee anonymity. One of the most effective ways to securely access the internet is through a virtual private network (VPN). Visit TheBestVPN.com to learn how you can protect your privacy and bypass censorship. We’ll also help you find the best service to meet your online security needs.

Methodology and Limitations

This project relied on self-reported survey data, which was curated via Amazon’s Mechanical Turk platform. There were a total of 1,014 participants. To qualify for this survey, participants needed to be currently employed (either part or full time) and work in a place where there were restrictions on certain websites.

• 51% of respondents were men, with a margin of error of 4% using 95% confidence interval testing.
• 49% were women, with a margin of error of 4% using 95% confidence interval testing.
• Participants ranged in age from 18 to 87, with a mean of 38.4 and a standard deviation of 11.3.
  • 51% of respondents were aged 20 to 29, with a margin of error of 6% using 95% confidence interval testing.
  • 49% were aged 30 to 39, with a margin of error of 5% using 95% confidence interval testing.
  • 51% of respondents were aged 40 to 49, with a margin of error of 6% using 95% confidence interval testing.
  • 49% were aged 50 or older, with a margin of error of 7% using 95% confidence interval testing.

Also, as the data rely on self-reporting, there is the potential to introduce issues, such as exaggeration and selective memory.

Fair Use Statement

Feel free to share what you’ve learned about bypassing workplace firewalls for noncommercial use. All we ask is that when you share our graphics and content, please link back to this page to cite the authors of the study.

VPN Access by Device

The use of Virtual Private Networks (VPNs) has grown considerably in recent years, as public awareness and applications continue to rise. In fact, one quarter of all Internet users have accessed a VPN in the last month, with mobile access growing in popularity:

• Desktop – 17%
• Mobile – 15%
• Tablet – 7%

VPN Usage Frequency

For many users, VPNs have become an integral part of daily life. Of those who accessed a VPN in the last month:

Every day	4-5 times a week	2-3 times a week	Once a week	2-3 times a month	Once a month
Desktop: 35%	Desktop: 15%	Desktop: 14%	Desktop: 10%	Desktop: 7%	Desktop: 6%
Mobile: 42%	Mobile: 13%	Mobile: 11%	Mobile: 9%	Mobile: 6%	Mobile: 5%

VPN Usage by Age & Gender

Across all users, VPNs remain most popular amongst younger generations, particularly males. The number of females accessing VPNs has increased on previous years, however:

VPN Users by Age:	VPN Users by Gender:
16-24: 35%	Male: 62%
25-34: 33%	Female: 38%
35-44: 19%
45-54: 9%
55-64: 4%

Regional VPN Usage (of all internet users)

The Asia-Pacific region continues to be heaviest users of VPNs, although they are continuing to grow in popularity among Latin American and Middle Eastern users:

• Asia Pacific: 30%
• Europe: 17%
• Latin America: 23%
• Middle East & Africa: 19%
• North America: 17%

Emerging Markets Lead for VPN Usage

Given their applications in bypassing Internet censorship and hiding browsing activity, it’s no surprise that emerging markets lead for VPN usage:

Top Ten Markets

• Indonesia: 38%
• India: 38%
• Turkey: 32%
• China: 31%*
• Malaysia: 29%
• Saudi Arabia: 29%
• Brazil: 26%
• Vietnam: 25%
• UAE: 25%
• Philippines: 25%

*China’s percentage is likely to drop in 2020, as the Government attempts to crack down access to VPN providers in the country.

Reasons Why People Use VPN

So, why are people using VPNs? Although motivations differ depending on the region, the top motivations across all users are:

Access better entertainment content:	50%
Access social networks, or news services:	34%
Keep anonymity while browsing:	31%
Access sites / files / services at work:	30%
Access restricted download / torrent sites:	27%
Communicate with friends / family abroad:	25%
Hide my web browsing from the government:	18%
Access a Tor browser:	17%

But a stronger pattern begins to emerge when we look at the regional differences:

Accessing entertainment remains the strongest motivator even when regional differences are factored in, although retaining anonymity while browsing the Internet is a major application in certain countries:

Argentina	Ireland	Singapore
Australia	Italy	South Africa
Belgium	Japan	South Korea
Brazil	Malaysia	Spain
Canada	Mexico	Sweden
China	Netherlands	Taiwan
Egypt	New Zealand	Thailand
France	Philippines	Turkey
Germany	Poland	UAE
Hong Kong	Portugal	UK
India	Russia	USA
Indonesia	Saudi Arabia	Vietnam

–Access better entertainment content
–Keep my anonymity while browsing
–Access restricted download / torrent site

VPN Users Paying for Content

Despite the primary motivation being entertainment content for most users worldwide, those who access VPNs are not pirates. 77% of VPN users are buying digital content each month, across a wide range of formats:

Percentage of VPN users who paid for the following in the last month:

• Music download: 33%
• Music streaming service: 27%
• Movie or TV streaming service: 27%
• Mobile app: 27%
• Movie or TV download: 26%

Online Users & Digital Statistics

It’s worth considering the growth of VPN usage alongside the global increase in overall Internet access, alongside the dramatic and continued growth of social media and mobile phone usage:

In 2020, there are:

• 4.021bn Internet users (7% increase on last year)
• 3.196bn social media users (13% increase on last year)
• 5.135bn mobile phone users (4% increase on last year)

Social media use has continued its impressive climb since 2017, with one in every three minutes spent online now devoted to social media. Globally, digital consumers are now spending an average of 2 hours and 15 minutes per day on social media networks and messaging. According to a recent survey, the top motivations for accessing social media in 2020 are:

• To stay in touch with what friends are doing: 42%
• To stay up-to-date with news and current events: 41%
• To fill up spare time: 39%
• To find funny or entertaining content: 37%
• General networking with other people: 34%

The average internet user now spends around 6 hours each day using internet-powered devices and services – approximately one-third of their waking lives. If we add this together for all 4 billion of the world’s internet users, we’ll spend a staggering 1billion years online in 2020.

Global Internet Penetration

Although internet use is growing, access is not distributed evenly around the world. Internet penetration rates are still low across Central Africa and Southern Asia, but these regions are seeing fast growth in internet adoption.

The global average for Internet penetration is 53%. By region however:

North America: 88%	Southern Europe: 77%	Western Asia: 65%
Central America: 61%	Northern Africa: 49%	Southern Asia: 36%
The Caribbean: 48%	Western Africa: 39%	Eastern Asia: 57%
South America: 68%	Middle Africa: 12%	Southeast Asia: 58%
Northern Europe: 94%	Southern Africa: 51%	Oceana: 69%
Western Europe: 90%	Eastern Africa: 27%
Eastern Europe: 74%	Central Asia: 50%

 

The highest penetration percentages in the world belong to Qatar and the United Arab Emirates, both of whom boast an incredible 99%. Perhaps unsurprisingly, the lowest is North Korea, with a shockingly low 0.6% penetration rate.

Internet Access by Device

As you might expect, more people are now accessing the Internet via smartphones, accounting for a greater share of web traffic than all other devices combined:

• Laptops and Desktops – 43%
• Smartphones – 52%
• Tablet devices – 4%
• Other devices – 0.14%

In addition to a greater number of devices, mobile connections are also getting faster worldwide. GSMA Intelligence reports than more than 60% of mobile connections can now be classified as ‘broadband’:

The percentage of broadband connections compared to population
Northern America: 95%	Western Europe: 98%	Middle Africa: 12%
Central America: 62%	Eastern Europe: 92%	Southern Africa: 83%
The Caribbean: 30%	Southern Europe: 97%	Eastern Africa: 22%
South America: 82%	Northern Africa: 59%	Central Asia: 40%
Northern Europe: 109%	Western Africa: 33%	Western Asia: 63%

The fastest mobile Internet connection speeds are found in Norway, where the average speed is 61.2 MBPS. The slowest is in Iraq, with an average speed of 4.2 MBPS. Thanks in part to the continued global increase in download speeds, the average global smartphone user now uses 2.9GB of data every month – a rise of more than 50% on last year.

This continued growth of mobile-first Internet use is, unsurprisingly, being driven by Millennials. Of 34 tracked online activities:

Millenials	Gen X	Baby Boomers
Mobile first – 31	Mobile first – 17	Mobile first – 7
Laptop first – 3	Laptop first – 17	Laptop first – 27

As you might expect, much of the growth in social media and mobile-first Internet is down to the US and, to a lesser extent, the UK:

United Kingdom snapshot:	United States snapshot:
Population: 66.38 million	Population: 325.6 million
Internet Users: 63.06 million	Internet Users: 286.9 million
Active Social Media Users: 44 million	Active Social Media Users: 230 million
Mobile Subscriptions: 73.23 million	Mobile Subscriptions: 340.5 million
Active Mobile Social Media Users: 38 million	Active Mobile Social Media Users: 200 million

Data Privacy

With an increase in cyber attacks and ever-growing internet access, concerns around data privacy have become far more prominent. As the general-public becomes more informed about the information businesses and governments collect on them, their worries about the use or mismanagement of this data have increased:

• 95% of Americans are concerned about how companies use their data.
• More than 80% are more concerned today than they were a year ago.
• More than 50% of Americans are looking for new ways to safeguard their personal data.

It would seem their concerns are warranted too, with 31% of Americans saying their online life is worth $100,000 or more. Despite this, only one in four Americans believe they’re ultimately responsible for ensuring safe and secure Internet access, and 51% of consumers have had online and mobile accounts compromised in the previous year.

Most people place the responsibility for safe Internet access and the safeguarding of their data with corporations, but many IT professionals are concerned about businesses ability to effectively protect this data:

• 95% of businesses have sensitive data in the cloud.
• 93% of IT professionals report challenges with ensuring data privacy.
• 82% of businesses have employees who do not follow data privacy policies.

These concerns have led to a significant lack of trust from the public, with consumers expressing growing anxiety over the security of their records with corporations:

Your home network is a possible treasure trove for cyber attackers:

• You do your online banking on your phone or PC.
• You have credit card credentials stored in your smart TV and your video game consoles.
• Google Home and Amazon Echo devices are recording the audio in your home and likely have cameras, too.
• Your TVs, PCs, phones, stereos, and various “smart” devices contain CPUs that can be exploited to mine cryptocurrency.
• They can also be exploited as part of a massive botnet to perform more attacks.

If cyber attackers penetrate your home network, you could lose your privacy, your online identity, and money from your bank account. Your various devices may slow down, but you may notice no indication that the bad guys have compromised your comfortable home.

How to Secure Your Home Network

Popular TV shows like Mr. Robot describe super sophisticated cyber attacks and advanced “hackers.” But most of the attacks that your home entertainment and computing devices face are easy to prevent. More importantly, you don’t need a degree in computer science to improve the security of your home network.

I’ll make the knowledge that you need simple to understand and implement.

1. Buy Only the Gadgets You Need

The first step in securing your home network might surprise you. It starts when you browse Amazon or Best Buy for new toys. Smart devices like Amazon Echo, Google Home, Ecobee thermostats, and “smart” toys are all the rage these days.

The possibility of getting weather forecasts simply by saying “Okay, Google, what’s the weather like?” or being able to look at your security cameras from your phone when you’re away can be irresistible. But those are all Internet of Things devices, or IoT for short. They introduce new internet-connected interfaces to your home.

Each of those new interfaces expands the cyber attack surface of your home network. The more interfaces you have, the more vectors you have for the bad “hackers” to get in. So consider the risks of new devices before you buy them.

I personally have very little in the way of IoT tech in my home. I have a smartphone which, of course, doubles as a device that can be used to spy on me. The cybersecurity risks of my phone are similar to the risks my PC has, but it’s a desktop and it can’t be used to track my movements when I’m not home.

I have a “dumb” TV, but it operates as a display for my PS4, PS3, and Raspberry Pi-based Retro Pie console. Those consoles are all internet-connected, and my PS4 also has a PlayStation Camera that could be intercepted to watch me while I’m in my bedroom.

Aside from my router, those are all the internet-connected devices that I have. As a cybersecurity professional, you might assume that I want to have all the latest toys. But, in fact, being a cybersecurity professional means that I’m cautious about new toys.

You could choose to cover your home in Google Home speakers and deploy internet-connected security cameras or whatever you want. Just keep in mind that those could be new means for cyber attackers to interfere with your life—and for security to harden accordingly.

2. Check Your Router

If you have a typical 21^st century home, you have one account with an ISP (internet service provider.) The ISP transmits an internet signal through your home that you’ve connected a home router to. The home router could be fully wired, but it’s probably wireless.

If you have a wireless router, you probably have a WiFi signal broadcast throughout your home that devices can connect to wirelessly, such as phones, tablets, laptops, video game consoles, smart devices, you-name-it.

That internet connection through cable, Ethernet, and WiFi connects your home to the rest of the world. But it’s also how cyber attackers get in. The next course of action is to do the basic things you need to do to secure that source.

It’s unlikely that a cyber attacker will intercept your internet connection physically. Chances are if they want access to your internet connection, they’ll look for your WiFi.

Go to your router. If you have WiFi, your router assigns an SSID (a way of naming WiFi signals) and password to your account. Your router came with a default SSID and password. If you’re using that default SSID and password, you have a seriously dangerous security vulnerability in your home network and must fix it right away.

Wardriving sounds more badass than it actually is. It entails traveling around a neighbourhood with a device that can pick up WiFi signals (such as a phone) and seeing if the WiFi can be easy to break into. The most vulnerable WiFi signals are the ones with no passwords (that’s public, unencrypted WiFi) and the ones with default SSIDs and passwords.

The default SSIDs and passwords associated with the device model of your router and your internet service provider are easy to find on the internet. RouterPasswords.com is a great place to start. Try one of those passwords and you can easily break in. Default SSIDs let cyber attackers know what brand of device you have or who your ISP is and let them know which default passwords to try.

Your SSID should be unique, and your password should be complex. You may be tempted to change your SSID to “Police Monitoring Van,” but the novelty of those jokes have long worn off. Be more original. My boyfriend’s SSID is related to the name of his record label. My home router SSID is a pun related to my nickname. Try something fun and different.

Passwords should be as many characters as possible, with a mix of upper and lowercase letters, numbers, and symbols.

Source: TechTarget.com

Follow the instructions included with your router to change your WiFi SSID and password. If you’ve lost them, don’t worry. Open a web browser on your home PC, and try any of the following in the address bar:

One of those addresses should lead to a console where you can change your router’s settings.

Your router may also have some extra features, such as UPnP or WPS. If you aren’t certain that you’re using those features, disable them from the same router settings console you used to change your SSID and password for your WiFi. Those are both extra ways that cyber attackers can maliciously penetrate your home network. Disable them if you don’t have to enable them.

Regarding WPS, network security expert Michael Horowitz says:

“This is a huge expletive-deleted security problem. That eight-digit number will get you into the (router) no matter what. So a plumber comes over to your house, turns the router over, takes a picture of the bottom of it, and he can now get on your network forever.”

It’s also pretty easy for a cyber attacker to crack your WPS from an app on their phone.

According to Horowitz, UPnP is also terrible.

“UPnP was designed for LANs, and as such, it has no security. In and of itself, it’s not such a big deal. (But) UPnP on the internet is like going in for surgery and having the doctor work on the wrong leg.”

While you’re at your router’s console in your web browser, see if there’s a section where you can check for updates for your router’s firmware. Your router should automatically install new security patches when they become available. It’s quite possible that your router’s firmware isn’t getting updated, which leaves terrifying vulnerabilities that a cyber attacker can exploit.

And when you’re looking for a new router, find one that supports the new WPA3 encryption standard. The other WiFi encryption standards (WEP, WPA, and WPA2) are older and have worse security vulnerabilities. Deliver WPA3 encryption for your WiFi, unless you have devices that cannot use WPA3.

3. Get a VPN

If you’re a smart reader of The Best VPN, you probably have a VPN, too. VPN routes your internet traffic through an extra layer of encryption. A good VPN, when properly configured, will greatly improve the security of your home network and make it a lot more difficult for cyber attackers to intercept your internet use.

If you don’t have a VPN set up yet, or if you’re considering changing your VPN provider, The Best VPN is a great source of independent and objective reviews to help you choose the best.

The best VPN providers have apps for your PCs, phones, and tablets that make everything easy to use. No computer nerd knowledge necessary.

4. Configure Your Firewalls

A firewall is an interface that controls how internet signals enter and leave your home network. They come in the forms of both hardware and software. Chances are that your router has a firewall, and your Windows, macOS, and Linux operating systems have firewalls, too. These firewalls usually work by blocking the internet ports you don’t use and filtering the internet ports that you do use.

These ports are what we refer to as the TCP/IP stack. Internet services often have associated TCP/IP ports. For instance, you access the web through ports 80 and 443.

Your firewalls aren’t configured for optimal security by default. The most secure firewalls are the ones you configure yourself.

HowStuffWorks has an excellent article on how firewalls work with easy-to-understand information that should help you configure your firewalls properly, even if you’re a total layperson. Which ports do you use? You’ll be able to figure it out.

As I said, block the ports you don’t use and filter the ports you do use. Remember I mentioned that each new internet-connected device in your home network is a new way that cyber attackers can break in? The same applies to TCP/IP ports.

5. Don’t Forget the Antivirus

Each device in your home network that can have an antivirus installed on it should have an antivirus installed on it. Malware on your phone or PC can be a means for cyber attackers to attack the rest of your home network.

Your Android malware could be a way in for a cyber attacker to watch your baby on your baby monitor or control your Ecobee thermostat.

I work for an antivirus company, so I won’t recommend anything specific. Instead, I’ll direct you to AV-Test.org. Just as The Best VPN does independent VPN provider reviews, AV-Test is an excellent source for independent third-party reviews of antivirus software.

They list their reviews per operating system, such as Windows, Mac, and Android. Use their advice to choose the best antivirus software for all of the PCs, phones, and tablets in your home network.

6. Tie Up All the Loose Ends

Remember how I mentioned that my PS4 has a PlayStation Camera? I use it with my PSVR device. When I’m not playing a VR video game, I disconnect my Camera from my PS4.

Laptops often have built-in webcams, and you may also have cameras for your Google Home or Amazon Echo, or as a separate peripheral connected to your desktop PC. Disconnect all cameras or cover them with duct tape when you’re not using them. It’s also a good idea to disconnect your Google Home or Amazon Echo speakers when you’re not at home.

By disconnecting or covering cameras and speakers in your home network when you’re not using them, you’re making it more difficult for cyber attackers to watch or listen to you in a space that should be private. There are lots of malware and man-in-the-middle cyber attacks that can grant the bad guys a way to violate your privacy.

My advice is to limit your “cyber attack surface” as much as possible by reducing it in ways that are feasible.

Credit card and personal banking credentials are also highly attractive to cyber attackers. Sometimes people store this sort of data in their smart TVs and video game consoles. My advice is to use your credit card as infrequently as possible.

If you have services that you pay for, such as Netflix, Hulu, Amazon Prime, PlayStation Network, Xbox Live, or Spotify, you can often pay for them using gift cards.

Alternatively, there are credit card gift cards you can use to pay for most online services. Use gift cards as much as possible. The worst-case scenario with a gift card is that a cyber attacker steals its value from you, whether it’s $100 or whatever.

The worst-case scenario with a conventional credit card is much more expensive than $100. If a cyber attacker acquires that data, they could access your personal banking and wipe your bank accounts dry or engage in identity fraud where they pretend to be you online.

Protect Your Home Network, Safeguard Your Security

These tips are all simple ways to greatly improve the security of your home network. It’s surprising how many people don’t do these things. Most cyber attacks aren’t complex, sophisticated, or Hollywood-movie-worthy.

Most of the time, cyber attackers will try easier ways to engage in cyber crime, and by following my guide, you have now made their lives much more difficult. Give yourself a pat on the back!

We’ve been working hard with internal and external security researchers here at TheBestVPN to uncover serious remotely exploitable loopholes in SSL VPNs and Firewalls like Cyberoam, Fortigate and Cisco VPNs. This article is a technical go-to about a patched critical vulnerability affecting Cyberoam SSL VPN also known as CyberoamOS.

This Cyberoam exploit, dubbed CVE-2019-17059 is a critical vulnerability that lets attackers access your Cyberoam device without providing any username or password. On top of that, the access granted is the highest level (root), which essentially gives an attacker unlimited rights on your Cyberoam device.

In most network environments, Cyberoam devices are used as firewalls and SSL VPN gateways. This gives a potential attacker a strong foothold in a network. It makes it easier to attack hosts inside the network, and since Cyberoam devices are usually trusted in most environments, this gives a would-be attacker extra edge.

According to Shodan (a search engine for internet-connected devices), there are more than 96,000 internet-facing Cyberoam devices from all over the world. Most of these devices are installed in enterprises, universities and some in world-renowned banks. This leads to the attacks having huge impacts on these environments.

Working with Sophos security team has been a large delight as they acted quickly by acknowledging and rolling out patches only a few days after our initial report to them. Kudos to them! (pun-intended!)

And since most of these entities are attractive targets for attackers, it makes the bugs all that more critical.

CyberoamOS Remote Unauthenticated Root Command Execution

The CyberoamOS is a modified Linux-based operating system for Cyberoam devices. This OS has a web-based configuration interface and an SSLVPN portal.

The web interface is divided into two main parts:

• A frontend written in Java
• A backend that uses a combination of C and Perl

We will not dive deep into the internals of the front- or back-end code, mainly to save time and limit the amount of information revealed. But we will discuss briefly how the bug is triggered.

Both the configuration and SSLVPN interfaces have a servlet that handles main operations. These operations are defined using a parameter named “mode”.

Most of these are authenticated. But there are a few ops we can access without authentication (like login).

The bugs we have found lie in the email antivirus/antispam module. The request mode for this endpoint (module, op) is 458.

One thing to note is the opcodes are mapped to their names in the Cyberoam database (internal database Postgres). By looking up 458, we can find out what the name of this opcode is.

Here is a line from the database initialization SQL script showing the name opcode 458:

insert into tblcrevent(opcode,description,mode,requesttype) 
values('RELEASEQUARANTINEMAILFROMMAIL','RELEASE QUARANTINE MAIL FROM MAIL','458',2);

The opcode functions are stored in the directory /_conf/csc/cscconf/. We will not be revealing the whole code of the vulnerable function, but we will provide a few snippets showing where and how the bug occurs.

A code from the Java frontend that handles the opcode 458:

if ((jsonObject.getString("hdnSender").equals("") ||
validateEmail(jsonObject.getString("hdnSender"))) &&
validateEmail(jsonObject.getString("hdnRecipient")) &&
isSafeFilePath(jsonObject.getString("hdnFilePath")) && b) {
    httpServletResponse.setContentType("text/html");
    CyberoamLogger.debug("Antivirus/AntiSpam", "CSC Constant value " + 
CSCConstants.isCCC);

As you can see above, a few parameters are checked for validity. If they are valid values, the following happens:

final EventBean eventByMode = EventBean.getEventByMode(363);
...redacted.
final int sendWizardEvent = cscClient.sendWizardEvent(eventByMode, hashMap, sqlReader);

As we can see above, we have a new event code (363) that will be sent to the backend. The bug we have discovered is in the code that handles this in the backend.

The opcode is named sendmail, and to avoid exploitation of this bug, we will be redacting most of the code from the following code.

The opcode handler for send_mail.

...redacted...

<code>$param = $request->{release};</code>
        param = DLOPEN(base64_decode,param)
        LOG applog " Decode values :: $param \n"
        <code>%requestData = split(/[&=]/, $param);
            $mailServerHost = $requestData{hdnDestDomain};
            $mailFrom = $requestData{hdnSender};
            $mailTo   = $requestData{hdnRecipient};
            $file = $QUARANTINE_PATH."/".$requestData{hdnFilePath};

    $mailfile=$requestData{hdnFilePath};
    $validate_email="false";
    my $email_regex='^([\.]?[_\-\!\#\{\}\$\%\^\&\*\+\=\|\?\'\\\\\\/a-zA-Z0-9])*@([a-zA-Z0-9]([-]?[a-zA-Z0-9]+)*\.)+([a-zA-Z0-9]{0,6})$';
    if($requestData{hdnRecipient} =~ /$email_regex/ && ((defined $requestData{hdnSender} && $requestData{hdnSender} eq '') || $requestData{hdnSender} =~ /$email_regex/) && index($requestData{hdnFilePath},'../') == -1){
        $validate_email="true";
    }
....redacted....

As we can see above, the pseudo-Perl code shows us how the backend receives input from the frontend ($requestData) and how it attempts to verify some of the parameters we send.

After the verification, if our parameters are valid, the following code is executed:

%mailreq=("mailaction"=>"$MAIL_FORWARD","subject"=>"$strSubject","toEmail"=>"$mailTo","attachmentfile"=>"$file","smtpserverhost"=>"$mailServerHost","fromaddress"=>"$mailFrom");
    </code>

  out = OPCODE mail_sender json %mailreq

The code above sets our request parameters into mailreq variable and calls the mail_sender function (OPCODE). We will see how this opcode is executed and where exactly the RCE happens:

    <code>
        #mailaction 0=mail_with_var,1=mail_forward,2=mail_attachment
        $mailaction=$request->{mailaction};
        $subject=$request->{subject};
        $mailbody='';
        $attachmentfile=$request->{attachmentfile};
        $toEmail=$request->{toEmail};
    </code>
    #mail body
    IF("defined $request->{mailbody} && '' ne $request->{mailbody}"){
        <code>$mailbody=$request->{mailbody};</code>
    }
    #SMTP server host
    IF("defined $request->{smtpserverhost} && '' ne $request->{smtpserverhost}"){
        <code>$smtpserverhost=$request->{smtpserverhost};</code>
    }ELSE{
        result = QUERY "select servicevalue from tblclientservices where servicekey='MailServer'"
        IF("defined $result->{output}->{servicevalue}[0] && '' ne $result->{output}->{servicevalue}[0]"){
            <code>$smtpserverhost=$result->{output}->{servicevalue}[0];</code>
        }ELSE{
            <code>$smtpserverhost="127.0.0.1";</code>
        }
    }

    #SMTP server port
    IF("defined $request->{smtpserverport} && '' ne $request->{smtpserverport}"){
        <code>$smtpserverport=$request->{smtpserverport};</code>
    }ELSE{
        result = QUERY "select servicevalue from tblclientservices where servicekey='MailServerPort'"
        IF("defined $result->{output}->{servicevalue}[0] && '' ne $result->{output}->{servicevalue}[0]"){
            <code>$smtpserverport=$result->{output}->{servicevalue}[0];</code>
        }ELSE{
            <code>$smtpserverport="25";</code>
        }
    }

    #SMTP auth flag
    <code>$smtpauthflag="0";</code>
    IF("defined $request->{smtpauthflag} && '' ne $request->{smtpauthflag}"){
        <code>$smtpauthflag=$request->{smtpauthflag};</code>
    }ELSE{
        result = QUERY "select servicevalue from tblclientservices where servicekey='SMTPAuthenticationFlag'"
        IF("defined $result->{output}->{servicevalue}[0] && '' ne $result->{output}->{servicevalue}[0]"){
            <code>$smtpauthflag=$result->{output}->{servicevalue}[0];</code>
        }
    }

    IF("$smtpauthflag == 1"){
        IF("defined $request->{mailusername} && '' ne $request->{mailusername}"){
            <code>
                $mailusername=$request->{mailusername};  
                $mailpassword=$request->{mailpassword};
            </code>
        }ELSE{
            result = QUERY "select servicevalue from tblclientservices where servicekey = 'MailServerUsername'"
            <code>$mailusername = $result->{output}->{servicevalue}[0];</code>
            result = QUERY "select servicevalue from tblclientservices where servicekey = 'MailServerPassword'"
            <code>$mailpassword = $result->{output}->{servicevalue}[0];</code>
        }
    }ELSE{
        <code>
            $mailusername = "";
            $mailpassword = "";
        </code>
    }
    IF("defined $request->{fromaddress} && '' ne $request->{fromaddress}"){
        <code>$fromaddress=$request->{fromaddress};</code>
    }ELSE{
        result = QUERY "select servicevalue from tblclientservices where servicekey = 'FromAddress'"
        <code>$fromaddress = $result->{output}->{servicevalue}[0];</code>
    }

    #Security Mode
    IF("defined $request->{smtpsecurity} && '' ne $request->{smtpsecurity}"){
        <code>$smtpsecurity=$request->{smtpsecurity};</code>
    }ELSE{
        result = QUERY "select servicevalue from tblclientservices where servicekey = 'smtpsecurity'"
        <code>$smtpsecurity = $result->{output}->{servicevalue}[0];</code>
    }

    <code>$smtpsecuritymode=0;</code>
    IF("$smtpsecurity eq 'STARTTLS'"){
        <code>$smtpsecuritymode=1;</code>
    }ELSE IF("$smtpsecurity eq 'SSL/TLS'"){
        <code>$smtpsecuritymode=2;</code>
    }

    #SMTP Certificate
    <code>
        $smtpcertificate = '';
        $certpassword='';
    </code>
    IF("$smtpsecuritymode!=0"){
        IF("defined $request->{smtpcertificate} && '' ne $request->{smtpcertificate}"){
            result = QUERY "select certname,password from tblvpncertificate where certid=$request->{smtpcertificate}"
        }ELSE{
            result = QUERY "select certname,password from tblvpncertificate where certid=(select servicevalue::int from tblclientservices where servicekey = 'smtpcertificate')"
        }
        <code>
            $smtpcertificate = $result->{output}->{certname}[0];
            $certpassword=$result->{output}->{password}[0];
        </code>
    }

    #From Address with Name
    IF("defined $request->{fromaddresswithname} && '' ne $request->{fromaddresswithname}"){
        <code>$fromaddresswithname=$request->{fromaddresswithname};</code>
    }ELSE{
        <code>$fromaddresswithname = $OEMNAME . " <" . $fromaddress . ">";</code>
    }

The code above does the same thing the other opcode did when it starts. It initializes variables (some from us or from the device if not specified).

After the variables are assigned, the following code block is executed.

out = EXECSH "/bin/cschelper mail_send '$fromaddress' '$fromaddresswithname' '$toEmail' '$toEmail' '$subject' '$mailbody' '$smtpserverhost' '$smtpserverport' '$mailusername' '$mailpassword' '$mailaction' '$smtpsecuritymode' '$smtpcertificate' '$certpassword' '1' '$attachmentfile'"

And there it is, the command execution. Now the call here is EXECSH which calls /bin/sh -c “ARGUMENTS”. With the execution happening using values we control, we can easily attain remote command execution, all without authentication.

We will be releasing a full report and the Proof of Concept with proper outlines in a few months.

Update: This research was covered first on TechCrunch, read more here.

Update: Please note that this not a WebRTC leak. This involves DNS prefetching which is activated by default on all Chrome browsers. We’ve already informed some of the VPN providers about this issue and they’re in the middle of fixing this.

If your VPN provider is on the list or it leaks your DNS through browser extensions (take test here), please be sure to inform us or them so they could patch this.

Affected VPNs: Last test on 12th of July

1. Opera VPN
2. Setup VPN
3. Hola VPN – Vulnerable users: 8.7 million
4. Betternet – Vulnerable users: ~1.4 million
5. Ivacy VPN – Vulnerable users: ~4,000
6. TouchVPN – Vulnerable users: ~2 million

VPNs That Don’t Leak

1. NordVPN
2. WindScribe
3. CyberGhost
4. Private Internet Access
5. Avira Phantom VPN
6. HotSpot Shield (Fixed)
7. TunnelBear (Fixed)
8. PureVPN (Fixed)
9. VPN Unlimited (Fixed)
10. ZenmateVPN – (Fixed)
11. DotVPN – (Fixed)

Intro

Google Chrome has a feature called DNS Prefetching (https://www.chromium.org/developers/design-documents/dns-prefetching) which is an attempt to resolve domain names before a user tries to follow a link.

It’s a solution to reduce latency delays of DNS resolution time by predicting what websites a user will most likely visit next by pre-resolving the domains of those websites.

The Problem

When using a VPN browser extensions, Chrome provides two modes to configure the proxy connections, fixed_servers and pac_script.

In fixed_servers mode, an extension specifies the host of a HTTPS/SOCKS proxy server and later all connections will then go through the proxy server.

In pac_script mode on the other hand, an extension provides a PAC script which allows dynamically changing the HTTPS/SOCKS proxy server’s host by various conditions. For example, a VPN extension can use a PAC script that determines if a user is visiting Netflix by having a rule that compares the URL and assigns a proxy server that is optimized for streaming. The highly dynamic nature of PAC scripts means the majority of VPN extensions use the mode pac_script over fixed_servers.

Now, the issue is that DNS Prefetching continues to function when pac_script mode is used. Since HTTPS proxy does not support proxying DNS requests and Chrome does not support DNS over SOCKS protocol, all prefetched DNS requests will go through the system DNS. This essentially introduces DNS leak.

There are multiple reasons why VPNs leak.

But a leaking VPN is useless.

You purchase VPN service for one very simple reason: Hide your IP and protect your data while browsing the Internet or using public Wi-Fi.

Leaks completely undermine this vital service, exposing your true location and activities right before the prying eyes of your ISP, government agencies, and cybercriminals.

It’s like buying a vacuum cleaner and having it blow dirt out all over your house.

We don’t take leaks lightly.

Every VPN that we review goes through an extensive leak-detection process. We establish a connection with their servers and then use six different third-party tools to reveal our IP address.

If they don’t match the VPN’s stated server location, it means they are leaking…

Different VPN Leaks + How We Tested

Three most common leaks are:

• DNS leaks
• WebRTC and IP leaks
• Chrome extension leaks

We used the following sites (in addition to our own Chrome extensions test):

• https://ipleak.net/
• https://www.perfect-privacy.com/check-ip
• https://ipx.ac/run
• https://browserleaks.com/webrtc
• https://www.perfect-privacy.com/dns-leaktest/
• https://dnsleak.com

Unfortunately, this problem isn’t as far-fetched as it sounds.

We found leaks in as many as 15 of the 74 VPNs we’ve reviewed. That’s a whopping 21.62% of the ‘best’ VPNs in the marketplace.

Those 15 leakers also occupy bottom 15 ranking spots in our best VPN list. That’s no coincidence.

So which ones are they? Find out in this list of VPNs that threaten your internet security with different leaks.

 

15 VPNs That Leak

1. Hoxx VPN (free & paid version)
2. Hola (free version)
3. VPN.ht (paid version)
4. SecureVPN (paid version)
5. DotVPN (free version)
6. Speedify (free version)
7. Betternet (free version)
8. Ivacy (free version)
9. Touch VPN (paid version)
10. Zenmate (free version)
11. Ace VPN (paid version)
12. AzireVPN (paid version)
13. BTGuard (paid version)
14. Ra4w VPN (paid version)
15. VPN Gate (free version)

Below is a list of both free and paid VPNs where we found DNS, WebRTC, IP, or Chrome extensions leaks:

1. Hoxx VPN – DNS, WebRTC, and Chrome extension leaks found

Server used for testing: Canada

This was a VPN that failed just about every test that we put it through, including half of our leaks tests. WebRTC leaks were just one of the multitude of issues we faced with this problematic system.

They log your information and expose your IP, through both standard WebRTC leaks and Chrome extension leaks. Coupled with its outdated VPN protocols and encryption standards, you’re better off just not using a VPN like this one.

WebRTC Leak (exposing our true IP):

DNS Leak:

Chrome extension leak:

Read more in our Hoxx VPN review.

2. Hola VPN – DNS and WebRTC leak

Server used for testing: United States

Hola is one of our lowest ranked VPNs. This free VPN logs your information and uses a sketchy peer to peer connection in lieu of traditional VPN servers.

It might be one of the least secure VPNs we’ve ever seen. It’s another ‘double trouble’ VPN that managed to fail both our browserleak.net and WebRTC tests.

Hola WebRTC leak:

Hola DNS leak:

Read more in our Hola VPN review.

3. VPN.ht – IP and DNS leaks detected

Server used for testing: Netherlands

VPN.ht uses a series of adorable aliens to let you know that with their service, you can be completely anonymous.

But apparently, they don’t run leak tests on whatever planet these little guys are from. Aside from the leaks, it was a pretty good VPN. They don’t log any information and they exist outside of the established surveillance alliances. This winning combination always eases my security fears a bit.

I just couldn’t get past the leaks…

We found IP leaks, but Spoiler Alert: this isn’t the last time you’ll be seeing this product on the list.

VPN.ht IP leak:

VPN.ht DNS leak:

Read our full VPN.ht review

4. SecureVPN – IP and DNS leak detected

Server used for testing: Netherlands

This VPN claims to hold “the key to online privacy” on their official website. But we found IP leaks that completely undermine this claim.

It’s a shame too because there was really a lot to love about this VPN. Fast speeds coupled with Netflix functionality and torrenting capabilities made it a strong streaming product. But those leaks were just too much to overlook.

SecureVPN IP leak found:

SecureVPN DNS leak found:

Read our full SecureVPN Review.

5. DotVPN – WebRTC leak detected

Server used for testing: United States

This company claims that they are “a better way to VPN.”

What they ARE is a slow (but affordable) VPN based out of Hong Kong. That means they’re free of the overbearing 5, 9, and 14 Eyes Surveillance alliances that pool government espionage information together. Yet still under China’s “government approval.”

They’re also ripe with WebRTC leaks. This VPN failed our usual WebRTC test.

DotVPN WebRTC leak found:

Read more in our DotVPN Review.

6. Speedify – 1 DNS leak detected

Server used for testing: Finland

We found DNS leaks on this VPN, but the presence of a kill switch feature helps somewhat. A kill switch will automatically disconnect you from the VPN service if the signal becomes compromised.

No logging and five simultaneous connections are some of the positives, but they don’t outweigh the danger posed by these leaks.

DNS leak:

Read more in our Speedify VPN Review.

7. Betternet – 1 IP leak through Chrome extension

Server used for testing: United States

Betternet is a 100% free VPN…

… and proof of the old adage that you get what you pay for.

For starters, it’s the slowest app we’ve ever reviewed. If that’s not bad enough, the company sells ads based on your own activity. Security is a huge concern thanks to the company’s policy of data logging.

But all of that pales in comparison to the leaks we found when investigating this service. Betternet’s Chrome browser extension was the main culprit this time.

Not shocking, since 70% of Chrome extensions leak your IP.

Leak through Chrome extension:

Read more in our Betternet Review.

8. Ivacy – 1 IP leak through Chrome extension

Server used for testing: United States

Leaks, limited torrenting, and no Netflix derail what looked on paper to be a decent VPN. This is another one that passed our WebRTC test but failed when we examined their Chrome extension. The presence of a kill switch helps, but not enough.

9. TouchVPN – 1 IP leak through Chrome extension

Server used for testing: United States

TouchVPN is free. But its porous browser extension means it’s still overpriced.

Free was the only positive thing we found to say about this VPN. It’s slow, logs your information, doesn’t work with torrenting or Netflix. Plus, they’re located within the 5 Eyes alliance jurisdiction. Steer clear.

Read more in our TouchVPN Review.

10. Zenmate – 1 IP leak through Chrome extension

Server used for testing: United States

This app left our IP address completely exposed. It has a decent server park and the built-in kill switch helps security somewhat.

But the presence of leaks plus a problematic logging policy forces us to question whether or not we can trust Zenmate.

Response from Zenmate:

The problem is that WebRTC, as a protocol, leaks IP Addresses under certain circumstances. The change we made that prevents leakage may prevent WebRTC from working, so the user has the ability to switch this off, and use WebRTC. Once switched off, we remind the user to switch is back on as much as we can, but it is up to the user to do so.

Also, our smart locations feature may cause leakage. This feature switches the user’s selected server based upon the website they are visiting so that it is more likely to work that otherwise. This feature, again, may leak IP Addresses under certain circumstances. This feature is valuable to a lot of users as it improves their geo-unblocking where they are not 100% concerned about total security. This feature is turned off by default, but the user has the option to turn it on.

All in all, we are as good as or better than all other VPNs on the market as far as preventing leakage, however not all of our users want this as it may prevent them accessing certain features and function. So, we made is user configurable and warn the user when they may be compromising their configuration. If the test still shows that they are detecting leakage, then it is most likely they need to upgrade their version of the client.

Read more in our Zenmate review.

11. AceVPN – 1 DNS leak detected

Server used for testing: Belgium

AceVPN started off OK. However, results quickly went downhill when we started putting them through our series of tests.

This is a slow-moving system that logs your data and only allows for two simultaneous connections. That being said, it worked with Netflix and features a kill switch.

But the DNS leaks were the last straw.

Read more in our Ace VPN Review.

12. AzireVPN – 1 DNS leak detected

Server used for testing: Sweden

It’s hard to be “privacy-minded” when you’re suffering from DNS leaks. Another one, unfortunately, bites the dust.

On paper, it looked pretty good. No logging and there was Netflix/torrenting support. And with five simultaneous connections, it seemed like a decent VPN that the whole family could enjoy.

A lack of a kill switch coupled with the aforementioned leaks were some of the only dents in this program’s otherwise impressive armor.

13. BTGuard – 1 DNS leak detected

Server used for testing: Netherlands

BTGuard is extremely torrent friendly. Too bad it also suffers from DNS leaks. The point of VPN use while torrenting is to protect your system from malicious hacking attempts made by other users who are connecting to your system.

That protection is meaningless if your IP is exposed. While BTGuard focuses on torrenting services, it tends to ignore most other important features of a modern VPN. They log information, it’s a slow program, they don’t have a kill switch, and they only allow for one connection.

Leaks were just the cherry on top.

Read more in our BTGuard Review.

14. Ra4W – 1 Chrome Extension leak detected

Server used for testing: United States

This VPN has secure encryption and an awesome customer service team, but it was undermined by both DNS leaks and some potentially malicious programs that we found in its install file. A kill switch could have gone a long way toward re-instilling some of my faith, but they don’t have one.

Read more in our Ra4W VPN Review.

15. VPN Gate – 1 DNS leak detected

Server used for testing: Belgium

VPN Gate is a free VPN service from Japan. Unfortunately, that gate has a few holes in it in the form of DNS leaks. There’s not a lot to love here aside from the price point and the fact that it worked with Netflix.

Due to the leaks we found, it’s not recommended to use this VPN for anything other than light streaming. Nothing that requires anonymity.

Why Do VPNs Leak?

VPNs leak for a variety of reasons. DNS server issues and WebRTC API conflicts can cause your true location to shine through. The problem is that these often strike when you least expect it.

Your VPN connection looks legit. There’s no notifications or other errors. But your ISP, government agencies, or cybercriminals will see absolutely everything.

You can have strict no logging policies, exist outside of every major surveillance alliance, and have lightning speeds, but if a VPN is leaking your IP, you’re toast.

That’s why when you find a VPN that is airtight, with no leaks whatsoever, you should stick to it like glue. Here are some of our favorite.

Top 5 Leak-Free VPNs

1. ExpressVPN

• No logging and some advanced encryption make this a security powerhouse.
• You can torrent away and stream Netflix on some servers, so it’s great for browsing
• With over 1,500 servers in 93 countries, you can use this VPN for years and never use the same server twice.

2. NordVPN

• Six connections and over 3,000 servers make this a truly versatile service.
• Four out of the six servers we tested worked with Netflix.
• Super fast speeds and a kill switch ensure that your sessions will be quick and protected.

3. Perfect Privacy

• Unlimited connections allow you to connect to multiple devices without ever having to sign out.
• A strict no logging policy ensures that you remain completely anonymous.
• Torrent to your heart’s content.

4. CyberGhost

• 1300 servers in 65 countries with five connections. This is a service that gives you options.
• Not a part of any major surveillance alliance, so your information is secure.
• The company won’t log your information, so browse confidently.

5. Trust.Zone

• A lightning fast VPN that lets you torrent and watch Netflix.
• A no logging policy helps but the “trust” in Trust.Zone.
• Built-in kill switch ensures that even if there were leaks, you would be protected.

For a more in-depth analysis, check out our list of the top ranking VPNs.