VPNalyzer: Systematic Investigation of the VPN Ecosystem

Use of Virtual Private Networks (VPNs) has surged in recent years, but the trustworthiness of VPN services and the security of their implementations have not been systematically investigated at scale. In this paper, the authors design and deploy VPNalyzer, a cross-platform tool that combines a suite of tests covering security, leakage, manipulation, and ecosystem properties of VPN services. They use it to study 80 widely-used VPN services and reveal a range of issues including DNS, IPv6, and traffic leaks; misconfigured server infrastructure; and untrustworthy ecosystem practices. The work surfaces concrete recommendations for users, providers, and policymakers seeking to improve VPN trustworthiness.