- CISA has warned that personal VPNs can increase a user’s “attack surface.”
- This advice is part of a broader warning about sophisticated spyware.
- Questionable VPNs, especially free apps, may collect data or inject malware
America’s leading cybersecurity agency has issued a stark warning in its latest missive: “Do not use a personal VPN.”
The advisory comes from the Cybersecurity and Infrastructure Security Agency (CISA), which warned iPhone and Android users that many commercial VPN services may do more harm than good. According to CISA, “personal VPNs simply shift residual risks from the Internet Service Provider (ISP) to the VPN provider, often increasing the attack surface.”
The warning suggests that while a VPN can protect your activity from your ISP, you trust the VPN provider, many of which “have questionable security and privacy policies.” This is an important statement from a federal agency, suggesting a fundamental risk in the operation of many commercial VPNs.
The alert is part of a broader effort to combat the rise of advanced commercial spyware. Security agencies are increasingly concerned about bad actors using sophisticated tools to infiltrate smartphones, and a fraudulent VPN app is an ideal Trojan horse.
As a recent Google security alert also highlighted, bad actors are adept at distributing malicious apps disguised as legitimate VPN services to compromise user security and steal everything from browsing history to financial credentials.
These warnings are particularly relevant given the increase in the use of VPNs to circumvent geographic restrictions or in response to new legislative measures such as age verification laws. However, as CISA’s guidance suggests, the rush for a quick fix to privacy can lead users to download questionable apps that are, at best, ineffective and, at worst, downright spyware.
How to choose a secure and private VPN
CISA’s general warning suggests that not all VPNs are trustworthy, but the heart of the problem lies in questionable suppliers.
The best VPN services are transparent, audited, and concerned about user privacy. To stay safe, you should look for a provider with a strict, independently verified no-logging policy, ensuring they don’t collect or store any data about your online activities.
Additionally, robust encryption protocols like OpenVPN and WireGuard form the backbone of secure VPN connections, ensuring your online traffic remains private and protected from interception. These encryption standards use advanced cryptographic techniques to protect your data from hackers, ISPs, and government surveillance, making it extremely difficult for third parties to decrypt your communications.
When selecting a VPN, it is also recommended to look for additional security features that enhance your online protection.
One of these options is a kill switch, which automatically blocks your Internet access if the VPN connection drops unexpectedly. This prevents your IP address and sensitive data from being exposed in plain text, a common risk if protection is not in place.
Other nice features may include DNS leak protection, multi-hop connections that route traffic through multiple servers, and perfect forward secrecy (PFS), which frequently changes encryption keys to minimize data exposure.
For those looking for the most private VPNs, the key is to choose a reputable provider that prioritizes user security above all else. TechRadar’s top-rated VPN, NordVPN, for example, offers a suite of advanced features and is currently offering an exclusive discount to TechRadar readers, making it a great choice for those looking to boost their online security without falling victim to the pitfalls that CISA has warned about.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
