Flaw in VPN systems nullifies its promise of privacy

Worried about your goings-on being monitored on the Internet, you have resorted to using VPN. But, is your privacy really assured?

According to researchers, the answer is “no”. A security flaw in the VPN systems – caused by the combination of IPv6 and PPTP-based VPN services – can be exploited and your IP address, MAC address and your computer name can be identified.

The existence of the flaw was made public at the Telecomix Cyphernetics Assembly in Sweden, home country of the Pirate Bay and the Pirate Party (both of whom offer VPN services). It has also been suggested that the Swedish anti-piracy investigators are already aware of it and are using it to gather data on “anonymous” sharers.

Most users might also not be aware that they can be targeted with this approach, since they are not aware that their computers use IPv6 (for example, those that have Windows 7 installed). The flaw can be closed by the simple action of switching back to IPv4, or by choosing an alternative to PPTP – such as OpenVPN.

“It’s more secure than PPTP, and more stable too, though it doesn’t work on mobile devices natively and isn’t quite as easy to set up on a computer, especially older machines,” says Wired’s Duncan Geere. “OpenVPN also has the advantage that it’s often not blocked in countries where PPTP systems are blocked.”