Personal Data Leaks and Online Security VPNs

TwitterGoogle+FacebookLinkedInPinterestTumblrStumbleUponRedditShare This

Alvin Bryan

Alvin Bryan is a freelance writer and online privacy enthusiast enthusiast currently contributing quality tips and troubleshooting on personal VPN services, and online privacy and security news. You can also find him on Google +.

Ars Data Leaks ExperimentArs Technica recently conducted a test on personal data leaks. From their experiment with National Public Radio (NPR), they found that passive surveillance is still very powerful. Websites, services and apps continue to leak personal data. This is happening even though many users and companies have applied better encryption technologies. The report on the test shows what typical Internet users have to worry about.

The NPR Experiment

Passive data gathering means that there is no hacking, network penetration, or traffic sniffing on other networks. It is only watching the traffic that passes in and out of one network to the Internet. NPR reporter Steve Henn volunteered to be tracked by Sean Gallagher from Ars Technica. Henn would go about his usual activities while he did his research for a story. He is like most Internet users, connecting to the Internet via different devices and applications. Henn would also take the usual security measures and those to avoid spying, like most Internet users do nowadays. And Sean Gallagher was equipped with penetration testing hardware that would act as a WiFi access point. This hardware is not much different than the common hacking gear used by many Internet snoops. The experiment went on for a few days, covering the research period for one story. Henn later did a series on the experiment that summarizes what passive surveillance revealed about his activities.

Online Security VPN Data ProtectionThe Pwnie Express Pwn Plug R2 was designed to help companies monitor and exploit their networks for better online security. But Sean Gallagher also calls it a miniature NSA when it is configured to scoop up Internet traffic. It would now serve to suck up and record all the traffic coming from Henn’s devices on a special server. The data collected from the traffic stream represents the data that the larger NSA surveillance model collects. The NSA uses Turbulence and XKeyscore for passive surveillance. Pwn Plug R2 would represent Turbulence and the server would be XKeyscore. Other tools were also use to simulate NSA data processing and analysis.

Just like most Internet users, Henn said that there was probably nothing that could really be taken from his traffic. But as soon as Henn plugged his iPhone into the Pwn Plug R2, the server was filled with thousands of pages of data. Henn did not launch any apps, but everything that was running in the background was serving up data like an open book. Safari was the worst culprit, showing Gallagher what he had been browsing the last time he went online. This was just one part of the preparation stage and already the profiling of Henn could begin.

Online Security VPNs

NPR uses a corporate online security VPN setup to encrypt their data and traffic. Henn also has other email and VoIP encryption tools on top of the VPN. Gallagher could see right away that the online security VPN and other encryption tools helped a lot in securing Henn’s company communications. But even with these tools, spying is possible because most online services and websites do not use the high grade encryption that online security VPNs do.

Discovered Personal Data Leaks

Traffic SnoopingBy looking at the collected data from the passive surveillance, Gallagher learned a lot. Henn’s Google searches revealed what he was researching. This data is now being encrypted, but Google cookies and data leaks can be manipulated to access the unencrypted data. The cookie that tracks users’ identities for advertising purposes is one of them. The NSA also uses this PREF cookie, and this data is not encrypted by Google. The cookie also reveals the connections made by Google when serving up ads. And searching for places causes Google to send requests to the Maps service. This data is likewise unencrypted and shows the search term used and the IP address that made the request. Moreover, the search results than Henn clicked on were also available. Gallagher did this by looking at the referrer tags for Google. When search terms were unavailable due to Google search result page encryption efforts, he used SEO URL keywords to guess. Henn confirmed that these guesses were almost identical to the actual terms he used.

Henn’s browser and the websites he visited revealed more. Browsers use unencrypted cookies and many websites do no encrypt their pages. Email services also do not encrypt the traffic that passes to and from their mail servers. Without an online security VPN, data from the traffic stream can be easily associated with a specific user through cookies and the IP address used. Phone numbers and email addresses can be picked up and also used to confirm identities and connect traffic to the user and other contacts. Documents taken from the stream can be analyzed for keywords to glean what a persona is doing.

2 thoughts on “Personal Data Leaks and Online Security VPNs

  1. Pingback: Mobile Device VPN | Prevent Data Leaks | VPN Express

  2. Pingback: Expert Tips | Child Security Online | VPN Express

Comments are closed.