2

I regularly uses VPN addons like browsec, Zenmate etc in my browser. These addons/Plugin boast about hiding IPs, bypass firewalls, faster and encrypted services, tracking protection etc which they provide for free. I want to know how secure is these VPN services. Is it possible to encrypt our internet activities using these VPN's?. Can or cannot ISPs or any other third parties can track our internet activites while using these VPNs?

Eka
  • 559
  • 1
  • 5
  • 15
  • I'm not sure that they claim to offer tracking protection. Addons such as Ghostery or Adblock+ are more commonly used for that. And they definitely don't make things faster, at best they won't make things much slower. – Neil Smithline Oct 19 '15 at 16:34

2 Answers2

2

After it has been blamed for not informing its users which protocols it uses, Zenmate says it relies on TLS 1.2 (RFC 5246) protocol with 128-bit AES-GCM data encryption, SHA256 data authentication and ECHDE RSA handshake. So from the encryption standpoint, it is good and it is even rewarded for that. The problem with Zenmate is that its free service may be more limited by time (Zenmate is a commercial company) and the plugins itself keeps running even if the browser is closed thus consuming CPU and memory resources, and remember that Zenmate is not a full VPN service but it only encrypts your Chrome sessions.

As for Browsec, it is also recommended and just as well seen as Zenmate but for the etc you used in I regularly uses VPN addons like browsec, Zenmate etc in my browser, it all depends on which plugin you are talking about: As a good safety practice, you should use a browser plugin only if really necessary. And before installing one, being informed about it (why not review its code or see if some community did that, its rating and so on) is a good thing. There are even free opensource browser plugins developed as POCs of how a plugin can compromise seriously user's privacy such as ZombieBrowserPack that can be manipulated remotely to steal authentication credentials, and even bypass two-factor authentication mechanisms such as the ones implemented by Yahoo and Google. It can also hijack your Facebook account, or get your bank account credentials if you perform an online purchase. You can imagine such a plugin purposed to fulfill this or that feature (shim) and doing something nefarious behind in the background.

1

Furthermore to what Begueradj said...

Bare in mind that a lot of VPN addons can be malicious in one way or another. I'm not saying they all are but you need to consider the possibility that the addon could be malicious or easily attackable.

For example, millions of users used Hola which was a popular VPN browser addon before it was discovered that Hola users could have possibly been a part of a botnet. https://blog.avast.com/2015/06/19/hola-hola-vpn-users-you-may-have-been-part-of-a-botnet/

There's also the possibility that the VPN you use will still just spray your real IP address all over everything you're doing. Hotspot Shield and Hotspot Shield Elite are guilty of this. My friend was still able to identify my real IP address despite running Hotspot Shield through various locations.

Sevaara
  • 181
  • 2
  • 8