Citizen Lab Reports Hidden VPN Networks Sharing Ownership and Security Flaws

Citizen Lab’s new report, Hidden Links, uncovers a network of VPN providers like Turbo VPN and VPN Monster that are controlled by a single company and use dangerous security practices, including hard-coded passwords and weak encryption.

A new research paper titled “Hidden Links: Analyzing Secret Families of VPN Apps” has exposed how some popular Virtual Private Network (VPN) providers intentionally hide their true ownership and share security flaws.

The paper was co-authored by Benjamin Mixon-Baca, Jeffrey Knockel, and Jedidiah Crandall and published by Citizen Lab. Their study involved a deep analysis of apps from the Google Play Store, looking at everything from code similarities and network communications to business filings.

Researchers identified three families of VPNs that are secretly operated by the same entity. The most notable group includes Innovative Connecting, Autumn Breeze, and Lemon Clove, which have over 700 million downloads combined.

These companies distribute apps such as ...