Virtual private networks are popular ways to keep your online activity private and hide your physical location from your internet service provider and apps. But it's obviously important to choose a safe and secure VPN.
Three university researchers have discovered that 18 of the most widely used VPNs have shared infrastructures with serious security flaws that could expose customers' browsing activity and leave their systems vulnerable to corrupted data. These VPNs are among the top 100 most popular on the Google Play Store, comprising more than 700 million downloads.
Read more: Best VPN Service for 2025: Our Top Picks in a Tight Race
The peer-reviewed study by the Privacy Enhancing Technologies Symposium found that these VPNs, despite calling themselves independent businesses, are actually grouped into three separate families of companies.
None of CNET's recommended VPNs -- ExpressVPN, NordVPN, Surfshark, Proton VPN and Mullvad -- are on the list. (If you currently don't have a VPN, here's why you might want to start using one.)
According to the findings, these are the three groups that contain the 18 VPNs:
Family A : Turbo VPN, Turbo VPN Lite, VPN Monster, VPN Proxy Master, VPN Proxy Master Lite, Robot VPN, Snap VPN and SuperNet VPN
: Turbo VPN, Turbo VPN Lite, VPN Monster, VPN Proxy Master, VPN Proxy Master Lite, Robot VPN, Snap VPN and SuperNet VPN Family B: Global VPN, Inf VPN, Melon VPN, Super Z VPN, Touch VPN, VPN ProMaster, XY VPN and 3X VPN
Global VPN, Inf VPN, Melon VPN, Super Z VPN, Touch VPN, VPN ProMaster, XY VPN and 3X VPN Family C: X-VPN and Fast Potato VPN
Researchers determined that the VPNs in Family A are shared between three providers linked to Qihoo 360, a firm identified by the US Department of Defense as a Chinese military company. The VPNs in Family B use the same IP addresses from the same hosting company.
... continue reading