LiquidVPN has started to set in motion the scaling back of the outdated and insecure VPN protocol PPTP with a view to removing it completely in the long term.
In what is somewhat of a first in the VPN industry, support for PPTP is being massively scaled back. All mention of the protocol is being slowly removed from their website and any advertising in future will not mention PPTP support.
About time PPTP was killed off
PPTP has long been an insecure protocol for VPN use and offers little protection for those wanting to protect their privacy. The announcement is an excellent move from LiquidVPN.
While it is still suitable for accessing geo-blocked content and some users do so due to the supposed speed benefits it is now possible due to advances in desktop and mobile hardware to receive equally as good speeds using other more secure protocols such as OpenVPN.
PPTP is the least secure VPN protocol in operation today but all major VPN providers still offer the possibility to connect via it. Often being the default connection protocol on custom software unaware users are likely to happily connect and feel secure. With no certificates for authentication and simply a username and password to connect it is just not secure enough for the world today.
Some of the PPTP authentication protocols have been considered insecure as far back as 1998 and even updated ones such as MSChapv2 have recently been found to include flaws meaning it just isn’t suitable for the privacy industry anymore.
David Cox, CEO of LiquidVPN explained the reason behind the decision saying “After a lot of user feedback and internal debate we have come to the conclusion that PPTP’s small boost in transfer speed is not worth the risk to our user’s security.”
No panic for current PPTP users
Current users need not panic just yet as LiquidVPN are retaining PPTP use across some of their servers to ensure that those who do wish to make use of the protocol can do so for the immediate future.
Cox of LiquidVPN alleviated any fears saying “We realize that some users signed up to use PPTP exclusively so recently we quit accepting PPTP connections on all but 10 servers. We will leave the PPTP service running on these servers for up to 1 year or until we see PPTP is no longer being used on a server”
In 2015 a team of researchers from universities in both London and Rome discovered many commercial VPN providers still relying on insecure VPN protocols such as PPTP and found that this outdated technology could easily be broken with a simple brute force attack.
PPTP is often retained as a way for users to make use of VPN services on outdated devices but as technology advances even mobile phones often now support OpenVPN or L2TP protocols which are more secure meaning the need to keep support for PPTP is dwindling.
As PPTP support is slowly phased out by the LiquidVPN service David Cox reassured users that alongside the other protocols they currently offer they “are planning to replace PPTP with IKEv2 in the near future”.