Washington Post highlights risks of Chinese VPNs

Phone with CCTV camera above it

The clampdown on TikTok is growing across the world as concerns over the amount of data the popular social media site is sending back to Communist China continue to grow.

The TikTok CEO received a five-hour grilling in front of US Congress last week and said little to dissuade concerns about the app’s data policies.

Meanwhile, in the UK, the app has been banned from Government and Parliamentary devices in quick succession, with more security-related bans expected to follow from other sensitive areas and possibly nationwide.

But while TikTok’s high-profile presence makes it an easy target for politicians and regulators, a recent Washington Post article has shone a light on another type of Chinese-owned app that is arguably an even bigger security concern; Chinese-owned VPNs.

We have been arguing for several years that VPNs owned by entities of individuals based inside the People’s Republic of China presented a security risk to users and that steps should be taken to stop people from being able to download them so easily.

The risks of Chinese VPNs

The first point to make is that the risks we will be discussing do not apply to any of the VPNs recommended on this site.

We are well aware of the threat that the Chinese Communist regime poses and would never recommend any VPN provider that has any links to China or if there is any risk of data being sent back to China.

The problem with Chinese VPNs is that, under Chinese law, all Chinese companies are required to hand over user data to the regime. Even worse, they are also required by law to deny publicly that they have done this.

This means we have to assume that all Chinese companies are sharing all user data with the Chinese Communist regime. And this can be hugely problematic.

The Washington Post cites two Democratic Senators, Ron Wyden of Oregon and Anna G. Eshoo of California, who last year asked the Federal Trade Commission (FTC) to take action, “particularly on those that engage in deceptive advertising and data collection practices.”

They suggested that the industry “is extremely opaque, and many VPN providers exploit, mislead, and take advantage of unwitting consumers.”

The word many is perhaps a stretch, but there is no doubt that some do, and the fact is that it is Chinese VPNs who are prime candidates.

Which VPNs does the Washington Post focus on?

The Washington Post article flags a number of VPNs that are of concern owing to links with China.

Turbo VPN has been downloaded from the Google Play Store more than 100 million times. But its parent company, Innovative Connecting, has had exclusively Chinese directors in the past few years.

That sets alarm bells ringing, but even worse, it has been proved that Turbo VPN is installing root certificates onto user devices that would allow it to tell the computer to trust any application that it authorised and vouch for a fake email or chat program to extract content from the real ones, among other things.

Two further VPN apps in the Google Play Stores Top Six are owned by Signal Lab. This is nothing to do with the Signal messaging app but instead is headquartered in Hong Kong. Its terms of service are written in such a way that its VPNs can monitor all user content if it chooses to.

The Washington Post also shone a light on VPN – Super Unlimited Proxy, which is connected to a company with a Chinese history as well as flagging the well-known concerns about the hugely popular free VPN provider, Hotspot Shield.

It also criticises both Apple and Google for their failure to properly scrutinise these apps before allowing them into their app stores.

What should VPNCompare readers do?

There is not much new in the Washington Post article for anyone who closely follows the VPN sector as we do.

But it is good to see the mainstream media finally cottoning on to the security concerns that we have been raising for years now.

The advice to readers is actually very simple in this instance. Do your due diligence and ensure that you are not using any VPN provider that is based in, or in any way connected to, Communist China.

One way to ensure you are doing that is to read our detailed VPN reviews before you sign up.

If you are using one of the providers cited in this article or any other provider you think may have links to China, the best thing to do is to cancel your subscription and delete the apps as soon as possible.

When it comes to online privacy, online security, and China, it’s just not worth the risk, either with TikTok or VPNs.

Author: David Spencer

Cyber-security & Technology Reporter, David, monitors everything going on in the privacy world. Fighting for a less restricted internet as a member of the VPNCompare team for over 7 years.

Away from writing, he enjoys reading and politics. He is currently learning Mandarin too... slowly.

Leave a Reply

Your email address will not be published. Required fields are marked *