Chinese VPN providers under scrutiny for potential data leaks to authorities, warns privacy watchdog
Using a free VPN to browse the web anonymously? You might be unknowingly dealing with a Chinese company under U.S. government sanctions, according to a recent report by the Technology Transparency Project (TTP).
The report accuses 17 VPN apps - six on Apple's App Store, four on the Google Play Store, and seven available on both platforms - of having undisclosed ties to China. In several cases, the TTP linked the app developers to Qihoo 360, a Chinese cybersecurity company under U.S. sanctions.
Despite the potential risks, these VPN apps, such as VPNify, Ostrich VPN, and Now VPN, don't overtly refer to China or Chinese ownership on the app stores.
VPNs offer privacy protection by masking a user's online identity. However, since VPN companies keep records of users' internet activity, Chinese-owned VPNs could expose this data to the Chinese government, which is permitted to surveil personal data under national law without a warrant.
"When it comes to Chinese-owned VPNs, that means this data can be turned over to the Chinese government based on China's state laws," said Katie Paul, the TTP's director. If a VPN company doesn't take steps to delete user data permanently, the consequences could be significant.
The TTP published a similar report on Chinese VPN apps on April 1. Apple removed three of the apps with ties to Qihoo 360: Thunder VPN, Snap VPN, and Signal Secure VPN. However, the other apps, such as Turbo VPN and VPN Proxy Master, are still available on the Google Play Store.
Two developers - Autumn Breeze (the developer of Snap VPN) and WireVPN - claimed no ties to China or Qihoo 360. However, WireVPN's privacy policy states that users must adhere to Chinese law and refrain from activities that go against the Chinese Constitution and traditional virtues.
Recent investigations suggest that Qihoo 360, the company under U.S. sanctions due to its ties with China's People's Liberation Army, has connections to the VPN apps in question. Despite these concerns, neither Apple nor Google has commented on the specific apps tied to Qihoo 360 or addressed the potential breach of U.S. sanctions.
[1] China's surveillance laws and the threat they pose to privacy: https://www.aclu.org/issues/privacy-technology/surveillance-technologies/chinas-mass-surveillance-scoring-system
[2] The potential privacy risks of using Chinese-owned VPNs: https://www.forbes.com/sites/andiego/2018/04/18/hidemyass-vpn-china-privacy/
[3] U.S. government sanctions on Qihoo 360: https://www.reuters.com/article/us-qihoo-usa-sanctions/usholding-companies-barred-from-exporting-technology-software-to-qihoo-360-idUSKCN25G2V9
- The Technology Transparency Project's recent report reveals potential risks involving politics and technology, as 17 VPN apps with undisclosed ties to China, including VPNify, Ostrich VPN, and Now VPN, could expose users' data to the Chinese government due to Chinese surveillance laws.
- The United States government has imposed sanctions on Qihoo 360, a Chinese cybersecurity company, for its ties with China's People's Liberation Army. However, the potential breach of these sanations and the privacy risks they pose, as Chinese-owned VPNs can turn over user data to the Chinese government, remain unaddressed by Apple and Google.
