Ben Mixon-Baca is a Senior ICFP fellow with Breakpointing Bad, and a PhD student from Arizona State University.
He has previously worked on a range of projects including developing and deploying systems to detect threats to at-risk people and NGOs, developing tools and systems to automatically detect vulnerabilities in network traffic, and developing exploits against VPNs. His current ICFP project focuses on bringing transparency to privacy enhancing technologies with the VPN Transparency project.
The VPN transparency project is a multipronged effort to illuminate the owners, operators, and developers of VPNs on popular app markets and disseminate this information to a broad range of stakeholders. The expansion of the VPN space has attracted malicious actors with a range of objections from the relatively benign, such as collecting unnecessarily detailed user information for ad revenue, to more insidious threats such as ad fraud, mass exploitation by including malware in the APK, and targeted threats. Many popular VPNs such as the ones on the Google Play store—with tens to hundreds of millions of downloads—appear to hide who actually develops and runs them. This obscurity is concerning because of the position of trust VPNs have.
To address this, Ben is using a combination of open source data collection and reverse engineering to generate a transparency score for a selection of VPN applications on app markets. He will then use this score to select a subset of VPNs for detailed analysis and perform a comparative analysis with other, more transparent VPNs, such as iVPN, Tunnelbear, and others. This will add to the work done by previous researchers and inform both app markets, developers, and users about threats in the VPN ecosystem.
