Research instrumentation to enable crowdsourced investigations into commercial VPNs​.


The use of VPNs has been growing rapidly among Internet users due to increasing consumer awareness of the security and privacy risks born of high-profile incidents, massive data breaches, adversarial networks, geographic restrictions for streaming media, and widespread reports of ISPs selling data about their users. This rapid growth of the VPN ecosystem has attracted an influx of new VPN providers with varying levels of popularity.

However, not all VPNs actually provide better privacy and security. Furthermore, the popularity of many VPN services may stem from mistaken consumer assumptions or even deliberate false advertising by the providers. These problems are compounded by a lack of convenient technical tools for evaluating and investigating key facets of the VPN ecosystem.

The Approach

VPNalyzer was built to conduct a systematic, crowdsourced investigation into the VPN ecosystem. This project wants to advance the public interest in the VPN ecosystem, inform practical regulations and standards, and enforce accountability and transparency. To that end, VPNalyzer consists of three parallel efforts:

  • A cross-platform desktop tool for users to test the security and privacy features of their VPN connection
  • Large-scale quantitative and qualitative user studies
  • Qualitative studies surveying VPN providers
Screen Shot 2022-06-29 at 2.13.40 PM

The VPNalyzer Tool

The tool consists of a measurement test suite that contains 15 measurements including tests for aspects of service, security and privacy essentials, misconfigurations, and leakages.

VPNalyzer found several notable issues in VPN products. It found DNS and IPv6 leaks whereby users’ queries and traffic were leaked to their Internet service providers (ISP) which poses security and privacy risks for the users. The tool found VPN products with insecure default configurations that only tunnelled browser traffic by default and caused traffic from other apps on the user’s machine to be exposed to their ISP. It was also discovered that many VPN providers in their default configurations allowed the users’ traffic to be leaked to their ISP and did not protect them in case of tunnel failure. The feature that mitigates this leak is commonly known as the kill switch feature, which was discovered to not enabled by default in these providers.

If you are interested in testing a future release of our tool, please fill this form to join the VPNalyzer mailing list.

VPNalyzer publications: