© 2022 University of Michigan.Privacy Policy
© 2022 University of Michigan.Privacy Policy
VPNalyzer is an interdisciplinary research project from the University of Michigan that aims to analyze the VPN ecosystem through large-scale data-driven studies. The ongoing project consists of three parallel efforts: quantitative and qualitative user studies, a cross-platform desktop tool for users to test the security and privacy features of their VPN connection, and qualitative studies surveying VPN providers.
Our goal is to advance the public interest, inform practical regulations and standards, enforce accountability, and empower consumers to find more trustworthy VPN products. Users interested in a more in-depth overview of the project and its analyses are encouraged to check out VPNalyzer: Systematic Investigation of the VPN Ecosystem (presented by member of our team at the NDSS Symposium 2022).
VPNalyzer includes the Npcap Windows packet sniffing (and sending) library with permission from The Nmap Project. We run StatCounter on this webpage to collect statistics about the number of users of our tool and our website to supply reports to grant agencies. We do not use this data for any other purposes. We also have configured StatCounter to anonymize the last octet of each visitor's IP address i.e. if your IP is 198.51.100.68, StatCounter only shows us 198.51.100.??.
Learn more about our Privacy and Data Policy here. VPNalyzer's Terms of Service are available here.
Building on the findings of our 2021 Alpha Release, a Beta version of the VPNalyzer Tool is available for download. The desktop tool will help users test and identify security and privacy issues with their VPN (and allow the VPNalyzer team to continue to crowdsource data to be used to help spur future industry standards, regulations, and transparency). Download the tool here.
With a limited release in 2021, the VPNalyzer Tool found several notable issues in VPN products. The tool utilizes a measurement test suite of 15 measurements, including tests for aspects of service, security and privacy essentials, misconfigurations, and leakages.
Testing revealed DNS and IPv6 leaks in which user queries and traffic were leaked to their internet service providers (ISP), posing obvious security and privacy risks for users. Our measurements also identified a VPN product with insecure default configurations that only tunneled browser traffic by default—allowing traffic from other apps to be exposed to the user’s ISP. In addition, the Alpha release discovered that the default configurations of many VPN providers allow user traffic to be leaked to their ISP and do not protect them in case of tunnel failure. The feature that mitigates this leak is commonly known as the kill switch feature, which we discovered is not enabled by default in these providers. This release served as the basis for our paper, VPNalyzer: Systematic Investigation of the VPN Ecosystem.
If you are interested in testing a future release of our tool, please fill this form to join our mailing list.
We are a group of computer science researchers at the University of Michigan who design and deploy scalable techniques and systems to protect users’ internet experience. We conduct systematic, data-driven studies to investigate security and privacy issues in the VPN ecosystem and aim to bridge the gap between its various stakeholders.
The VPNalyzer project is done by a group of computer science researchers at the University of Michigan, including:
