US government urged to investigate VPNs that are anything but private

Dolphin, Yandex and Opera named by US senators urging VPN investigation

Senators in the US have urged the US Department of Homeland Security (DHS) to investigate VPN apps amid claims that data is not as private as users might believe.

In a letter to Christopher Krebs, the director of the DHS's Cybersecurity and Infrastructure Security Agency, senators Ron Wyden and Marco Rubio claim that the apps could compromise the security of US government employees.

"We are particularly concerned about the potential threat posed by foreign-made apps that are affiliated with countries of national security concerns," they write.

It isn't just VPNs they have in their sights, but also data-saving browsers that route traffic via their own servers in order to serve compressed web pages for mobile viewing.

The letter specifically mentions Dolphin, Yandex and Opera, although the latter has been offering data-saving compression since Opera Mini 5.0 was launched in beta in August 2009.

Opera Software has since been acquired by a consortium of Chinese companies and now also offers a built-in VPN.

VPN apps, particular free ones, also route user data via the provider's servers ostensibly to improve security by providing an encrypted channel between users' devices and the internet. However, the provenance of companies providing such apps is often unclear.

Some VPN apps have been traced to China, for example, where unapproved VPNs are banned, meaning that data passing through approved VPNs can be inspected by China's government. An investigation by Metric Labs suggested that as many as nine out of ten VPN apps in the Google Play Store and Apple App Store were either based in China or had some form of Chinese ownership - despite the VPN clampdown in China.

"Their use raises the risk that user data will be surveilled by… foreign governments. The compromise of that data could harm US national security," claim the senators.

"In light of these concerns, we urge you to conduct a threat assessment on the national security risks associated with the continued use by US government employees of VPNs, mobile data proxies and other similar apps that are vulnerable to foreign government surveillance," they add, suggesting that their use should be prohibited on federal government smartphones and computers should they be found to pose a potential threat.