Malicious actors around the world, ranging from nation states to private organizations, are increasingly making use of technologies to not only control the free flow of information, but also eavesdrop on Internet users' online activities. With the Internet having become an indispensable means of communication in modern society, censorship and surveillance in cyberspace are getting more prevalent.
We present actionable recommendations for technologists and security and privacy advocates by identifying potential areas to focus efforts and improve the VPN ecosystem. Worryingly, we find that users have flawed mental models about the protection VPNs provide, and about the data collected by VPNs. Alarmingly, we find that users rely on and trust VPN review sites, but VPN providers shed light on how they are mostly motivated by money. We create novel insights by augmenting our multi-perspective results, and highlight cases where the user and provider perspectives are misaligned. and qualitative interviews of nine providers to answer several research questions regarding the motivations, needs, threat model, and mental model of users and the key challenges and insights from VPN providers. In this paper, we conduct a quantitative survey of 1,252 VPN users in the U.S. To that end, we are the first to study the VPN ecosystem from both the users' and the providers' perspectives. Moreover, studying VPN users alone is not enough because, in using a VPN, a user essentially transfers trust, say from their network provider, onto the VPN provider.
We also test three geolocation algorithms from previous literature, plus two variations of our own design, at the scale of the whole world.Īs more users adopt VPNs for a variety of reasons, it is important to develop empirical knowledge of their needs and mental models of what a VPN offers. In the process, we address a number of technical challenges with applying active geolocation to proxy servers, which may not be directly pingable, and may restrict the types of packets that can be sent through them, e.g. Czech Republic, Germany, Netherlands, UK, USA). Instead, they are concentrated in countries where server hosting is cheap and reliable (e.g. Our measurements show that one-third of them are definitely not located in the advertised countries, and another third might not be. These servers are operated by seven proxy services, and, according to the operators, spread over 222 countries and territories. In this study we estimate the locations of 2269 proxy servers from ping-time measurements to hosts in known locations, combined with AS and network information. IP-to-location databases tend to agree with the advertised locations, but there have been many reports of serious errors in such databases. Proxy operators offer no proof that their advertised server locations are accurate. Their reasons range from mundane to security-critical. IP2LocObj.open("data/IP-COUNTRY-SAMPLE.Internet users worldwide rely on commercial network proxies both to conceal their true location and identity, and to control their apparent location. Please visit for more geolocation information. Developers can use the API to query all IP2Locationâ„¢ binary databases from for applications written in Python. It has been optimized for speed and memory utilization.
This API is meant to allow easy integration between your program written in Python and the IP2Location Binary (.BIN) data file which will allow you to query the data for information like Country, Region, City, ISP, Latitude, Longitude, Domain, ZIP code, Time zone, ISP, Domain name, Connection type, Area Code and Weather station code. IP2Location Python Library is used to utilize all of the IP2Locationâ„¢ database products.