I contacted Proton VPN about the TunnelVision exploit and I got a response. I feel great about it, thank you Proton!

Hi,

Thank you for your patience.

Our engineers have conducted a thorough analysis of this threat, reconstructed it experimentally, and tested it on Proton VPN. Please note that the attack can only be carried out if the local network itself is compromised.

Regardless, we’re working on a fix for our Linux application that will provide full protection against it, and it’ll be released as soon as possible.

If there’s anything else that I can help you with in the meantime, please feel free to let me know.

Have a nice day!

  • gencha@lemm.ee
    link
    fedilink
    English
    arrow-up
    7
    ·
    6 months ago

    If I learned one thing from TunnelVision, it’s how blindly people are operating right now. If you open a VPN tunnel, also ensure traffic is actually routed through it, especially if you don’t control the network. Adding a tunnel on top of the insecure network also does not protect your client from other malicious clients on that network. I feel like people have seen one too many VPN snake oil salesman on social media.

    • Socsa@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      4
      ·
      6 months ago

      I’ve been on this pedestal for years. Pop security YouTube has been overtly preying on rubes to sell shady VPN services for a decade now and it’s super cringe. There is no magic bullet to cyber security and it takes real effort and knowledge to be safe.