Popular Android VPN (Swing VPN) sure looks like a DDoS botnet [Android Police]

[costafilh0]

Summary

"A security researcher" "has uncovered evidence that Swing VPN includes code allowing its controller to functionally operate app clients as a botnet capable of Distributed Denial of Service (DDoS) attacks".

Quotes

Quote

 "An investigation into the Android app, Swing VPN, suggests potential misuse of users' devices."

 

My thoughts

Since LMG doesn't want to create a VPN, maybe it's time for everyone to create their own VPN, because "trusting" these companies was never an option and now it's not just a matter of our own privacy, apparently. Hope it gets covered on WanShow!

 

Sources

https://www.androidpolice.com/malware-android-vpn-ddos-botnet/

[jaslion]

It's a free vpn.

 

You pay for it in some way.

[johnno23]

Anything for free these days is monetized one way or another.

even useful apps for the PC that do not impact your privacy will bombard you with popups special offers etc until you either delete them or pay for them if they meet your needs.

I use a VPN but I use an expensive one and have no adverts no issues a 24/7 help desk with real people not bots and I can mix mac pc and android max 5 clients without price increase. I can also install directly to each station phone and even my router.

The free ones don't come even close and most times the free VPNs are much slower.

[LAwLz]

I've never heard of Swing VPN before but they have like 10 different red flags on their Google play store. 

Completely free VPNs are in 99.99% of cases complete shit and should not be trusted. 

All the claims about boosting gaming speeds and such also is a major warning alarm going off. I am not surprised. 

 

 

1 hour ago, costafilh0 said:

Since LMG doesn't want to create a VPN

Good. Because they have given me zero reason to trust that they would be capable of building a secure and reliable VPN service worth trusting. It's difficult and a massive liability. 

 

 

1 hour ago, costafilh0 said:

maybe it's time for everyone to create their own VPN, because "trusting" these companies was never an option and now it's not just a matter of our own privacy, apparently. 

Everyone running their own VPN service would defeat the whole point, assuming the point is privacy.

If everyone run their own then it doesn't really provide any obfuscation of who you are. The little potential privacy a VPN provides these days (because of the prevalence of HTTPS) relies on thousands of users using the same service. 

 

It's scary how much misinformation there is out there about VPNs. I blame all the terrible ads that influencers shit out for a quick buck. I'm not sure if the influencers just simply don't understand what they are talking about, or if they don't care that they are misleading their viewers. 

 

 

1 hour ago, costafilh0 said:

Hope it gets covered on WanShow!

I hope people stop asking for their topics to be covered on the WAN show. No offense OP but this is like the 4th time I read this today, and it's tiring. I feel like people just say it because they hope it increases their chances, and they only want their topic to be on the WAN show because they think it would be cool to have their topic bought up, not because it's an actual interesting topic that can be discussed. 

[Dominik W]

39 minutes ago, LAwLz said:

Good. Because they have given me zero reason to trust that they would be capable of building a secure and reliable VPN service worth trusting. It's difficult and a massive liability. 

Linus doesn't even want to make one, he's said it on the WAN show before. I don't even think they trust themselves lol

[Quackers101]

if LTT would be supporting a VPN it would be more or less similar to other brands. like that of mullvad or maybe proton, etc, creating your own is just a bunch of issues all around and a big project in and of itself + competition + legal stuff to deal with.

[SorryBella]

6 hours ago, LAwLz said:

I hope people stop asking for their topics to be covered on the WAN show. No offense OP but this is like the 4th time I read this today, and it's tiring. I feel like people just say it because they hope it increases their chances, and they only want their topic to be on the WAN show because they think it would be cool to have their topic bought up, not because it's an actual interesting topic that can be discussed. 

Honestly that in itself decreases quality of the post whether thats in news, status updates, or even just gen discussion. WAN-begging should just be banned outright for most things honestly.

[williamcll]

I think after what happened to PIA I don't think Linus will ever cover VPNs anymore.

[XWAUForceflow]

11 hours ago, Dominik W said:

Linus doesn't even want to make one, he's said it on the WAN show before. I don't even think they trust themselves lol

No, it was mostly the legal/moral implications of running a VPN.
A VPN can used for many good things, but will also always be used for bad things and everything in between. You will have the complete greyscale of colors in terms of good and bad. Let's face it, when you offer a VPN service it will be used for some of the most depraved and horrible things humans are capable of doing. And if LMG would make their own VPN (which according to Luke they basically already had ready to deploy and offer)they would sooner or later learn that someone on their platform is using it to do those things.
Then what do they do? If they want to be a truly secure VPN they simply cannot implement the type of logging required to catch those individuals. But that essentially means letting people do the things you really, truly do not want to be responsible for.
I am very glad VPN services exist, and I think the good they offer do make up the bad they allow, but boy I would NOT want to be the person in charge of running a VPN.

[costafilh0]

I think some answers missed the point of the post.

 

I'm not talking about usual VPN BS, there's no point in covering that because there's nothing new there.

 

I'm talking about using a VPN and ending up participating in a botnet.

 

Maybe I'm not aware but at least for me this is actually NEWS.

 

The point of hopefully getting more coverage is, when using crappy VPNs, you are not just giving up your data and privacy now, you might end up participating in cyber crimes and warfare.

 

I said WanShow and not TechLinked because I would love to get a more technical take on this from Luke. without the attitude of some here, which doesn't help anybody, just makes you look like a d.

 

But maybe it's just me and I don't know what I'm talking about and every free VPN already does this and this is nothing new.

 

If that's the case, some admin can delete/close the topic. Thanks.

[Isuck Assimov]

Jeff Geerling has a video about that if you're interested about building your own secure VPN.

Free VPN is always a really bad idea. best case scenario they just sell your data to advertisers but being part of a botnet isnt uncommon with these fishy vpns.