Increasing numbers of Internet Service Providers monitor or record all of their customers' interactions and distort them, when possible, by dropping ads onto Web pages and e-mail messages and redirecting some IP addresses. Customers who are concerned about privacy and/or unimpeded communication have begun using virtual private networks — agents that receive service requests from customers and forward them to the designated services, concealing their origin. The VPN receives the results and return them to the customer. All communications between the customer and the VPN are encrypted so that the customer's ISP's recordings of the transactions aren't intelligible and the ISP has no way to modify their content.
This of course means that the customer has to trust the VPN more than the local ISP, since the VPN could play the same kinds of tricks if it chose to do so. A number of VPN service providers have been found to be corrupt in exactly this way.
The mediation is also pointless if the encryption that the VPN uses when interacting with customers can be broken by eavesdroppers. It turns out that many otherwise competent and honest VPNs are using weak cryptosystems with known vulnerabilities, and that many others are using cryptosystems that well-funded state agencies such as the National Security Agency have been able to break since at least 2006, even though stronger alternatives are available.
“NSA Cracked Open Encrypted Networks of Russian Airlines, Al Jazeera, and Other ‘High Potential’ Targets”
Micah Lee, The Intercept, August 15, 2018
The National Security Agency successfully broke the encryption on a number of “high potential” virtual private networks, including those of media organization Al Jazeera, the Iraqi military and internet service organizations, and a number of airline reservation systems, according to a March 2006 NSA document. …
There are many different VPN protocols in use, some of them known to be less secure than others, and each can be configured in ways to make them more or less secure. One, Point-to-Point Tunneling Protocol, “is old and insecure and there are bunch of known security vulnerabilities since forever,” Nadia Heninger, cryptography researcher at the University of Pennsylvania, told me in an email. “I would not at all be shocked if these were being exploited in the wild.”
The NSA also appears to have, at least in some situations, broken the security of another VPN protocol, Internet Protocol Security, or IPSec, according to the Snowden documents published by The Intercept and Der Spiegel in 2014.
“For both TLS and IPsec, there are both secure and insecure ways of configuring these protocols, so they can't really be labeled as blanket ‘secure’ or ‘insecure,’” Heninger explained. “Both protocols offer a zillion configurable options, which is a source of a lot of the published protocol-level vulnerabilities, and there are cipher suites and parameter choices for both protocols that are definitely known to be cryptographically vulnerable.” Still, she was “pretty confident” that there are ways to configure TLS and IPsec that “should resist all known attacks.” …
In 2015, Heninger and a team of 13 other cryptographers published a paper, titled “Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice,” that revealed major weaknesses in the security of several of the internet's most popular protocols. Their paper described a new attack called Logjam and concluded that it was within the resources of a nation-state to use this attack to compromise 66 percent of all IPSec VPNs. “A close reading of published NSA leaks shows that the agency's attacks on VPNs are consistent with having achieved such a break,” the authors speculated.