US security agency urges Android and iPhone users to stop using personal VPNs
Date:
Fri, 05 Dec 2025 17:00:00 +0000
Description:
CISA warned that many commercial VPNs could be putting your data at greater risk. But that doesn't mean you should give up on privacy here's what you
need to know.
FULL STORY
The US's top cybersecurity agency has issued a stark warning in its latest missive: "Do not use a personal VPN."
The advice comes from the Cybersecurity and Infrastructure Security Agency (CISA), which has cautioned iPhone and Android users that many commercial VPN services may do more harm than good. According to CISA, "personal VPNs simply shift residual risks from the internet service provider (ISP) to the VPN provider, often increasing the attack surface."
The warning suggests that while a VPN can shield your activity from your ISP, you are placing your trust in the VPN provider, many of which "have questionable security and privacy policies." This is a significant statement from a federal agency, suggesting a foundational risk in how many commercial VPNs operate.
The alert is part of a wider effort to combat the rise of advanced commercial spyware. Security agencies are increasingly concerned about malicious actors using sophisticated tools to infiltrate smartphones, and a fraudulent VPN app is an ideal Trojan horse.
As a recent Google security alert also highlighted, threat actors are adept
at distributing malicious apps disguised as legitimate VPN services to compromise user security and steal everything from browsing history to financial credentials.
These warnings are particularly pertinent given the surge in VPN usage to bypass geo-restrictions or in response to new legislative measures such as
age verification laws . However, as CISA's advice implies, the rush for a
quick privacy fix can lead users to download dubious apps that are, at best, ineffective and, at worst, outright spyware.
How to choose a secure and private VPN
CISA's blanket warning suggests that all VPNs are untrustworthy, but the core of the issue lies with questionable providers.
The best VPN services are transparent, audited, and committed to user
privacy. To stay safe, you should look for a provider with a strict and independently verified no-logs policy , ensuring they dont collect or store
any data about your online activities.
Furthermore, robust encryption protocols such as OpenVPN and WireGuard form
the backbone of secure VPN connections, ensuring that your online traffic remains private and protected from interception. These encryption standards
use advanced cryptographic techniques to shield your data from hackers, ISPs, and government surveillance, making it extremely difficult for third parties
to decipher your communications.
When selecting a VPN, its also recommended to look for additional security-oriented features that strengthen your online protection.
One of such options is a kill switch , which automatically blocks your
internet access if the VPN connection unexpectedly drops. This prevents your
IP address and sensitive data from being exposed in plain text, a common risk if the safeguard isnt in place.
Other valuable features might include DNS leak protection, multi-hop connections that route traffic through multiple servers, and perfect forward secrecy (PFS), which changes encryption keys frequently to minimize data exposure.
For those seeking the most private VPNs , the key is to choose a reputable provider that prioritizes user security above all else.
======================================================================
Link to news story:
https://www.techradar.com/vpn/vpn-privacy-security/us-security-agency-urges-an droid-and-iphone-users-to-stop-using-personal-vpns
$$
--- SBBSecho 3.28-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)