A report by Strike source, a non-partisan news source has revealed that the Chinese government is collecting all of private emails, personal records, messenger conversations as well as the psychological profile of approximately 20 per cent of the world’s global population. This is being done either directly or indirectly through secret Chinese owned Virtual Private Networks (VPNs).
The potential harvesting of this data has raised concerns regarding privacy data to an altogether new level. A review of a sample of 30 popular VPNs, reveals that approximately 62 per cent of those are owned by Chinese, and are currently installed in the user devices of 878,354,000 consumers.
A number of incidents of VPN company database leaks and breaches have been reported this year. These VPNs claimed they are not maintaining user logs. Yet, the total amount of data leaked has exceeded one terabyte. It is therefore evident that the claims of VPN companies regarding storage of data logs and harvesting cannot be taken on its face value.
In the VPN horizon, Express VPN is the star. The Hong Kong based company is officially registered in the British Virgin Islands (BVI), which has become the gateway to facilitate the flow of finance and transfer of assets, in and out of China. For years, it obscured its ties with China, through an offshore shell company that exists only on paper in the British Virgin Islands. In terms of market share, Express VPN has a daily user number of around 5 to 15 million people per day, ranking it in the top 5 in the world. Despite the traffic, the BVI companies reports revenue less than 0.1038 million in sales while a rational estimate puts the figure at 600 million to 1.2 billion in revenue per year, since the company charges an average subscription price of $10 per month.
Another unsettling aspect of Express VPN is its ties to Network Guard, a cyber security firm based in Hong Kong that is affiliated with the Chinese government, as per a report by independent researcher John Kelly. Express VPN’s talent acquisition lead Nicholas Lui has done recruiting for Network Guard too. The Network Guard logo is populated with employees of Express VPN on their official website. The stock photos on the websites of the both the companies show the same office. The evidence points towards that Express VPN is a worthless shell company designed to reduce fair share of taxes and it is Network Guard that is pulling the string from behind the curtain.
Another concern with Express VPN is its focus on majority of its marketing targets Americans, who represent approximately only 6 per cent of total VPN users.
Express VPN’s blogs are filled with disinformation regarding American agencies like NSA and CIA; they also encourage users to escape censorship in the United States despite video streaming being the main pull for majority users. The company uniquely uses political thought leaders to advocate the use of its product. An analysis of Google Trends for key word search frequencies suggests that Express VPN focuses on user acquisition in technological hotspots of America such as San Francisco, Seattle and New York.
The US government has already recognized the national security risks posed by Chinese telecom equipment. For instance, the Pentagon banned Chinese smartphones from military exchanges. These apps, laden with government spyware hide in plain sight on App stores like Google Play. Recently a Hangzhou based Chinese app developer, QuVideo has made apps that request ‘dangerous’ permissions like GPS, ability to read phone contacts and even go through user caller log, as reported by Forbes Magazine. It is pertinent to note that QuVideo makes video editing apps that do not need this sensitive information to work. The apps are also laden with remote access trojan malware that can be used to steal people’s bank, cryptocurrency or PayPal funds. Beyond the technical abuses, the issue of obfuscation is also highlighted-Chinese developers mask its origins by hiding behind local subsidiaries in presenting apps on Play Store.
Another firm, Zhenhua Data Information Technology, based in the southern Chinese city of Shenzhen had created a database had been collecting information on prominent individuals around the world — 2.4 million of them, as reported by Washington Post. The people being targeted whose sensitive roles would keep them out of the public eye and off social media. Intriguingly, the Zhenhua data also include criminals, classified as “special interest persons,” who have been convicted of serious crimes such as trafficking and fraud. Such people are profiled because they may be more susceptible to cooperating with foreign intelligence organizations.
Another example of what a China-linked VPN could do with our data is the leak around 894 GB data from UFO VPN, a company based in Hong Kong. Even though the company claimed that the data was ‘anonymous’, evidence reveals that user log and API access records included sensitive information like account passwords, connection timestamps, geo-tags and OS characteristics. When paired with quantum computers that decrypt data travelling through channels, VPN data, rich with information can be vulnerable to cyberattack. China can weaponize this data for bolstering its non-kinetic warfare capabilities, leaving countries destitute and poor within months. The data would also bolster China’s rapidly expanding surveillance state and could translate into winning wars, shifting global power and aiding the rise of an empire.