Roya Ensafi, University of Michigan
Systematic research across five years, encompassing over a thousand users, nine VPN providers, and hundreds of desktop and mobile apps, reveals that VPNs routinely fail the users who depend on them most. For example:
- Kill switches leak real IP addresses during tunnel failures
- DNS queries escape the tunnel, exposing browsing activity to ISPs and adversaries,
- VPN apps transmit cleartext traffic, deliver configuration files unencrypted, and exfiltrate advertising IDs for cross-app tracking.
These failures are not bugs but the predictable consequence of unregulated markets, misaligned incentives, and app stores that substitute self-reported safety claims and paid verification badges for independent auditing.
Roya Ensafi is a Morris Wellman Associate Professor of Computer Science and Engineering at the University of Michigan. She is the founder of Censored Planet lab which focuses on using data-driven approach to detecting and defending against powerful network intermediaries, government threat actors, and technologies that impact users' freedom of expression online. Prof. Ensafi has studied Russia's throttling of Twitter, HTTPS interception in Kazakhstan, and China's Great Cannon attack, among many other instances of network interference. She is a recipient of the Sloan Research Fellowship, NSF CAREER, Google Faculty Research Award, multiple IRTF Applied Networking Research Prizes, and the Consumer Reports Digital Lab Fellowship. Her work has been cited in popular publications such as The New York Times, Newsweek, Business Insider, Wired, and Ars Technica.
