Paid VPN's spamming us all the time? Is this okay? 29/12/2022 ~ Views: 638
Lately I am spending more time on bug bounties. Reading, trying, exercising in general. As my brain switches to think more about it, I am becoming more and more curious about bugs and services and so on... Thinking about it for last 3 days, I wanted to check my sites just from curiosity.
I was a bit surprised. First thoughts were "Oh they are hacked and somebody use my sites for spamming". Wondering what kind of damage, they produced and how long this is happening. First thing after that was to check all JS files I am referencing in my sites. Like maybe some of those free libraries doing this kind of stuff.
In general, all of them use default libraries, like vanilla JS or jQuery, and some bootstrap/materialize and custom JS/CSS which I was wrote. Looking more into sites code I saw that I have some reference onto googletagmanager.js, by checking my AdSense I see I never used it for real, so maybe this is a problem.
By removing it from my site, the problem is still not solved. So, in general I spent a few hours looking more into, what’s happening like checking my VPS where sites are hosted, and so on. I couldn’t see anything unusual.
In the end I got an idea to check my VPN like, what if my ISP provider is doing this? If I use a VPN, maybe the problem will disappear? So, at that moment I saw I am already connected to some VPN, probably at some point in Singapore. Hmm, so let me disconnect and check what’s happening. Suddenly I refresh those view-source pages and style blocks disappear. Bingo!
So, it’s about VPN!
Tested few times more, on different websites like google.com yahoo.com, twitte.com and my sites again, and in general in every case if we are disconnected from Nord VPN that style is not visible any more. Looking at links and domains which are appended to any page I browse, I see beside lot of ads domains; mostly porn sites domains are there. This is not right!
If I was seeing just ads domains and links probably, I wouldn’t react as I reacted. But there are porn and nudity links, big number of porn links. And my paid service somehow appends them to every browsed page out there. This is definitely not right!
So, next step was to contact support NordVPN and in first replay they said that is a bug and that they will contact their dev team But they are not sure when it will be fixed.
So, my second email was: "If its bug is it okay to submit bug bounty?" Then I am getting replay like it’s not bug "it’s a feature".
Then I was pretty surprised. Like a "feature" for adding porn links in my browser/browsing history or what else they do there?
After first replay they suggested me to try some other access points in Singapore with list of servers I tried with 2 also tried with one German server and problem stays on all of them. I also asked for permission to publish my finding. They mentioned once that I can submit a bug to their bug bounty program, but somehow, I was not sure that I should do that, because I don’t trust them. They will just find some excuse and do what they want.
In the last email, I mentioned to them that this is not okay with what they do and that I will contact more people from the IT security world just to hear what they think about this issue.
So, I did it. Contacted probably 5-6 persons and got response very fast from 3. All of them confirm that a VPN should not append anything into your browser. That’s definitely not acceptable.
Also, there is a big issue with promoting a porn domain on every web page opened from your PC or so.
This is what ChatGPT thinks about this kind of issues. Below I am pasting links they appended when I open id.yahoo.com there were almost 500 links and around 23kb size additional html they append to every page we open on VPN connection.