Using Freedome securely / False marketing claims

I already tried to contact the support about this, but I was told that I should make a topic on the forums. I told customer service that it's about vulnerability in the product (by design though) but they still advised me to use the forums.

 

So, one day I tried to connect securely to an open Wi-Fi network by activating Freedome for Windows (10) while on mobile network, and then switched to unsecured Wi-Fi. To my surprise, Freedome disconnected and during reconnecting (on that network it took like 2 minutes) all my traffic was sent directly via the unsecured Wi-Fi connection - that means if anybody was listening, they saw all that traffic.

 

The Freedome marketing website claims that Freedome "shields you on public Wi-Fi – your data is protected even in vulnerable unsecured hotspots" and "With the push of a button, Freedome gives you your own private network, blocking bad apps and harmful sites." These claims are completely unfounded if the protection can suddenly turn off any time.

 

Especially a vulnerable unsecured hotspot could easily exploit this feature. Because this is a public forum, I won't discuss the details for now. Anybody who knows something about internet protocols could come up with a couple of techniques, though.

 

I also want to make clear that I'm not exposing anything new. There exists a discussion on these forums where an F-Secure staff member tells that this is Freedome working as intended, and blocking traffic while disconnected from VPN is a feature that is "considered".

 

Another thing: while Freedome tries to connect to VPN server, it tells user that they are "protected", even though they're not since it hasn't connected yet. This is also extremely misleading.

 

At least in Finland, it is illegal to market a product with false claims, and I think that is the case here. You are also undermining your own credibility as security professionals by marketing your product with outrageous lies. It's like if you sold electronic locks which opened when mains are cut off.

Comments

  • Yes, a kill switch would be nice. I suggested this back in 04/2015. Probably many others have before/after me done so too. Some vpn providers offer  this functionality with their software, not sure why f-secure doesn't;

     

    "10.. Do you provide tools such as “kill switches” if a connection drops and DNS leak protection?"

    https://torrentfreak.com/anonymous-vpn-service-provider-review-2015-150228/

This discussion has been closed.
Product & Pricing Info