Our videos have over 5 million views on Youtube! Visit our channel now »
The listings featured on this site are from companies from which this site receives compensation. Read the Advertising Disclosure for more information
Professional Reviews

vpnMentor contains reviews that are written by our community reviewers, and are based on the reviewers' independent and professional examination of the products/services.


vpnMentor is owned by Kape Technologies PLC, which owns the following products: ExpressVPN, CyberGhost, ZenMate, Private Internet Access, and Intego, which may be reviewed on this website.

Affiliate Commissions Advertising

vpnMentor contains reviews that were written by our experts and follow the strict reviewing standards, including ethical standards, that we have adopted. Such standards require that each review will be based on an independent, honest and professional examination of the reviewer. That being said, we may earn a commission when a user completes an action using our links, which will however not affect the review but might affect the rankings. The latter are determined on the basis of customer satisfaction of previous sales and compensation received.

Reviews Guidelines

The reviews published on vpnMentor are written by experts that examine the products according to our strict reviewing standards. Such standards ensure that each review is based on the independent, professional and honest examination of the reviewer, and takes into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings we publish may take into consideration the affiliate commissions we earn for purchases through links on our website.

Interview with Researcher Thyla Van Der Merwe on TLS and Online Privacy

I had the opportunity of meeting Thyla and speaking with her. I managed to get a few moments of her time, after a great presentation she held in a conference talking of TLS at the Center for Research in Applied Cryptography and Cyber Security in Bar Ilan University, May 2nd 2016.

Thyla van der Merwe received a BCom in Mathematics, Statistics and Economics, a BSc (Hons) in Mathematics and an MSc in Mathematics from the University of Cape Town, South Africa. She has a graduate MSc in Information Security at Royal Holloway, University of London as a FirstRand Laurie Dippenaar scholar. Prior to starting at Royal Holloway, Thyla spent four years at Tellumat (PTY) Ltd as a security specialist and software developer. Thyla currently represents South Africa on the ISO/IEC JTC 1 SC 27 standards committee where her activities involve the standardization of cryptographic mechanisms and protocols. Thyla's research interests include various topics in theoretical and applied cryptography.

Transport Layer Security (TLS) is a protocol initiated by the IETF in 1999 to replace SSL for securing website data and other online information encryption. We all regularly use TLS while surfing the web on secure websites.

vpnMentor: What do I as an average user need to know on TLS?

We try to educate users to check that they have a TLS connection; in browsers like Chrome and FireFox you can check the search bar to see a notification about this. If you don’t have an HTTPS connection, think twice about the information you input into the site. Avoid putting user name and password to a non-HTTPS url. I am not afraid to input data into https sites, but I’m aware of the fact that things can go wrong.


Checking if a site is secured on Google Chrome, by clicking the lock icon

vpnMentor: When selecting a VPN, some VPN providers mention they have TLS support. What does this mean?

I think that some VPN connections allow for TLS channels; some products may ‘speak’ TLS - they make of the authenticated key exchange mechanism to construct a secure channel.  Of course, offering TLS doesn’t hurt the marketing either.

vpnMentor: Website owners see so many option for buying SSL, what is important when buying a certificate, is it important to buy from a big brand?

Something like an APACHE server will come with TLS configuration options. Note what version of TLS to implement, and don’t use RC4!  There have been issues with certain certification authorities, so personally, I would buy from the big brands like NortonLIfeLock and Comodo.

vpnMentor: What do you focus on your research?

We are using formal method tools to analyze TLS 1.3, to make sure that it is secure.

vpnMentor: TLS can be exploit to recover passwords. Please explain how

When RC4 is used in TLS there is a weakness in RC4 that an attacker can exploit to uncover your passwords; the attacker intercepts a large number of TLS connections that use RC4, and can make use of biases in the RC4 keystream to find your password.

vpnMentor: Do you think that super power organizations like Amazon and Google can hack RSA using their  resources? Do you fear for such a scenario?

I’m worried about several things about that big organizations might be able to do but my hope would be that they won’t abuse the power the power they have.

vpnMentor: What do you personally do to protect your privacy online?

I make sure to choose good passwords, I rotate them every once in a while. I have a system so I use many different passwords for different sites and not “one for all”. I also try to be aware when I am working on a secure connection or not. At times, I use a VPN but not often. Mainly when I need to connect to my campus network (I use the F5 VPN client). I also actually read the warning messages of my browser!

vpnMentor: What is your opinion on finding the right balance of keeping privacy rights and fighting global terrorism?

I fall on the side of the argument that people have the right to privacy. For me this is the most important thing. I do appreciate there are threats that need to be addressed, but the cost of user privacy is perhaps too high a price to pay.

vpnMentor: In your opinion will we see a major hacking attack on infrastructures in the next 10 years, or would this stay only a subject for fiction movies?

Well, we’ve already seen attacks in the form of Stuxnet, for example. I don’t think that we can remove the threat for major attacks from the realm of possibility.

Thyla Van Der Merwe BIU

Thyla Van Der Merwe at BIU, May 02 2016

About the Author

Kristina is an experienced tech writer and researcher with a keen interest in cybersecurity for businesses and the general public.

Did you like this article? Rate it!
I hated it! I don't really like it It was ok Pretty good! Loved it!
out of 10 - Voted by users
Thank you for your feedback
Comment Comment must be from 5 to 2500 characters long.