We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Interview with Researcher Thyla Van Der Merwe on TLS and Online Privacy

Kristina Perunicic Managing Editor

I had the opportunity of meeting Thyla and speaking with her. I managed to get a few moments of her time, after a great presentation she held in a conference talking of TLS at the Center for Research in Applied Cryptography and Cyber Security in Bar Ilan University, May 2nd 2016.

Thyla van der Merwe received a BCom in Mathematics, Statistics and Economics, a BSc (Hons) in Mathematics and an MSc in Mathematics from the University of Cape Town, South Africa. She has a graduate MSc in Information Security at Royal Holloway, University of London as a FirstRand Laurie Dippenaar scholar. Prior to starting at Royal Holloway, Thyla spent four years at Tellumat (PTY) Ltd as a security specialist and software developer. Thyla currently represents South Africa on the ISO/IEC JTC 1 SC 27 standards committee where her activities involve the standardization of cryptographic mechanisms and protocols. Thyla's research interests include various topics in theoretical and applied cryptography.

Transport Layer Security (TLS) is a protocol initiated by the IETF in 1999 to replace SSL for securing website data and other online information encryption. We all regularly use TLS while surfing the web on secure websites.

vpnMentor: What do I as an average user need to know on TLS?

We try to educate users to check that they have a TLS connection; in browsers like Chrome and FireFox you can check the search bar to see a notification about this. If you don’t have an HTTPS connection, think twice about the information you input into the site. Avoid putting user name and password to a non-HTTPS url. I am not afraid to input data into https sites, but I’m aware of the fact that things can go wrong.

TLS

Checking if a site is secured on Google Chrome, by clicking the lock icon

vpnMentor: When selecting a VPN, some VPN providers mention they have TLS support. What does this mean?

I think that some VPN connections allow for TLS channels; some products may ‘speak’ TLS - they make of the authenticated key exchange mechanism to construct a secure channel.  Of course, offering TLS doesn’t hurt the marketing either.

vpnMentor: Website owners see so many option for buying SSL, what is important when buying a certificate, is it important to buy from a big brand?

Something like an APACHE server will come with TLS configuration options. Note what version of TLS to implement, and don’t use RC4!  There have been issues with certain certification authorities, so personally, I would buy from the big brands like NortonLIfeLock and Comodo.

vpnMentor: What do you focus on your research?

We are using formal method tools to analyze TLS 1.3, to make sure that it is secure.

vpnMentor: TLS can be exploit to recover passwords. Please explain how

When RC4 is used in TLS there is a weakness in RC4 that an attacker can exploit to uncover your passwords; the attacker intercepts a large number of TLS connections that use RC4, and can make use of biases in the RC4 keystream to find your password.

vpnMentor: Do you think that super power organizations like Amazon and Google can hack RSA using their  resources? Do you fear for such a scenario?

I have concerns about various actions that large organizations may have the capability to execute, but my aspiration is that they refrain from misusing the considerable power at their disposal.

vpnMentor: What do you personally do to protect your privacy online?

I make sure to choose good passwords, I rotate them every once in a while. I have a system so I use many different passwords for different sites and not “one for all”. I also try to be aware when I am working on a secure connection or not. At times, I use a VPN but not often. Mainly when I need to connect to my campus network (I use the F5 VPN client). I also actually read the warning messages of my browser!

vpnMentor: What is your opinion on finding the right balance of keeping privacy rights and fighting global terrorism?

I fall on the side of the argument that people have the right to privacy. For me this is the most important thing. I do appreciate there are threats that need to be addressed, but the cost of user privacy is perhaps too high a price to pay.

vpnMentor: In your opinion will we see a major hacking attack on infrastructures in the next 10 years, or would this stay only a subject for fiction movies?

Well, we’ve already seen attacks in the form of Stuxnet, for example. I don’t think that we can remove the threat for major attacks from the realm of possibility.

Thyla Van Der Merwe BIU

Thyla Van Der Merwe at BIU, May 02 2016

TLS: Past, Present, Future from vpnMentor

Automated Analysis of TLS 1.3 from vpnMentor

We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

About the Author

Kristina Perunicic is a former editor for vpnMentor. She’s a cybersecurity expert with an interest in VPNs and their importance in the digital privacy landscape.

Did you like this article? Rate it!
I hated it! I don't really like it It was ok Pretty good! Loved it!
out of 10 - Voted by users
Thank you for your feedback