<span id="hs_cos_wrapper_post_body" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="rich_text" ><p>In an age where online privacy is a growing concern, virtual private networks (VPNs) have become a popular way to bypass geographical restrictions and protect user data. One option available to many is <strong>SetupVPN</strong>, a Chrome plugin offering both free and premium versions for secure browsing. But how exactly does SetupVPN work, and what potential risks should organizations and individuals consider? Let’s dive into the facts and discuss how ThreatSTOP’s proactive protections can help.</p> <!--more--> <h3><strong>Understanding SetupVPN</strong></h3> <h4><strong>Free and Premium Versions</strong></h4> <p>SetupVPN provides a free version giving users access to 11 servers, whereas its premium tier offers 40 servers with faster speeds and SSL encryption. While this range of server locations and straightforward interface can be attractive to many users, it’s worth noting that advanced features—like specialized leak protection or multi-hop routing—are not part of the package.</p> <h4><strong>Data Collection and Privacy Policy</strong></h4> <p>Despite promising robust privacy safeguards, SetupVPN’s <a href="https://setupvpn.com/privacy-policy/">Privacy Policy</a> indicates the collection of quite a bit of user information, including:</p> <p><span></span>•<span> </span>Email address, name, home address, telephone number</p> <p><span></span>•<span> </span>Browser details, search engine use, keywords entered</p> <p><span></span>•<span> </span>Cookies to track pages viewed, links clicked, and actions taken</p> <p><span></span>•<span> </span>Standard data such as IP address, browser type/language, access times, and referring URLs</p> <p>SetupVPN states that it uses this information for site and service improvements, and for contacting users with service updates or payment reminders. However, third-party links accessed within their service can expose users to different policies and data practices beyond SetupVPN’s control.</p> <h4><strong>Potential for Security Control Bypass</strong></h4> <p>A VPN can be a double-edged sword in a corporate or institutional environment. While it may legitimately help users sidestep geographical blocks for research and communication, <strong>SetupVPN can also bypass organizational security controls</strong>, hiding online activity from standard oversight. From an IT security standpoint, this is a key point: once traffic is tunneled through SetupVPN, monitoring and filtering at the network perimeter become more challenging. &nbsp;ThreatSTOP is not saying that SetupVPN is&nbsp;<em>bad</em>. &nbsp;We're merely informing our users on how it&nbsp;<em>could be used</em>.</p> <h4><strong>Dynamic DNS Indicators</strong></h4> <p>Interestingly, SetupVPN appears to use dynamic DNS under various domains like <span style="font-family: 'Courier New', Courier, monospace;">byny.mouse.pics</span>, <span style="font-family: 'Courier New', Courier, monospace;">uaya.mouse.pics</span>, and <span style="font-family: 'Courier New', Courier, monospace;">wwvj.mouse.pics</span>. Passive DNS information suggests a rotating DNS/IP relationship, which can further mask or shuffle where traffic is being directed. Such tactics underscore how VPN providers can obscure a significant portion of traffic flow—both a benefit to legitimate privacy seekers and a hurdle for security teams aiming to maintain compliance and data integrity.</p> <h4><strong>ThreatSTOP’s Proactive Protections</strong></h4> <p>At ThreatSTOP, our commitment is straightforward: we empower organizations of all sizes to <strong>proactively protect</strong> their digital environments from malicious activities and inadvertent threats alike. Our <strong>ThreatSTOP Security, Intelligence, and Research</strong> team continuously refines the protections we deliver—covering command and control, invalid traffic, peer-to-peer communication, data exfiltration, phishing, spam, DDoS activities, and more.</p> <h4><strong>Protective DNS</strong></h4> <ul> <li><span></span><a href="/dns-defense-cloud" rel="noopener" target="_blank"><strong>DNS Defense Cloud</strong></a>: By routing your DNS queries through ThreatSTOP’s Cloud DNS service, you benefit from accurate, real-time threat intelligence without needing additional hardware on-premises.</li> <li><span></span><a href="/solutions/threatstop-dns-firewall-overview" rel="noopener" target="_blank"><strong>DNS Defense</strong></a>: For those who prefer hosting their own DNS servers, DNS Defense seamlessly integrates ThreatSTOP’s intelligence into your existing network infrastructure.</li> </ul> <p>These solutions extend coverage to suspicious or malicious DNS tunnels. In particular, we categorize SetupVPN usage and related domains under our <strong>“DNS Tunnel”</strong> target, part of our <span style="font-weight: bold;">"Command and Control" </span><span style="font-weight: normal;">bundle</span><span style="font-weight: bold;">,</span> offering the visibility and control organizations need. With ThreatSTOP’s Protective DNS in place, malicious or unauthorized VPN usage—whether for data exfiltration or bypassing legitimate security policies—can be prevented or quickly identified.</p> <h4><strong>A Secure Path Forward</strong></h4> <p>VPNs like SetupVPN undeniably offer convenient solutions to common browsing hurdles. Yet understanding <strong>how</strong> these services operate, <strong>what</strong> data they collect, and <strong>why</strong> they might be used to bypass security controls is crucial for individuals and organizations looking to safeguard their networks and personal data. At ThreatSTOP, we believe in empowering teams with <strong>proactive protections</strong> that adapt to the evolving threat landscape—so you can keep your users safe while maintaining the freedom that online connectivity demands.</p> <p>If you're interested in becoming part of the ThreatSTOP community or want to explore our proactive protection solutions for various environments, we encourage you to check out our product page. Learn how our offerings can transform your digital security landscape. We offer pricing options to suit businesses of all sizes! <a href="https://admin.threatstop.com/register?hsLang=en" rel="noopener" target="_blank">Start with a Demo today</a>!</p> <p><strong>Connect with Customers, Disconnect from Risks</strong></p> <p style="font-weight: bold;">MITRE ATT&amp;CK</p> <table style="border-collapse: collapse; table-layout: fixed; margin-left: auto; margin-right: auto; border: 1px solid #99acc2; border-color: #000000;"> <thead> <tr> <th> <p><strong>MITRE ATT&amp;CK Technique</strong></p> </th> <th> <p><strong>Technique ID</strong></p> </th> <th style="border-color: #000000;"> <p><strong>Explanation</strong></p> </th> </tr> </thead> <tbody> <tr> <td> <p><strong>Command and Control: Encrypted Channels</strong></p> </td> <td> <p>T1573</p> </td> <td> <p>VPNs, including SetupVPN, can encrypt traffic, making it difficult for defenders to monitor or inspect communications at the network level.</p> </td> </tr> <tr> <td> <p><strong>Command and Control: Dynamic Resolution</strong></p> </td> <td> <p>T1568.002</p> </td> <td> <p>The use of dynamic DNS domains (e.g., <span>byny.mouse.pics</span>, <span>uaya.mouse.pics</span>) by SetupVPN can help obscure traffic destinations and prevent easy detection.</p> </td> </tr> <tr> <td> <p><strong>Defense Evasion: Protocol Tunneling</strong></p> </td> <td> <p>T1572</p> </td> <td> <p>SetupVPN tunnels traffic through its servers, bypassing organizational security controls like firewalls or web proxies.</p> </td> </tr> <tr> <td> <p><strong>Defense Evasion: Application Layer Protocol</strong></p> </td> <td> <p>T1071</p> </td> <td> <p>By operating over common protocols such as HTTPS, SetupVPN can evade network-based detections that rely on non-standard protocol usage for identification.</p> </td> </tr> <tr> <td> <p><strong>Exfiltration: Exfiltration Over Alternative Protocol</strong></p> </td> <td> <p>T1048.003</p> </td> <td> <p>VPNs like SetupVPN can potentially be used for data exfiltration by tunneling sensitive data through encrypted channels.</p> </td> </tr> <tr> <td> <p><strong>Discovery: Network Service Scanning</strong></p> </td> <td> <p>T1046</p> </td> <td> <p>SetupVPN or other VPN services could theoretically assist in scanning external networks by masking the origin IP of the scanner.</p> </td> </tr> <tr> <td> <p><strong>Discovery: Network Topology Discovery</strong></p> </td> <td> <p>T1590.006</p> </td> <td> <p>VPN usage may obscure the discovery of network boundaries, as attackers can hide behind dynamically assigned VPN IPs.</p> </td> </tr> <tr> <td> <p><strong>Collection: Data from Local System</strong></p> </td> <td> <p>T1005</p> </td> <td> <p>SetupVPN collects user data, including browsing habits and keywords entered, which could be leveraged for malicious purposes or user profiling.</p> </td> </tr> <tr> <td> <p><strong>Collection: Input Capture</strong></p> </td> <td> <p>T1056</p> </td> <td> <p>The collection of keywords entered (as per the Privacy Policy) might involve monitoring user input, raising potential concerns for sensitive data leakage.</p> </td> </tr> <tr> <td> <p><strong>Impact: Data Manipulation</strong></p> </td> <td> <p>T1565</p> </td> <td> <p>Third-party links accessed via SetupVPN could manipulate user data or compromise privacy through policies not controlled by the VPN provider.</p> </td> </tr> </tbody> </table> <p>&nbsp;</p></span>
