DOKUMEN123.COM

Submission declined on 9 April 2026 by Namita Tudu (talk).

This draft's references do not show that the subject meets Wikipedia's criteria for inclusion. The draft requires multiple published secondary sources that:

provide significant coverage: discuss the subject in detail, not just brief mentions or routine announcements;
are reliable: from reputable outlets with editorial oversight;
are independent: not connected to the subject, such as interviews, press releases, the subject's own website, or sponsored content.

Please add references that meet all three of these criteria. If none exist, the subject is not yet suitable for Wikipedia.

If you would like to continue working on the submission, click on the "Edit" tab at the top of the window.
If you have not resolved the issues listed above, your draft will be declined again and potentially deleted.
If you need extra help, please ask us a question at the AfC Help Desk or get live help from experienced editors.
Please do not remove reviewer comments or this notice until the submission is accepted.

Where to get help

If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews.
If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed.

How to improve a draft

Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia.
Help:Wikitext – how to use the markup
Help:Referencing for beginners – how to include references
Wikipedia:Article development – how to develop your article
Wikipedia:Writing better articles – how to improve your article
Wikipedia:Verifiability – make sure your article includes reliable third-party sources

You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article.

Improving your odds of a speedy review

To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags.

Add tags to your draft

Editor resources

Easy tools: Citation bot (help) | Advanced: Fix bare URLs

Declined by Namita Tudu 60 days ago. Last edited by Namita Tudu 60 days ago. Reviewer: Inform author.

Resubmit

Please note that if the issues are not fixed, the draft will be declined again.

Submission declined on 28 January 2026 by AllWeKnowOfHeaven (talk).

This draft is not written from a neutral point of view. Wikipedia articles must be written neutrally in a formal, impersonal, and dispassionate way. They should not read like a blog post, advertisement, or fan page. Rewrite the draft to remove:

promotional language: see Words to watch;
personal commentary: opinions or direct addresses to the reader;
informal language.

Instead, only summarize in your own words a range of independent, reliable, published sources that discuss the subject.

Declined by AllWeKnowOfHeaven 4 months ago.

VORACLE

The VORACLE (short for VPN ORACLE) is a class of compression oracle attacks against virtual private network (VPN) traffic that exploit the use of data compression prior to encryption. According to published research, an active network adversary can infer sensitive information by observing variations in encrypted packet sizes..^[1]^[2]

VORACLE applies techniques similar to earlier compression-based attacks such as CRIME and BREACH, which targeted TLS and HTTP compression respectively, but at the VPN tunnel layer.^[3]

Background

Compression-oracle attacks rely on the observation that compression algorithms produce shorter output when redundant data is present. If an attacker can influence plaintext that is compressed together with secret values and observe resulting ciphertext lengths, the attacker may infer the secret through adaptive queries.^[1]

Attacks such as CRIME and BREACH demonstrated this technique against web traffic. As a result, TLS and HTTP compression were widely disabled. However, compression remained enabled in some VPN implementations, which researchers identified as a potential residual attack surface.^[4]

Attack description

The VORACLE technique targets VPN configurations in which user traffic is compressed before encryption. In such configurations, an attacker who can inject or influence victim traffic and observe encrypted packet sizes may be able to perform adaptive length analysis to infer data that share a compression context with attacker-controlled input.^[1]

Whereas CRIME and BREACH operate at higher protocol layers, VORACLE operates at the VPN layer, and therefore is not mitigated by disabling compression in TLS or HTTP alone.^[5]

The issue is independent of the specific encryption algorithm used and arises from the interaction between compression and encryption.^[6]

Affected systems

VORACLE affects VPN deployments that enable compression within encrypted tunnels, including configurations using OpenVPN and other tunneling protocols that apply compression to plaintext prior to encryption.^[7]

Mitigation

The mitigation recommended by researchers and vendors is to disable compression in VPN tunnels, consistent with the approach previously taken for TLS and HTTP compression-oracle attacks.^[7]

Industry response

After public disclosure, several VPN providers reported disabling compression or changing default configurations in response to the findings.^[7]

Providers that published statements or advisories include Proton VPN,^[8] ExpressVPN,^[9] NordVPN,^[10] AirVPN,^[11] TorGuard,^[12] SAP,^[13] and McAfee^[14]

References

^ ^a ^b ^c Yunfan, Tian; Xiang, Zhang (2018). "VORACLE: Recovering HTTP Traffic from VPN Connections". arXiv:1812.06226 [cs.CR].
^ "VORACLE attack can recover HTTP data from VPN connections". BleepingComputer. 2018.
^ "Compression and VPNs make for leaked secrets". PCMag. 2018.
^ "VPN VORACLE attack demonstrated at DEF CON". Tom's Guide. 2018.
^ "New VORACLE attack can recover HTTP data from some VPN connections". Slashdot. 2018.
^ "Your VPN service may be leaking private data". LiveMint. 2019.
^ ^a ^b ^c "The VORACLE attack vulnerability". OpenVPN. 2018.
^ "VORACLE attack". Proton VPN. 2018.
^ "ExpressVPN fixes VORACLE compression vulnerability". ExpressVPN. 2018.
^ "NordVPN and the VORACLE attack". NordVPN. 2018.
^ "AirVPN and VORACLE". AirVPN. 2018.
^ "TorGuard disables compression to protect against VORACLE attacks". TorGuard. 2018.
^ "VPN losing its security over a new threat: VORACLE". SAP. 2019.
^ "VORACLE OpenVPN attack: What consumers need to know". McAfee. 2019.

[auto-1] Yunfan, Tian; Xiang, Zhang (2018). "VORACLE: Recovering HTTP Traffic from VPN Connections". arXiv:1812.06226 [cs.CR].

[2] "VORACLE attack can recover HTTP data from VPN connections". BleepingComputer. 2018.

[3] "Compression and VPNs make for leaked secrets". PCMag. 2018.

[4] "VPN VORACLE attack demonstrated at DEF CON". Tom's Guide. 2018.

[5] "New VORACLE attack can recover HTTP data from some VPN connections". Slashdot. 2018.

[6] "Your VPN service may be leaking private data". LiveMint. 2019.

[auto1-7] "The VORACLE attack vulnerability". OpenVPN. 2018.

[8] "VORACLE attack". Proton VPN. 2018.

[9] "ExpressVPN fixes VORACLE compression vulnerability". ExpressVPN. 2018.

[10] "NordVPN and the VORACLE attack". NordVPN. 2018.

[11] "AirVPN and VORACLE". AirVPN. 2018.

[12] "TorGuard disables compression to protect against VORACLE attacks". TorGuard. 2018.

[13] "VPN losing its security over a new threat: VORACLE". SAP. 2019.

[14] "VORACLE OpenVPN attack: What consumers need to know". McAfee. 2019.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]