Alternate Discussions:
https://pay.reddit.com/r/netsec/comments/6il9nq/the_openvpn_postaudit_bug_bonanza/
https://pay.reddit.com/r/VPN/comments/6ilkt6/4_important_security_vulnerabilities_discovered/
Link: https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/
This is a very long and technical write up and I only understand it at face value but worth it as he does a good job of keeping the content clear. This is a good reason why you shouldn't be using a VPN for your DNM use. The more software you add to your opsec the broader your attack surface becomes, the less software you use the less likely you are to introduce yourself to these sort of vulnerabilities. This discovery comes after 2 professional audits of OpenVPN that did not find these vulnerabilities, a good reminder that nothing is immune to bugs and being reviewed isn't the gold star it seems to be.
Article is too long to copy and paste here.
I was surprised how few vulnerabilities were found in the original audit. Openvpn has been around for a long time and is bloated.
I run my own openVPN server at home. It's great for security on public networks while browsing the clearnet. The only reason I trust my connection is because I have control over the endpoints.
People need to understand that it's useless to use VPNs on the darkweb. Just like using your own PGP, it's foolish to trust other people to protect your privacy.