HotSpot Shield does not shield your IP for GRC.com

Discussion in 'privacy problems' started by zmechys, Mar 4, 2013.

Thread Status:
Not open for further replies.
  1. zmechys
    Offline

    zmechys Registered Member

    I have a question about grc.com easily finding out my true IP address when I'm using HotSpot Shield.
    -----------------------------------------------------------
    There was a thread about grc.com and HotSpot Shield.
    http://www.wilderssecurity.com/showthread.php?t=232782&highlight=grc hotspot shield
    I could not post a comment because,
    "Sorry, that thread is too old to be replied to. Please look for a more current thread on the same subject or start a new thread for your post."
    ------------------------------------------------------------
    From that thread I got the following message:
    "Gibson's getting your IP from your Java installation." - LockBox.

    I decided to test it.

    I unchecked Enable Java Script on my Firefox.
    Firefox_Java_Disabled.PNG

    My Sandboxie settings say, "Drop Rights".
    DropRights.PNG

    I did set NoScript for grc.com to "Untrusted".
    GRC.com_Untrusted.PNG
    I have also No Trace installed on my Firefox.

    The result was the same: Gibson Research Corporation easily discovered my true IP.

    What did I do wrong?
  2. PaulyDefran
    Offline

    PaulyDefran Registered Member

    Java, not Java Script - if that's what Lockbox meant. Java proper is in your Plug Ins section.

    I allow Java Script and Session Cookies for GRC and he still can't get the IP while on AirVPN:

    Neither are "me".

    PD
    Last edited: Mar 4, 2013
  3. Techwiz
    Offline

    Techwiz Registered Member

    Are you behind a router?
  4. zmechys
    Offline

    zmechys Registered Member

    Yes, I am.
  5. zmechys
    Offline

    zmechys Registered Member

    Should I uninstall Java?
  6. Techwiz
    Offline

    Techwiz Registered Member

    Does the leak address match that on your local machine or is it from the ISP? You might consider disabling the java plug-in in the browser and see if that helps. The only other leak concern that I know of is DNS related. The typical solution to these problem seems to be strict firewall control. I'd suggest you contact mirimir as he and couple others in the forum are more knowledgeable when it comes to VPNs and anonymity. Or abandon hotspot shield in favor of something easier to setup like security kiss. I haven't have trouble setting this up on any of my computers and so far it's passed quite a few of the leak tests online.
  7. zmechys
    Offline

    zmechys Registered Member

    grc.com shows my real IP from the ISP.
    I don't have any java plug-ins in the browser, Firefox.

    Does it mean that my "stupid" router will happily reveal my real IP to grc. or anyone else, way before the scanner reaches my "smart" computer setup?
    Last edited: Mar 4, 2013
  8. Techwiz
    Offline

    Techwiz Registered Member

    The only thing that I know of that reveals the ISP address is DNS leaks. Check out the link below on DNS leaks and see if popcorn's post helps. Otherwise, you might need to try another VPN.

    Swap the x for a p in httx below before posting link:
    -httx://www.wilderssecurity.com/showthread.php?t=339164&highlight=DNS+leaks-
  9. Palancar
    Offline

    Palancar Registered Member

    Suggestion. Log into Airvpn's forums. You do NOT have to be an Air client. We have some great threads running about how to lock down your machine using firewall rules.

    All you would have to do is to adapt the ruleset to YOUR VPN provider's numbers and you should get solid results.

    I don't even have to really think about it now. My box is only going online through Air and is locked for any other routes or dns.

    Its easy and you can do it for your connection as well. My .02
  10. zmechys
    Offline

    zmechys Registered Member

    A new twist.

    I've decided to try a free proxy service from proxyfree.com.
    grc.com could not find my real IP address given by the ISP.
    I allowed all java scripts, but grc. failed to obtain my real IP.

    My conclusion.

    IMHO, HotSpot Shield is not what it claims to be. I did not say - a fraud.
    Also, HotSpot Shield even wants money for its service.
  11. mirimir
    Offline

    mirimir Registered Member

    Well, they're not on TorrentFreek's list, and in this case, apparently for a good reason.
  12. caspian
    Offline

    caspian Registered Member

    Are you sure that GRC was seeing your true IP address and not just the DNS server's IP address? There is a difference. It can look almost the same and show the same location. But your IP address and the IP address of the DNS service are different.

    I was at a motel once and checked DNS with GRC. It showed the DNS server that the motel was using. But every IP tracing website that I went to showed the IP of the VPN provider. So websites were seeing the IP address of the VPN provider, but the DNS requests were being handled by the local service there.

    So a friend of mine showed me how to tell my computer to only use a specific DNS. I use the German Privacy Foundation's. So no matter what VPN that I use, or if I am using my bare connection, when I go to GRC, it only shows the German Privacy Foundation. The GRC spoofability test specifically tests for DNS, right? Not your IP address.
  13. zmechys
    Offline

    zmechys Registered Member

    I've tried HotSpot Shield at two separate locations.

    1. I checked my IP with whatismyip/GRC without using HotSpot Shield or proxies. It would show exactly my location and the company.

    2. I checked my IP with whatismyip ( plus any other) when using HotSpot Shield and proxies. My IP was different/changed.

    3. I checked my IP with GRC while using HotSpot Shield or proxies.

    a) GRC was able to see my TRUE IP with HotSpot Shield.

    b) GRC was not able to see my real IP with a proxy.
  14. caspian
    Offline

    caspian Registered Member

    What it looks like to me is that it is not your true IP that is leaking. It is the DNS service. Did you go here?

    https://www.grc.com/dns/dns.htm

    That doesn not show your IP address. It shows the IP address of the DNS service that is used to fetch the web pages that you view. You may have hotspots IP address that identifies you, but still use your local DNS service at the same time. Those are 2 different IP addresses.

    For instance, as I mentioned, when I was at a motel, every IP address location service that I checked showed the VPN. And Google was in German. But when I went to GRC it showed the local Comcast Cable DNS. But that was not my IP address. That was a similar IP address because it was an IP address from the same ISP.

    The GRC DNS spoofability test does not show your IP address. It doesn't check for that. It tests the DNS service that you are using, which may or may not be from your local ISP.

    Here are the DNS servers from the German Privacy Foundation

    87.118.100.175
    94.75.228.29
    62.141.58.13
    87.118.104.203
    87.118.109.2

    Here is what I did to remedy this problem in Vista. I went to Control Panel, Network and Sharing, and on the left panel I clicked on "Manage Network Connections". I have 2 local area connections listed. I have changed them both.

    ScreenShot003.jpg

    Just right click on one of those and go down to Properties


    ScreenShot004.jpg

    Double click on Internet Protocol Version 4. Then check the box that says "Use the following DNS server addresses". I entered the first 2 from the German Privacy list. And I did this with both of the local area network connections. So if I am using the VPN and go to GRC, it shows those 2 DNS servers only. And if I am using just my bare connection through my ISP, it still shows only those 2 DNS servers from Germany. But they are not my IP address. Do this and go to the GRC page and see what it shows.

    ScreenShot005.jpg
  15. caspian
    Offline

    caspian Registered Member

    If you can't change the DNS for Hotspot Shield then don't use them.

    I just tried this free one. http://www.vpnbook.com/ Since I already have open VPN, i just moved the 2 files that they give you into the OpenVPN config folder. Then I right clicked on the OpenVPN GUI in the start menu, then right clicked on the system tray icon, connected, and entered the username and password that they provide, and I was exiting in Romania. Worked like a charm and they didn't try to add any toolbars or change my home page.
  16. zmechys
    Offline

    zmechys Registered Member

    Caspian,

    Thank you for your very detailed answer. I'll check it later today.
    Just in case, could any of those free VPNs be a "honeypot"?
  17. caspian
    Offline

    caspian Registered Member

    The free VPNs aren't to be trusted for anything serious. Guys here recommend airVPN, Boleh, and Mullvad. Some of them let you pay with cash, if you like. But if you are using it from your home then they have your IP anyway. But right now I use airVPN. I was using Cryptohippie but I can't afford it right now. I also have a Riseup account. But the free VPNs? I don't know. I wouldn't trust them near as much (except for riseup). But of course you can Tor through them with Whonix or TBB..
  18. zmechys
    Offline

    zmechys Registered Member

    I've entered those DNS Servers but nothing happened. Whatismyip and GRC immediately provided me with my real IP, my location, my ISP, and my company's information.

    DNS_Servers.PNG
  19. mirimir
    Offline

    mirimir Registered Member

    You've established that HotSpot Shield is useless :)
  20. zmechys
    Offline

    zmechys Registered Member

    Yes, you are absolutely correct.
  21. caspian
    Offline

    caspian Registered Member

    If you go to GRC with your bare connection and test your DNS, what does it show?

    If hotspot is connected and whatismy ip shows your true IP then obviously it is not working. I am wondering if it is actually a VPN?
  22. zmechys
    Offline

    zmechys Registered Member

    With my "bare connections", GRC shows my true identity.

    With HotSpotShield on, whatismyip shows spoofed IP address, but GRC, again, shows my true identity.
  23. caspian
    Offline

    caspian Registered Member

    The GRC website *never* identifies you. That IP address that it shows you is not *your* IP address. It is the IP address of the service that your ISP uses to translate a website name into a number.

    Anyone here reading this that understands DNS feel free to correct me if I am not explaining this correctly. But this is my understanding of DNS. The DNS service translates the name address of a website into an IP address (a number). Example: wilderssecurity.com = 66.227.46.190.

    Open a new tab and put 66.227.46.190 in the address bar and click enter.

    So when you go to the GRC test site, it never shows you *your* IP address. It shows you the IP address of the service that translates your requests into numbers so that you can be directed to the website of your choice.

    If the DNS service is handled by your ISP, then that IP address will be similar to yours. But it is different. And it does not identify you as a customer, specifically, as does *your* IP address.

    So when I go to the GRC site, the DNS servers that show up for me are no longer from my ISP. Because I have changed all of the network connection's DNS. All of them. Not just one of them. No matter if I am connected to my VPN or if I am just running on my bare connection, my DNS is being handled by the German Privacy Foundation. So when I go to GRC, that is what I see with my bare connection and with my VPN running.

    So, the whatismyip shows hotspot's IP. And that is what websites on the internet will see when you go there. But even though you appear to have the same IP address as Hotspot on the internet, you are still using your local DNS service (two different things). And if a website is able to see both your IP address and your local DNS server, then they know your location, but NOT your true IP.
    Last edited: Mar 20, 2013
  24. Taliscicero
    Offline

    Taliscicero Registered Member

    If your using it at work, your workplace could have a firewall & or global DNS in your router/control con for their security. So regardless of what you put into the adapter settings, your global rules still apply and there would be nothing you can do about it.
  25. zmechys
    Offline

    zmechys Registered Member

    I think you've just answered my question.
Thread Status:
Not open for further replies.