74 VPNs Tested for IP, DNS & WebRTC Leaks (16 Leaking)

Discussion in 'privacy technology' started by guest, Jul 18, 2018.

  1. guest

    guest Guest

    74 VPNs Tested for IP, DNS & WebRTC Leaks (16 Leaking)
    July 11, 2018
    https://thebestvpn.com/vpn-leak-test/
     
  2. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    Honestly they missed one test:
    VPNs can leak over Torrent, as the site https://ipleak.net/ demonstrates. ProtonVPN leaked my IPv6 a few month ago when I was testing it for me. So I assume that many more VPNs have the same issue. Please test for yourself.
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Damn, they didn't test very hard for leaks!

    In particular, they didn't interrupt the Internet uplink, and check for leaks while the VPN was reconnecting.

    That's typically pwns people who are torrenting, streaming, etc. Doing anything that takes a long time. Because then there's a greater chance of an uplink interruption.
     
  4. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    Oh yea, that too. ProtonVPN has no sufficient kill-switch functionality. You disconnect to change the server = you're online with your real address.

    I found that Windscribe has one that works perfectly! It uses a "firewall": I assume it just writes a universal rule to WFP. (Does work fine together with WFP-configuring GUIs, like Simplewall)
    But I didn't test Windscribe with torrents because I don't do those anymore.

    I also deactivated IPv6 on my system to not have any issues with it anymore.
     
  5. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,402
    Unless you need to use IPV6 that is clearly the safest bet. Some day I'll probably change but for now I disable IPV6 at the system boot level. There is NO "6" to screw me because its shot down at boot!
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Yeah. There are some sites with only IPv6, I gather, but nothing important yet.

    Anyone know any?
     
  7. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    The one mentioned also has a IPv6 only version, as well as several version that use different ports: (See this on the bottom of the site)
     
  8. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    Nope. And looking for top 500 IPv6 support is pretty depressing.
    http://www.delong.com/ipv6_alexa500.html

    Even father of internet is whining of the slow adoption:
    https://www.zdnet.com/article/googl...ernet-is-ipv6-but-heres-why-thats-not-enough/

    P.S:
    If ever my own site gets blocked (both ipv4 and/or domain name) for whatever reason, then
    it's still reachable by raw ipv6 addresses like this:

    http://[2a04:dd00:18:1:10:10:10:10]

    http://[2a04:dd00:18:1:10:10:10:10]/imagesecret.html

    http://[2a04:dd00:18:1:10:10:10:10]/celltowerfinder.html

    Sadly, https encryption wont work (or actually, cant' get the certs) with raw addresses ... :(

    P.S2:
    It's crazy that I have to use SSH tunneling to test my server IPv6 accessibility because my backwater ISP *still* does not support IPv6 ....
    Anyway, use this article if same situation:

    https://www.adamfowlerit.com/2013/01/using-firefox-with-a-putty-ssh-tunnel-as-a-socks-proxy/

    No need for 6to4 tunneling setups or anything like that...just SSH server somewhere enough
     
  9. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Thanks :)

    I vaguely recall reading about some new stuff in Southeast Asia that's only via IPv6.
     
  10. longshots

    longshots Registered Member

    Joined:
    Oct 20, 2017
    Posts:
    533
    Location:
    Australia
  11. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    You could use a VPN service that gives you IPv6 connectivity :)
     
  12. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    I try to kick it out within august and pm you when it's ready to download.
    And it will be free of course for you because you already paid for Linux version.
    :)
     
  13. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    Yes, that's true. But I don't really trust them ;)
     
  14. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    You could setup your own VPN on GigaTux. They'll give you needed /64.

    That's what I did for the VPN testing project. As I recall, it wasn't that hard. But admittedly, I did get some help from one of IVPN's network engineers.

    Maybe I even kept good enough notes to replicate it. But I haven't tried, because I don't need IPv6 :)

    But then you need to trust them ;)
     
  15. DrearyMushroom

    DrearyMushroom Registered Member

    Joined:
    Sep 9, 2017
    Posts:
    27
    Location:
    The Internet
    Algo made it pretty simple, just running a few scripts. It might be tougher if you want to use GigTux, but might as well use AWS or Google since you get one free server with an account... https://github.com/trailofbits/algo
     
  16. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Do they give you IPv6 /64 subnets? As I recall, you need three for the IPv6 VPN. One for the server, one for the VPN tunnel, and one to allocate to clients. Humongously wasteful, but hey.

    And also, I needed one that accepted Bitcoin :)
     
  17. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    One thing that I like about IPv6 from server managment view, is that you
    can pretty much get as many addresses as you want and for free! :)
    For example, just added the following new ones:

    http://[2a04:dd00:18:1:11:11:11:11]/celltowerfinder.html
    http://[2a04:dd00:18:1:254:254:254:254]/celltowerfinder.html

    My VPS provider gives me /64 block so I have 18,446,744,073,709,551,616 addresses to choose from .... :eek:

    Besides censorship avoiding this gives me an idea....
    Is it somehow possible (maybe iptables routing or something lika that?) to have a specific username connect to specific virtual machine inside my server?

    What I mean:
    If I have virtual machines A, B and C running on my server, with unique IPv6 address assigned to them and username X signs in from weblogin he/she gets connected to VM A, if username Y signs in he/she gets connected to VM B and so on ... ?
     
  18. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    Could you theoretically write a script that creates 18,446,744,073,709,551,616 websites for you?
     
  19. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Sure, but you'd need lots of hardware for hosting them :)

    That's partly what IoT is about. Stuff like billions of billions of self-organizing nano-drones, each with it's own IPv6 address. Basically, utility fog.
     
  20. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    I'm glad I didn't choose to be a network engineer.
     
  21. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Hey, AI would handle all that.

    And utility fog. I would love utility fog. That would fundamentally be magic. Rajaniemi's "Flower Prince" novels include that. Also, I think, Morgan's "Land Fit for Heroes" novels, but way far in the future, when it's seen as magic.
     
  22. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    Yea, and we all know how secure all those IoT things are, judging by companies track record ... :(

    IPv6 /64 block has more addresses than there are stars in Milky Way .... (estimates are 100 to 400 billion).
    Mirai will be nothing compared to future botnets .... :eek:

    EDIT:
    About privacy and IPv6:

    In IPv4, mostly because addresses run out long time ago, people use NAT.
    That's one-to-many mapping, aka, there can be several hundreds, even thousands of devices behind one public IPv4 address.

    In IPv6, every device has address and there is no, (to my knowledge) NAT for it.
    However, if I read these things correctly, every device could also have several addresses, aka many-to-one mapping. And those addresses could be temporary too ? o_O

    https://en.wikipedia.org/wiki/IPv6_address#Temporary_addresses

    "Network interfaces configured for IPv6 use temporary addresses by default in OS X Lion and later Apple systems as well as in Windows Vista, Windows 2008 Server and later Microsoft systems."
    (Why not in Linux?)

    So could there be or possible to make, in theory, proxy, router etc.. network device that has several temporary IPv6 source addresses randomly picked each time the actual client initiates connection throught it ?
    :eek:

    EDIT2:
    Ah, there is temporary IPv6 for Linux too ...
    https://home.regit.org/2011/04/ipv6-privacy/
    and also here:
    https://docs.menandmice.com/display/MM/enable IPv6 privacy extension on Ubuntu Linux
     
    Last edited: Jul 20, 2018
  23. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    That would be great for privacy, but I think ISPs would be against that. :(
     
  24. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    747
    Yes...
    Just like some of them already (some forced by goverment) are hunting Tor and VPN users.
     
  25. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    It depends on the ISP setup. Some ISPs just assign one IPv6 address to each user. But decent ones give users at least a /64 subnet. And just about all OS now use temporary IPv6 addresses for non-local traffic. However, they're still part of your /64 subnet, and so associated with your ISP and account.

    That's also what an IPv6 VPN can give you. Whether it's a commercial service, or your own private VPN on a VPS. The address can change frequently. And there's no link to your ISP. Or to you, if you've paid with well-mixed Bitcoin etc, and work via Tor.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.