Detecting VPN leaks

Discussion in 'privacy technology' started by mirimir, Feb 5, 2016.

  1. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    395
    Location:
    Swiss
    It works only:
    * On W-Lan
    * Only in a range/distance of 400~ miles
    * Only on proxy/vpn/scripts
    * via triangled ip spoofing base

    Pager is given here. Good luck after second page I gave up, because this requires a huge effort on attacker site and I doubt this is usable on normal wired connection because you simply can re-route traffic to exit note and then this will not work correct.

    But anyway it's good enough if you just want to hunt for one single man and you know he/she is in that range and use 'encrypted' w-lan.
     
  2. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,910
    Location:
    North of the 38th parallel.
    Such well meaning tests might mistakenly exclude the unfortunate rurals still using dial-up facilities.
     
  3. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,290
    Location:
    EU
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Nice site :)
     
  5. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    511
    Location:
    Earth .... occasionally
    Excellent ! .... thanks for posting .

    There are many similar sites but that one is a winner.
    It makes it very easy to instantly see the effects of browser add-ons ( eg NoScript )
     
  6. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Thanks! FoxWebSecurity OpenDNS reports "adult material" :argh:
     
    Last edited: Mar 13, 2016
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Sure you didn't mistype?
     
  8. Lyx

    Lyx Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    149
    You could include http://www.doileak.com/
    They perform IP leak test concerning TCP and UDP traffic. In my knowlegde, it's the sole site providing a test like that.
     
  9. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
  10. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,874
    Nothing. Machine-readable data is public. You cannot remove or conceal it. At the most a VPN will change your IP address so your real location remains private. But every computer connected to the Internet has a unique, hard-coded identifier for websites to read. 100% anonymity online therefore remains more of an ideal than a reality.
     
  11. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    What are you referring to?
     
  12. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    MAC address maybe? Not relevant behind a router though.
     
    Last edited: Jan 15, 2018
  13. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    503
    Location:
    USA
    I have seen a theory (conspiracy?) that some programs like Firefox or the OS has a code hidden somewhere that is unique to a computer, tablet or phone that can be used for tracking. I've never seen any proof of this though even though it doesn't seem like it would be all that difficult to do.

    Tracking a system by it's MAC address also seems like it could be easy Krusty, but again I have never seen any reliable evidence that this happens.

    So personally, until I see some good proof this comment "But every computer connected to the Internet has a unique, hard-coded identifier for websites to read." is just more FUD being spread.
     
  14. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Well, I'd like to hear what @NormanF was referring to.

    But whatever it is -- MAC, some supercookie, etc -- it can almost certainly be circumvented through compartmentalization with VMs. And even that possibility can be eliminated by using separate hardware, on isolated LANs. In the extreme case, via separate Internet uplinks.
     
  15. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,874
    You know, the tests disclose the VPN's public address and your computer and browser info. In other words, your digital fingerprint.

    You real location however and personally identifiable info remain private. As long as that's the case, your VPN is doing its job.
     
  16. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    True. Except that "your computer" is ambiguous. If you're working in a VM, little about the host system is visible.

    Sites can see CPU type. And if WebGL is allowed, they can see combination of host GPU and VM virtual video driver. So, for example, Debian and Ubuntu VMs on a given host have the same fingerprint. Because they use the same VM virtual video driver. But Windows, OS X, Fedora, CentOS, Manjaro, other independent Linux distro, and PC-BSD VMs use different virtual video drivers, and so they have different fingerprints.

    Other than that, I don't know of anything unique that leaks from host to VM. Unless there's a VM-to-host exploit in the VM, anyway.
     
  17. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,402
    But what about a scenario where VM1 (aka vpn2) is bridged to a linux host (including vpn1), followed by VM2 (aka workspace), which is only bridged to VM1? In a scenario like that I don't visualize how the workspace VM can report on the particulars of the host because there is a bridged VM between it and the host. Wondering?
     
  18. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    The WebGL thing is independent of networking. Sites can generate fingerprints based on GPU and video driver. And all VMs on a given host that use the same have the same video driver will have the same fingerprint. You can see for yourself, using https://browserleaks.com/webgl in Debian and Ubuntu VMs on a given host. I posted about this here a few years ago.
     
  19. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,402
    Maybe I am not seeing something here. I just used your WebGL link from inside a TBB on the Desktop of a Debian VM, which is chained to the components I described a couple of posts up on this thread. Nothing --- everything is turned off via TBB config. Everything displayed shows absolute generic TBB fingerprints, the same as any other TBB user that hasn't modified. Link cannot generate a hash, at least not one I can find on that site. How can I check further to be sure I am not being myopic in investigation?

    Site returned this after examination:

    WebGL Report Hash n/a
    WebGL Image Hash n/a
    WebGL Image n/a
     
    Last edited: Jan 18, 2018
  20. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Yes, that's because you have WebGL disabled. Which Tor browser does by default. And which prudent folk do with any browser. But try it with WebGL enabled. Perhaps on a surplus host box through a new VPN.

    The point being that it's only WebGL being disabled that's preventing linkage through shared fingerprint. And you know, stuff happens ;)
     
  21. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,402

    No thanks. I don't use workspace without a "condom" - ever. LOL!

    ps - Real Name machine excluded!
     
    Last edited: Jan 19, 2018
  22. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    OK, got it. But just remember that the potential leak is there.
     
  23. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    This thread piqued my curiosity. I am currently using the OpenVPN client Viscosity with AirVPN, which allows for scripts to be run before, upon connection, and if a connection is dropped. My scripts are below. I also use Windows' firewall to prevent qbittorrent, waterfox, Miranda, and thunderbird from connection to a network seen as public. Finally, all my adapters are set to VPN DNS servers.

    Connection:
    "Killswitch"
    Thoughts? Is this set up inadequate?
     
  24. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    It's simpler and better to use Windows firewall. There's time lag between detecting that the VPN connection is down, and terminating apps. And all it takes is one leaked packet.

    Or why not just use Eddie?
     
  25. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    I still am using WFC to restrict any connection seen as "public". The VPN is seen as private.

    I really hate the way Eddie forgets user settings, including preferred servers is Eddie is not closed before Windows is **** down or restarted. I've never seen any other program, ever, function that way. It makes no sense and can be infuriating!
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.