How to Make a VPN Give Up Its Secrets August 13, 2018 https://www.tomsguide.com/us/vpn-voracle-attack-defcon26,news-27784.html
Damn. But OK, just disabled compression on my VPN gateways. And damn, I'm glad that I've been chaining VPNs. For all but te last one, there's no traffic except for the next VPN link.
That is all to technical to a novice VPN user, like me, but my VPN is immune to this attack, I believe:
Thanks... You mention, "I've been chaining VPNs". Does that mean I have sign up with other VPN providers? So, far I only have Windscribe. It was easy to install, and is easy to use. I like it.
Well, you don't have to. Chaining VPNs -- a second VPN connecting through the first, and a third through the second, and so on -- provides stronger anonymity. Because adversaries would need data from multiple providers. It's the same idea as Tor. But much less effective, in that Tor changes circuits every ten minutes, using thousands of relays. But it's also faster, and you're less likely to have sites block access.
Windscribe has a featured called double hop. That sounds similar to what you say but most likely not as strong. https://windscribe.com/features/double-hop
Another attack on VPNs. This time it's IKE protocol implementation. Researchers Break IPsec VPN Connections with 20-Year-Old Protocol Flaw https://threatpost.com/researchers-break-ipsec-vpn-connections-with-20-year-old-protocol-flaw/
Yes, a few providers offer multiple hop connections. That may make traffic harder to trace. But if they're all from the same provider, they're just as vulnerable to coercion as a single hop.
lol I just assume all VPN services keep ip logs of their customers. So that anyone, who is dumb enough to do highly illegal stuff via a VPN, is hopeless stupid. Thinking that a vpn will hide your ip address is an EPIC FAIL LOL.
Status of some VPN providers against VORACLE Air, PIA: not affected https://airvpn.org/topic/29047-airv...k-used-to-decrypt-http-traffic-sent-via-vpns/ TunnelBear, Express, Pure, Proton, IVPN: patched https://www.reddit.com/r/ProtonVPN/comments/97ktkt/is_protonvpn_susceptible_to_voracle/ https://twitter.com/ivpnnet/status/1031467793491869696 (Pure notified its users about it via message) PerfectPrivacy: won't patch but will add option https://board.perfect-privacy.com/threads/voracle-attack.3288/
IDK, sorry. Some user posted sth like a private message from Pure's product manager in a forum so I assumed above, but I may be wrong. I'll send you a copy of what I have seen.
