Huge Security Flaw Makes VPNs Useless for BitTorrent

Discussion in 'privacy technology' started by lotuseclat79, Jun 18, 2010.

Thread Status:
Not open for further replies.
  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
    Huge Security Flaw Makes VPNs Useless for BitTorrent.

    Millions of BitTorrent users who have chosen to hide their identities through a VPN service may not be as anonymous as they would like to be. Due to a huge security flaw, those who use IPv6 in combination with a PPTP-based VPN such as Ipredator are broadcasting information linking to their real IP-address on BitTorrent

    -- Tom
     
  2. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    I'm not surprised. Reliable identification (i.e., no anonymity) is one of IPv6's goals, isn't it?

    And the deficiencies of PPTP are well known (around here, anyway).

    I wonder what we don't know (that we don't know that we don't know).
     
  3. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    You make a very good point. What don't we know? While certainly no fan of Donald Rumsfeld, he will forever be known for succinctly putting what you just said into profound words. It was at first thought of as funny, but in reality, it's never been put better. Read it carefully:

    "There are known "knowns." There are things we know that we know. There are known unknowns. That is to say there are things that we now know we don't know. But there are also unknown unknowns. There are things we do not know we don't know." - Donald Rumsfeld, June 6, 2002
     
  4. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    I turn off IPv6 when I first install any linux distro. However, it's not necessary to do if you are behind a NAT firewall that does not translate IPv6 addresses. I run Tomato on a Linksys router and Tomato still uses a 2.4 version of the Linux kernel that does not recognize IPv6. Since all my connections go through the router, it matters not whether IPv6 is turned on in my OS -- my router wont recognize it and wont pass any IPv6 connection.

    And this is not really a security flaw. It's just a matter of many people not realizing they are broadcasting an IPv6 IP since many OS's turn it on by default.
     
  5. Asus125

    Asus125 Registered Member

    Joined:
    Sep 8, 2009
    Posts:
    33
    So isn't this problem with the open vpn also, if IPv6 broadcasting is turned on?


    I know that MAC-addresses can be viewed but I thought only by them who are running the vpn service. Is it possible to a single vpn user watch others MAC-addresses?
     
  6. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    @LockBox

    Actually, that distinction -- among (1) what we know; (2) what we don't know, and know that we don't know; and (3) what we don't know, and don't even know that we don't know -- is a key pillar of the Landmark Forum. That's probably where Rumsfeld got it. I don't know the primary source.

    @Asus125

    I believe that prudent VPNs firewall users from each other, no?
     
  7. Asus125

    Asus125 Registered Member

    Joined:
    Sep 8, 2009
    Posts:
    33
    So in other words, it is not not possible?

    If I am using Xerobank and I could see other users MAC-adressess, which was said in the text of torrent freak, then there would be no anonymity. I am thinking that the users cannot see others MAC-addresses but I still prefer to hear answers from others.
     
    Last edited: Jun 19, 2010
  8. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    The article linked to by the OP specifically states PPTP-based VPN providers. OpenVPN apparently turns off IPv6 as part of its implementation.
     
  9. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    @Asus125

    I don't believe that XeroBank users can even detect other users on the 10.x.x.x network that they're connected to. Perhaps someone from XeroBank can comment on that.
     
Loading...
Thread Status:
Not open for further replies.