Discussion in 'other security issues & news' started by ronjor, Jul 16, 2020.
Original release date: July 16, 2020
This does seem like stating the obvious. I mean, it's pretty common for people to use VPN services to obfuscate IP addresses. And it's also pretty common for VPN services to use network tunneling to obfuscate their exit servers' IP addresses.
So is the use of testing sites like
accurate in determing the IP and location of the VPN servers?
Users use a VPN to hide their IP address and for other uses. Sometimes double or even multi-hopping. Can I say that using a VPN service with many virtual locations would be better off in privacy term than those using dedicated hardware servers with true physical locations if one wants to use a VPN to hide the IP address?
No, it's not. Because that geolocation data comes from RIPE etc databases. And the location information there is often outdated.
For example, HMA has a server that's supposedly in Vanuatu. However, while the relevant IP addresses were at some point assigned to Vanuatu, HMA is leasing them from some firm that's acquired the rights to use them. Basically, it's an income stream for Vanuatu.
And so HMA advertises those "Vanuatu" IP addresses from servers in the EU. If you're using those servers, your traffic hits the Internet from some EU data center. But when ipleak.net or whatever looks up those IP addresses, it sees that they're supposedly in Vanuatu.
However, if you ping those IP addresses from servers in many locations, you find low latency for ping servers in the EU, and high latency for ping servers near Vanuatu.
Thanks for the reply.
You quoted HMA because it uses virtual servers.
How about those VPN providers using bare-metal servers? Would those testing sites I mentioned display them accurately?
And how about the privacy of virtual servers over dedicated bare-metal servers for VPN users? Don't you think it's better here?
No, I was talking about most of their servers, bot just the ones that they disclose as virtual.
No, there's no way to know where servers are actually located, unless you do the ping testing thing.
I'm familiar with the argument that virtual servers in secure locations are safer than servers in iffy locations. But no matter what, it's not OK to mislead customers about server locations.
Thank you for the replies