Simple IP check reveals that you are hiding behind a VPN?

Discussion in 'privacy problems' started by yukee, Feb 19, 2016.

  1. yukee

    yukee Registered Member

    Joined:
    Feb 19, 2016
    Posts:
    2
    Hi,

    Lately, I have been learning about privacy/anonymity and started using VPN services. To check whether my experiments work, I visit ip-api.com that displays IP/location information and other stuff. I am surprised that they show a row labeled "TCP/IP fingerprint" that reveals the fact I am using a VPN.

    I have tried other ways to connect: proxies, Tor Gateways, and the leaks-resistant method described my @mirimir at iVPN which uses pfSense VMs as VPN Clients, however, ip-api always outputs a text describing the method used!. In the case of proxy or Tor, for instance, it shows "1500MTU, Ethernet or modem, Linux (3.11 and newer), Chrome(ium), fake user-agent (proxy?)". I even did those tests using windows, mac os, and Linux.

    I really need my visits not to reveal I am using anonymity services, I'd just like appear to be another regular user. Any idea on how to workaround this?
     
  2. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    142
  3. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,599
    Can't be done and this why: The internet requires an IP to "handshake" with a website when you browse. Your exit node (don't get confused here) will supply an IP to the website so that it can communicate with your connection. Its how the internet works. When you enter a "name" into your browser url and look for site such as here at Wilder's, there is a dns lookup whereby the IP address for Wilder's is located. If you knew the IP you could just as easily type the IP into the url window and save the dns lookup time.

    There are tons of services out there that log IP numbers, especially from VPN's and TOR. Enter the example cloudfare which drives us nuts sometimes. They blacklist vpn IP's and charge website owners a small fee to make sure that VPN connected users get blocked. Those are mistakes in practice in my opinion but I cite it as an example.

    Summary, you cannot connect without providing the exit IP because the site you are pinging cannot respond without it.

    If you live close to coffee shops you could connect there and not appear to be "anonymized". Just a thought.
     
  4. Novastar 3d

    Novastar 3d Registered Member

    Joined:
    May 3, 2009
    Posts:
    62
    What are you talking about "it can't be done" Palancar? wtf good would any VPN or similar services be? I am currentrly browsing with chrome and you must disable WEBRTC in browsers. That is how they are getting internal IP. Once I did that with chrome, that site http://ip-api.com/ doesn't show my internal ip anymore. And there are ways to change what it shows as Figerprint/Headers. Palemoons browser doesn't have this crap enabled by default anyway.
     
  5. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    301
    Location:
    Swiss
    There are ways to detect your real location which can't be bypassed via an addon/extension or configuration. I showed one of them over here, IP spoofing is not always effective. Or in other words there are hardware bases attacks which are always working no matter which tools/addons/config you use.There are also other problems, such wrong hardening of settings and such which means it easy to get your IP.

    Of course such simple pages like ipload, ip-api, browserspy and many others using techniques which showing that it's possible to get your real location but I would much more care about techniques that aren't puplic leaked or need much more effort to protect. The problem is that if someone want your location he gets it, it's a question how many effort he want to spent. And normally he not need much effort, because faked logins/pages are very effective. E.g. the silkroad guys are busted by XSS even behind Tor/VPN and other protection mechanism, I wouldn't say because they are that stupid more because the effort the attacks (in this case FBI) used to infect there pages.

    To think just using an VPN and be secure is wrong. All is depending on knowledge on both sites, attackers and victims.
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Well hey, https://www.browserleaks.com/whois also calculates the number of intervening routers, based on packet TTL :eek:

    As @Palancar and @CHEFKOCH say, sites can discover a lot about your device and how you're reaching them. HTML5 is a huge security hole. Check out what I say at https://www.wilderssecurity.com/threads/detecting-vpn-leaks.383636/page-2#post-2565941 about WebGL. You also want to disable WebRTC. But then there are other forms of browser fingerprinting, various sorts of evercookies, etc, etc. New ways to fingerprint and track are always under development.

    Whonix is the most secure option, I think. If you don't want to use Tor, you can tweak Tor browser to work without using Tor. See https://www.reddit.com/r/TOR/comments/2ywmji/is_it_possible_to_use_the_tor_browser_without/ for instructions. Another option is using a variety of OS types with different graphics drivers, so you have different WebGL fingerprints. Dedicated hardware is even better, but that costs more, and requires more space.

    If you want an IP address that's not associated with VPNs or Tor, you can run a simple desktop on a VPS, and connect via RDP onion service: https://dbshmc5frbchaum2.onion/Remote-LXDE-Desktop.html Latency is iffy, and there's no protection from the VPS provider, but you'll have a fast uplink, and a cleaner IP address.
     
    Last edited: Feb 20, 2016
  7. marsitlov

    marsitlov Registered Member

    Joined:
    Feb 20, 2016
    Posts:
    1
  8. yukee

    yukee Registered Member

    Joined:
    Feb 19, 2016
    Posts:
    2
    Thanks everyone for those contributions around my question, I think I'll need a couple of days to check and understand the pages you have referenced ... I am kind of new to this
    I forgot to upload a piece of evidence, see the snapshot: openVPN_revealed_ip-api.com.png
     
Loading...