Don't Look Now but Some VPN Providers Have Been Leaking User IP Addresses

[DooKey]

Someone correct me if I'm wrong, but VPN's are supposed to provide user anonymity aren't they? However, it appears a lot of VPN providers have been leaking customers IP addresses via the WebRTC bug and some of them didn't even know what that was. To top it off some VPN providers are keeping logs of their clients use of the VPN. So next time you decide to use a VPN provider for whatever reason you need to realize you may not be anonymous after all. Thanks cageymaru.

The problem was that STUN servers would disclose this information to websites that had already negotiated an WebRTC connection with a user's browser.

Since then, many advertisers and law enforcement agencies have used this WebRTC-related bug to acquire a site's visitor's IP address.

 

[BSmith]

I have been warning our clients about this for some time now. Thought it was widely known.

 

[ol1bit]

That is not cool. Sigh...

 

[NeghVar]

I use PIA (not on the list) and I do not use the plug-ins. I use the VPN for the whole system

 

[looniam]

someone correct me if i am wrong but i thought the torrent community was already aware of this for awhile now.

thought i've never thought to need a VPN, my take is free is never free nor paying for lag when i care for about ping times than anonymity for myself.

 

[Master_shake_]

What does the p in VPN mean?

Public?

 

[vegeta535]

People need to accept that if you online you can not expect privacy. Doesn't matter if you use a VPN or something.

 

[NeghVar]

People need to accept that if you online you can not expect privacy. Doesn't matter if you use a VPN or something.

Just like IT security. We use what options we have to mitigate the problem. Just because something cannot be 100% effective, do we abandon the whole concept or strive for the highest percentage we can?

 

[Cantroy]

Just like laws, actually...

 

[focbde]

I use PIA (not on the list) and I do not use the plug-ins. I use the VPN for the whole system

Also a happy PIA user here.

 

[Biznatch]

A VPN only masks your traffic between your machine and the VPN endpoint. Tor is what you want to use to try and be somewhat 'anonymous' online, but even that by itself isn't enough.

 

[[21CW]killerofall]

I don't bother with VPNs as I don't give a fuck if someone sees what I am doing online. All of my important shit (aka banking and the like) is done over HTTPS and that is good enough for me. I don't have anything to hide (not like that should matter anyway).

 

[cjcox]

There's nothing about VPN that ensures anonymity. Just saying. If on the Internet (a public network) you need to assume some things are going to be "known". Just the way it is.

And this isn't just a "home user" misunderstanding. I've show at least one Fortune 10 company how they aren't as safe as they think they are.

 

[Jim Kim]

You had one job.

 

[Lakados]

Maybe the internet has jaded me, but I assume that all VPN providers keep logs and are ready and willing to sell any info they can on me. There is almost 0 consequence for them if they get caught it is easy for them to pack up change their IP’s and company name and start again.

 

[looniam]

I don't bother with VPNs as I don't give a fuck if someone sees what I am doing online. All of my important shit (aka banking and the like) is done over HTTPS and that is good enough for me. I don't have anything to hide (not like that should matter anyway).

idgaf either but its not about hiding, it's about your right to privacy that fools think can't ever exist.

last millennium says hello.

 

[Zarathustra[H]]

I was under the impression that WebRTC is out of the control of the VPN provider.

It is something you have to block in your browser.

 

[lostin3d]

A VPN only masks your traffic between your machine and the VPN endpoint. Tor is what you want to use to try and be somewhat 'anonymous' online, but even that by itself isn't enough.

I thought I read something recently about TOR having involvement with NSA?

 

[lostin3d]

I honestly believe that VPN security only goes as far as the check or threat leveraged against them. Just because we rely on laws doesn't mean you should always believe the laws of any country will truly protect you. Albeit unrelated, the recent cloud act ought to be enough proof of that.

 

[MrGuvernment]

And next in the news, most VPN services are actually owned by ISP's and have been tracking all your data the entire time!

 

[Schtask]

And next in the news, most VPN services are actually owned by ISP's and have been tracking all your data the entire time!

You can test your VPN on 3rd party websites to see if leaks are present. Some of them are much more secure than others. Theoretically, an ISP will see the connection from your real IP to the VPN provider and that's it. Is that always the case? No. Also, if someone really wants to track you there are plenty of options, even through a VPN.

 

[Zarathustra[H]]

You can test your VPN on 3rd party websites to see if leaks are present. Some of them are much more secure than others. Theoretically, an ISP will see the connection from your real IP to the VPN provider and that's it. Is that always the case? No. Also, if someone really wants to track you there are plenty of options, even through a VPN.

Yep, first thing I did when I set up my VPN (PIA) was to check it on ipleak.net. I found that my real IP was being leaked via WebRTC.

That being said, it was only my local NAT:ed IP, not my real public IP, so it would have been of limited use to others, even if I hadn't blocked it.

I did some research and found a WebRTC IP leak blocker plugin for Chrome which I use, and I no longer have a problem.

(Note, I don't live in NY/NJ)

I wasn't even aware that VPN providers had any way what so ever to block WebRTC. I was under the impression that the browser sends this to the site being visited directly, and that the VPN provider cannot block it, so you need a brower plugin or something like that.