How your VPN (PIA and others) may leak your IP

Feb 12th, 2015 10:38 pm

#1

markom [OP]: Deal Addict; Oct 1, 2008; 1998 posts; 414 upvotes; Ottawa

Feb 12th, 2015 10:38 pm

How your VPN (PIA and others) may leak your IP

http://lifehacker.com/how-to-see-if-you ... 1685180082

Interesting article, my setup with Chrome was vulnerable.

Feb 13th, 2015 1:01 am

#2

NewsyL: Deal Fanatic; Feb 16, 2006; 5100 posts; 2099 upvotes; Vancouver

Feb 13th, 2015 1:01 am

wow. Chrome and FireFox were leaking.

Feb 13th, 2015 1:11 am

#3

Solsearchin1: Deal Fanatic; Nov 24, 2012; 5893 posts; 2138 upvotes; Space

Feb 13th, 2015 1:11 am

Never liked the idea of passing all my data through an anonymous server or source, isn't that what VPN users are practically doing?

Feb 13th, 2015 2:09 am

#4

kevindurant1: Deal Guru; Apr 8, 2013; 10205 posts; 752 upvotes

Feb 13th, 2015 2:09 am

We are all being spied on.

http://www.huffingtonpost.com/2015/01/2 ... 63090.html

[QUOTE]Canada's electronic spy agency has been intercepting and analyzing data on up to 15 million file downloads daily as part of a global surveillance program, according to a report published on Wednesday
[/QUOTE]

And this was 3 years ago. I cant imagine what they are up to now.

Feb 13th, 2015 2:18 am

#5

rageking: Deal Fanatic; Sep 4, 2009; 6575 posts; 720 upvotes

Feb 13th, 2015 2:18 am

All that was leaked was my internal ip address, but not my ISP given ip address. But the internal ip address given to my home router by the local ISP router was shown. Internet Explorer doesn't have this vulnerability.

Feb 13th, 2015 6:36 am

#6

will888: Deal Expert; Dec 12, 2009; 26029 posts; 15995 upvotes; Toronto

Feb 13th, 2015 6:36 am

It is easy to check if there is leakage.

http://ipleak.net/

+1

Feb 13th, 2015 7:03 am

#7

jimmy-j: Deal Addict; Aug 12, 2008; 2932 posts; 592 upvotes; Newmarket

Feb 13th, 2015 7:03 am

i'm all clear.

Feb 14th, 2015 6:36 pm

#8

hagbard: Deal Expert; Dec 19, 2001; 31347 posts; 2021 upvotes; Fernando Poo

Feb 14th, 2015 6:36 pm

Chrome is leaking...WebRTC Block doesn't work!!

Feb 14th, 2015 10:14 pm

#9

Tadio2k: Banned; Feb 18, 2015; 263 posts; 46 upvotes; Toronto

Feb 14th, 2015 10:14 pm

Thread hijack, why isn't my prepaid credit card and/or paypal working to update my Netflix?

Feb 14th, 2015 10:26 pm

#10

LEXX911: Deal Addict; Jul 27, 2009; 2392 posts; 461 upvotes

Feb 14th, 2015 10:26 pm

If you want to watch PBS, Bravo, Hulu ect. Use Hola addons. No need for VPN.

Feb 15th, 2015 4:26 am

#11

makaturing: Deal Addict; Jul 23, 2013; 3038 posts; 1051 upvotes; A small town north o…

Feb 15th, 2015 4:26 am

hagbard wrote: ↑Chrome is leaking...WebRTC Block doesn't work!!

Disable Javascript.

Feb 15th, 2015 6:28 am

#12

hagbard: Deal Expert; Dec 19, 2001; 31347 posts; 2021 upvotes; Fernando Poo

Feb 15th, 2015 6:28 am

makaturing wrote: ↑Disable Javascript.

I don't have java on my system. BTW, having installed SafeScript as recommended by Lifehackers, its amazing how much information harvesting RFDs does. If you turn everything off on this site, btw, it doesn't load in your profile at the top (eg: you won't get mail).

Feb 15th, 2015 9:58 am

#13

makaturing: Deal Addict; Jul 23, 2013; 3038 posts; 1051 upvotes; A small town north o…

Feb 15th, 2015 9:58 am

hagbard wrote: ↑I don't have java on my system.

Java and Javascript are two completely different things. Chrome comes with Javascript enabled by default. The SafeScript you installed works by controlling Javascript.

Chrome -> Settings -> Show advanced settings -> Privacy -> Content settings -> Javascript

+1

Feb 15th, 2015 10:06 am

#14

makaturing: Deal Addict; Jul 23, 2013; 3038 posts; 1051 upvotes; A small town north o…

Feb 15th, 2015 10:06 am

Firefox users can install the QuickJava add-on, which allows you to toggle Javascript (and a bunch of other things) from your toolbar.

Feb 15th, 2015 10:27 am

#15

makaturing: Deal Addict; Jul 23, 2013; 3038 posts; 1051 upvotes; A small town north o…

Feb 15th, 2015 10:27 am

Here is the relevant passage from the Lifehacker article:

****
The flaw was documented by developer Daniel Roesler over at GitHub. Roesler explains how the process works:

Firefox and Chrome have implemented WebRTC that allow requests to STUN servers be made that will return the local and public IP addresses for the user. These request results are available to javascript, so you can now obtain a users local and public IP addresses in javascript.

****

It is Javascript that leaks your IP. You don't have to install anything, you just have to know how to turn Javascript off.

In Firefox you can disable it globally by going to about:config and toggling "javascript enabled" from true to false. They deliberately took this out of the Options, where it used to be, which is one of the reasons I don't use Firefox any more. For Chrome see my post above.

You can't surf the web effectively without Javascript because almost every web site uses it. That's why browsers have it enabled by default. But the security hazards of Javascript are very well known, and you should always disable it before going somewhere you don't want your IP (and lots of other stuff) revealed.

Feb 15th, 2015 11:13 am

#16

hagbard: Deal Expert; Dec 19, 2001; 31347 posts; 2021 upvotes; Fernando Poo

Feb 15th, 2015 11:13 am

Don't want to be turning this on and off. The problem I now have is if I apply ScriptSafe on one computer, it applies it to the other. Getting tired of Google and all their nonsense.

Feb 15th, 2015 11:27 am

#17

ShadowVlican: Deal Expert; Jun 12, 2003; 15134 posts; 1533 upvotes; Markham

Feb 15th, 2015 11:27 am

Too much hassle to micromanage javascript, far too many sites make use of it

ShadowVlican

Feb 15th, 2015 11:39 am

#18

makaturing: Deal Addict; Jul 23, 2013; 3038 posts; 1051 upvotes; A small town north o…

Feb 15th, 2015 11:39 am

ShadowVlican wrote: ↑Too much hassle to micromanage javascript, far too many sites make use of it

Of course. You just toggle it when you're on your VPN and you want that extra level of assurance your IP won't be leaked. Most of the time the VPN is good enough.

Feb 15th, 2015 11:40 am

#19

Penrose: Deal Addict; Apr 23, 2014; 1141 posts; 216 upvotes

Feb 15th, 2015 11:40 am

\i find it ironic that the vpn \i use , okayfreedom, the icon they use is the 'all seeing eye'. i was surprised to find that webrtc leaks the ip in my FF.\since then, i have disabled it and now it seems to have been the only leak. i am leaving javascript alone for the time being. i am so surprised to have discovered this leak in |FF, espescially when they have so recently done so much promoting to educate their users about privacy.

Feb 15th, 2015 11:42 am

#20

makaturing: Deal Addict; Jul 23, 2013; 3038 posts; 1051 upvotes; A small town north o…

Feb 15th, 2015 11:42 am

hagbard wrote: ↑Getting tired of Google and all their nonsense.

Ha ha! People used to call Microsoft the "Evil Empire", but I think Google is giving them a damn good tussle for the title.