usefulvid 18 Posted ... I created this list which compares several VPN providers:https://docs.google.com/spreadsheets/d/1V1MFJJqwAtn9O_WgynUMXRbXLhsY2SAViADYsLZy63U/edit#gid=0As you can see airvpn is one of the leading ones with a good price I asked some other providers if and how they protect against the webrtc leak. 12vpn told me that they block stun ports on their server.Can anybody confirm that this is a reliable way to block this leak? idlcoak told me something similiar: "we block request from webrtc APIs." Can anyone who has more knowledge than my comment this? 4 whomever, Valerian, OmniNegro and 1 other reacted to this Quote Share this post Link to post
go558a83nk 362 Posted ... the whole webRTC thing needs to just die. it's not up to a VPN provider to protect you from a web browser function. In my opinion you shouldn't consider webRTC blockage in your review. users should instead just disable it in their browser if they don't want it. 1 jean claud reacted to this Quote Share this post Link to post
rainmakerraw 94 Posted ... the whole webRTC thing needs to just die. it's not up to a VPN provider to protect you from a web browser function. In my opinion you shouldn't consider webRTC blockage in your review. users should instead just disable it in their browser if they don't want it. To be fair, only Firefox-based browsers allow WebRTC to be disabled. Some extensions such as uBlock and Chrome's add-on allow leaks to be plugged, but they don't disable WebRTC completely. As 'leaks' are only an issue for those behind a VPN, it makes sense for VPN providers to offer a workaround, or at least some advice on how to achieve it. Since the OP's data is just that - raw data without any recommendation - I wouldn't call it a 'review'. That's not a negative, far from it. It's hard to find quantitative data about VPN companies, and I think the OP did a decent job. One thing that really bugs me about VPN 'reviews' in general is the speed tests. They are invariably carried out by someone on a <15 Mbps connection. Just... why? If nothing else for the love of God rent a decent gigabit plus VPS and set up a connection on there and leech some well seeded torrents. Plenty of 'superb high speed' VPN companies can't even half saturate my 160Mbps connection. Air does (usually). 2 Valerian and OmniNegro reacted to this Quote Share this post Link to post
go558a83nk 362 Posted ... the whole webRTC thing needs to just die. it's not up to a VPN provider to protect you from a web browser function. In my opinion you shouldn't consider webRTC blockage in your review. users should instead just disable it in their browser if they don't want it. To be fair, only Firefox-based browsers allow WebRTC to be disabled. Some extensions such as uBlock and Chrome's add-on allow leaks to be plugged, but they don't disable WebRTC completely. As 'leaks' are only an issue for those behind a VPN, it makes sense for VPN providers to offer a workaround, or at least some advice on how to achieve it. Since the OP's data is just that - raw data without any recommendation - I wouldn't call it a 'review'. That's not a negative, far from it. It's hard to find quantitative data about VPN companies, and I think the OP did a decent job. One thing that really bugs me about VPN 'reviews' in general is the speed tests. They are invariably carried out by someone on a <15 Mbps connection. Just... why? If nothing else for the love of God rent a decent gigabit plus VPS and set up a connection on there and leech some well seeded torrents. Plenty of 'superb high speed' VPN companies can't even half saturate my 160Mbps connection. Air does (usually). why should the VPN provider be the one to provide a workaround? why shouldn't the user just change browsers? Quote Share this post Link to post
rainmakerraw 94 Posted ... the whole webRTC thing needs to just die. it's not up to a VPN provider to protect you from a web browser function. In my opinion you shouldn't consider webRTC blockage in your review. users should instead just disable it in their browser if they don't want it. To be fair, only Firefox-based browsers allow WebRTC to be disabled. Some extensions such as uBlock and Chrome's add-on allow leaks to be plugged, but they don't disable WebRTC completely. As 'leaks' are only an issue for those behind a VPN, it makes sense for VPN providers to offer a workaround, or at least some advice on how to achieve it. Since the OP's data is just that - raw data without any recommendation - I wouldn't call it a 'review'. That's not a negative, far from it. It's hard to find quantitative data about VPN companies, and I think the OP did a decent job. One thing that really bugs me about VPN 'reviews' in general is the speed tests. They are invariably carried out by someone on a <15 Mbps connection. Just... why? If nothing else for the love of God rent a decent gigabit plus VPS and set up a connection on there and leech some well seeded torrents. Plenty of 'superb high speed' VPN companies can't even half saturate my 160Mbps connection. Air does (usually). why should the VPN provider be the one to provide a workaround? why shouldn't the user just change browsers? Why should VPN providers give leak protection, IPv6 disablement, or any other feature? It's just nice to have. Since WebRTC leaks are a VPN specific issue, I only mean it makes sense for VPN providers to address it. I didn't say they had to provide a 'fix', I said and/or information about it. AirVPN happen to offer both, which is nice. Not everyone wants to use Firefox, for example I hate how laggy it is on big websites even with 8 CPU cores and 16GB of RAM. It's a great browser all round though, and I do still keep it installed. It's also my default on Linux (where it seems to perform better). 2 whomever and OmniNegro reacted to this Quote Share this post Link to post
Casper31 73 Posted ... the whole webRTC thing needs to just die. it's not up to a VPN provider to protect you from a web browser function. In my opinion you shouldn't consider webRTC blockage in your review. users should instead just disable it in their browser if they don't want it. To be fair, only Firefox-based browsers allow WebRTC to be disabled. Some extensions such as uBlock and Chrome's add-on allow leaks to be plugged, but they don't disable WebRTC completely. As 'leaks' are only an issue for those behind a VPN, it makes sense for VPN providers to offer a workaround, or at least some advice on how to achieve it. Since the OP's data is just that - raw data without any recommendation - I wouldn't call it a 'review'. That's not a negative, far from it. It's hard to find quantitative data about VPN companies, and I think the OP did a decent job. One thing that really bugs me about VPN 'reviews' in general is the speed tests. They are invariably carried out by someone on a <15 Mbps connection. Just... why? If nothing else for the love of God rent a decent gigabit plus VPS and set up a connection on there and leech some well seeded torrents. Plenty of 'superb high speed' VPN companies can't even half saturate my 160Mbps connection. Air does (usually). why should the VPN provider be the one to provide a workaround? why shouldn't the user just change browsers? If you already use Firefox-which I recommend for Privacy reasons-there is an easy solution for this:GoTo https://www.privacytools.io/ and search for "WebRTC IP Leak Test".Besides the webrc you are presented with the sollution to the problem.Btw this website you may find a lot of interesting things! Have a good Day Quote Share this post Link to post
zhang888 1066 Posted ... I asked some other providers if and how they protect against the webrtc leak. 12vpn told me that they block stun ports on their server.Can anybody confirm that this is a reliable way to block this leak? This is a reliable way indeed, but it should not be up to the VPN provider to decide whether to block it or not.I don't plan to use it on my network so I blocked it globally, but every user should decide on his own.Those leaks sometimes bypass the entire VPN network entirely, so their work will not be enough. I wonder what such providers will do in order to prevent DNS leaks. Block the entire udp/53 port on all servers?This is not a good approach. 2 go558a83nk and rickjames reacted to this Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
usefulvid 18 Posted ... Thanks a lot for your anwsers. I also agree that the vpn service should provide a solution against the webrtc leak. For chrome I have to install a new plugin which I have to trust. The approach with the windows firewall which blocks everything which goes around the vpn is great. perhaps there are other software using a similiar mechanism to webrtc they will also be blocked. Quote Share this post Link to post
chuki mud 1 Posted ... Why should a VPN provider do this and why should they do that? I've been researching which, and what type of VPN to get for close to three weeks now and have already dumped three due to horrendous tech support and "why" VPNs should do those kind of things is, believe it or not, not everyone knows as much as you guys when it comes to UA spoofing, SSL/SSH, routing, masking, obfuscating, porting forward and the other things to stay ahead of attackers but it's easy enough to follow a forum like this to determine if a VPN doesn't address such issues, coupled with my NOT knowing how to achieve those configurations resulting in my data being at risk would make my buying service from them pointless so I'm thinking they should do AT LEAST that AND give customers step-by-step tutorials with any necessary links to achieve something to that end.Knowledge is power and I can't see any reason power like that shouldn't be shared.The last two days of my "shopping" have finally gotten me to multi-hopping VPNs which pisses me off that general searches kept leading me to the same crap VPNs over and over.Thing is you've got to PLEASE remember that a huge portion of the population is completely ignorant to the how, what and why when it comes to all this- we just want to PAY for a highly effective VPN that's constantly evolving thus making their best effort in staying on the cutting edge of keeping my data secure that we can feel good about giving our hard-earned money to... keywords here are "ignorant" (the "why" you asked about), the second being "pay" which is the reason the VPN gets to pay for continued R and D, buy servers and equipment, pay their employees, stay in business and turn a profit so we are kinda important when all's said and done.Now I'm just searching for a VPN that will take a freakin moment out to help me put together the appropriate package for my needs. I see the lists of what they offer, I just can't implement them effectively...Sorry to interrupt - Carry on 1 Valerian reacted to this Quote Share this post Link to post
whomever 0 Posted ... Why should a VPN provider do this and why should they do that? I've been researching which, and what type of VPN to get for close to three weeks now and have already dumped three due to horrendous tech support and...The last two days of my "shopping" have finally gotten me to multi-hopping VPNs which pisses me off that general searches kept leading me to the same crap VPNs over and over....Now I'm just searching for a VPN that will take a freakin moment out to help me put together the appropriate package for my needs. I see the lists of what they offer, I just can't implement them effectively...Sorry to interrupt - Carry onSo, em, who did you find/choose? Quote Share this post Link to post
usefulvid 18 Posted ... I had to decrease AirVPNs rating due to unsolved DNS issues. Feel free to inform me if these issues are solved. Quote Share this post Link to post
zhang888 1066 Posted ... I had to decrease AirVPNs rating due to unsolved DNS issues. Feel free to inform me if these issues are solved. Instead of spreading wrong information, did you try to check the routes page for the allegedly failing domain here?https://airvpn.org/routes/ This page should also check in realtime the DNS resolution and report any errors. Or you decided to take 2 (completely unrelated) issues from that thread and conclude there is a global problem? 1 Blade Runner reacted to this Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
jean claud 45 Posted ... If you allow me some important things are missing in your listfor exampleWhat OS are allowed ?Is there a software client for each os ?Killswitch ?Is peer to peer allowed ? (For exemple oVpn.to doesn't allow torrenting) 1 Blade Runner reacted to this Quote Share this post Link to post
usefulvid 18 Posted ... Instead of spreading wrong information, did you try to check the routes page for the allegedly failing domain here?Which information is wrong? I will check routing next time the issue appears. This hint should come from the airvpn support Or you decided to take 2 (completely unrelated) issues from that thread and conclude there is a global problem?I personally have this issues and opened up a ticket and the users in the thread also report this issue. DNS fails for some minutes and just for specific domains. Is peer to peer allowed ? (For exemple oVpn.to doesn't allow torrenting)This is mentioned in the comment section. At the time I started the list I thought P2P is natuarlly allowed but I discovered it is often blocked. Where do you get you information that ovpn is not allowing p2p? They only state in the ToS that ILLEGAL Filesharing is forbidden. Quote Share this post Link to post
jean claud 45 Posted ... Difference is subtile If peer to Peer is "allowed", torrenting is not :"Illegal sharing of copyright protected materials is prohibited" says their TOS Is it not the proof than a "full green" VPN could be a very uncomplete one+ they don't have a linux soft client with killswitch like AirVpn . As I said in the previous message important items are missing in your list .Most of based country are missing too, and there is no colours to say if they appart to 5eyes , 9eyes ot 14 eyes country . Godd job anyway Quote Share this post Link to post
zhang888 1066 Posted ... You are again concluding that the issue you are having is the same with other users while it's not. I found something out:It seems that sometimes dns requests are sended to my router instead of using the airvpn dns. Airvpn dns is working fine but does not receive dns requests.The dns requests to my router are blocked by dns leak protection so I get no result. after some minutes waiting it worked again. I changed nothing in the meanwhile...This is a case of a simple DNS leak. The solution to this should be the same as fixing DNS leaks on Windows - making sure the DNS servers in all adapters are set to automatic when using Eddie. If there were issues with the DNS servers, there would be much more threads and reports about it than 2 users in 2 months making assumptions.You can still verify it with the following simple method:1) Get a list of Alexa Top 1000 most visited websites. This should be enough for testing reliability. We cut 1000 from 1m. curl -s -O http://s3.amazonaws.com/alexa-static/top-1m.csv.zip ; unzip -q -o top-1m.csv.zip top-1m.csv ; head -1000 top-1m.csv | cut -d, -f2 | cut -d/ -f1 > topsites.txt 2) Make a small command to get the first A record from each host and write results to a file. We can use dig +short for that: dig a -f topsites.txt +noall +answer | awk '{print $1}' | sort | uniq | nl 3) Check results, should be exactly the same number as the hosts you defined in the test. Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
usefulvid 18 Posted ... 3) I got 1005 results instead of 1000I tried it with 30 -> I got 30 resultsI increased to 40 and got 41 results root@ubuntu:/home/usefulvid# dig a -f topsites.txt +noall +answer | awk '{print $1}' | sort | uniq | nl 1 360.cn. 2 amazon.com. 3 baidu.com. 4 bing.com. 5 detail.tmall.com. 6 detail.tmall.com.danuoyi.tbcache.com. 7 ebay.com. 8 facebook.com. 9 google.co.in. 10 google.co.jp. 11 google.com. 12 google.com.br. 13 google.com.hk. 14 google.co.uk. 15 google.de. 16 google.es. 17 google.fr. 18 google.it. 19 google.ru. 20 hao123.com. 21 instagram.com. 22 jd.com. 23 linkedin.com. 24 live.com. 25 msn.com. 26 qq.com. 27 reddit.com. 28 sina.com.cn. 29 sohu.com. 30 taobao.com. 31 t.co. 32 tmall.com. 33 twitter.com. 34 vk.com. 35 weibo.com. 36 wikipedia.org. 37 wordpress.com. 38 yahoo.co.jp. 39 yahoo.com. 40 yandex.ru. 41 youtube.com. root@ubuntu:/home/usefulvid# cat topsites.txt | wc -l 40 root@ubuntu:/home/usefulvid# I did this while the issue did NOT appear Quote Share this post Link to post
zhang888 1066 Posted ... detail.tmall.com.danuoyi.tbcache.com thats the extra one that returns CNAME as well as A.So yes few more results than in your file is a good outcome as well.But you have to test it when you claim to have issues, while obviously connected to that server. I specifically made it for *nix where no DNS leaks occur, so you can know that your setup is correctand there are no requests sent over other interfaces and other devices, just a test of the 10.x.0.1 Air DNS. Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post