AIRVPN Client Area

[chrisgriffin6690 0]

In the client area I used to be able to check what IP address was being seen by the VPN server. I could check if the connection was made through TOR by checking to see if the IP that was shown was that of a Tor IP address, but now that seems to have disappeared and been replaced with a message "We inevitably know your real IP address. Any reference will be deleted when the connection is closed." The point of the Tor with Air set up is so that my IP is never revealed to AIRVPN?...

Anyone know why this has been changed ?

[Revelead 16]

People have complained about it showing your IP. That's why (i guess) it got removed.

[go558a83nk 352]

I would assume that if it's been changed Air would remove the line about knowing it.  No need to have it there if our real IP address isn't showing.

 

I'm wondering if the lack of it is residual from the attack or something.

[BSoD 4]

True, I also complained about this.

 

FIRST: they always know your IP while connected otherwise they won't know where to send the data (packets).

 

Just check this out. Let's assume the following: OpenVPN connections when not logging (which Air doesn't) are perfectly safe to hide your IP.

Now secondly the weakest link in the security is the human part. If one were to get hold of your username one might crack your password (tough Air probably has a lot of security there is the possibility of a loophole)

So with these settings one would be able to see your original IP as long as the connection is private and giving another vulnerability.

 

The following factors would make it easier to get these details:

- You login to a site and you use the same username (very likely and common) and perhaps even password (possible but very insecure).

- Also if you use a password manager they might (try to) hack it.

- And lastly they might try social engineering in order to get your Air details and see your local IP.

 

So this creates in my opinion an unnecessary risk.

 

Also if you want to check your local IP you can try the following.

Chrome browser (my version at least) is still vulnerable for WebRTC leaks. If you have a "WebRTC leak prevention plugin" disable it for a second. Then visit http://ipleak.net and it will probably show 2 IP's i the WebRTC section, your VPN IP and your local IP.

 

DON'T FORGET TO RE-ENABLE THE PLUGIN AFTERWARDS

 

I hope I explained why I and probably also some other users and the staff thought it would be better to disable this and I gave you a way to bypass this problem.