Jump to content
Not connected, Your IP: 3.149.253.73
AirVPN
linux1905

Eddie login issue

By linux1905, ... in Eddie - AirVPN Client

Recommended Posts

linux1905    0

linux1905
Posted ...

Hi,

​Eddie login process can reveal our VPN service provider so an ISP firm at least can determine which customer uses which VPN service. If a AirVPN customer don't want to be known by an ISP, mostly uses VPN over ToR to conceal its real IP from VPN server and also conceal its VNP server IP & service provider name from ISP company. Thus an ISP can't expose neither VPN server IP that you connect to at the first hop nor VPN service provider name.

​That's why I'm using Eddie client to make VPN over ToR but client primarily requires log in with AirVPN account of users. This log in process basically posts your password & username to a server on the Internet. Eddie post mine to 52.48.66.85 (amazonaws.com). If ISP contacts to Amazon may reveal the VPN service provider.

​Why Eddie client doesn't post these data over ToR, if user configure Proxy/Tor section? Eddie doesn't use TOR and post these data with our real IP. It doesn't make sense.

Share this post

Link to post

OpenSourcerer    1435

OpenSourcerer
Posted ...

If ISP contacts to Amazon may reveal the VPN service provider.

 

And that's something everyone can do? I mean, I want to know who hacked my Twitter account so I tell my ISP to ask Twitter for the IP shown in the connection log and they say it like that? You really think it's as easy as this?

Question 2: How does Amazon know if a client is a VPN provider, aside from checking the registration details?

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post

Link to post

zhang888    1066

zhang888
Posted ...

You connect to hundreds of Amazon servers each time you use the internet, whether you know/like it or not.

TLS ensures that the communication is transmitted securely.

 

What is exactly the threat here? That your ISP will know that you connected to an Amazon server, but you are ok with them

to know that you connect to dozens of Tor relays, some of which might also be on Amazon?

Besides, being a large corporation of global internet operations, they do have very serious customer privacy policy.

An ISP cannot just start sending random requests to various companies asking for data. This does not work this way.

Khariz reacted to this

Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post

Link to post

linux1905    0

linux1905
Posted ...

In my opinion it is obvious if there is more secure way than now, there is always a threat. It doesnt important how it's minor or major. To post login session variables over ToR is more secure way as usual. On the other hand to make this must be very easy for programmer of Eddie. Why do you try to defend your position in any case?

What is exactly the threat here?

​If you connect to Internet we may exposed to any threat but goal is to make it more harder. This is my opinion as your customer.

Share this post

Link to post

Staff    9972

Staff
Posted ...

​That's why I'm using Eddie client to make VPN over ToR but client primarily requires log in with AirVPN account of users. This log in process basically posts your password & username to a server on the Internet. Eddie post mine to 52.48.66.85 (amazonaws.com). If ISP contacts to Amazon may reveal the VPN service provider.

​Why Eddie client doesn't post these data over ToR, if user configure Proxy/Tor section? Eddie doesn't use TOR and post these data with our real IP. It doesn't make sense.

 

This is obviously necessary for the pure login phase: how are you supposed to download the certificate and key that are mandatory for the connection inside the VPN? You need them before you connect.

 

Anyway Eddie, during the login, sends out and receives data to/from port 80, implementing encryption in what externally appears as a normal http (and not https) connection. After that, everything (including OpenVPN TLS pre-auth) goes over Tor according to your configuration. A Tor connection raises the suspicion and attention toward your account by your ISP (in a country controlled by a human rights hostile regime) much more than an innocent http connection, so your whole point does not stand.

 

On top of all the above, Eddie will re-use any data already available on the mass storage device when at least one login and authorization have been successful in the past. So just don't log your account out, and you will not need to re-log it in the service again at the next session (unless you require a certificate and key re-issuing, obviously).

 

Kind regards

Khariz reacted to this

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Go To Topic Listing
×
×
  • Create New...