Jump to content
Not connected, Your IP: 18.209.69.180
croco

Vpntesting.info report of 29 VPNs leak tests

Recommended Posts

Posted ... (edited)

Can anyone comment on this report done on vpn leak tests and tell me if these issues have now been fixed on Eddie Mac OS X client please. Or in fact if it ever was a genuine problem. also any IVPN users who have anything to say about that vpn service seeing as they sponsored it. Sorry im not sure on the date it was done so this topic might already be on this forum somewhere but a search here didn't bring any result. heres the link to the report  https://vpntesting.info

Edited ... by OpenSourcerer
Fix IDN homograph attack – dead link anyway

Share this post


Link to post

Can anyone comment on this report done on vpn leak tests and tell me if these issues have now been fixed on Eddie Mac OS X client please. Or in fact if it ever was a genuine problem. also any IVPN users who have anything to say about that vpn service seeing as they sponsored it. Sorry im not sure on the date it was done so this topic might already be on this forum somewhere but a search here didn't bring any result. heres the link to the report  https://vpntesting.info 

 

Thank you very much for this warning: unfortunately we were never contacted by the authors about this problem, and we are going to investigate in the nearest future. We will keep you posted.

 

Kind regards

Share this post


Link to post

Hello,

 

we can't reproduce the presumed issue in any way. As far as we can see it does not exist. We have never been contacted by the author.

 

We have anyway written to the author of the article for clarifications and explanations. We will keep you posted.

 

Kind regards

Share this post


Link to post

Thanks. i guess then its not impossible the test results could of been set up by a competitor to increase their rating & sales. If the author was genuinely concerned for vpn users anonymity then he would certainly of contacted all providers about the results and help them fix it, regardless of who sponsored it. But theirs also the possibility the author DID in fact contact all VPN's concerned but the providers are keeping it quiet until they fix it. Either way its food for thought.

Share this post


Link to post

But theirs also the possibility the author DID in fact contact all VPN's concerned but the providers are keeping it quiet until they fix it. Either way its food for thought.

 

No, we were not contacted. We contacted the author of the article as we said, and he kindly answered. We will be waiting for the information we required and we will keep you posted.

 

Kind regards

Share this post


Link to post

I'd like to clarify a few things. First, IVPN did pay me for the work. And, having written a leak-testing guide for them, I knew that I hadn't managed to make their Windows or OSX clients leak. As long as their firewall was on, that is. However, I was entirely free to choose which other VPNs to test. And there were no restrictions on what I could or couldn't report. Indeed, I reported that six Windows clients didn't leak, and four OS X clients.

 

Second, I did in fact leave the default "Allow pings" option checked in the AirVPN client's "Network Lock". But here's the thing: I didn't even look at the options. Nor did I look at options for the firewall in IVPN's Windows and OSX clients, or at options for any firewall/lock/kill-switch features in other VPN clients. If I saw a firewall/lock/kill-switch feature, I enabled it. Also any other top-level security features. But I did no fine tuning.

 

Why did I do that? I did it because I wasn't just testing the capabilities of VPN clients. Rather, I was testing how VPN clients performed for users that are security-conscious, but not highly technical. I mean, if they were highly technical, they'd be running open-source OpenVPN clients, and using firewall rules to prevent leaks. Or pfSense VMs. So my target users were people who knew that leaks could happen, and so would enable features to prevent them. But such users wouldn't have the technical expertise to change default options in those features. And arguably, they might not even look. At least, not when they first used the VPN client.

 

And the point is that even one leaked packet can be problematic. Let's say that you're torrenting some popular film or TV episode. You notice that your Internet connection is funky, and the VPN connection is flapping. So you close the torrent client, and troubleshoot the problem. What can bite you is the tendency for torrent clients to ping swarms, when transfers start failing. And pinging malicious peers directly, rather than through the VPN, can disclose your IP to people who will make trouble for you.

 

Also, there was an odd difference between the behavior of AirVPN's Windows and OSX clients (both v2.10). I was pinging 8.8.8.8 throughout the testing. In Windows, I saw no pings to 8.8.8.8, or replies from it, until after exiting from the AirVPN client. In OS X, I saw no ping requests/responses until after interrupting and restoring the uplink. So Network Lock in the OSX client must have been blocking pings initially, just as in the Windows client. But unlike the Windows client, the OSX client apparently allowed pings during reconnection after uplink interruption.

 

Third, I did not contact AirVPN, or any of the other VPNs for which I found leaks. I did announce https://vpntesting.info/ on Wilders Security Forums and in /r/VPNs, and summarized the results. I assumed that VPN providers would generally be monitoring such sites for issues. And Wilders does trend high in Google results. Also, I admit, the prospect of dialoguing with numerous VPNs, and retesting their clients, was daunting.

 

In any case, it was a mistake to not alert VPNs to the leaks. And I apologize.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...