Jump to content
Not connected, Your IP: 35.153.135.60

Recommended Posts

Does AirVPN has any plan to offer browser extension/plug-in/add-on to have VPN on the browser level?

 

Many other VPN providers are doing that and it is very useful if you want to log-in to social media and not corelate your IP with it.

Share this post


Link to post

Hello,

 

I'm sure Staff will jump in and give you an official answer but I don't think an extension is going to happen.

Those extensions rely on proxies to function and AirVPN doesn't seem very keen on providing anything not based on openvpn.

Share this post


Link to post

Hello!

 

The browser extensions you mention configure your browser to tunnel its traffic, and only its own, over some SOCKS or HTTPS proxy. Normally it has nothing to do with entering a Virtual Private Network and should not be considered a reliable method to build an anonymity layer, not even a weak one, because all the other traffic (system traffic, other applications traffic, traffic generated by plug-ins too in some cases) will not be tunneled.

 

On top of the above some technical challenges and concerns about DNS pre-fetching and more in general about the fact that DNS queries will not be tunneled anyway in some systems (Windows) under not uncommon circumstances must be taken into account.

 

So the whole matter seems outside AirVPN scope, as AirVPN service is meant primarily as a privacy enhancing service through an anonymity layer which aims to not let any single packet go out to the Internet with your "real" IP address AND to send to the Internet packets with an IP address that's even different than the IP address of the VPN server you connect to (a very important feature that is often overlooked and which is not offered by many VPNs, and that anyway can't be offered by a proxy).

 

It might be a service for other purposes, but it does not seem aimed to create any anonymity layer of any kind and/or to the purpose  AirVPN is meant for.

 

Kind regards

Share this post


Link to post

send to the Internet packets with an IP address that's even different than the IP address of the VPN server you connect to (a very important feature that is often overlooked and which is not offered by many VPNs

 

Can you explain why this is important? The entry IP appears to be fixed, either 1 above or 1 below the exit IP depending on if you use the standard entry IP or the alternative. Any adversary would know the two possible entry IP's from the exit IP.

Share this post


Link to post

Hello!

 

The browser extensions you mention configure your browser to tunnel its traffic, and only its own, over some SOCKS or HTTPS proxy. Normally it has nothing to do with entering a Virtual Private Network and should not be considered a reliable method to build an anonymity layer, not even a weak one, because all the other traffic (system traffic, other applications traffic, traffic generated by plug-ins too in some cases) will not be tunneled.

 

On top of the above some technical challenges and concerns about DNS pre-fetching and more in general about the fact that DNS queries will not be tunneled anyway in some systems (Windows) under not uncommon circumstances must be taken into account.

 

So the whole matter seems outside AirVPN scope, as AirVPN service is meant primarily as a privacy enhancing service through an anonymity layer which aims to not let any single packet go out to the Internet with your "real" IP address AND to send to the Internet packets with an IP address that's even different than the IP address of the VPN server you connect to (a very important feature that is often overlooked and which is not offered by many VPNs, and that anyway can't be offered by a proxy).

 

It might be a service for other purposes, but it does not seem aimed to create any anonymity layer of any kind and/or to the purpose  AirVPN is meant for.

 

Kind regards

 

 

 

It is useful to be used ON TOP of system wide VPN.

Let's way you have your system wide VPN on all day long.

 

But you want to log-in into facebook for a minute. And obviosly you don't want to corelate your facebook identity with your VPN IP.

You can either close everything, diconnect the VPN and log-in into facebook. Highly unpractical.

 

Or just fire up a browser, that is just for that, with browser level VPN, but on another server, hence another IP.

So you are still protected, but they can't corelate your facebook to your system wide VPN IP and hence your other activities.

 

Makes sense?

 

 

 

Also I wasn't aware that you provide 1 entry IP and different exit (public facing IP) to your customers, that is very nice!

Share this post


Link to post

 

send to the Internet packets with an IP address that's even different than the IP address of the VPN server you connect to (a very important feature that is often overlooked and which is not offered by many VPNs

 

Can you explain why this is important? The entry IP appears to be fixed, either 1 above or 1 below the exit IP depending on if you use the standard entry IP or the alternative. Any adversary would know the two possible entry IP's from the exit IP.

 

Hello!

 

It's of vital importance because it prevents specific correlation attacks aimed to cause your system to exchange data outside the VPN tunnel when you use remote port forwarding. It's trivial to successfully perform such attacks when the entry and the exit IP addresses match. Anybody can therefore discover your "real" IP address (and this is what normally happens in many VPN services which provide remote port forwarding, we would not even define them as "competitors" anyway).

 

Additionally your assumption may be correct or not but is irrelevant. Correlations in low latency networks become more difficult when exit and entry-IP addresses do not match, regardless of their subnet.

 

Kind regards

Share this post


Link to post

It is useful to be used ON TOP of system wide VPN.

Let's way you have your system wide VPN on all day long.

 

But you want to log-in into facebook for a minute. And obviosly you don't want to corelate your facebook identity with your VPN IP.

 

Hello!

 

That's not the correct way to do it, especially with Facebook! Probably you did not get the full implications of what we wrote earlier. Anyway in this usage example Facebook may correlate your proxy IP address with your VPN IP address (through one of its infinite spy plug-ins or with the aid of a third-party web site you open with another browser because you would like to appear there with your VPN IP address or in even other ways), and not with your "real" IP address. Once again your purpose is defeated.

 

Maybe these "VPN browser extensiosn" are just bloatware giving a false sense of trust, which is dangerous. Even the definition is a blatant lie ("VPN"??? they have nothing to do with VPN).

 

You can either close everything, diconnect the VPN and log-in into facebook. Highly unpractical.

 

Privacy enhancing methods are not always "practical", in spite of our efforts. We can't protect you against yourself and your bad habits, but we can try to raise your awareness about the risks you are not aware of.

 

Kind regards

Share this post


Link to post

 

It is useful to be used ON TOP of system wide VPN.

Let's way you have your system wide VPN on all day long.

 

But you want to log-in into facebook for a minute. And obviosly you don't want to corelate your facebook identity with your VPN IP.

 

Hello!

 

That's not the correct way to do it, especially with Facebook! Probably you did not get the full implications of what we wrote earlier. Anyway in this usage example Facebook may correlate your proxy IP address with your VPN IP address (through one of its infinite spy plug-ins or with the aid of a third-party web site you open with another browser because you would like to appear there with your VPN IP address or in even other ways), and not with your "real" IP address. Once again your purpose is defeated.

 

Maybe these "VPN browser extensiosn" are just bloatware giving a false sense of trust, which is dangerous. Even the definition is a blatant lie ("VPN"??? they have nothing to do with VPN).

 

>You can either close everything, diconnect the VPN and log-in into facebook. Highly unpractical.

 

Privacy enhancing methods are not always "practical", in spite of our efforts. We can't protect you against yourself and your bad habits, but we can try to raise your awareness about the risks you are not aware of.

 

Kind regards

 

 

 

No, i've taken care of that since I use separate, isolated browser for facebook.

The only thing that connects me with my other browsing is that I use the same VPN IP.

 

So you get the same VPN IP, using facebook and other sites at the same time.

 

Not too hard to corelate both, and effectively deanonymouze the user.

 

So, if you really want your users to be protected, you have to offer them ways to not compromise themlseves by using social media.

Share this post


Link to post

No, i've taken care of that since I use separate, isolated browser for facebook.

The only thing that connects me with my other browsing is that I use the same VPN IP.

 

So you get the same VPN IP, using facebook and other sites at the same time.

 

Not too hard to corelate both, and effectively deanonymouze the user.

 

Hello!

 

As we said the method you describe is not effective. Separation of identity is. Unfortunately there is no way, not only for us but for any service, to protect a user against his/her own bad behavior. However inducing customers to use false "solutions" is unfair.

 

So, if you really want your users to be protected, you have to offer them ways to not compromise themlseves by using social media.

 

Which is identity separation. We already offer five connection slots from the same account, so you can introduce yourself with as many different IP addresses as you wish and you will have your solution, provided that identity separation is enforced. In the other case you mentioned, specifically with the browsers extensions you mentioned, you may compromise yourself in any case, even with identity separation, as explained.

 

We can't protect you against yourself and your bad habits, but we can try to raise your awareness about the risks you are not aware of.

 

Kind regards

Share this post


Link to post
Guest
This topic is now closed to further replies.

×
×
  • Create New...