Jump to content
Not connected, Your IP: 35.175.201.14
wintermute1912

What is the purpose of the aek_id variable at https://airvpn.org/entry?

Recommended Posts

Posted ... (edited)

You may well know that it's a DDoS protection mechanism. You may also be as far as knowing that aek_v is version (currently 14, as seen in your screenshot; your blur is ineffective, I'm afraid) and aek_url is where to redirect the browser after a successful check.

Now, the /entry webpage has some JavaScript code there which I didn't read too closely. But it suggests that the browser is to run some calculations, the result of which will be checked against what the server calculated. The aek_id might identify the calculation on the server against which the result of the browser is checked. If they match, you may pass. I assume this checks whether JavaScript runs and whether it runs correctly (as in, it's not a dummy/stub) on the client.

DDoS against web servers is usually not done by normal browsers but by automated programs mimicking them. As such, they don't usually run JavaScript. So those bots keep attacking the shell of a clam (that checking server) and the pearl inside is safe (AirVPN forums).

Edit: I found a related Stack Exchange question about CloudFront's protection mechanism (the infamous Checking your browser, you will be redirected in five seconds page).

Edited ... by giganerd
Stack Exchange

Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post
On 12/29/2019 at 12:11 PM, giganerd said:

You may well know that it's a DDoS protection mechanism. You may also be as far as knowing that aek_v is version (currently 14, as seen in your screenshot; your blur is ineffective, I'm afraid) and aek_url is where to redirect the browser after a successful check.

Now, the /entry webpage has some JavaScript code there which I didn't read too closely. But it suggests that the browser is to run some calculations, the result of which will be checked against what the server calculated. The aek_id might identify the calculation on the server against which the result of the browser is checked. If they match, you may pass. I assume this checks whether JavaScript runs and whether it runs correctly (as in, it's not a dummy/stub) on the client.

DDoS against web servers is usually not done by normal browsers but by automated programs mimicking them. As such, they don't usually run JavaScript. So those bots keep attacking the shell of a clam (that checking server) and the pearl inside is safe (AirVPN forums).

Edit: I found a related Stack Exchange question about CloudFront's protection mechanism (the infamous Checking your browser, you will be redirected in five seconds page).


Thank you for the reply. It didn't occur to me that it could be a DDoS protection mechanism but further investigation of the (beautifully obfuscated) JS certainly points in that direction.

It was only my intention to the obscure the aek_id with the blur btw but as it turns out I needn't have bothered as this variable is different with each browser instance. I can't claim to understand exactly what the entry JS does but it seems the aek_id is purely arbitrary. My only concern was it was static and unique and somehow generated from identifying elements of my browser.

All good!

Share this post


Link to post
2 hours ago, wintermute1912 said:

as this variable is different with each browser instance


Well, I had a weird issue on an old Waterfox profile where I wouldn't pass the test. The site was reloading continuously and everytime it did it would generate a new ID. Also, AirVPN is on a sticky tab, and after a few days its history would contain all the security checks I passed in the past. The ID is always different. That's how I know. :D

Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...