Wireguard Privacy Clarification

[CIAOBUBU 0]

Hi everyone,

I've read the AirVPN FAQ about WireGuard and privacy, but I still can't fully understand the risk.

My understanding is:

1. I connect with my real IP, which AirVPN knows for the duration of the session and for 180 seconds after I've disconnected.

2. Inside the WireGuard tunnel, I have a static virtual IP address that's linked to my configuration file (.conf).

3. My traffic exits onto the internet using the AirVPN server's IP address.

My question is: what's the difference in terms of privacy risk compared to OpenVPN?

Aside from the 180-second issue, OpenVPN seems identical to me since with it too:

• Websites and governments only see the AirVPN exit IP.

• AirVPN does not log my activity.

---

 

My thoughts (and my doubt)

 

If the provider doesn't keep logs, what difference does it make if the virtual IP is static or dynamic? The only thing I can think of is that a static IP might be easier for a judicial authority to "flag." But what can they do with that information if they don't have the logs?

The main problem isn't that the provider has past logs, but that it could be forced to create them in the future. The static virtual IP acts as a persistent identifier that an authority can use to issue a monitoring order. In that case, the provider would be legally obligated to track my activity in real-time, effectively overriding the no-log policy for my account.

So, the real difference is that WireGuard, with its static IP, introduces a potential "doorway" for a future monitoring order that OpenVPN, with its dynamic IPs, doesn't.

Can someone confirm if my analysis is correct?

[Staff 10298]

@CIAOBUBU

Hello!

Your analysis is correct potentially: although it's unclear how the hypothetical order issuers can manage to get the private address you mention, let's assume that a method does exist.

Please see here what we implemented to mitigate this problem with the static, on file written private IP address (the fact that the file is in VPN servers RAM disk makes no difference). Your active intervention is required:
https://airvpn.org/faq/wireguard/

Kind regards
 

[CIAOBUBU 0]

 @Staff I'm sorry, maybe I'm not understanding correctly...

Premise: I only need it for p2p so I'm quite calm.

a) The real IP address is deleted at most 3 minutes after disconnection.
b) Any judicial entities would have a hard time accessing my VPN IP address (10.*) and in any case, AirVPN does not track the traffic of this address. The only risk is if, in some unspecified way, judicial authorities ask AirVPN to track me from now on. The fact that the address is in RAM on the AirVPN server doesn't change anything because I would continue to reconnect with the same one since it's in my config file (so to change it I have to regenerate the config file).

Why is it advertised as inherently less secure than OpenVPN? I there anything else? It seems to me that this is a very, very remote possibility to be caught...

[CIAOBUBU 0]

Hello @Staff, can you clarify the doubts expressed above?