You may be leaking your identity and not know it! (VPN/Browser leaks)

Discussion in 'Security, Privacy & Anonymity' started by TS561, Aug 20, 2016.

  1. TS561

    TS561 Member

    This is just some of my personal experience as of late. All of this info may be old news, but I searched the threads and didn't see anything. So I just wanted to share in case someone didn't know. From reading around the board. There are obviously some really tech savvy guys. So if this is clutter. I apologize. With tech I think most people prefer things to be as straight forward as possible. So just do a search for the following:

    1) DNS leak test

    2) IPv6 leak test

    3) WebRTC leak test

    There will be a least a few sites that have tests you can perform. Use more than one to be sure. If any info that relates to you comes back. Then you have an issue. You should only be able to see the info related to your VPN service. With a quick search, you can find plenty of info on how to fix any one of the listed issues. One last thing, when it comes to IT. A simple update to one app may cause changes in another. So a lot of the experts that have been writing articles on this stuff. Recommend periodically checking, just to be sure. Thanks for reading, and really I hope no one has any issue.
     
  2. tweek

    tweek Member

    I'll check it out brother, appreciate the information
     
  3. heady muscle

    heady muscle Member AnabolicLab.com Supporter

    Are you speaking strictly using a smart phone? Or is PC's and MACs just as susceptible?
     
    MindlessWork likes this.
  4. MindlessWork

    MindlessWork Member AnabolicLab.com Supporter

    Great information here so I may do this to check the VPN connection I use to connect to corporate network as sometimes I work from home.
     
  5. TS561

    TS561 Member

    From what I have researched, all devices can be vulnerable. You should check just to be sure. The webRTC things seems to be somewhat newer of a concern, but all are a problem. Stay safe, and if you find anything. There are fixes for all of them.
     
    MindlessWork likes this.
  6. TS561

    TS561 Member

    Large companies usually have entire teams just dedicated to networks. So it is really unlikely that you would find anything, but you never know. So you could run it.
     
  7. MindlessWork

    MindlessWork Member AnabolicLab.com Supporter

    If you have info leaks on say a corporate VPN that can potentially open the user up to attacks so tools like the ones posted (and others) are useful.

    If a user does encounter things like this they could well report it to the company's VPN support team for investigation.

    On a personal VPN (like one of the paid providers) however there may not be much recourse but still informing the provider can help. The fixes as outlined by the tools above can help as well.
     
  8. master.on

    master.on Member

    Besides VPN
    it is recommended to use a prepaid non-registered phone/tablet/modem
     
  9. MindlessWork

    MindlessWork Member AnabolicLab.com Supporter

    You can check out FreedomPop for prepaid service and I have one of their USB modems so that I can use it with my old IBM laptop that I use as a netbook when I travel.
     
  10. TS561

    TS561 Member

    For the first two points, keep in mind that if you do find something. It is more than likely on your end. Probably something to do with you browser, home security suite, or even your VPN settings. For instance Kaspersky firewall can be a nightmare. Also, before you report anything, really think about a corporate IT guy poking around in your browser or home network settings. If the have a user leaking data. They will want to know why.

    On the third point, actually home set up are the easier ones to address. Just depends on your set up.
     
  11. TS561

    TS561 Member

    This really depends on your threat model. Keep in mind that Tor, Tails, Whonix, and so on, draw attention. When you start talking about burner cells, prepaid cards for VPN service, and the like. Well those "can" be good idea, but some of the stuff I read is a little worrisome. When you start talking about multi-layered encryption, attempting nested virtualization in VM, sandboxes, and more. Well, you need to really think on what you are about to do. Look, I don't encourage anything, but if you plan on taking a trip to the deep dark places. You had better know what you are doing. Remember that's were the monsters live. Firmware alone should scare the shit out of anybody, but throw in zero day attacks and the like. These motherfuckers ain't playin' dude. I am no expert, computer sciences is something that I just enjoy reading about. I have never been on the dark web, and have no intention of going.
     
  12. heady muscle

    heady muscle Member AnabolicLab.com Supporter

    Which site would be best to check all this out for a MAC?
     
  13. TS561

    TS561 Member

    You can start with these. When it comes to your OS. There isn't any real difference in finding out if you have a leak. There may be difference when you start implementing the corrections, but that probably isn't the case.


    dnsleaktest.com
    dnsleak.com
    ipleak.net
    ipv6leak.com
    browserleaks.com/webrtc
     
  14. mikehunt

    mikehunt Junior Member

    this is good info. i have been researching this area a lot lately. i have looked up a lot of reviews/did research on my vpn provider and thought of but never actually looked into testing it. i pay for mine tho and it seems very reputable/solid but u can never be too sure. i use ipvanish in case u were wanted to know
     
  15. TS561

    TS561 Member

    I feel ipvanish has a solid reputation. I use PIA (Private Internet Access). There "no logging" claim seems to be legit. Just google PIA and FBI. It is in regards to a case were some dumb ass was making bomb threats. It is an interesting read.
     
  16. savage lifter

    savage lifter Member

    Anyone using chrome should switch to firefox. Chrome leaks and it cannot be stopped, firefox leak can be stopped in settings.
     
  17. TS561

    TS561 Member


    Excellent point, Google did come out with an extension to stop the webRTC leak. But it's fucking google. They make their billions by being the guys that know everything about users.
     
  18. savage lifter

    savage lifter Member

    yea check2ip.com is amazing
     
  19. DROIDKILLERX90

    DROIDKILLERX90 Junior Member

    very solid advice from all of you
    this stuff is a pain in the ass at first but it gets easier and in the end is worth the peace of mind
    encryption is the future, don't be caught w/0 it
    the governments have had it so easy, and now that we have been enlightened by snow den and mann ing about how our own govern ment attacks us, it is not so much.
    Anonymous is your friend check them out
    simple steps render them useless and there is a satisfaction in that
    do not let the sacrifices of these patriots go in vain