Tag Archives: VPN

VPN Security Issue Can Reveal True IP

I use a Virtual Private Network (VPN) on a regular basis.  There are many reasons to do so.  It helps keep my true IP address concealed; all my internet traffic appears encrypted to the ISP.   If I need to use Wi-Fi at a coffee shop, I can do so without fear that the owner of the access point could be snooping on me.  Some internet content is also geographically restricted, and my VPN provides me a choice of where I want my internet traffic to originate from.

As it turns out, a wee bit of Javascript magic will convince a web browser to reveal the originating IP.  While I’m connected to my VPN (through their provided applet, but this also works with other connection methods), here is what Google reports as my IP address:

my IP address

When I visit a site that is using some STUN Javascript:

myIPSTUN

Yes, that 50.*.*.* IP address is mine.  As noted by that demo above, the request will not show up in dev consoles and privacy-related browser extensions will not block it either (aside from NoScript, which blocks all Javascript).  You can read more about this security problem.

But there is good news.  This problem does not affect any web browsers in OS X.  It appears to only impact Windows machines, and only the Firefox and Chrome browsers.  Of course, we want all browsers to be secure, so how to fix this?

If you’re on Windows and using Firefox, type “about:config” in the address bar, and set “media.peerconnection.enabled” to False.

If you’re on Windows and using Chrome, type “chrome://flags/” in the address bar and check “Disable WebRTC device enumeration.”

The superior way to fix this is to force all traffic to go through your VPN, but my skills with Windows Firewall are a bit lacking.  If you control your own physical firewall, you probably already have a good idea on how to force web traffic to go over port 1194 (OpenVPN) during VPN sessions.  Properly implemented, that should also plug this data leak.

I advise anyone who cares about privacy who is using Windows to take the above steps to fix the problem.  There are lots of people out there who want to track you so they can spy on you and sell you things.  Why make it easy for them?

ThreatPost also has more on this.

NBC’s Olympic streaming problem

The Olympics are here, which means it’s time to showcase the difference between how to stream the Olympics properly and how NBC manages to do it.

First, I’ll grant you that the logistics are difficult when the Games are in London; just as the evening’s events are wrapping up, it’s time for America to get home from work and start making dinner in preparation for an evening creating creepily one-sided love affairs with gymnasts, swimmers, and beach volleyballers from around the world. For this casual audience, I have no problems with tape delay. I have a few other issues with NBC’s television coverage (like the 7/7 tribute omission, as well as the narrow focus on American athletes, as if those are the only athletes with stories worth telling).

But I thought the streaming was going to be better this time around – after all, we have the technology. But NBC has decided that in order to stream any event online, you must also be paying for cable (in addition to the internet that you will be streaming from). Since cable’s only value for anyone would be to watch NBA games (and I buy the NBA’s League Pass Broadband during the season anyway), I don’t subscribe to cable, or Dish, or DirectTV, or run my own pirate satellite feed using an unholy alliance of lasers, nanobots, and UAVs.

So while I was trying to watch a replay of Russia destroying Great Britain’s excuse for a basketball team, I realized I had completely forgotten about the most useful weapon in any online arsenal – a VPN. Now, for those of you who don’t know what a VPN is, what you need to know at the moment is that it basically routes all your internet traffic through to another destination before it gets to your computer. A good VPN will also provide strong encryption (hopefully not over PPTP using MS-CHAPv2), in order to prevent eavesdropping and traffic-shaping by your ISP.

Fortunately, all it takes is an endpoint in the UK in order to access the BBC’s coverage of the Olympic Games, which is much better than paying for cable just to stream the games online. What most people also do not realize is that YouTube is streaming the games online as well if you happen to live in the right country.

I was going to make this a longer diatribe against the shortsightedness of NBC, but to be honest, I really don’t think they care. They will continue to make money by only showing gymnastics and swimming during primetime, and the users who take the kind of shortcut offered by a VPN are probably not their target market anyway. And not to dive into the drama at the heart of the issue, but as more people use technology to bypass the laws of nation-states, those laws will be less and less relevant as time marches on…but as long as enough people are willing to watch ads, pay for cable, etc. there won’t be an incentive to move to a new model until it is too late.

EDIT: A buddy just directed me to this article on how to get yourself hooked up with a VPN if you don’t have one, on the cheap. I have no need to try this so won’t vouch for it, just adding it to the idea-pool. It’s probably worth it to drop the $10 on a reputable service for a month anyway, just make sure they have an exit node in the correct country!