VPN Isn’t A Magic Bullet

I really like virtual private networks (VPN) and a lot of people utilize them for various reasons including protecting anonymity, thwarting region locks on services, and bypassing filters put in place by Internet service providers (ISP). However it’s important to note that there are no magic bullets and VPN is not exception.

We’re in the midst of a transition from IPv4 to IPv6. A lot of software still either doesn’t support or isn’t properly configured to handle IPv6 yet. In fact my ISP, Comcast, still doesn’t give business customers IPv6 addresses so I can’t setup my services to properly work with the new fangled Internet addressing scheme (and Comcast happens to be the only option in my area, good thing for Comcast the government exists to protect monopolies). That means my VPN server, like many others, may very well leak personal information through IPv6:

The study of fourteen popular VPN providers found that eleven of them leaked information about the user because of a vulnerability known as ‘IPv6 leakage’. The leaked information ranged from the websites a user is accessing to the actual content of user communications, for example comments being posted on forums. Interactions with websites running HTTPS encryption, which includes financial transactions, were not leaked.

The leakage occurs because network operators are increasingly deploying a new version of the protocol used to run the Internet called IPv6. IPv6 replaces the previous IPv4, but many VPNs only protect user’s IPv4 traffic. The researchers tested their ideas by choosing fourteen of the most famous VPN providers and connecting various devices to a WiFi access point which was designed to mimic the attacks hackers might use.

This is why I recommend doing things that absolutely need to remain private through a dedicated anonymity tool such as the Tor Browser. VPNs aren’t great for preserving anonymity anyways since the server administrator knows the IP address of connect clients whereas Tor exit nodes only know the IP address of the relays directly connected to it. The Tor developers also focus on anonymity first, which means they’re far more likely to find and fix leaks that could reveal personally identifiable information. However VPNs still work well for establishing connections to remote networks in a secure manner and will still do a good job of bypassing filters and region locks.

It’s also worth nothing that as we continue to transition to IPv6 we’re going to keep running into issues like this. Change is never completely smooth, especially when some ISPs, such as Comcast, still don’t provider customers the tools needed to utilize IPv6.

One thought on “VPN Isn’t A Magic Bullet”

  1. Yeah, I found that was the root of my wget issue as well. Comcast’s crappy little router isn’t configured to allow IPv6 connections.

    If only we could accelerate the mesh net revolution already.

Comments are closed.