Privacy

31978 readers

405 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

Novel attack against virtually all VPN apps neuters their entire purpose (arstechnica.com)

submitted 6 months ago by 0xtero@beehaw.org to c/privacy@lemmy.ml

11 comments fedilink hide all child comments

Pulling this off requires high privileges in the network, so if this is done by intruder you're probably having a Really Bad Day anyway, but might be good to know if you're connecting to untrusted networks (public wifi etc). For now, if you need to be sure, either tether to Android - since the Android stack doesn't implement DHCP option 121 or run VPN in VM that isn't bridged.

you are viewing a single comment's thread
view the rest of the comments

[–] 0xtero@beehaw.org 14 points 6 months ago* (last edited 6 months ago)

I also don’t get much value out of the statement that “every” OS except Android is vulnerable. Do they really mean all other OSes, or just what would come to mind for most people, i.e. Windows, macOS, Linux, iOS? What about the various BSDs for example?

It's a DHCP manipulation attack, so every RFC 3442 compliant DHCP implementation implementing option 121 would be "vulnerable" (it's not vulnerability though). Android apparently doesn't implement it, so it's technically impossible to pull off against Android device. There might be others, but I'd guess most serious server/desktop OS'es implement it.

The title isn't misleading at all, even though the "neutering their entire purpose" is a bit of a click-bait. This doesn't affect ingress VPN at all.

It's an attack that uses DHCP features (according to RFC).

It's a clever way to uncloak egress VPN users, therefore it does have privacy impact since most of us use VPN for purposes of hiding out traffic from the local network and provider and there's no "easy" fix since it's just a clever use of existing RFC.