IPv6 Leakage and DNS Hijacking in Commercial VPN Clients [pdf]

VPN services having their clients use a 3rd party server is completely irresponsible. &quot;We sell a privacy service. Oh, but that said, we send your DNS queries to a company that logs and monetizes them&quot;.<p>Fortunately, there are VPN services that take what they pretend to do a bit more seriously. And who know how to run their own DNS servers.<p>Some even provide DNSCrypt-enabled DNS servers (public, or for their customers) in order to mitigate leaks (ovpn.to, ipredator.se, and I think cryptostorm).

I founded (and still run) a VPN provider, Lokun.is. Just as this paper mentions, most of the providers make very bold claims. I&#x27;ve tried to avoid that, but entering this space without promising (seemingly) nonsensical things means that you won&#x27;t gather much traction.<p>And I&#x27;m OK with that. I will rather build good tech and be honest with my users, rather than giving them a false sense of security. As I mentioned in another HN comment the other day[0], I have mostly been operating in a niche market in Iceland, circumventing dual pricing for bandwidth on home connections.<p>VPNs are good for some things, but they are not tools made to give you absolute privacy as some claim. I&#x27;ve been running Tor exit nodes and tried to be as clear as I can about what a VPN is and what it is not.<p>I have also tried to keep most of my code on GitHub[1] with AGPL as license, and I&#x27;m not aware of any other provider that does this. Of course, it won&#x27;t help with the issues outlined in this paper and I probably should have published server configs as well. But this project is nearing it&#x27;s end for me, so it&#x27;s probably too late for that. Although I&#x27;m not opposed to cleaning up that repository and publishing on GitHub.<p>Since starting this project I have watched about a dozen VPN providers start up, make ridiculous claims (this paper mentions some VPN providers claiming to provide better privacy protections than Tor) and often disappear just as quickly as they appeared. This market boomed after Snowden and a lot of the providers will not shy away from outright lying to their customers. I&#x27;d like to give them the benefit of the doubt because maybe they don&#x27;t fully understand themselves what a VPN is. But thats even worse.<p>This entire market is weird. A recent example that comes to mind is a certain VPN provider posted on reddit[2] claiming that even themselves cannot see the IP address of their clients. The reddit thread was deleted shortly after I responded, but the claim remains on their blog.<p>Of course not all providers do this. I have on purpose not been naming the providers I have been talking about. As always, be careful about who you trust and what you trust them with.<p>I have shared this paper in the capacity of Lokun.<p>[0]: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=9791770" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=9791770</a><p>[1]: <a href="https:&#x2F;&#x2F;github.com&#x2F;benediktkr&#x2F;lokun-record" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;benediktkr&#x2F;lokun-record</a><p>[2]: <a href="https:&#x2F;&#x2F;www.reddit.com&#x2F;r&#x2F;VPN&#x2F;comments&#x2F;3aecvi&#x2F;how_we_keep_your_real_ip_address_hidden_even_from&#x2F;csbvo1h" rel="nofollow">https:&#x2F;&#x2F;www.reddit.com&#x2F;r&#x2F;VPN&#x2F;comments&#x2F;3aecvi&#x2F;how_we_keep_you...</a>