So one major point of keeping yourself anonymous when on VPN is NEVER login to any service that identifies you while your connected to a VPN where you want to stay private. This is easier to do on a Windows device but on Android where the OS is connected to your Google account, is there any ways to sandbox the VPN to one app like 1 browser? And to stop that browser from connecting when VPN is not activated?
- I use GrapheneOS on my mobile. No G-evil services at all in my setup, even though GrapheneOS gives you the option to run a sandbox env with G services (as anonymous or using your own G account). Mullvadvpn runs flawlessly, no hiccups.
- Mullvad has the lockdown switch. No VPN, no traffic to the outside. VPN must be ON before internet access is allowed.
Mac and Windows have a much larger issue to address:
Realistically, its not a major issue.
When you log into a VPN server, you are sharing your outbound IP with hundreds to thousand of others.
You being logged into Google with x at the time y event occurs IP is only circumstancial evidence
Depends on your threat model, but all this would do is potentially flag you for future survailance, rather than being a direct link to you.
Yeah I mean for people not on custom ROMs. The killswitch only works if you got sandbox as I dont want gmail and other apps to access the VPN as that reveals who I am. I want only one browser and one app to access VPN.
thats been around since 2002 its nothing new
While that makes sense, this is one of the ways one of the “hackers” was caught as he was logging into his email with personal name and details while being on VPN and doing illegal stuff. My scenario aint that extreme but I am a advocate of privacy so when I talk activism for example I want to remain anonymous.
As the article states, yes. It still highlights a major problem for VPN users that care about privacy who use Windows and Mac.
“Our technique is to run a DHCP server on the same network as a targeted VPN user and to also set our DHCP configuration to use itself as a gateway. When the traffic hits our gateway, we use traffic forwarding rules on the DHCP server to pass traffic through to a legitimate gateway while we snoop on it.”
I would know about it if someone were running a rogue DHCP server on my home network, let alone trying to make my devices use it.
outside of that - sounds like it should be fairly trivial to take a look at one’s routing table, and delete the entry that Option 121 tries to push. Annoying, but not the end of the world.
(At least on Windows. I have no idea how/whether Mac obfuscates or attempts to frustrate user access to the routing table.)
And if you didn’t know about it you would have much bigger problems in life than your vpn use. Google isn’t pirating dhcp in your house, that’s state sponsored shit.
If a random bad guy was this dedicated to taking your shit he’d just break a window and rob you at gunpoint.