I use the Astrill VPN service to access websites that my country has blocked. There is nothing sinister going on here. Sites like google and youtube have all been blocked. This VPN service offers about 20 servers within the U.S. which I often switch between depending on their speed. I'm not advertising here, I want to point out that this problem is specific to certain servers.
Recently I have noticed that google will always redirect me away from .com to a certain country's TLD. As I mentioned, this is on about half of the servers offered. Somehow google is able to determine my location, even though I am behind a VPN. Note: This is not a problem of being exposed when the VPN connection drops.
Checking my IP on one of the many 'what's my IP' sites, does not reveal my real location. Checking my location using HTML5's geo location API does, though my browser(s) will always ask for confirmation first. Even then the location is a city on the other side of the country, which happens to be the same as what google reports.
Now, I use a desktop PC (no wireless) Ubuntu 14.04 with both chrome and firefox. I have disabled the geo location service in both browsers. I have even tried disabling Javascript thinking they may be using AJAX to get at my IP. Neither worked. And of course I cleared all cookies before retrying.
I contacted Astrill about this problem (their customer support is something to be desired) and their answer was
Your location is being given away by your browser. Not the VPN. You need to disable WebRTC.
Well, that didn't work either. So, now I'm trying to figure out just how google is able to do this. Looking at the HTTP headers, I see that GET www.google.com returns a "302 Found" response with the 'Location' header pointing to the country specific domain. I don't see any requests containing my IP, though I know my IP is standard in all requests. To confirm this is not a problem with my browser, curl get http://www.google.com returns the same '302 Found' response.
Can anybody tell me how google does this? But, most importantly, tell me how my VPN servers' may be leaking this information?
Update:
According to ipleak.net Nothing is being exposed.
Aucun commentaire:
Enregistrer un commentaire