An anonymous VPN service will typically assign the same public IP address to many VPN users. This procedure ensures that a connection cannot be traced back to the VPN subscriber: behind the veil of the VPN’s public IP are perhaps hundreds of potential clients. This statement assumes the VPN provider does not keep any logs, and assumes the trace occurs after the connection has terminated. The VPN provider’s entire scope of knowledge is limited to a subscriber’s credentials.
Some VPN providers offer a service known as remote port forwarding. Some providers claim it is a way to operate a server behind the VPN, or forward traffic for BitTorrent. The remote port forward will pass inbound connections into the VPN’s public IP onto the VPN subscriber that requested the port forward. The VPN provider’s scope of knowledge now includes a link tying a specific port to a specific subscriber.
Doesn’t this practice eviscerate the point of a shared-IP system, wherein multiple subscribers are assigned the same public IP to promote anonymity?
This DMCA takedown notice was sent to a popular anonymous VPN service, and their response is indicated at the bottom of the page. The VPN provider reset port forwards pertaining to this particular notice, while also claiming that nothing could identify a single account. How can this be true? A basic tenant of port forwarding is that the port must be unique. Multiple users cannot share the same port forward rule on the same public IP. Even if the provider’s port forwarding rule list is “provider wide” as opposed to “server wide,” what are the odds that multiple subscribers happen to be forwarding the same port out of a range of over 65,000 available ports?
Perhaps there is no rule list at all; perhaps the port forward instruction is coming from the subscriber’s client when it connects to the service, and upon disconnect there is no evidence remaining that the port forward existed. Even if this is true, the purpose of port forwarding is often to engage in serving content. Web servers, FTP servers, p2p, torrent seeding, etc. All these activities are typically best served with maximum uptime. The subscriber is likely not disconnecting their VPN session regularly, instead they are keeping the connection alive as long as possible. Perhaps for weeks or months at a time. The VPN provider’s knowledge, while a port-forwarding subscriber is connected, now includes a VPN IP to subscriber IP relationship, due to the port forwarding rule. This pierces the VPN veil and singles out a specific subscriber (worse – their public IP as well).
How, then, can anonymous VPN providers offer this service and yet promote anonymity? Is it possible to remain anonymous while utilizing a VPN’s remote port forward service?
Aucun commentaire:
Enregistrer un commentaire