iVPN acts like a beacon - stop helping Google and Co.

[ajay-gh]

Bug report

• Device: irrelevant
• OS name and version: irrelevant
• IVPN app version: 3.9.45

Describe the problem

There are more and more websites which block users of VPN/s altogether, and indiscriminately. Even registered users get shut out when using a / any VPN. How do these websites do this ? It's (among other means) by integrating a Google script into there homepage - which flags the VPN use to the website. So how does Google know it ? Among other features it looks at traffic patterns of all IP addresses (which are different for VPN servers than for regular end-user IP addresses). This is hard to change and avoid. But this alone wouldn't work. So italso also looks at when and where VPN clients send pings to every known VPN server in the network. That is the final confirmation. And this is what this bug report is all about. Once the VPN server identified, all you need is a table with their IP addresses, and above mentioned script, and every website in the world knows you are using a VPN (of they care).

Steps to reproduce:

Run a good outgoing firewall when the iVPN client tries to connect (e.g. after the computer wakes up). Then look at the logs.

Observed Results:

On my computer, the firewall records a few pings BEFORE any connection to one of the iVPN servers is established, .... and another 50 to 100 pings after the connection is already established. This is madness, and completely unnecessary. When you block those extra pings the VPN still runs fine.

Expected Results:

A few pings towards the user-selected country / city server (e.g. Frankfurt), and after the connection is established : STOP sending pings, Or at max send a few pings needed to improve the connection. BUT DO NOT ping every server in the whole wide world all the time.

PLEASE stop making it easier and easier for Google and Co. to take your business out.

[stenya]

@ajay-gh You can manage it in the IVPN app settings yourself: Settings->IVPN Firewall: Always-on firewall enable Settings->IVPN Firewall: Allow access to IVPN servers when Firewall is enabled disable

Please, use the latest official IVPN Client version.

[ajay-gh]

@stenya, I think that my suggestion and your answer do overlap, but do not exactly match. My firewall is on "always-on", When I disable the setting "allow access", the client does sometimes have trouble to establish a connection at all - EVEN when I do not change the server settings for many days. Could you explain this ?

[ajay-gh]

... and yes, I can confirm, I do always use the latest version. My other concern with your response ? If a few users turn this setting off, and many leave it on, than the iVPN client does still act as a beacon. So at least this setting should be off by default (I don't remember whhether it is) and users see a warning when they turn it on. It is also not clear to me how the iOS client behaves (no firewall or related settings !), it could well be that the iOS client (or others) have this setting ON all the time, and the user just can't see it. Thanks !

[stenya]

@stenya, I think that my suggestion and your answer do overlap, but do not exactly match. My firewall is on "always-on", When I disable the setting "allow access", the client does sometimes have trouble to establish a connection at all - EVEN when I do not change the server settings for many days. Could you explain this ?

With the settings above, the IVPN app does not open any internet connections (even to IVPN API servers). This means that:

• the client does not receive updates about VPN servers
• the client does not update local WireGuard keys This is the price of complete silence.

So, I can guess, when you do not connect VPN long time, there could be different reasons for having connection problems:

• the server you used changed its parameters
• (for WireGuard connections) the local WireGuard keys are too old

[stenya]

My other concern with your response ? If a few users turn this setting off, and many leave it on, than the iVPN client does still act as a beacon. So at least this setting should be off by default (I don't remember whhether it is) and users see a warning when they turn it on. It is also not clear to me how the iOS client behaves (no firewall or related settings !), it could well be that the iOS client (or others) have this setting ON all the time, and the user just can't see it. Thanks !

To be honest, I do not really understand the question. Sorry. Which setting do you speak about?

If your general request was just to add a new configuration parameter in the app settings, something like Do not send ICMP requests (pings) to IVPN serves - please, just reopen the current ticket. So, I will discuss it with the team.