privacy

Novel attack against virtually all VPN apps neuters their entire purpose

k00b

Linked in the articke: https://www.leviathansecurity.com/blog/tunnelvision

> Using network namespaces on Linux can completely fix this behavior. However, in our experience, it is less commonly implemented.

> WireGuard’s documentation shows how it’s possible to use a namespace for all applications with traffic that should be using a VPN before sending it to another namespace that contains a physical interface. However, this appears to be Linux-specific functionality and it’s not clear if there is a solution for Windows, MacOS, or other operating systems with the same amount of robustness.

Guess we'll have to see how the attack applies to different VPN providers. Maybe 1-2 do use namespaces.

Initially I thought this was more of a threat on mobile networks (I guess not Android) or when using public WiFi. If one has control over one's home router doing the DHCP it shouldn't be an issue. But what are our home router talking to? A DHCP server of our internet provider. I'm not sure whether these 121 configurations can pass multiple hops, have not investigated further.