Is Your VPN Leaking?
Vložit
- čas přidán 4. 05. 2024
- In this video I discover a VPN leak that was discovered in Android by Mullvad that effects any wireguard VPN in any app that relies on the getaddrinfo function.
Read more about it here and test the leak for yourself
mullvad.net/en/blog/dns-traff...
My merch is available at
based.win/
Subscribe to me on Odysee.com
odysee.com/@AlphaNerd:8
₿💰💵💲Help Support the Channel by Donating Crypto💲💵💰₿
Monero
45F2bNHVcRzXVBsvZ5giyvKGAgm6LFhMsjUUVPTEtdgJJ5SNyxzSNUmFSBR5qCCWLpjiUjYMkmZoX9b3cChNjvxR7kvh436
Bitcoin
3MMKHXPQrGHEsmdHaAGD59FWhKFGeUsAxV
Ethereum
0xeA4DA3F9BAb091Eb86921CA6E41712438f4E5079
Litecoin
MBfrxLJMuw26hbVi2MjCVDFkkExz8rYvUF - Věda a technologie
I hate Big Tech so much it's unreal
So how do we break them into medium tech
@@MrGohan8000 Adblockers mainly. And remember - no subscribtions
how about small tech
Apparently nothing was learned from Microsoft malfeasance in the 80's and 90's and we let these scumbags run wild in the 21st century.
I'm right there with ya.
Because the various three letter agencies would never setup VPN server farms as fronts for data security....
there are 8200 reasons to agree with this
Indeed, why would snoops set up a service to bait you into directing traffic through them?
@@qlippoth13 but the Israelis are the Good guys...
Never not in a billion years.
It's not like they've hosted **"******** and ********* before.
As long as they send your data out of the US then it is legal under FISA to monitor all of it. And we just keep voting these people in.
"Your data is at risk so give all your data to us"
VPNs
Your data are belong to us
Call your data is belong to us what is it all your bases belong to us or something
It's all marketing lies anyway. The only reason to protect your traffic with encryption, is to keep people like ISP's and the government from snooping on what you are doing. Random web site on the Internet isn't doing that, they track you through cookies and other browser related stuff already. When you visit the bank or do online shopping those connections are already encrypted by default, and if your system is already compromised to the point someone can steal that info, adding a VPN layer will likely do very little to help you.
Mullvad is different.
@@d_techterminal
nothing is different from death threats and bank account freeze threats from "them".
I hope this gets to the people who think their VPN is immune.
i always knew the govt could see my bs. but i only ever use a vpn for torrenting anyways. its used as a way to circumvent my ISP no no's
It wont
@@briani7858 Do not worry citizen. Government isn't stupid enough to sue you for copyright infringement when you are using VPN. That would reveal their built-in spyware on browsers, operating system, modem and VPN. Public would not like that.
@briani7858 I use Tor for the mundane browsing I do anyway, which amuses me more than anything else.
It is just a matter of time until someone mentions Mullvad and "how they were raided and the authorities found nothing" or "they run everything on RAM".
Yeah... Sure... Maybe... Oh, dude actually mentions Mullvad on the video? I guess my job is done.
My VPN isn't leaking, it's flooding😂
Such a relief to hear the VPN I use shouted out. Mullvad is super simple to use, too.
The Mullvad group are real patriots to privacy.
@@phrogtesem9410Too bad hey recently stopped port forwarding, so into the rubbish it goes like every single VPN ever.
Just another video proving that TempleOS is the best because it doesn't have blatant oversights like this.
😏
That also might be because TempleOS has a community much smaller than the Linux community and thus there could be less people constantly pentesting it.
it also doesnt have internet, so theres that
fed here, please use nord vpn for all your illegal activities
"Your friendly neighbourhood fed here 😊"
Why Nord though? From what I know about them Nord VPN has a robust infrastructure and they mainly operate in Panama jurisdiction which is a country that has no data retention laws. But they also have offices in places like Lithuania, UK and the Netherlands. In terms of their capabilities and "commitment" to privacy they don't seem to be different from the others in the industry. So, I want to know why you as a fed would recommend them instead of a service like Mullvad VPN?
@@alexandervillar7742they claim that they don’t store usage logs. They also claim they’ve never disclosed any data about their users. Their warrant canary page seems to be gone though.
@@alexandervillar7742nordvpn keeps logs of everything and give them to feds asap
@@alexandervillar7742Sweden > Panama cause Swedish government is less likely to do an illegal raid under US pressure.
You know there's an issue when a company changes their sloagan from "dont be evil"
If you are expecting any sort of privacy on a chinese product using a google backed software then man, you are one special person.
Just as my vpn connected 😂
I would be shocked If it isn't to be honest..
Why am I not surprised by ANY of this...
Darn, the whole OS DNS leak is something new for me!
Thanks for the video!
DNS leak with VPN are really annoying...
It can happens on Linux too with wireguard for systems that uses systemd-resolved.
8:45 Well, thats part of enshitification IMHO.. Its much broader than people give it credit for
vpn is like giving your key to the house to strangers 😂
more like giving a trusted neighbor the key
@@dedsrsnglBut the only reason you trust the neighbour is because they have a sign in their yard that says "You can trust me!" and you've never really went to their house or talked to them.
@@VivekYadav-ds8oz That, and you’ve seen them do good things for other neighbors.
Mulvad VPN, you are welcome ;)
Best VPN for privacy, though a VPN alone wont protect you if you willingly accept cookies and input your data into forms.
@@Username5H0 they are also very open and honest about what a vpn is. Also involved with privacy rights :)
They've recently stopped Port Forwarding support 🤷♂️
@@X.R.808Doesn’t change the fact that they’re the best VPN provider till this day.
Honestly I don't trust any of them. Even Proton with their supposedly Swiss privacy has recently leaked data from their email service... I can just imagine their VPN. czcams.com/video/3SLOBUDUrbs/video.html
Could you produce a video exploring Linux Kodachi? I'm intrigued by its capabilities, limitations, and overall performance, particularly in comparison to other operating systems that prioritize anonymity and security. It would be valuable to delve into its features, user interface, compatibility, as well as any potential drawbacks or vulnerabilities it may have. Additionally, discussing its advantages over competing systems designed for similar purposes would provide insightful context for viewers seeking to make informed decisions about their digital privacy and security❤
I hope you get sponsored by Mullvad lol. They are fantastic.
Loved this winxp-like window theme 😅
I knew something weird was happening when I got copyright strikes for pirating South Park DESPITE having Surfshark on
uggh torrent doesnt use dns. except for connecting to tracker.
@@PenguinCrayon269 I wasn't torrenting
@@PenguinCrayon269…and webseeds
South Park sucks anyway, so you shouldn't download that crap.
Nah, you just had your torrent client set up wrong. You need to bind it to the VPN virtual adapter.
I, too, want to live in Gentoostan, Antarctica. I see what you did there :P
3:41 omg that meme is hysterical
Perfect Privacy and Mullvad VPN❤
Chrome being chrome, what a news! Can't wait for more😅😅
This video was away to complex for my brain
Sorry I don't understand. Does this leak your ip? Whats the difference between ip and dns leak?
dns is application layer protocol, over udp which is over ip which is over probably ethernet
a dns leak means a dns request got out of your device without being routed through the vpn
that means that whatever dns server receiving your leaked dns request will have your public ip
hope it makes sense
No, but a few things:
1. DNS requests go to geographically close servers. Observers can deduce your approximate location based on which DNS servers are being called. They already know the exact locations of other people who are using these DNS servers, so if they want to be precise, yours can be triangulated using the selection of those you access, but if they just want regional advertising or region blocked content, one can be good enough.
2. Eavesdroppers, whether that's your ISP or someone else can see the websites you are trying to access from these plaintext requests.
Curious if firefox + calyxos is still affected by this.
But if you ise Wireguard on an Open-WRT Router and block on it all connections outside if the VPN it should not cause this issue. Also a mobile 5G router should protect against.
Basically Chrome and some other Apps use a function in Android that make it possible.
IMO the issue are apps that try to make changes tonthe default routing of packages to track users or get informatiin about the system
Mullvad no longer has port forwarding so in the bin it goes.
Why is port forwarding so important?
Also curious
Pretty important if your sailing the seas
Wait, what now? Seriously?
you can set portforwarding from your router directly what do you mean
What about browsers that don't use getaddrinfo as a resolver, or even the ones that use their own DNS resover?
The issue seems to be mainly a chromium based browser issue and not a system issue.
What about OpenVPN or Stealth features in Mullvad and Proton VPN? Or is it just WireGuard/WireGuard TCP?
It's not a wireguard thing, it's an Android issue with any vpn protocol
@@diasdeinvierno8041 Ah okay thanks. Everyone and where kept saying Wireguard so I was wondering if it was that specifically or not. Even his test here used WG.
@@diasdeinvierno8041 Okay thanks, wasn't sure since everywhere is saying WG and even in this video it was used as an example.
@@diasdeinvierno8041I'm confused, wasn't the issue already found a few months ago?
Or this time it isn't constrained to android?
Would having a backup DNS like Quad9 with your VPN solves this issue until Android gets patched or all together it's not good?
from chatgpt so take it with a grain of salt, "it might not directly address the root cause of the DNS leakage if the underlying function (like getaddrinfo) inherently bypasses the VPN tunnel for DNS requests. A more effective solution would be ensuring that the applications and browser you use do not rely on the problematic API.
Changing DNS settings might not fully address the leakage problem without an OS-level patch or using apps that avoid this specific API. Therefore, relying solely on a backup DNS might not resolve the issue effectively.
@@christeanaz bro
That coconut vpn meme is fantastically hilarious 😂😂😂😂😂
`getaddrinfo` is the standard way of DNS resolution on Windows, Linux, Mac OS, and apparently on Android, too. The DnsResolver Java class is Android-specific. It's sad that the standard solution is more broken.
I guess VPNs should ideally be done externally, putting the Android devices in a separate VPN tunneled network. That still leaves mobile data unprotected though.
The most complicated thing I've done is getting a custom title bar fully functional in a WPF application (... not really but holy hell that's dumb) but aren't C libraries for functions like this specific to the environment and relying on various API calls anyway? It should behave the same for unix-like os but Android has its own library. I have no idea if only Android is affected but I don't think the 'same' function automatically implies every operating system has the same vulnerability.
@@JJFX- Yes, I think Android has its own getaddrinfo implementation, but I don't know if it calls into Java, or just the normal Linux APIs. Probably the latter. The API is the same, the implementation is probably not. I didn't want to imply that all OSes have the vulnerability.
@@szaszm_ Yeah as I understand it on Android this isn't calling Java but its own libc Bionic library. Looking at it briefly I'm guessing part of the issue is how the internal dns resolver functions and the system-wide caching of DNS lookups combined with Google hard-coding their own DNS servers as a fallback for apps like Chrome. This appears to be quite the rabbit hole that's over my head and has been going on a long time even though they did refactor the resolver code since Android 10.
It's hard to imagine Google didn't know there was potential for issues like this but who knows.... As many have stated, assuming standard Android would be secure enough for such privacy concerns is already a bad start.
@@JJFX- I think the issue is not with getaddrinfo itself, but rather the VPN configuration infrastructure having some invalid transient state in which 1-2 packets can leak out, but it's not enough to open a full TCP connection, only for a DNS lookup.
@@szaszm_ It sure sounds like a race condition bug when reconnecting but I don't think the built-in VPN service has this problem. It may be an OS bug related to support for VPN apps or just an app bug but I'm suspicious at least part of this ties back to the internal DNS resolver, changes made to it or compatibility code. There's also a problem with packets leaking on local networks with VPN apps that would align with the added support for mDNS .local resolution.
Perhaps Mulvad's workaround DNS server is arguably their responsibility anyway but even if the connection issue can be patched at the app level it still seems like something that shouldn't be happening.
A dedicated routing VM with proper configs goes a long way, as long as it's supported and the traffic data is not archived in the clouds.
normies will never understand this
normies will never understand why ARPA is a largest zone... in-addr.arpa
Yeah only real sigmas will get this one
@@TheCommentor- create your own leaking VPN today and become rich like us!
Grindset on top of em!
@@TheCommentor- create your own leaking VPN today and become rich like us!
@@TheCommentor- create your own leaking VPN today and become rich like us!!!
I like your videos. But, please make Bind9, AdGuard Home and OpenVPN on one cloud server video. I mean that the connection is secure and adds free from my phone (and connection from pc without vpn too).
Im leaking while watching your amazing youtube videos!
Ayo bro
my name a vpn because I be pissin
yeah yeah
robert robert
Mental Outlaw. Are you going to make a video about the Tunnel Vision attack?
I think everyone should be using DOH or ECH at this point, it takes like a second to set up but goes a LONG way to prevent tracking
DoH is very similar to a VPN. If you setup DoH to someone like Cloudflare, then sure all your DNS lookups are protected from everyone in between you and Cloudflare. But now Cloudflare knows 100% of where you go online. I would take a different approach. I keep the default DNS servers operating over plaintext. This way I still get to pick where my DNS queries go, but now my data is mingled in with the rest of the world's, and identifying me is a little more difficult. If the feds decided that everyone who is privacy focused (or whatever) is the new "threat", the first places they're going to subpoena will be where those types of users congregate - like Cloudflare DoH.
@@davidyoder5890 I use quad9 for doh and they are a swiss company so they wont necessarily give data to feds. I'd never give any data to cloudflare or god forbid google
@Mental or any body what is your opinion on torguard?
And thats why we have mullvad 🙏🙏
Will you update us if/when this is patched
If I use Mullvad VPN, I also would use their Private DNS in the network connections settings as well so therefore should minimize the risk of leaks.
So is using a VPN on Brave on a android device safe?
Of COURSE my VPN is leaking like a garden hose that was used to put out a fire in a shotgun factory! After all I have PIA VPN....but then again, I only use it with a supersecret (read anonymously rented) DNS after (or is it before?) Tor from a burner phone remotely controlled by amateur radio with multiple links, both SDR HF and local UHF repeater...all that just to order a pizza, sheesh! Cheers...
(in all seriousness, looks like the failure mode is "go to Google"! Interesting info on Android problems, thank you kindly).
Breaker one nine, this is the FCC and we know exactly who you are.
Stock Android or GrapheneOS on your Pixel?
So Firefox on android aren't affected?
Better go catch it then!
Ohh what a surprise, not...
firewall between phone and router somehow doesn't seem like a good solution when using mobile data...
So what about ProtonVPN?
Second to Mullvad
@@AdamSmith-gs2dvgood 2 know 😮💨
@@AdamSmith-gs2dv naaaah first is Mullvad > Perfect Privacy > ProtonVPN
What if you use Brave browser? Do I have to get a pixel and run Graphene OS???
I just clicked to see if a vpn protocol was found being vulnerable. Always use your own VPN service!
Combine AI, software defined radio and program repeater values over any network. By using repeater values you can increase layered security and operate a MESH server system. Have A.I. tune the system for you.
Does using Firefox fix this?
There's a flaw in Windows where if you connect to a VPN that only supports IPv4, IPv6 traffic is instead routed in the clear instead of being blocked. So you have to disable IPv6 on your network adaptor settings while using such a VPN.
As far as I know this applies only to VPNs set up in the Windows settings and control panel, and doesn't effect VPNs that use their own applications.
mullvad vpn blocks ipv6 traffic locally on ur pc unless u activate it
@ZeroDayEx I meant for connecting to VPNs through the Windows settings and Control panel not VPNs that offer their own applications.
crazy. so this leak has always existed?
OpenWRT for the win!
would be interesting if you test it with Firefox based browsers or its only chromium thing
wonder if brave has similar issues.... they use chrome addons
Why no android firewall can work at the same time while using a vpn app?
would this affect OpenVPN on Firefox (or Firefox Mobile) to your personal VPN server?
There's DNS over https in Firefox, which avoids all DNS resolution provided by standard library. Also, there are OpenVPN clients on Android?
The "unbreakable bond" with Kape Technologies our greatest ally
Our greatest ally? Oh vey! That's Israel. Just forget about the USS Liberty.
Hello. Thank you. What paper is it at 1:00?
jokes on you i don't remember being able to use my banking app on a VPN anyway which is kinda ironic
so like
imma just treat my phone as insecure as compared to my computer which runs mullvad no problem
That meme at the beginning... me and who? 😗🥤
Just wait until people realize that the killswitch function of most VPNs blocks DNS only, and connecting directly using IP address bypasses it.
That's why you don't rely on that and bind your VPN to the torrent client
I had a hunch about something like this
What if you plug your Android device into a travel router with the killswitch on?
I've set up NextDNS on my phone, so if anything is leaking, it should be going trough my own DNS anyway. Using chrome based browsers probably doesn't help.
Ah shit, here we go again.
This even work on graphene os?
GAPS will also operate outside any third party software, you need to completely remove all traces of google.
You can block Internet access to Play Services but you need root
Bro I got a nordvpn ad before this💀💀💀💀
Yeah I've always failed to believe that VPN provides as much security as it does I mean they've got Minecraft servers that can detect VPNs and stop you logging in so much for the security that it provides
That's not an issue with security. They even know all the Tor exit nodes
Does the browser leak DNS when the VPN is system-wide?
Smartphone doesn't safe. End
Shutup katsap
ew a r*ssian
of course it doesn't when you live in a totalitarian shithole like you do
Revux is not just a trend; its the next big thing in crypto, attracting attention for its forward-thinking approach and game-changing features.
hm, I wonder if Brave uses getaddrinfo or if its just a Chrome thing
It's based on chromium so the anwser is yes.
Is there a better VPN than IPVanish with SOCKS4 or more preferably SOCKS5 to use with QBIT ?
Perfect Privacy is a bit expensive than mullvad but it has socks5 support built in
well, Mr Outlaw have you considered that maybe the VPN is working EXACTLY as expected? 🤣
Mullvad DNS ftw.
Probably the corpo ones, the ones that want creators to shill
The comments written by people who didn't watch the video get the most likes by people who scrolled to the comments to decide if they're watching it
@@nousquest quite a nitpicker....want a cookie, move along
My Android phone got updated recently and they fixed the issue
no that's my bladder
what about cloudfare wrap is it safe?
So mullvad with hardened firefox?
Does killswitch not prevent it?
hey whyd you delete moreno vid?
Imagine not using bioencrypted messenger moles. Stay private folks!
"Glorified proxy service"(except they dont work on privacy) THANK YOU THATS WHAT IVE BEEN SAYING!
Couldnt ypu just modify dns to use a server of your choice?
EU should look into this, because since G owns Android, they have no incentive to see this as a bug, let alone "fix" it.
lol that first picture
🎉
I noticed my YT wasnt matching my VPN country, turns out FF was using IP6 and the vpn is on ip4.
That's why i am making my own tunnel. Unfortunely, nothing in this world is unbreakeable or impassable and of course my own made system also isnt, but what can i do ? Brazilian government starting to persecute everyone not on their boots, you know, i have no troubles with foreign agencies, but the local government... damn, that's a different story.