Radpop Posted April 4, 2018 Share Posted April 4, 2018 John Mason: 10 of 15 Chrome VPN extensions can leak DNS A test conducted by cybersecurity researcher John Mason of theBestVPN found 10 of 15 Chrome VPNs leaked queries from domain name servers (DNS), or the protocol used to translate a normal domain name to an IP address so a browser can load it. The issue stems from a Chrome feature called DNS prefetching, which is designed to reduce latency by guessing what website you’re about to visit and pre-loading its IP address. For example, if you hover over a link, Chrome will make a DNS request, so the site loads faster once you press on it. “VPN extensions shouldn’t leak DNS data as it’s similar to IPs, can be used to see where a user is and one major use of VPNs is anonymity. They should block all kinds of outgoing DNS queries while they are running or route it through them, Mason wrote.” Mason posted a list of the 10 VPN extensions he tested that leaked DNS requests: Hola VPN, OperaVPN, TunnelBear (fixed today), HotSpot Shield (fixed today), Betternet, PureVPN, VPN Unlimited, ZenMate VPN, Ivacy VPN and DotVPN. VPNs that don’t leak: NordVPN, WindScribe, CyberGhost, Private Internet Access and Avira Phantom VPN. Solution: Go to settings and disable the option 'Use a prediction service to help complete searches and URLs typed in the address bar' and 'Use a prediction service to load pages more quickly'. To test if your VPN is vulnerable, do the following test: - Activate the Chrome plugin of your VPN - Go to chrome://net-internals/#dns - Click on “clear host cache” - Go to any website to confirm this vulnerability Sources:https://thebestvpn.com/chrome-extension-vpn-dns-leaks/ https://www.dailydot.com/debug/vpn-leak-dns-data/ Link to comment Share on other sites More sharing options...
steven36 Posted April 4, 2018 Share Posted April 4, 2018 Extensions are not really vpns no way they only change ip /dns in you're browser .. A good vpn with it's own software will change you're ip /dns system wide and not leak because the client has been auto configured to plug the hole . If i want to use kodi or another media player to stream , a download manger. p2p software and extension want protect us like a vpn does . So there a glorified proxy and many of them are free and can't even be trusted like Hola , witch was caught turning everyone who used it's pc into a botnet and other free ones sell you're data . So this article is kind of confusing there comparing browsers plugins with real vpns paid and free? All you have to do is set up a 3rd party dns like opennic the servers that don't log system wide and no vpn/proxy will ever leak again you're real dns . Just because they may not leak on Windows don't mean they not leaking in Linux because many vpns on Linux above don't have there own software with dns leak protection and are used with openvpn software instead, so it's always best to check the dns if its leaking and plug any holes before using a vpn. Here are some sites to check dns on https://ipleak.net/ https://www.dnsleaktest.com/ Link to comment Share on other sites More sharing options...
Radpop Posted April 4, 2018 Author Share Posted April 4, 2018 26 minutes ago, steven36 said: Here are some sites to check dns on https://ipleak.net/ https://www.dnsleaktest.com/ They are but normal way to check DNS leak is useless. DNS leak test services are unable to detect this kind of DNS leak because the DNS requests are only issued under specific circumstances. Right method was described in first post. Link to comment Share on other sites More sharing options...
steven36 Posted April 4, 2018 Share Posted April 4, 2018 58 minutes ago, Radpop said: They are but normal way to check DNS leak is useless. DNS leak test services are unable to detect this kind of DNS leak because the DNS requests are only issued under specific circumstances. Right method was described in first post. For me I dont need to do this all i have to do is put in a address that don't resolve like http://www.gonieggoo.com/ if my dns is leaking when i type that in my isps search engine will appear and i know it's leaking if its not leaking it will say server not found. Always my ISP will give itself away because it will try to resolve the dead link and when it can't it will open up the search engine . I been using this trick for years and sooner or latter you going to make a mistake are run into a dead site and it will give itself away.DNS Prefetching is nothing new it's a problem in Firefox as well the difference is you can turn it off in Firefox in advanced settings . Quote DNS Prefetching Firefox attempts to speed up loading new websites by using DNS Prefetching, which can cause page load errors with some system configurations. To disable DNS Prefetching: In the address bar, type about:config and press EnterReturn. The about:config "This might void your warranty!" warning page may appear. Click I'll be careful, I promise!I accept the risk! to continue to the about:config page. Right-clickHold down the Ctrl key while you click in the list of preferences, select New, and then select Boolean. In the Enter the preference name field, enter network.dns.disablePrefetch and click OK. Select true when prompted to set the value and click OK. It has been considered a hole in browsers for years and is recommenced to be disabled when harding Firefox. Theres all kinds of holes in browsers many we already know about, if you're and advanced user , and there are many holes we don't know about and these are the ones that i'm trying to find out about. Link to comment Share on other sites More sharing options...
Radpop Posted April 4, 2018 Author Share Posted April 4, 2018 17 minutes ago, steven36 said: For me I dont need to do this Nice to hear that You are safe. But over 15 000 000 VPN extension users can leak their DNS to ISP because of this issue and any normal DNS leak test can't alarm them. This news are relevant to many. I don't use any extensions but today I find ipv6 DNS leak before I read this article. This haven't caused me any privacy issue because I had ticked ipv6 off a year ago when NordVPN was leaking ipv6 DNS. Meanwhile, TunnelBear is fixed. Avira seems to be good VPN, speedy and safe but German. Link to comment Share on other sites More sharing options...
steven36 Posted April 4, 2018 Share Posted April 4, 2018 1 hour ago, Radpop said: Nice to hear that You are safe. But over 15 000 000 VPN extension users can leak their DNS to ISP because of this issue and any normal DNS leak test can't alarm them. This news are relevant to many. I don't use any extensions but today I find ipv6 DNS leak before I read this article. This haven't caused me any privacy issue because I had ticked ipv6 off a year ago when NordVPN was leaking ipv6 DNS. Meanwhile, TunnelBear is fixed. Avira seems to be good VPN, speedy and safe but German. No matter what you do there going always be holes in browsers all of them have a timezone vulnerability except for tor browser and I have and addon that work in waterfox ,cyberfox , Firefox ESR that i can change timezones but don't work in new browsers, only thing you can do when using chrome is change you're system clock , There is many holes in Firefox you can disable that can only be worked around on Chrome .So its best to use Firefox or a fork as default and just use Chrome for a spare browser, Firefox prefetching: what you need to know April 27, 2013 https://www.ghacks.net/2013/04/27/firefox-prefetching-what-you-need-to-know/ Very old hole indeed PS : As far as Avira me got a free one year giveaway to that one around xmas for Windows and i tested it, it was so slow i uninstalled it and paid for another vpn that I had been using that don't have speed issues . I use mine to dl big files and streaming . Link to comment Share on other sites More sharing options...
Radpop Posted April 5, 2018 Author Share Posted April 5, 2018 17 hours ago, steven36 said: So its best to use Firefox or a fork... Firefox existed before Chrome and when Chrome was created, they were two different browsers. Now Chrome is Chrome and Firefox is Chrome's clone. Why have to have two flea bags? Firefox or it's forks can add nothing to Chrome except Tor Browser if needed. There are some good Chrome forks which can add more functionality to browsing, such Yandex or Opera. 17 hours ago, steven36 said: Avira me got a free one year giveaway to that one around xmas for Windows and i tested it, it was so slow Phantom is getting better and better... Did you use their own DNS servers or your own DNS solution. This can make a big difference. I get about 90 % of ISPs speed from any Avira server. Link to comment Share on other sites More sharing options...
steven36 Posted April 5, 2018 Share Posted April 5, 2018 6 hours ago, Radpop said: Firefox is Chrome's clone This only in the sense of what extensions and the compositor it uses but even this not a clone its a fork , Chrome uses the Chromium engine and Firefox uses Gecko engine so its not even close . Firefox Quantum project is composed of several sub-projects most of them have nothing to do with Chromium. Google Chrome is just a fork itself of Open Source Chromium with closed source stuff added to it anything closed source cant be forked . There are no real cloned browsers in the world of Open Source thats what Open Source is all about is forking and being able to use the same components to make software . But Firefox is not a Fork of Chromium like Chrome is. 6 hours ago, Radpop said: . Did you use their own DNS servers or your own DNS solution I used it the way it was with there VPN DNS servers and this just a few months ago and they have no Linux support and i still had some days left for my other vpn that gave me no problems for the past few years and has Linux software so i renewed it and removed Phantom from windows . A vpn just for windows is not very interesting to me, i stay on Linux all the time I don't really use Windows anymore ,even though i have it and keep it maintained i may boot in to windows 2 or 3 times a month. Link to comment Share on other sites More sharing options...
IronY-Man Posted April 7, 2018 Share Posted April 7, 2018 On 4/4/2018 at 11:05 PM, steven36 said: I have and addon that work in waterfox ,cyberfox , Firefox ESR that i can change timezones but don't work in new browsers are you referring to CHANGE TIMEZONE (TIME SHIFT) or any other one ? Link to comment Share on other sites More sharing options...
Radpop Posted April 7, 2018 Author Share Posted April 7, 2018 On 4/4/2018 at 6:44 PM, Radpop said: Mason posted a list of the 10 VPN extensions he tested that leaked DNS requests: Hola VPN, OperaVPN, TunnelBear (fixed), HotSpot Shield (fixed), Betternet, PureVPN, VPN Unlimited, ZenMate VPN, Ivacy VPN and DotVPN. VPN Unlimited in interesting name on the leak list. How 'everything' can fail and be repaired in three weeks? Restore Privacy tested it (1.5/5) 17.1.2018: "Despite having all of the privacy and security settings enabled, I still found active IPv6, WebRTC, and DNS leaks... With every server I tested using the Windows client, there were IPv6 leaks, WebRTC leaks and DNS leaks." VPN Unlimited has connection problems and no kill switch, bad combination for privacy. Furthermore, VPN Unlimited is US-based and keeps logs.https://restoreprivacy.com/vpn-unlimited-review/ PCMag rated it as excellent (4/5) 7.2.18: "VPN Unlimited has it all, including affordable and flexible pricing, solid speed test performance, and advanced features."http://uk.pcmag.com/vpn-unlimited/78538/review/keepsolid-vpn-unlimited What are these advanced features plus VPN Unlimited Chrome extension leak? Link to comment Share on other sites More sharing options...
Ha91 Posted April 10, 2018 Share Posted April 10, 2018 On 4/4/2018 at 9:51 PM, steven36 said: For me I dont need to do this all i have to do is put in a address that don't resolve like http://www.gonieggoo.com/ if my dns is leaking when i type that in my isps search engine will appear and i know it's leaking if its not leaking it will say server not found. Always my ISP will give itself away because it will try to resolve the dead link and when it can't it will open up the search engine . I been using this trick for years and sooner or latter you going to make a mistake are run into a dead site and it will give itself away.DNS Prefetching is nothing new it's a problem in Firefox as well the difference is you can turn it off in Firefox in advanced settings . It has been considered a hole in browsers for years and is recommenced to be disabled when harding Firefox. Theres all kinds of holes in browsers many we already know about, if you're and advanced user , and there are many holes we don't know about and these are the ones that i'm trying to find out about. Are you sure this will not open more loop holes? Also, are there any other configuration that can be made to better protect browser? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.