+ Reply to Thread
Results 1 to 4 of 4

Thread: How To Check If Your Vpn/Proxy Provider Is Lying About Location Of Its Servers

  1. #1
    Advanced User Renk's Avatar
    Join Date
    17.08.08
    Location
    Elsewhere
    P2P Client
    utorrent
    Posts
    581
    Activity Longevity
    0/20 19/20
    Today Posts
    0/5 ssssss581

    How To Check If Your Vpn/Proxy Provider Is Lying About Location Of Its Servers

    For a vpn user, it's very important to know he can trust the vpn provider concerning location of the vpn servers. In order eg to know which laws of which country are applying to the server he is using.

    Alas, some providers are dishonest about location of their servers. Particularly those claiming to have servers in Syria, Mongolia, Ethiopia, Ghana, North Korea etc. When connecting to these servers et verifying IP on site such as ipleak.net/com (relying on DB such as MaxMind to locate the IP), the user may lead to believe the server he is using really is in the country the vpn provider claims it is. But most of the time the bandwith is to good to be true, and this is a first element indicating there is some lie somewhere.

    Notice that the provider may be tortuous enough to throttle bandwith from these servers, in order you get syrian speeds when connected to vpn servers claimed in Syria.

    Conversely, an honest vpn provider may provide a server he claims to be located ind Bulgaria, while maxmind tools claims it is located in Germany.


    One of the best tool possible tool I think to separate the true from the false is to ping the questionable server from multiple locations. If a syrian server get a very low ping from a ping testing machine in New York, it is certainly not located in Damas and very probably located near New York, and so submitted to US laws.

    Fortunately, you have not to pay for multiple servers all around the world to do that: Site such as asm.ca.com can perform the pings for you.

    The IP you want to test is pinged from Australia - Austria - Brazil - Canada - Belgium - Bulgaria - China - Costa Rica - Czech Republic - Denmark - Egypt - Finland - France - Germany - Greece - Hungary - India - Indonesia - Ireland - Israel - Italy - Japan - Lithuania - Malaysia - Mexico - Netherlands - Panama - Poland- Portugal - Russia - Saudi Arabia - Singapore - South Africa - South Korea - Spain - Sweden - Switzerland - Thailand - Turkey - UK - Ukraine - United Arab Emirate - US - VietNam.


    If the country of the vpn server you want to test doesn't belong to the above list, you can preform "ping triangulation".

    Feel free to give some other urls to ping a given IP from "all around the world".
    Last edited by Renk; 14.05.18 at 21:19.
    Reply With QuoteReply With Quote
    Thanks

  2. Who Said Thanks:

    anon (14.05.18) , H265 (13.05.18)

  3. #2
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,386
    Activity Longevity
    11/20 19/20
    Today Posts
    1/5 ssss39386
    Quote Originally Posted by Renk View Post
    One of the best tool I think to separate the true from the false is to ping the questionable server from multiple locations. If a syrian server get a very low ping from a ping testing machine in New York, it is certainly not located in Damas and very probably located near New York, and so submitted to US laws.
    The joys of anycast routing Don't believe everything you see. Remember TPB was once routed through North Korea, except that it wasn't.

    Anyway, this is a good resource and an interesting tactic, but I see one potential downfall: the VPN server (or whatever you want to check) can easily discard pings from the outside.

    As for VPN providers offering servers on those countries, it's the first time I hear about that. You'd think the low Internet speeds and poor infrastructure would only make them desirable to hardcore privacy enthusiasts who know there's almost no way they'd cooperate with first-world law enforcement.
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  4. Who Said Thanks:

    Renk (14.05.18) , H265 (14.05.18)

  5. #3
    Advanced User Renk's Avatar
    Join Date
    17.08.08
    Location
    Elsewhere
    P2P Client
    utorrent
    Posts
    581
    Activity Longevity
    0/20 19/20
    Today Posts
    0/5 ssssss581
    Quote Originally Posted by anon View Post
    The joys of anycast routing Don't believe everything you see. Remember TPB was once routed through North Korea, except that it wasn't.
    Yes, I remember that. But I don't know either how they have done that technically, nor the technical mean to discover what the true location of the TPB servers was. I'm interested in that matter.


    Anyway, this is a good resource and an interesting tactic, but I see one potential downfall: the VPN server (or whatever you want to check) can easily discard pings from the outside.
    Making their servers unpingable outside the vpn network may make difficult to maintain the network, and to diagnose problems when they happen. Moreover, as a customer, how could I connect to a the vpn server if it is unpigable ??



    As for VPN providers offering servers on those countries, it's the first time I hear about that.
    So you don't care of the most advertised praised vpn providers (which is a right attitude in my opinion).... The first VPN provider I found faking the location of some of their servers was Ivacy, 5 years ago. I was once in New York, tested their Russian server and was amazed by the speed. Then pinging the server to get its IP and perform further investigation amazed me a lot more: I was getting 1ms ping from my laptop in NY to Ivacy's server in Russia. Ivacy had found a way for an information to propagate fastest than the light!

    Further investigations showed that their most exotic servers shared the same property: connection to them was performed fastest than the light. I noticed that these server's name were vlus.russia1.<some tld>, vlus.ghana2.<some tld>, "vlus" meaning (I supposed) "virtual location in the US". But nowhere the provider warned it's user that the "vl" locations were fake (or, at least, "virtual").

    Some years later, I read an article on the blog RestorePrivacy where the blogger did the same observation as me, but for other Vpn providers (much more prominent on the market). As this blogger was less lazy than me, he performed investigations on a wider scale, and published them on his blog. Vpn provider like PureVPN, HMA, ExpressVPN were found to fake location of some of their servers, without any warning to their users.

    The first to react was ExpressVpn, admitting some location were faked but "for a greater good" (speed), and updated the information on its site accordingly (cf here and here). Other vpn providers were more sluggish and shady. It's the case for example for PureVPN, Ivacy and HMA..

    At this point, it can be assumed that "vl-somewhere" servers are faking to be located "somewhere" (but where then are they located exactly? being located in the US is no the same as being located in Canada or NL). And what about non "vl-somewhere" servers? Are they truly located where the vpn provider claim they are?

    The trick I spoke about in my first post is a way to try to answer to this 2 questions, but I agree this trick is far from bullet-proof, and I will edit & correct a maybe too enthusiastic sentence in this first post. BTW, when the ping between 2 servers is very low, these 2 servers are certainly very close to each other.

    I think the detection of faked server location is rather important for privacy conscious user, and I will be happy to learn how to more efficiently perform it.
    Last edited by Renk; 14.05.18 at 23:32.
    Reply With QuoteReply With Quote
    Thanks

  6. Who Said Thanks:

    anon (16.05.18) , H265 (14.05.18)

  7. #4
    Moderator anon's Avatar
    Join Date
    01.02.08
    Posts
    39,386
    Activity Longevity
    11/20 19/20
    Today Posts
    1/5 ssss39386
    Quote Originally Posted by Renk View Post
    Yes, I remember that. But I don't know either how they have done that technically, nor the technical mean to discover what the true location of the TPB servers was. I'm interested in that matter.
    It was some very advanced trickery involving BGP tables.

    https://web.archive.org/web/20170203...ng-no-its-fake
    https://web.archive.org/web/20160816...no-its-fake-p2

    Note how the person writing the article basically uses the same method (with traceroute instead of ping, but the "TTL exceeded" ICMP messages traceroute relies on can also be blocked), arrives at the same "packets faster than light" conclusion as you, and then begins making deductions from there.

    Making their servers unpingable outside the vpn network may make difficult to maintain the network, and to diagnose problems when they happen. Moreover, as a customer, how could I connect to a the vpn server if it is unpigable ??
    They can whitelist the systems they'll be doing reliability monitoring from, there's no need to allow the entire Internet. As for customers, no VPN protocol requires the server to be pingable in order to successfully connect, as far as I know.

    As I type this, I'm thinking of an even worse countermeasure: artificially adding latency to ICMP traffic. This would make it almost impossible to extrapolate the real location from ping times alone.

    So you don't care of the most advertised praised vpn providers (which is a right attitude in my opinion).... The first VPN provider I found faking the location of some of their servers was Ivacy, 5 years ago. I was once in New York, tested their Russian server and was amazed by the speed. Then pinging the server to get its IP and perform further investigation amazed me a lot more: I was getting 1ms ping from my laptop in NY to Ivacy's server in Russia. Ivacy had found a way for an information to propagate fastest than the light!

    Further investigations showed that their most exotic servers shared the same property: *snip*
    Very interesting stuff, thanks for sharing. Looks like we really can't believe everything we see. And this begs the question: if the servers are supposed to be on a certain country, but are actually physically located on a different one with a different jurisdiction and the provider tells you nothing about it, isn't that basically deceptive advertising and/or selling a product under false pretenses?

    However, the only reason the average customer cares about which server location is so that they can watch Netflix, Hulu and BBC iPlayer, so...
    "I just remembered something that happened a long time ago."
    Reply With QuoteReply With Quote
    Thanks

  8. Who Said Thanks:

    Renk (25.07.18)

+ Reply to Thread

Tags for this Thread

Posting Permissions

  • You may post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts
  •