With mounting pressure from anti-piracy outfits on governments to implement stricter copyright laws and record labels suing people left and right, millions of file-sharers have decided to protect their privacy by going anonymous. In Sweden alone an estimated 500,000 Internet subscribers are hiding their identities. Many of these use PPTP-based VPNs such as The Pirate Bay’s Ipredator or Relakks.
It is a known fact that PPTP based VPN connections are less secure than OpenVPN based ones, yet millions of users are opting for the former because of easy availability. At a recent Telecomix Cipher conference it was revealed that a security flaw in PPTP-VPN allows third parties to find the true IP-address of someone connected through the VPN.
The security risk is caused by a lethal combination of IPv6 and PPTP-based VPN services. IPv6 is the Internet protocol that will succeed IPv4. The protocol is promoted by Windows 7 and Vista, among others, and most people are using it without even realizing it as it’s enabled by default.
The technical details of the vulnerability, explained in this talk (see below) reveal that the true IP-address of users using IPv6 can be easily traced. Even worse, it seems that the Swedish Anti-piracy Bureau may already be using this flaw to gather data on ‘anonymous’ BitTorrent users. [via Torrent Freak]
Talk starts at 2:17:30, BitTorrent part at 2:30:00
The vulnerability is not limited to BitTorrent users. Anybody who is using such VPN are exposing their real identify to every connection.
To remove the threat Windows Vista and 7 users are advised to turn of IPv6 by following these steps:
Open Control Panel and click on Network and Internet and then click “View network status and tasks”.
On the left sidebar click Change Adapter settings to view the icons of your various connection.
Right click on the connection shortcut you use and choose Properties. Then click on the Tab Networking and uncheck the box “Internet Protocol Version 6 (TCP/IPv6)”