0

Let's say for instance I want to sign up for Revolute/Paypal/Transferwise, etc.

However I don't live in the country, although I do have a VPN that has an IP in that country.

Question is, does the page request somehow pass along to a banking institution that I am on a VPN, and not on the local IP network?

MarianD
  • 244
  • 1
  • 2
  • 7
VPN question
  • 1
  • 5
    Possible duplicate of [How can I detect a VPN connection (even just in some cases) to get the real location of the user](https://security.stackexchange.com/questions/71774/) or [Advanced techniques for detecting a proxy/getting original IP](https://security.stackexchange.com/questions/20067/). – Steffen Ullrich Jul 20 '18 at 04:05
  • @SteffenUllrich I think OP is asking about detecting the fact that he is on a VPN, not detecting his real location despite the VPN. – forest Jul 20 '18 at 04:07
  • @forest: The question is about hiding the real location when signing up for some service which is restricted to some locations so I think it is a duplicate. Also, the answers also talk about detecting VPN in general. – Steffen Ullrich Jul 20 '18 at 04:18
  • Correct @SteffenUllrich I was asking about detecting if I am on a VPN from another country. I would think that some would also be looking for vpn footprints, even though it shouldn't have any effect on actual customer provider relationship. – VPN question Jul 20 '18 at 05:35

2 Answers2

0

If the only criteria is your IP (using GeoIP for example), you are safe and the server will not be able to determine that you are using a VPN. NAT is probably used so the VPN gateway replaces your VPN-internal IP with its own, which is what any server you contact will see.

However, if they really try, they could lookup that IP and maybe find out, that this is a server, instead of some IP dynamically assigned to private households. But it's entirely possible that you belong to a company in that country and use this server as a proxy/VPN-Gateway.

In conclusion, if they don't try really hard, I couldn't think of a simple way to reliably determine whether or not you are using a VPN. Thinking twice, using a VPN is not even enough for them. They would want to know, whether you actually are in this country which is even more difficult.

GxTruth
  • 963
  • 6
  • 9
0

It depends. If you use a private VPN, they will have no way to detect it. For example, if your company hosts a private VPN to allow you to access their internal network, and if you use it and then connect to the banking service through the corporate proxy, the banking service will only see a connexion from the corporate proxy of your organization, which is no surprise, and have no way to know more.

Things are different if you use a well known public proxy. Outgoing IP addresses of those proxies may be known, for example TOR endpoints are published. In that case, the banking service has no way to know your actual IP address nor where you are, but they can know that you are hiding that behind a VPN. As it is what most attackers would do to limit the risk of being caught, it might be enough for the banking service to see it as suspicious and require an additional authentication procedure or reject the connection.

To use a real life analogy, using a public VPN to connect to your online bank is not different from hiding your face behind a mask to enter your physical bank office. And I am not sure of how the guard will react...

Serge Ballesta
  • 25,636
  • 4
  • 42
  • 84