4

I use the Astrill VPN service to access websites that my country has blocked. There is nothing sinister going on here. Sites like google and youtube have all been blocked. This VPN service offers about 20 servers within the U.S. which I often switch between depending on their speed. I'm not advertising here, I want to point out that this problem is specific to certain servers.

Recently I have noticed that google will always redirect me away from .com to a certain country's TLD. As I mentioned, this is on about half of the servers offered. Somehow google is able to determine my location, even though I am behind a VPN. Note: This is not a problem of being exposed when the VPN connection drops.

Checking my IP on one of the many 'what's my IP' sites, does not reveal my real location. Checking my location using HTML5's geo location API does, though my browser(s) will always ask for confirmation first. Even then the location is a city on the other side of the country, which happens to be the same as what google reports.

Now, I use a desktop PC (no wireless) Ubuntu 14.04 with both chrome and firefox. I have disabled the geo location service in both browsers. I have even tried disabling Javascript thinking they may be using AJAX to get at my IP. Neither worked. And of course I cleared all cookies before retrying.

I contacted Astrill about this problem (their customer support is something to be desired) and their answer was

Your location is being given away by your browser. Not the VPN. You need to disable WebRTC.

Well, that didn't work either. So, now I'm trying to figure out just how google is able to do this. Looking at the HTTP headers, I see that GET www.google.com returns a "302 Found" response with the 'Location' header pointing to the country specific domain. I don't see any requests containing my IP, though I know my IP is standard in all requests. To confirm this is not a problem with my browser, curl get http://www.google.com returns the same '302 Found' response.

Can anybody tell me how google does this? But, most importantly, tell me how my VPN servers' may be leaking this information?

Update:
According to ipleak.net Nothing is being exposed.

Update:
Latest response from "technical support"

Use www.google.com/ncr

Twifty
  • 141
  • 3
  • I expect it is the browser and not the VPN. Try using fiddler to view all traffic between google and the browser -- my suss out the truth there. – Hogan Feb 26 '15 at 15:54
  • [A related question](http://security.stackexchange.com/q/82129/52676) – RoraΖ Feb 26 '15 at 16:03
  • @raz The question may be very slightly related, but I mentioned this is not a WebRTC issue (proved by using command line `curl`) – Twifty Feb 26 '15 at 16:10
  • @Hogan ipleaks.net states that nothing is exposed, as confirmed by my own examination of the HTTP headers. – Twifty Feb 26 '15 at 16:11
  • Try out http://whoer.net, it gives a through analysis of different stuff that can be used to identify your location. Most probably the DNS is to blame. – Mints97 Feb 26 '15 at 16:17
  • @Mints97 Is that the correct url? I can't seem to open it. – Twifty Feb 26 '15 at 16:21
  • yes, the URL is correct. Try turning on your VPN before accessing it. – Mints97 Feb 26 '15 at 16:23
  • @Mints97 Works without using VPN, they must be blocking it. Not very happy about that :/ – Twifty Feb 26 '15 at 16:27
  • Have you tried changing the useragent accepted languages? – BadSkillz Feb 26 '15 at 16:48

3 Answers3

1

Maybe your IP is exposed by RTC/DNS leaks. You can check ALL the information a website can get about you on http://ipleak.net/ . You should check this website every time before using the VPN.

Besides, it might be possible that you've visited a website before without VPN. This website could have saved a cookie/localStorage variable on your PC and is possible to identify you later when you're using your VPN.

Also, as you can see on ipleak.net your browser usually sends your language/locale information which may reveal something about your location. Websites usually don't use this information to find a location though.

Tom
  • 67
  • 5
0

I found the root of the problem. It appears that the VPN server is not leaking any information, but rather Google is getting it wrong.

While the server may be based in the U.S. the connected users can be anywhere in the world. Google tries to determine location by a number of factors; IP address, wireless router MAC address and location information stored in a google account like gmail. Google can see the U.S. based server and its IP address but not the IP or MAC of the end user, it can however see those profiles. So, it has conflicted information, an IP which it thinks is in the U.S. and user configured locations from all over the world.

It must use some kind of weighted algorithm to match a location to the IP. In this instance I would say that the majority of VPN users logged in to the server are based in the same foreign city. So Google has flagged the IP as being in that city.

Since the majority of location aware websites use the google API to determine location, they in affect use the same 'best guess'.

I post this hoping that web developers take note. Locations can only be guessed. You must always provide the end user with a method to specifically state their real or preferred location. At the moment Google search does not offer this, and the workaround is to use their "No country redirect" www.google.com/ncr url.

Twifty
  • 141
  • 3
0

What about DNS leaks ?

You could be using a VPN and still using your ISP designated DNS server. In that case it's easy to get your current country. I already noticed that behaviour in the past.

Here is a link to test dns leaks.

Lich4r
  • 650
  • 1
  • 6
  • 11