Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:01,480 --> 00:00:09,420
So I've just been talking about how DNS is very useful for sending your DNS queries through to stop
2
00:00:09,540 --> 00:00:14,230
local observation and also general observation of your DNS queries.
3
00:00:14,310 --> 00:00:19,420
So to stop people monitoring where you're going to now that's all well and good.
4
00:00:19,620 --> 00:00:28,140
But unfortunately when using DNS is DNS is can leak data including your DNS queries.
5
00:00:28,140 --> 00:00:32,640
Also IP V-6 and it can link all types of data.
6
00:00:32,760 --> 00:00:40,650
If the VPN disconnects accidentally when in use there for example instead of sending the DNS query to
7
00:00:40,650 --> 00:00:47,880
the DNS server through the tunnel they send outside of the tunnel instead maybe to your Internet service
8
00:00:47,880 --> 00:00:52,390
providers IP address revealing all the sites that you're visiting.
9
00:00:52,500 --> 00:00:54,560
And this is a known issue.
10
00:00:54,570 --> 00:01:02,130
It's been a known issue for a long time with VPN providers and yet some still leak DNS is so shockingly
11
00:01:02,130 --> 00:01:03,010
poor.
12
00:01:03,150 --> 00:01:09,310
Any VPN provider that does this should be exposed for just being simply incompetent.
13
00:01:09,690 --> 00:01:14,280
And the same way that DNS can leak out of the VPN tunnel.
14
00:01:14,400 --> 00:01:22,530
So can IP version 6 version 6 is the latest version of the Internet protocol but it's not really used
15
00:01:22,530 --> 00:01:30,690
on the internet but IP V-6 packet can be sent out still revealing your identity in the same way that
16
00:01:30,690 --> 00:01:33,150
an IP V-6 address can.
17
00:01:33,540 --> 00:01:43,240
And if you look at this report here a glance through the VPN looking glass IP V-6 leakage and DNS hijacking
18
00:01:43,240 --> 00:01:45,480
in commercial VPN clients.
19
00:01:45,480 --> 00:01:54,130
So this is a good report on VPN service providers and how they're poor service deanonymizes you.
20
00:01:54,210 --> 00:02:01,560
And if we scroll down we can see a number of the VPM providers that are tested and what their results
21
00:02:01,560 --> 00:02:07,710
were and you can see here IP V-6 leaking and DNS hijacking.
22
00:02:07,710 --> 00:02:11,200
So not particularly brilliant results there.
23
00:02:11,690 --> 00:02:17,210
The serious leak situation is when the VPN drops.
24
00:02:17,340 --> 00:02:26,520
So here or here when you're actually using the VPN and it can dropout for whatever reason Open VPN and
25
00:02:26,520 --> 00:02:31,370
other VPN services default to continuing to send traffic.
26
00:02:31,470 --> 00:02:38,670
So if the VPN drops for any reason at all then your traffic can start to send directly to the destination
27
00:02:38,670 --> 00:02:39,060
.
28
00:02:39,060 --> 00:02:45,420
So this is a huge problem as a VPN can die any time really for any reason you have a local problem the
29
00:02:45,510 --> 00:02:47,420
VPN server as a problem.
30
00:02:47,550 --> 00:02:54,270
So you cannot have a VPN that dies and then continues to send traffic to the destination that would
31
00:02:54,270 --> 00:02:56,360
completely de anonymize you.
32
00:02:56,760 --> 00:02:59,750
So let's talk through how we can stop this leakage.
33
00:02:59,790 --> 00:03:07,320
First let's talk about IP V-6 because that's the simplest to prevent as you just simply need to disable
34
00:03:07,320 --> 00:03:11,730
IP V-6 which is pretty simple in most operating systems.
35
00:03:11,790 --> 00:03:17,670
Now you need to research how you do this in the operating systems that you're using but you pretty much
36
00:03:17,670 --> 00:03:22,860
can guarantee that you won't be using IP V-6 in ninety nine point nine nine nine nine percent of cases
37
00:03:22,860 --> 00:03:23,160
.
38
00:03:23,220 --> 00:03:31,200
And if you are using it you already know about it but it's pretty easy to disabling most operating systems
39
00:03:31,220 --> 00:03:31,410
.
40
00:03:31,620 --> 00:03:36,830
And here's some links as to how to disable it so there's windows version 7.
41
00:03:37,110 --> 00:03:41,040
And you just click here.
42
00:03:41,040 --> 00:03:44,490
This is a good one for Mac OSX.
43
00:03:44,700 --> 00:03:47,020
You just run these on the command line.
44
00:03:47,340 --> 00:03:49,450
Changing the word ether.
45
00:03:49,460 --> 00:03:57,510
For whatever your doctor is called and here that's the Wi-Fi adapter you just switch those off his Linux
46
00:04:00,020 --> 00:04:03,310
as a good link here for I to disable it in Linux.
47
00:04:03,390 --> 00:04:05,580
So that's disabling IP V-6.
48
00:04:05,580 --> 00:04:10,950
Now we can also block all non VPN traffic.
49
00:04:10,950 --> 00:04:19,080
So that would include IPV six DNS leaks and any leaks if the VPN died by a combination of techniques
50
00:04:19,080 --> 00:04:19,650
.
51
00:04:19,650 --> 00:04:29,820
So probably the most common one is to use a VPN client with a built in DNS IP V-6 leak protection and
52
00:04:29,850 --> 00:04:31,150
kill switch.
53
00:04:31,160 --> 00:04:39,300
So when the VPN drops and as an example of one here now I'm not recommending Sebago some just showing
54
00:04:39,540 --> 00:04:45,490
where the configuration is here so you can see it's forcing them to use their DNS servers here.
55
00:04:45,540 --> 00:04:53,190
We can switch off and specify our own DNS servers that you can disable IP V-6 also disable with the
56
00:04:53,190 --> 00:04:54,950
operating system yourself.
57
00:04:55,080 --> 00:04:59,970
And it's got a built in kill switch that there is no option to switch off was why would you ever want
58
00:04:59,970 --> 00:05:05,570
to switch off a kill switch for when the VPN disconnects it closes.
59
00:05:07,600 --> 00:05:16,070
And preferably that client has some sort of internal firewall because it has to be implemented correctly
60
00:05:16,310 --> 00:05:20,050
for it to work but you're not always going to know how it's implemented.
61
00:05:20,060 --> 00:05:26,630
An example of poor implementation could be only does a DNS check when it's first started and maybe the
62
00:05:26,630 --> 00:05:32,340
DNS is fine then but then the DNS gets changed later and the DNS client isn't checking later.
63
00:05:32,330 --> 00:05:39,060
So that's where a firewall within that just permanently blocks these things is better and all good providers
64
00:05:39,380 --> 00:05:40,910
will provide these features.
65
00:05:41,150 --> 00:05:47,900
And you pretty much good if a VPN client blocks these things I mean you shouldn't have any problems
66
00:05:47,900 --> 00:05:49,610
with these leakages.
67
00:05:49,620 --> 00:05:55,300
But really if you want to take it to the next level make sure that it's not doing any leaking.
68
00:05:55,440 --> 00:05:58,730
Obviously you can do testing which we're going to talk about later.
69
00:05:58,740 --> 00:06:03,120
The next thing to really do is to block it with firewalls.
70
00:06:03,410 --> 00:06:11,280
You can use host based firewalls on the device where you have the VPN client to block VPN leaks and
71
00:06:11,270 --> 00:06:17,510
we discuss host based firewalls in the section on firewalls so you should be familiar with these firewalls
72
00:06:17,510 --> 00:06:17,810
.
73
00:06:17,900 --> 00:06:23,120
If you've gone through that section so let's start with Windows.
74
00:06:23,190 --> 00:06:29,570
And of course you can use the Windows Firewall which you see here in front of you and you can also use
75
00:06:29,570 --> 00:06:31,640
the Windows Firewall control.
76
00:06:31,640 --> 00:06:33,470
I talked about to help you.
77
00:06:33,620 --> 00:06:42,290
You can block all traffic but the VPN to the VPN server and you can block applications as well.
78
00:06:42,870 --> 00:06:48,450
If you check out this link here that I'll give you some further guidance on how you can do that.
79
00:06:49,160 --> 00:06:57,010
And of the files that I recommend is tiny while you can also block VPN leaking using this.
80
00:06:57,090 --> 00:07:03,530
There is also the free Comodo firewall which is a viable option but make sure you've gone through the
81
00:07:03,530 --> 00:07:09,200
section on firewalls and Comodo where I mentioned some of the downsides of Comodo.
82
00:07:09,950 --> 00:07:14,520
Here's a link here which will help you block all anon VPN traffic.
83
00:07:14,840 --> 00:07:22,430
And there's also some advice here on building your own VPN kill switch with Windows using Comodo.
84
00:07:22,550 --> 00:07:28,280
There are applications you can use which will monitor your VPN connection and then kill it.
85
00:07:28,280 --> 00:07:30,710
This is VPN or VB.
86
00:07:30,710 --> 00:07:37,130
NET Mohn which prevents unsecured connections after your VPN connection goes down.
87
00:07:37,190 --> 00:07:47,070
It simply closes specified applications when the VPN connection is down and a similar product is VPN
88
00:07:47,060 --> 00:07:47,860
check.
89
00:07:47,980 --> 00:07:54,370
But unfortunately the version that you really want is the pro version and that is a pay version.
90
00:07:54,380 --> 00:08:02,090
So those are the VPN leak host based protection methods for Windows host based leak protection now for
91
00:08:02,150 --> 00:08:02,910
Mac.
92
00:08:03,120 --> 00:08:09,770
You can use your P.F. firewall which we've gone through you know to block your leaks.
93
00:08:10,250 --> 00:08:12,260
And for more information on how to do that.
94
00:08:12,380 --> 00:08:14,830
Have a look at this link here.
95
00:08:14,880 --> 00:08:18,730
Also a guide here on leak protection for using P.F..
96
00:08:18,770 --> 00:08:25,090
If you want to make it a little bit easier on yourself you can use ice floor as the gooey for P.F..
97
00:08:25,340 --> 00:08:31,300
But really the best thing to use would be Morris to do leak protection.
98
00:08:31,550 --> 00:08:39,050
And there is even a video here that they put together which talks to exactly this blocking everything
99
00:08:39,090 --> 00:08:41,990
but VPN traffic using Morris.
100
00:08:42,000 --> 00:08:48,820
Morris we have covered in its own section it is a firewall gumi for P.F. firewall.
101
00:08:49,590 --> 00:08:55,450
And finally little snitch will also allow you to do leak protection.
102
00:08:55,760 --> 00:09:04,200
Linux nown preventing VPN leaks first an obvious choice is to use IP tables to block your VPN leaks
103
00:09:04,210 --> 00:09:04,360
.
104
00:09:04,520 --> 00:09:08,190
Check out owling there for guidance on that.
105
00:09:08,370 --> 00:09:14,010
Also there is this which is VPM FEIBEL what this does it.
106
00:09:14,150 --> 00:09:20,810
As it says here it forbids outgoing traffic after the VPN software has broken down.
107
00:09:20,820 --> 00:09:26,240
It works with open VPN which is fine that's what we want it for and it works on Debian.
108
00:09:26,250 --> 00:09:27,900
So that's worth looking at.
109
00:09:28,280 --> 00:09:32,140
And another option is a VPN daemon or daemon.
110
00:09:32,150 --> 00:09:38,660
Now this monitor is your network manager for VPN disconnects and when a disconnect happens it will kill
111
00:09:38,660 --> 00:09:40,880
a particular application that you choose.
112
00:09:40,880 --> 00:09:48,150
During set up and you wanted to kill the network manager ter another kill switch you'd want to both
113
00:09:48,140 --> 00:09:54,500
block with a firewall and have a kill switch as the best option.
114
00:09:54,530 --> 00:10:02,370
You can also set up a virtual machine as a VPN client as part of doing nested VPN.
115
00:10:02,370 --> 00:10:09,020
So for example you could have P.F. sense and you set this up so this only allows VPN traffic it would
116
00:10:09,020 --> 00:10:12,780
be using the internet gateway to this machine.
117
00:10:12,780 --> 00:10:18,060
And if the VPN drops then there'd be no Internet connection through the gateway.
118
00:10:18,170 --> 00:10:20,330
That's another way of blocking leaks.
119
00:10:20,340 --> 00:10:26,930
Now if you're using Windows 10 which really you shouldn't be if privacy is what you're looking for Windows
120
00:10:26,930 --> 00:10:34,830
10 as you might expect is in an extra special way trying to force the West to leave DNS.
121
00:10:34,840 --> 00:10:36,800
That's even harder to stop.
122
00:10:36,840 --> 00:10:45,020
And here there is a open VPN plug in to fix Windows DNS leaks Windows 10 DNS resolver sends DNS requests
123
00:10:45,090 --> 00:10:51,750
impera to all available network interfaces and uses the fastest reply to come.
124
00:10:51,920 --> 00:10:58,670
If you use DNS from the local network this problem allows your ISP or a hacker the Wi-Fi app to hijack
125
00:10:58,670 --> 00:11:01,340
your DNS records and steal your data.
126
00:11:01,500 --> 00:11:03,240
Even if you use a VPN.
127
00:11:03,410 --> 00:11:09,980
So looking to using this is more information on it here and our Windows 10 is not particularly great
128
00:11:09,980 --> 00:11:10,800
with VPN.
129
00:11:10,940 --> 00:11:16,920
But I mean again I mean I can't say enough but you don't really want to be using Windows 10 but these
130
00:11:16,910 --> 00:11:19,520
are potential ways to get around to beginning to research.
131
00:11:19,670 --> 00:11:24,480
And you need to keep on top of this as well because Microsoft might change something and then it's going
132
00:11:24,470 --> 00:11:28,710
to start leaking DNS again and your VPN is totally pointless.
133
00:11:28,830 --> 00:11:39,200
If you want to test if your VPN is leaking your DNS connect via VPN and then run a test here and this
134
00:11:39,200 --> 00:11:42,260
one is not this is using the DNS as a VPN.
135
00:11:42,260 --> 00:11:49,490
I happen to have connected to some more information you can check this out which has some of the preventative
136
00:11:49,500 --> 00:11:51,680
measures for DNS leaks.
137
00:11:51,770 --> 00:11:57,620
So that's a lot of ways of preventing leaks but I think I would generally recommend making sure your
138
00:11:57,620 --> 00:12:04,850
client doesn't allow leaks and then some way you have a firewall that blocks it and then that should
139
00:12:04,860 --> 00:12:05,800
be good enough.
140
00:12:05,850 --> 00:12:11,810
And then as a final check you can run a network analyzer like wireshark just to make sure that there's
141
00:12:11,820 --> 00:12:16,780
no leaking and then you'll be fine and we'll talk about doing that later.
15699
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.