Hacker News new | past | comments | ask | show | jobs | submit
Schlagbohrer | on: Exit IP VPN servers mitigation rollout
I've always assumed that when I am logged in to a website like Hacker News and I switch VPN endpoints, Hacker News now gets to see that I am a VPN user and track me between the IPs. I mean being logged in to something obviously negates a large amount of anonymity but switching servers while logged in really gives away the VPN usage, right? Or do large web services already keep up to date indecies of all common VPN IPs?
kevincox | parent | next
I think the attack looks more like this:

1. I log into service X with account A1 via Mullvad from country C1.

2. I log into service X with account A2 via Mullvad from country C2.

If the service wanted they can calculate how likely it is that A1 and A2 are the same WireGuard key. If you only use one exit server this probability won't be very precise. But the more exits you use the more accurate it will be even if the sets of exits are distinct between the two accounts.

If the egress IPs were assigned randomly all that service X would know is that these were both Mullvad users but the IPs alone wouldn't allow them to correlate the two users further than that.

buttscicles | parent
It's very common for people to switch networks many times a day anyway so it's not obviously a VPN user - even when switching countries to some extent.
Capricorn2481 | root | parent
Can you elaborate? I assume they're talking about switching networks while using the same site, when you have a user fingerprint from cookies or request paths. That does make VPN usage obvious.

I have been confused by this mitigation because switching networks while using the same service is pretty much always a VPN. But maybe I'm not aware of another case where that would happen?

miki_mq | root | parent | next
for example: getting into your house and your phone starts using your wi-fi instead of a mobile network (or the other way around)
fckgw | root | parent
Using your phone on a train would be hopping from tower to tower. Going to be swapping IPs endlessly.
Capricorn2481 | root | parent
I'm very desktop minded so I didn't think of this. I forget people are using VPNs on their phone.