Does Freedome VPN tracking protection prevent revealing/logging of your IP address?
Consider the scenario: You are using Freedome VPN and have obtained a virtual location and IP address from F-Secure. IP leak test shows green and when tested your system is not leaking WebRTC requests. Fine.
In your browser you log in to Google, Twitter or Facebook, and you open another browser tab to do something else that you would like to keep secret, for example logging in to XYZ web page - let's say that it is a discussion forum.
Now the question: Does Freedome VPN tracking protection prevent revealing/logging of your IP address? I mean tracking your IP address without your consent. Because if it does not, it would be theoretically possible to combine the Google, Twitter or Facebook log files with the XYZ log files and see that at a specific date and time john.smith@google.com is using the same IP address as username AnonymousUser at XYZ. You can connect the dots.
Of couse it would require that someone had access to all these log files to make such a cross-check of timestamps and IP addresses (NSA perhaps), but you could imagine other similar more plausible examples as well. If this tracking scenario cannot be prevented, it would seem that you should always do this: (1) Log out from Google, Twitter, Facebook etc. before doing something you would like to keep secret - note that e.g. Chrome may be always logged in to your Google account by default, and (2) Change the location in Freedome VPN to obtain a fresh IP address, and (3) After you have finished with XYZ or whatever you should log out from XYZ and change the location in Freedome VPN again to obtain a fresh IP address.
How is it?
Comments
-
Clarification: Of course I meant revealing/logging of your *virtual location* IP address provided by Freedome VPN. And now that I think of it more carefully, I guess it cannot be hidden. How else would the other end know where to send the data? That would make no sense at all.
Therefore, the three counter measures I mentioned may be necessary? If so, is there anything else important and related to notice?
-
Hi HamAndCheese,
Sorry for getting back to you late. I checked with the Freedome team about your query.
If someone has access to those service logs in question and can do cross references to them, they, of course may draw conclusions who the user is. That is 100% out of our table and it is impossible to prevent. The user must do the logout / VPN reconnect procedure as you described to remove that possibility.
Still there are things to consider: The web browser may not be the only component that is logged in to somewhere where access is logged similarly. The operating system or other applications may be accessing such services as well. Browser fingerprint is also something that may reveal the user identity in these cross reference situations. With a VPN product such as Freedome, it is not possible to prevent that even theoretically as the fingerprint information may be transmitted over HTTPS, i.e. the info is encrypted by the browser when it passes our service.
-
Thanks for the reply - that was very informative. I'm a bit surprised that the points you mentioned are not communicated more clearly. On the other hand I understand that F-Secure, like any other company, prefers simple positive messages on its products. Anything beyond that easily becomes too complex and confusing.
So, for maximum privacy it is *not* enough to use a virtual location and IP address (that is never recorded in a log file), and to avoid entering any personal information to web sites. For most purposes this is more than enough, but for the paranoid there's a lot more to consider. (For the record, I'm not paranoid.)
