As the title says, my real IP address was able to lead to my location using Mullvad VPN. I'm in a state that has no Mullvad servers. Only google search appeared to be able to compromise it, showing nearly my exact location in the small section under the search results. I went to various IP info sites and they all said NYC, the location of the VPN, when staying on the same connection/server that google had just compromised moments before.
I used Brave with WebRTC disabled, strict everything, always under a new session (Brave is set to clear everything every time it closes), even using a custom shortcut that restricts access to my GPU (brave-browser --disable-3d-apis --disable-webgl %U). I could reproduce it on and off after switching between servers a few times last night. I was using many of the strictest settings on the VPN, DAITA and lockdown mode.
I uninstalled and reinstalled Mullvad and it can no longer be reproduced. I'm very confused as to what could've caused it. I requested the network logs from any site I've been logged into (github, Zorin, etc), all the IP addresses originated from NYC. I recently changed my WiFi card, perhaps that messed something up with the network config? Any ideas?
That might be something what You could bring to the Mullvad Support.
Yeah I did, their responses didn't quite answer my question.
What for an Answer did You get?
They said it can't be determined, and that changing the network card shouldn't have affected it. If I find it doing it again, I'll just switch VPN providers. Sorry for posting here, it's not really an OS concern. I'm just not a member of many forums, try to keep my digital footprint small.
Without any logs to try to go by, I'd say that's a near impossible task to try to decipher honestly. Do they have the option to store debug logs locally in the case something happens again? Im sure they'd love to get to the bottom of why it happened, because a kill switch not working is most certainly not on their Christmas list.
1 Like
Lol, yeah definitely not. They do have logs though, I'll try to grab them if it happens again. I assume they recieved the logs since I sent the error report through the app.
You mentioned that you confirmed your IP address was as expected. Did you determine that with regular "what's my IP" type sites, or did you check via something like DNSleaktest.com? There's also a WebRTC leak test there. I could've sworn I had a more comprehensive test site, but I can't find it for the life of me.
Edit: That you mentioned Google sparked something belatedly. Does the computer in question have Bluetooth and/or wifi on? Google has "location" and "precise location," and the latter uses bluetooth and wifi SSIDs around you to pin down your location even more precisely than GPS, though I'm not aware of it being on any platform but Android and possibly iOS or ChromeOS.
2 Likes
Location was blocked, websites can't ask for permission, bluetooth was off, and WebRTC was set to "Disable non-proxied UDP" in Brave (basically disabled). Google said it was based on my IP address. Later tests showed no WebRTC or DNS leaks, although most were tested after I had uninstalled and reinstalled the VPN, seemingly solving the problem.
1 Like
Sounds like there's not much you can do but regularly retest for leaks and hope the problem never repeats. Best of luck there, particularly if your VPN use is out of necessity rather than preference.
2 Likes
Thank you! No leaks since. Presumably a bug from me trying to fix my last WiFi card's issues. Strong preference at the moment, but sadly, if the current trends in government regulations continue, VPNs may soon become a necessity for us all.
1 Like