Hi, first post here, I hope you can help.
I have been using a certain VPN provider for a while now and I am happy with the service.
However, today I was surprised to find that, when doing a speed test, Ookla could see that I was using the named provider as my “ISP”. Is this normal?
I am slightly concerned that, if Ookla (and ipaddress.com) can see that I am using a VPN (and can even see which one), so can my ISP and other 3rd parties. I have no concerns that my data is insecure in any way, but the fact that it is obvious when I am using a specific VPN seems to reduce my anonymity.
I had a chat session with the provider’s rep, but he was no real help. I can append the chat transcript if anybody wants to see.
TIA for any guidance 
That’s how it is with VPNs. If your ISP didn’t know where your packets were going, it couldn’t deliver them to your VPN provider. Likewise, your VPN provider has to have a regular IP address to send your packets to Ookla, and that’s public information.
Two things though - your ISP doesn’t know your final destination is Ookla, and Ookla doesn’t know which of the potentially thousands of customers of the VPN provider you are, as you all share the same outbound IP. It would be very difficult, but maybe not impossible, for them to get together and track you.
Your ISP can’t see what you’re doing, just that you are using a specific VPN. Ookla can see that someone is accessing them from a specific VPN. Of course, if you sign in to a website, your privacy is probably gone. Also, there are ways of tracking you through the fingerprint of your web browser. Overall, you’re still better off with a VPN than not.
This is normal. Whenever you visit a website you basically say “hey send me this data, here is my (IP) address”.
A VPN adds a middle step, you tell the VPN server to do this part. The VPN server gets the data which is sent to their (IP address) and forwards it to you. It’s like using a mailbox service. All you mail goes there, anyone sending you mail can see that it’s going to a mailbpx provider.
The anonymity that is provided comes from:
-
the ISP can’t see what sites you connect to, just that you connect to a VPN.
-
sites cant see your real ip, just that you’re using a VPN.
-
usually you share that IP with many other customers. If 100 people are using the same mailbox, it’s harder to tell which post matches which user.
-
ISPs keep logs, and actively look to use these for profit. A VPN provider may not keep logs.
Use a VPN provider that doesn’t use their name when they set up their VPN servers. Ideally the VPN providers ISP shouldn’t know that the server is owned by the VPN provider.
Yes. That’s one of the ways you know your VPN is working.
Basically when you connect to the internet without a VPN, your router is making a “public/identifiable network” other machines on the internet. Those machines will see your router and IP and ISP service behind requests and connections.
A VPN (should) first route ALL internet traffic to your VPN service. Basically your router asks the VPN service to be it’s new router, and to take all internet requests that it gives it and to send them to the internet for your router.
Other tools you can look at of interest:
Your concern isn’t real, but in anycase do this test for other IP leaks: https://ipleak.net
And most likely your browser leaks IP via WebRTC unless you’ve already blocked that.
It’s amazing that so many people who use VPNs don’t understand how they work. This is how you get into big legal trouble if you thought that a VPN somehow provided anonymity.
yes… espc with pia users…
and one or two others… when they own the servers…
Thanks for confirming that it’s normal. I have read a little about browser fingerprinting, I’ll search around for more info. I am using uBlock Origin, I imagine I’ll need to do a bit more to make my browser ‘average’ or 'unremarkable.
I couldn’t have put it better. It’s a constant struggle between security, privacy and anonymity. There are some things that you can do to prevent browser fingerprinting as well.
https://browserleaks.com/ and http://12bytes.org have some decent suggestions
