Control of the DHCP server in the victim’s network is required for the attack to work.
This is not a VPN vulnerability, but a lower level networking setup manipulation that negates naive VPN setups by instructing your OS to send traffic outside of VPN tunnel.
In conclusion, if your VPN setup doesn’t include routing guards or an indirection layer, ISP controlled routers and public WiFis will make you drop out of the tunnel now that there’s a simple video instruction out there.
Lemmy proxying image loads won’t fix this issue at all. Unless you only ever access resources through it, which you won’t. It will even make the problem worse by exposing a single attack surface.
Don’t trust the collection of random internet services to protect interests they are not set out to protect. You wanna hide your IP? Use VPN or Tor.
I mean, Stallman has a point here.
By not using internet. No, seriously, if you access something over the internet, you will leave tracks. This here post is nothing new or inherently scary on its own. I used to have forum signatures that would tell people what browser they were using or from what IP they were coming.
What you really want to do is disable third party cookies on everything you own. That (and things like hsts super cookies) is what tracks you.
If you’re using an app to browse Lemmy, you might ask for their implementation to reject cookies and fingerprinting attempts when displaying images and other embeddables.
a minute later edit: And yeah, if you don’t like web services to know the IP address given to you by your ISP, VPN is a decent option.
This is blatantly false. They can see IP addresses and ports of you connect to from IP packets, and hostnames from TLS negotiation phase (and DNS requests if you don’t use custom DNS settings). HTTP data is fully encrypted when using HTTPS.
If exposing hostnames and IP addresses is dangerous, chances are that establishing a VPN connection is as dangerous.