Uganda: How the Government will identify and penalize all VPN Users.

Share this Story:

A couple of months ago just after the government introduced the OTT Tax, many social media fans and addicts worked around the clock to find themselves a non-taxing option for accessing their social media accounts, the best of their bet amounted to the use of VPNs (Virtual Private Networks). One thing they didn’t bother questioning though “How or When can a VPN User be located?”

By virtual of theirs design, virtual private networks are specifically modelled to mask and veneer a user’s IP (Internet Protocol) Address just so making a given user appear anonymous over the internet. This means that one’s location cannot be identified (of course, under conventional methods). Therefore, a 100% safe browsing cannot be guaranteed without extra precaution.
Chrome, Firefox and Opera are the widely used browsers amongst many internet users in Uganda. The unfortunate bit is that a flaw was recently discovered rooted deep within these browsers and a number of other Web based applications suggesting that there is a way a user’s true IP Address can be identified and hence your location established. So this way any a governmental organ of interest can identify you to be using a given site. And truly, you might not want to be nailed among those defaulting taxes depriving the state of its finances.

The vulnerability allows making remote use of the Web Real Time Communication feature (WebRTC) to successfully reveal a user’s true IP Address irrespective of whether connected to the VPN or not. This way, any user’s location-protective layer attached to the IP can be compromised, their location identified and finally the ISP recognized.
While describing the vulnerability Daniel Roesler of GitHub explains that

“STUN requests are made outside of the normal XMLHttpRequest procedure, so they are not visible in the developer console or able to be blocked by plugins such as AdBlockPlus or Ghostery. This makes these types of requests available for online tracking if an advertiser sets up a STUN sever with a wildcard domain”

With such revelations of flaws and vulnerability, it is only a question of time of when these can be duly made use of hence penalizing whomever falls victim.
Providently however, there are number of ways and a number of precautions users can undertake to counter this fatal exposure and disclosure. We’ll be looking at how to counter these in our next article.

7,621 total views, 19 views today

Leave a Reply

Your email address will not be published. Required fields are marked *