[jacob019]

It seems that this is only an issue if there is a malicious actor present on the remote network. I've always considered VPN services to be snakeoil, and this doesn't really seem like a problem with VPN technology at all. If you are connecting to an untrusted network, then you are at risk. This has always been true. From the VPN service providers perspective, can't this be mitigated by blocking direct traffic between clients?

[WirelessGigabit]

But VPNs are sold as the solution for when you are on an untrusted network, like at Starbucks.

But, because of this someone can have a Pineapple with a Starbucks SSID, push option 121 and capture a WHOLE bunch of traffic, even though the person using it has configured NordVPN on their iPhone with the killswitch on.

[ang_cire]

My VPN is for my tunnel out of my home network, not for remote networks. This is definitely a major issue if mitigations aren't implemented, but it's not relevant to all use cases for VPNs.

[bscphil]

> It seems that this is only an issue if there is a malicious actor present on the remote network.

As I understand it, the problem comes not from the remote network provided by the VPN, but by the local network - the physical link over which the user accesses the Internet.

[jacob019]

Ah, thanks for explaining. So this is only an issue if there is a malicious actor present on the local network. I would say that you are already compromised at that point. Say you are using public WIFI, a VPN service is pointless, you already have an anonymous public IP. Anything sensitive is encrypted end-to-end. And most public WIFI has client isolation. I suppose it could be a problem in certain countries, if your ISP can find out that you're visiting banned sites with a VPN.

[gruez]

eg. malicious wifi hotspot