The VPN, Facebook, and China

We have had at least two reports that some people logged in to our GlobalProtect VPN are also logging into Facebook, examining their current Facebook logins and finding that they’re unexpectedly logged in from China (or Qatar).

This is not the case; we believe that Facebook is “confused” about the location of certain network addresses.

To see where you are logged into Facebook from, choose the downward pointing arrow in the blue Facebook menu bar – it’s next to the question mark at the end at the right. From the drop down menu that appears, select “Settings”.

This changes the page to show your settings with a series of links down the left of the window; select “Security and login” and the main are will change to show various bits including a section marked “Where you’re logged in”.

(This is my list – it is more likely to show “Windows” than “Linux” for you).

Next to the best guess at the operating system of a particular device you can see where Facebook thinks you are logged in from. If you hover the mouse pointer over than location, it will reveal the network address you are logged in from …

This shows the incorrect (and potentially worrying) location of Shanghai, China. However the network address shown when hovering the mouse pointer over the location shows an address beginning with 148.197.

This indicates that :-

  1. The network address belongs exclusively to the University.
  2. The network traffic that originated with your PC (or other device) was routed through the VPN and went directly from there to Facebook.
  3. At no point is there any indication that this traffic went anywhere near China.

The problem is with Facebook who have apparently got a corrupt “GeoIP” database.

This entry was posted in Active Attacks, VPN and tagged , . Bookmark the permalink.