We discovered a fundamental design problem in VPNs and we're calling it TunnelVision. This problem lets someone see what you're doing online, even if you think you're safely using a VPN.
also set up your VPN to push /2s if this relies on /1s,
I don’t think this is a smart way to mitigate this because it could easily result in an arms race. Push /2s, the attacker will switch to /3s; push /4s, the attacker will switch to /5s, etc. Every +1 is going to require doubling the number of routing table entries.
That can’t continue forever, obviously, but it’s going to result in a negative experience for the user if the VPN client has to push hundreds or thousands of routes to mitigate this attack.
I don’t think this is a smart way to mitigate this because it could easily result in an arms race. Push /2s, the attacker will switch to /3s; push /4s, the attacker will switch to /5s, etc. Every +1 is going to require doubling the number of routing table entries.
That can’t continue forever, obviously, but it’s going to result in a negative experience for the user if the VPN client has to push hundreds or thousands of routes to mitigate this attack.