Bluetooth Dummy on Purism 13

I have installed Proton VPN on my Purism 13 Laptop.

Upon accessing network settings afterwards, I noticed Bluetooth was suddenly activated.

However I have never used Bluetooth previously, so I would like to hear if this is something to worry about, or if it is just me being paranoid.

When accessing the Bluetooth settings, the connection name is called “pvpn-ip6leak-protection”.

I have also uploaded screenshots so you can se what it is I am talking about.

That is odd, especially since from my understanding PureOS doesn’t support bluetooth out of the box due to the laptops needing proprietary drivers.

Prptonvpn has ipv6 leak protection. Not sure why it needs a dummy Bluetooth connection unless its some sort of weird redirect.

Thank you for your replies.

I also suspect this is part of Proton VPN, however I have lately had my WiFi hacked, and atm my MacBook Air is compromised, with some kind of exploit affecting the Proton VPN application.

So I have reason to believe my WiFi also is compromised, so there is a possibility this person who is hacking me, has affected the installation of Proton VPN in some way.

In regards to the Bluetooth dummy, their is a connection as you can see on the attached screenshot.

Ask Proton VPN whether this is an artifact of their implementation? It may even be covered by documentation on their web site.

A search on the internet for that IPv6 address (fdeb:446c:912d:8da::1) suggests that this is somewhat normal.

If you don’t need IPv6 at this point in time, you could just turn it off (on your real network interface) and that might make this go away.

i have been using protonvpn on my purism 13 for a year now and its never done anything to the bluetooth.
may be an issue with your software but i would definitely
contact Proton about it as this is an issue they should be aware of

@irvinewade may have hit on it. I do not see this on my system; I have IPv6 turned off for now.

Another possibility is to make sure IPv6 is actually disabled in whatever WIFI you use to connect and use with your VPN.

Thank you for your replies.

I also believe this is part of Proton VPN security, however in my case it seems to be working against me (which I will try to evaporate on).

As I have already mentioned briefly, the WiFi in my apartment has been compromised for some time, which in turn has led to my MacBook Air getting infected with some very resilient malware. I believe this to be some kind of “application root kit”, in particular affecting my VPN solution from Proton (and I have been in contact with Proton Support for some time).

In regards to this “Bluetooth Dummy” on my Librem 13. Like some of you guys has suggested, there is no drivers for Bluetooth in Pure OS software. Meaning you either have to plug in a Bluetooth Dongle, or get creative with the Debian OS (I have done neither). Besides I have the wireless hardware switch turned on at all time, and the few times when I do go online it is always by using a cable.

So it is these things added up, which tells me that things are not functioning how they are supposed to.

I am really interested in hearing your comments, in regards to the different observations that I have made.

Please feel free to ask questions or if you need me to evaporate further by comments, or by providing evidence for my claims.

For your information, I have left the Proton VPN still installed on my computer. in order to secure evidence.

If you know this to be true, then I suggest you immediately buy a new WiFi router and set it up with a different admin user name and different (strong) password. Set your router to restart at a certain time every day, as this will defeat some malware, but probably not all.

If your Mac is compromised, and if there’s no way to clean the malware, then you should not connect it.

Thank you for your reply.

My current solution was 5G mobile data, but to be on the safe side, I have switched to a provider delivering data by cable (who will also provide me with a new router).

Furthermore I have ordered a Netgate PFSense Router.

My MacBook Air is completely worthless, and I do not use it for anything other then safekeeping the evidence until I am able to get the attention of the police (whom has been completely negligent in regards to helping me out until now).

Lastly I do have a backup router from GL iNet (Mudi), which I will take into use until my new router arrives.

1 Like

Be careful though … a router for data delivered by any wired technology may still have WiFi capability on the router. So if you are worried about WiFi then you must make sure that WiFi is off by default on the router and as @amarok says you must make sure that the router’s admin user name and password are changed immediately (before giving access to the internet) if they come with a public default.

As the Librem 13 has no ethernet (confirm?) you would either eventually need to enable WiFi on the router or you would need to be using a USB-ethernet dongle. If you do enable WiFi on the router then you must ensure a strong WiFi password/passphrase (recommended minimum length 20, and random printable ASCII).

In my case, even though there is about zero chance of a war driver conducting a WiFi compromise, I have unscrewed the WiFi antennae on my router.

Sorry for my late reply

I hear what you are saying (irwinewade), and I
can inform you that it is my plan to deactivate the WiFi, and only connect the PFSense I have ordered.

Furthermore I will connect all most of my devices to PFSense by cable, and for those devices where Will is the only option, I will setup a “guest user account”.

In regards to my Librem 13, I do connect by cable, using a USB C - Ethernet adapter, which has been working out fine the few times I been online.

Since last I have been in constant connection with Proton Support, explaining them about the different difficulties I experiencing, and to be honest I am far from satisfied with the Proton Support.

It is not that I am unhappy with the support in general, or that the person I have been in contact with has not been helpful and polite (they have been all that no question). At the same time it is my impression that the company policy, prevents employees the option of admitting any responsibility in regards to their being the slightest possibility that what I am experiencing could be caused be some vulnerability in their software, even though I am experiencing problems with their product on all my different devices at the same time (MacBook Air, iPhone 12 Pro, and Librem 13).

Finally I have made some discoveries in regards to what is happening on my MacBook Air, I have done some research, and due to the fact this exploit is able to control applications like Proton VPN, Malwarebytes, Little Snitch and Wireshark, it narrows down the possibilities.

Given these things I am quite certain this malware must be positioned somewhere in the boot loader (causing it to be undetectable, and unaffected from system resets). From where it has been able to access to the kernel and take control over these different applications.

I am aware this is highly advanced mac security, however I am quite certain this is what has been going on, and should anyone be interested I will be happy to explain/show why that is.

I don’t doubt that that is true but there is another factor: They simply don’t know the full details of your IT situation. They didn’t install it. They don’t maintain it. They don’t know the history of it. They don’t have access to it.

They would not be in a position to ascribe responsibility, over and above speculation. So for both of the reasons (not wishing to admit liability, insufficient information) they would be reluctant to make any pronouncements.