I’ve been running some tests on my Proxidize proxies to check if anything is leaking, since I suspect some of my activities are being flagged. I recently noticed that when I run them through p0f, they consistently show up with a link type of PPTP.
When I test other proxy solutions under the same conditions, they don’t get detected this way.
Has anyone else experienced this? Is there a reason Proxidize proxies would appear as PPTP in p0f, and is there a way to prevent or mitigate this detection?
Thank you for the inquiry, What you’re seeing with p0f reporting PPTP isn’t actually a true indicator that Proxidize is using PPTP as a tunneling protocol. Instead, it’s related to how p0f classifies traffic based on TCP/IP signatures.
Proxidize proxies are simply forwarding connections over HTTP/SOCKS, but tools like p0f rely on heuristics and pre-defined signatures to “guess” what protocol is running. Sometimes those guesses are inaccurate or misleading, especially when the fingerprint doesn’t perfectly match its database. In your case, the traffic patterns Proxidize generates just happen to resemble signatures p0f associates with PPTP.
A few key points:
It doesn’t mean your proxy traffic is actually running over PPTP.
Detection tools may mislabel traffic, but what really matters is how the destination service (the website or app you’re accessing) interprets it.
There’s no real way to “fix” p0f’s classification, since it’s based on its internal fingerprint database. However, you can:
Compare results with multiple fingerprinting tools (p0f is fairly old and hasn’t been updated in years).
Focus on testing for leaks with modern tools (DNS leak tests, WebRTC checks, IP/GeoIP lookups) since those are closer to what services actually use for detection.
In short: seeing PPTP in p0f is normal and not a leak, just a side effect of how it interprets TCP/IP signatures. Your traffic is still going through Proxidize normally.
It doesn’t mean your proxy traffic is actually running over PPTP.
Detection tools may mislabel traffic, but what really matters is how the destination service (the website or app you’re accessing) interprets it.
There’s no real way to “fix” p0f’s classification, since it’s based on its internal fingerprint database. However, you can: