TLDR: While using neurorouting, your DNS requests are made through a DNS server that is persistently and geographically associated with the Perfect Privacy (PP) server the user first connects to, rather than with the PP server that the user exits the PP network from gets their external IP address from. This means that to any website/destination that bothers to check your DNS, all of the additional server hops that neurorouting routes you through might as well not have happened; neither the multi-hop benefits nor the 'you get a different IP for every connection you make' benefits of neurorouting are effective this way.
Long version copy-pasted from reddit:
I recently registered for a month of Perfect Privacy VPN to try out their neurorouting feature, about which I was very enthusiastic. Neurorouting functions as a dynamic optimized multi-hop configuration. You turn it on and connect to a server, which then functions as your entry server, and once within the perfect privacy network they will flexibly route your request through another 2+ of their servers to get you as geographically close to the destination address of each individual connection attempt as possible. This has the usual benefits of multi-hop, and keeps your traffic safer and encrypted within the PP network for as much of the distance as possible.
But most importantly, neurorouting means you have a different external IP for each connection you make*, even if you run a whole bunch of simultaneous connections. This is a major privacy improvement over a traditional VPN, because now the browser tab in which you open your email and the connection that your antivirus has running to its update servers can't be correlated to the browser tab in which you browse your privacy-sensitive websites. This is pretty major if you like to have different tabs open, or simultaneously download your email for several addresses that you don't want linked to each other, or anything like that. Even Tor doesn't offer this, requiring you to close one connection and start a new identity before opening the next if you don't want two accounts linked to each other.
Or so I hoped. But running their service and doing a few standard VPN tests, it turns out that even with neurorouting turned on and DNS leaks blocked by the usual means, perfect privacy will always send your DNS requests through a DNS server that is persistently linked to the perfect privacy entry server you connected to, and most of the time in the same country as it too.
So instead of having an ordinary VPN that leaks your real ISP through your DNS requests as with ordinary DNS leaks, you have an expensive VPN with a cutting edge dynamic multi-hop feature that is effectively reduced to an ordinary single-hop VPN because it'll always give you the same DNS server even as it dynamically adjusts your external IP.
As I understand it, the way neurorouting should work is that to anyone you connect to on the internet, you look indistinguishable from anyone else in the group of neurorouting-enabled perfect privacy users, as well as from any neurorouting-disabled perfect privacy users that happen to connect through the same perfect privacy exit server through another type of config. But with this leak, instead to any website using DNS-leak checks, your traffic can be narrowed down as coming from the much smaller group of neurorouting-enabled perfect privacy users who happen to have your particular entry server selected. Effectively, you'll be several times more recognizable than you would be if you hadn't had neurorouting enabled at all**.
I mailed at length with perfect privacy customer support about this, but they don't seem to understand why this presents a serious problem with their feature, so now I'm posting here to warn anyone else interested in the neurorouting feature for the same reasons I was.
*Strictly speaking, you don't have a different IP for each connection you run, but rather for each of many geographical areas of the world defined by their nearest proximity to a single perfect privacy server.
** I know that any VPN worth their salt will assign you an exit IP shared by several other users, somewhat mitigating the risk of having simultaneous connections linked to each other. I also know about browser fingerprinting and similar tricks that can be used in addition to tracking your IP and DNS to try to narrow down your identity to track it across different connections. While important, I don't think those things matter much here because this post is about a problem affecting the added value of having this expensive VPN with neurorouting enabled.
Long version copy-pasted from reddit:
I recently registered for a month of Perfect Privacy VPN to try out their neurorouting feature, about which I was very enthusiastic. Neurorouting functions as a dynamic optimized multi-hop configuration. You turn it on and connect to a server, which then functions as your entry server, and once within the perfect privacy network they will flexibly route your request through another 2+ of their servers to get you as geographically close to the destination address of each individual connection attempt as possible. This has the usual benefits of multi-hop, and keeps your traffic safer and encrypted within the PP network for as much of the distance as possible.
But most importantly, neurorouting means you have a different external IP for each connection you make*, even if you run a whole bunch of simultaneous connections. This is a major privacy improvement over a traditional VPN, because now the browser tab in which you open your email and the connection that your antivirus has running to its update servers can't be correlated to the browser tab in which you browse your privacy-sensitive websites. This is pretty major if you like to have different tabs open, or simultaneously download your email for several addresses that you don't want linked to each other, or anything like that. Even Tor doesn't offer this, requiring you to close one connection and start a new identity before opening the next if you don't want two accounts linked to each other.
Or so I hoped. But running their service and doing a few standard VPN tests, it turns out that even with neurorouting turned on and DNS leaks blocked by the usual means, perfect privacy will always send your DNS requests through a DNS server that is persistently linked to the perfect privacy entry server you connected to, and most of the time in the same country as it too.
So instead of having an ordinary VPN that leaks your real ISP through your DNS requests as with ordinary DNS leaks, you have an expensive VPN with a cutting edge dynamic multi-hop feature that is effectively reduced to an ordinary single-hop VPN because it'll always give you the same DNS server even as it dynamically adjusts your external IP.
As I understand it, the way neurorouting should work is that to anyone you connect to on the internet, you look indistinguishable from anyone else in the group of neurorouting-enabled perfect privacy users, as well as from any neurorouting-disabled perfect privacy users that happen to connect through the same perfect privacy exit server through another type of config. But with this leak, instead to any website using DNS-leak checks, your traffic can be narrowed down as coming from the much smaller group of neurorouting-enabled perfect privacy users who happen to have your particular entry server selected. Effectively, you'll be several times more recognizable than you would be if you hadn't had neurorouting enabled at all**.
I mailed at length with perfect privacy customer support about this, but they don't seem to understand why this presents a serious problem with their feature, so now I'm posting here to warn anyone else interested in the neurorouting feature for the same reasons I was.
*Strictly speaking, you don't have a different IP for each connection you run, but rather for each of many geographical areas of the world defined by their nearest proximity to a single perfect privacy server.
** I know that any VPN worth their salt will assign you an exit IP shared by several other users, somewhat mitigating the risk of having simultaneous connections linked to each other. I also know about browser fingerprinting and similar tricks that can be used in addition to tracking your IP and DNS to try to narrow down your identity to track it across different connections. While important, I don't think those things matter much here because this post is about a problem affecting the added value of having this expensive VPN with neurorouting enabled.