The attack is only possible when you have untrusted devices on your local LAN. If you’re already bringing your own gateway with a VPN on it then I’m guessing untrusted LAN devices aren’t much of a concern. But if you did have something untrusted on your LAN and you’re using DHCP, then that untrusted device could snoop your unencrypted* traffic with this trick, albeit it couldn’t find your real IP since your gateway is concealing that.
The attack seems most feasible in a coffee shop wifi situation, where you’re unlikely to be bringing your own router.
*by “unencrypted traffic” I mean traffic that’s not encapsulated for transport to your VPN provider. Most everything is HTTPS nowadays so the contents of that traffic would still be encrypted of course.
Why would you be unlikely to bring your own router in a coffee-shop situation? My travel router fits in a small pouch with its power adapter and together is no larger than a couple of decks of cards. If I have my laptop, then I have my backpack, which means I have my travel router.
Hah, well I have a travel router as well I use for things like hotels, but I wouldn't really want to bring it to a coffeeshop because the setup process is a bit onerous. I need to get the travel router to connect to whatever the coffeshop's wifi is and then get through its captive portal. The last part can be tricky in my experience though it's certainly doable.
Personally I wouldn't bother with the hassle and would instead just rely on an on-device VPN which I now would need to ensure is protected from this type of attack.
The attack seems most feasible in a coffee shop wifi situation, where you’re unlikely to be bringing your own router.
*by “unencrypted traffic” I mean traffic that’s not encapsulated for transport to your VPN provider. Most everything is HTTPS nowadays so the contents of that traffic would still be encrypted of course.