VPN Leak Test: You might think that by using a top-notch and leading VPN solution, you make sure that your IP and online activities remain hidden. Perversely, even the most expensive and most sophisticated VPN provider won’t protect you from IP address leaks originating in your web browser or operating system. To verify the data and identity safety; you need to make sure your system isn’t vulnerable to IP or DNS leaks. And prevent IP leaks you come across in your tests.
Read more: 10 Tips That Help You to Stay Anonymous Online.
The Anatomy of DNS and IP Leaks
All devices on a network, including the Internet, has a different identifier – its IP. To enable servers to store more than one site, and give easy accessibility to users; these websites servers translate strings of text (addresses) to numeric values (IPs); different folders on the server.
In an attempt of accessing a specific website address, your browser needs a translation from the web-page URL to the numeric identifier (IP) and destination folder on the particular server.
A request is then moved to the DNS server that delivers a real destination for the file; the browser will then load. This process is known as DNS resolution.
The DNS server is selected for resolution as a result of prioritization within the web browser and operating system including the browser configuration, local DNS server, the HOSTS file, Netbios, etc. This hierarchical selection of server is necessary when discussing IP privacy and security.
When using virtual private networks to secure your internet connection, the DNS resolution should take place on the servers configured by your VPN. Perversely, this is not always the case.
When the DNS resolution is made on a different server, it is possible to determine the IP from which the DNS resolution request originated – your IP address. Thus, using a VPN for online anonymity and privacy becomes futile.
Likewise, if a third party can snoop on your DNS requests (think of a man-in-the-middle attack), they can apprehend your information even if you employ a custom (and secure) DNS server. One way to stop that is to use DNSCrypt, encrypting the data traffic from your system to the DNS server. However, this does not guard your IP address against leaking.
How to Detect a Leak
Before we dig deep into the causes and types of common leaks, it is essential to know how to check if your system is vulnerable.
There are a lot of available sites and services online that can quickly test whether your system is leaking your DNS traffic or IP.
No matter what tool you use, the steps are pretty indistinguishable:
Disconnect your VPN app and point your browser to the testing site.
Make a note of your public IP and DNS server address displayed.
Connect your VPN app and go to the same site. Make sure you refresh the page.
Once connected to a VPN again, the site should not display you earlier noted IP or DNS server. If it does, you’re suffering from a privacy leak in your system.
However, if you’ve found that your VPN doesn’t quite anonymize your web access, below are the most common causes to the leak in your privacy.
1. Browser IP Leaks
The most common cause of IP leaks is a browser vulnerability that employs WebRTC. WebRTC is an API that enables web app (like chat and P2P file sharing) to run without utilizing any installed extensions or plugins. But it comes with a catch.
The browsers that support WebRTC – like Chrome and Firefox – use a STUN server (Session Traversal Utilities for NAT) to get an external network address.
A site that wants to know your real IP can very easily hide a piece of Javascript code to make UDP requests to this STUN server; which then route these requests to all the available network interfaces.
In this situation, both your real IP and VPN IP can be exposed, and it is worryingly simple to embed such a code in a supposedly safe website.
2. IP address Leaking from the VPN
Even with a VPN connection working, you should never count on the DNS server given by your ISP because your internet privacy could be at jeopardy. You can try using public DNS servers, like the ones provided by Google. But, if you’re paying for a VPN package, there’s really no reason for it not to incorporate secure DNS resolution on a dedicated server.
Another situation in which your VPN service could be the culprit for a leak is when it doesn’t support IPv6. The IPv4 protocol, which utilizes 32 bits addressing, provides for up to 2^32 devices in the world to get a unique public IP address. With the unparalleled growth of the Internet, we started to run out of these addresses, so IPv6 was introduced. It employs 128 bits addressing, so the number of available IPs is now 2^128 – a much higher number.
Perversely, the comprehensive selection of the newer IPv6 protocol has been too inactive. Some significant websites support both of these protocols and serve the relevant channel as per the client system. The problem arises when a VPN provider doesn’t support IPv6 and instead of addressing the issue, just blindly neglects it.
When using such an out-of-date VPN, sites supporting IPv4 alone are securely accessible utilizing the VPN. However, for IPv6 authorized websites, the VPN connection will fail to tunnel the request, so your web browser will be sending a clear text (unencrypted) request outside of your VPN. Therefore, leaving your real IP exposed.
3. DNS Leaking from the OS
As much as people love or hate Microsoft products, the reality is that a majority of people use Windows as their primary desktop operating system. However, there are some nuances you need to be aware of when using a VPN on Windows.
DNS resolution is made in a particular hierarchical order on any operating system. The first in order is the HOST file, where you can specify DNS mappings. If these are not available, the operating system will use the network connection configured DNS servers, and if they also fail to resolve the requested URL, the request will then be sent to Netbios. So if the highest priority DNS server can determine the request, Windows does not consult other servers.
Another thing to consider when using VPN on Windows is the issue with IPv6 addresses, which we discussed above. Windows uses Teredo tunneling to support IPv6 addresses for hosts still on the IPv4 network and do not have native IPv6 support. What this means is that you might be leaking your DNS outside of your VPN network.
Read more: Know These Things Before Choosing Proxy Service Provider
To Prevent VPN Leaks – Use A Tested VPN
We’ve tested hundreds of VPN services – for security, speeds, and of course – leaks. We can assure you that the VPNs culled down here won’t leak and put you in jeopardy:
1. NordVPN
- Double encryption for added security
- Automatic kill switch
- A variety of platform support
- Six simultaneous connections
- Zero log keeping policy of internet activities
- 3-Day free trial
2. ExpressVPN
- Unlimited Bandwidth with Ultra Speed
- Provides all VPN protocols OpenVPN (TCP, UDP), L2TP-IPsec, SSTP, and PPTP
- Dedicated VPN Apps for Android & iOS
- High-End Security with OpenVPN 256-bits
- Zero log keeping policy of internet activities
- 3 simultaneous connections
3. Surfshark
- AES 256-Bit Network Encryption
- Chrome Extension Available
- Kill-Switch functionality
- A variety of platform support
- Zero log keeping policy of internet activities
- Unlimited simultaneous connections
4. CyberGhost
- Uses AES 256 Encryption
- Supports OpenVPN, L2TP/IPsec, and PPTP
- DNS & IP Leak Protection
- Uses 2048 Key & MD5 Authentication
- Zero log keeping policy of internet activities
- Up to 7 Simultaneous Connections
5. Private Internet Access
- Offers all Protocols PPTP, OpenVPN and L2TP/IPSec including SOCKS5 Proxy
- IPv6 Leak Protection & DNS Leak Protection
- Kill-Switch functionality
- Encrypted Wi-Fi Protection
- Zero log keeping policy of internet activities
- 10 simultaneous connections
