You might use a VPN to bypass geo-blocks, but you also expect it to protect your privacy at the same time, right? Well, if your connection suffers a leak, you’ll be out of luck. The VPN won’t be doing its job anymore.
What kind of leak? There are quite a few, and I’m going to explain them all here. I’ll also tell you which tool to use to check for VPN leaks (try it out here if you’re in a hurry), and what you can do to protect yourself from them.
Alright, let’s get started.
So What VPN Leaks Should You Worry About?
Here are the four types of VPN leaks you’re likely to deal with:
1. IPv4 and IPv6 Leaks
Before we get into this, let’s go over the difference between IPv4 and IPv6. Basically:
- IPv4 is the standard IP address format – x.x.x.x. So, 188.8.131.52 would be an IPv4 address. The problem with them is that they’re running out.
- IPv6 is the successor to IPv4. Its hexadecimal format (x:x:x:x:x:x:x:x) that can be separated by colons (x:x:x:x:x:x:y:y:y:y) supports a way bigger number of IP addresses. Here’s an example of an IPv6 address – 2001:0db8:85b3:0000:0000:8a5f:0370:7374.
Now, both of those types of IP leaks pretty much mean your VPN isn’t hiding your IP address like it normally should. Essentially, it’s leaking out of the encrypted tunnel. And websites, ISPs, and advertisers can track it.
IPv4 leaks tend to occur when the VPN service is faulty, or when there is a configuration error between your device, ISP, OS, and the VPN provider’s service.
IPv6 leaks can occur for the same reasons. But they can also occur if your VPN provider doesn’t support IPv6 traffic. To put it simply – the service will route your IPv4 traffic through the tunnel, but completely ignore the IPv6 traffic.
2. DNS Leaks
A DNS leak is when your DNS queries (your connection requests to websites) don’t get routed through your VPN provider’s DNS server. Instead, they go through your ISP’s DNS server, meaning they can see what you’re browsing online. Also, websites can see your real IP address too.
That, or the queries bypass the VPN server altogether.
DNS leaks can happen for many reasons: your network isn’t properly configured, Teredo and smart multi-homed name resolution features get in the way on Windows, IPv6 leaks happen, your ISP uses a transparent DNS proxy, or, worst of all, hackers took over your router.
3. Browser Extension Leaks
This is similar to DNS leaks (that’s what they are, actually) but the situation is a bit different. With these kinds of leaks, the VPN extensions are the culprits. Research actually showed that a worrying number of popular VPN extensions on Chrome leaked user data through DNS leaks.
Basically, the problem is with DNS prefetching – Chrome’s attempt at resolving domain names before you manage to follow a link. Normally, that should offer convenience, but it just leads to DNS leaks because the extensions use a script which DNS prefetching bypasses.
4. WebRTC Leaks
This is when WebRTC functionality within a browser causes an IP leak even when you’re using a VPN. Once again, research has shown that many popular VPN services leaked user IP addresses due to this.
What’s worse, given how WebRTC works, these leaks allow websites to access user IP addresses without their knowledge or consent. And did I mention that WebRTC is enabled by default on pretty much all browsers?
How Do You Even Detect VPN Leaks?
It’s not something you can detect on the spot. There are no signs you can watch out for to make sure your VPN connection isn’t leaking any data.
But don’t worry – there’s a very simple tool you can use to check your VPN for leak really fast. You can try it out here. Just disconnect from your VPN, pick your country from the list, re-connect to the VPN, and let the tool do its thing.
It’ll immediately tell you if you’re experiencing any leaks or if your VPN is doing its job right. Best of all – the guys from ProPrivacy were nice enough to offer tons of useful info about VPN leaks on the tool page, including a link to a very comprehensive guide on how to protect yourself from IP leaks.
How to Prevent VPN Leaks
If you don’t have time for a lengthy guide about this, I’m going to give you some quick tips on how to protect yourself from VPN leaks:
- Use a VPN service with built-in DNS and WebRTC leak protection. NordVPN, ExpressVPN, Perfect Privacy, and CyberGhost are good options.
- If your VPN service doesn’t support IPv6 traffic, disable IPv6 on your device. Here are two guides (first and second) that should help you out. You can also use a VPN service that automatically blocks IPv6 traffic.
- Disable operating system features that can cause VPN leaks like Teredo and smart multi-homed name resolution. If you don’t want to disable the second feature, or don’t think it’s gone for good, use this patch if you use OpenVPN.
- Change your router’s default login credentials with new, more secure ones. That’s a good way to protect it from hackers.
- Use uBlock Origin. It’s an open-source script blocker that can successfully block WebRTC leaks. To be extra safe, you can also disable that feature manually. Here’s how to do it on different browsers.
- Change your default DNS settings with Google Public DNS (184.108.40.206 and 220.127.116.11) or OpenDNS (18.104.22.168 and 22.214.171.124).
VPNs are great for protecting your privacy – except when they don’t work because they suffer leaks. Luckily, you can detect them with the right tool, and there are things you can do to prevent them from endangering your data.
Do you have other tips on how we can prevent VPN leaks, or what other types of leaks we need to worry about? Share your thoughts with all of us in the comments below.