What Are VPN Leaks? How to Test For and Prevent Them
Most virtual private networks (VPNs) can be relied upon to encrypt your data. But did you know that there are other pieces of information they might give away? VPN leaks can give miscreants more information than you might realize.
But what can you do about it? How can you put a stop to VPN leaks? Let’s take a look.
What Information Is Your VPN Leaking?
As I mentioned, most VPNs will encrypt the data you’re sending over their connection. So things like your credit card number and your passwords are likely to be safe. (There are, of course, exceptions.)
But you’re sending other information over that connection too, and that might not be encrypted. The two big ones are your IP address and your DNS requests.
IP Address Leaks
Your IP address is a unique identifier that tells others computers on the internet who you are. In many cases, that’s not a big security risk. Just because someone has your IP address doesn’t mean they can hack you.
It can, however, be a privacy risk. Your IP address tells other computers many things about you. Here are the results of an IP address test on my computer when it’s not connected to a VPN:
If someone were to get my IP address, they could find out my ISP and my location. That might not seem like a big deal, but almost any information can be put to use in identity theft.
Protecting your IP address ensures that other computers don’t know where you live. And that’s definitely a boon to your privacy.
Sites can also use your IP address to keep you from accessing their content. This is usually the case with streaming sites, but it could happen for other content, too.
DNS Leaks
Why are you using a VPN in the first place? One reason might be that you don’t want your ISP (or anyone else) to know which sites you’re going to. You might be afraid of censorship, censure from your ISP, or even government surveillance.
You might think that no one can see which sites you visit if the data you send over your VPN is encrypted. And that’s mostly true. But there’s one exception that can cause problems.
When you visit a website, you first send a request to a DNS server. The request basically says “I’d like to go to makeuseof.com, what’s the IP address?” (though DNS can do much more than that). The DNS server responds with an IP address, and your browser makes the connection.
Some VPNs send those DNS requests over unencrypted channels. That means everything you do on the site is encrypted, but if someone is looking hard enough, they’ll be able to tell that you asked for the IP address of makeuseof.com.
As you can imagine, this gives people a window into your browsing habits that you’d probably prefer they not have. No matter who you think might be snooping.
How to Test for VPN IP Address Leaks
To find out if your VPN is leaking your IP address, you’ll need to run a VPN leak test. First, make a note of your own IP address (you can just Google “what is my ip address”).
Next, connect to your VPN and make sure you’re connected to a server in a different city or country.
Then you’ll need to run a VPN leak test. There are plenty of sites that offer these tests, but Astrill’s is one of the best. Go to astrill.com/vpn-leak-test and select Run full test:
It’ll take a few minutes to run the test, and then you’ll see your results.
If the IP address listed is the same as the one you got before you connected to your VPN, your service is leaking. And that’s no good.
You’ll notice that many VPN leak tests, including the one provided by Astrill, will show your IPv4 and IPv6 addresses. The difference isn’t especially important to this discussion. What you need to know is that some VPNs aren’t as good at protecting IPv6 traffic.
You don’t want either revealed, though, so make sure to take steps to conceal both addresses.
If the Astrill test comes up as all green (and it’s not showing your actual IP address), your VPN is secure.
How to Prevent VPN IP Address Leaks
Your best bet for keeping your IP address concealed is to use a reputable VPN. Concealing your IP address is one of the most basic functions of a VPN, and if yours isn’t cutting it, it’s time to sign up for a new one.
Protecting your IPv6 address is a different matter. Few VPNs actually route IPv6 traffic through an encrypted tunnel—those that offer “IPv6 leak protection” usually just turn IPv6 off. Which isn’t a big deal.
If you’re using IPv6, though, make sure that the IP leak protection included in your VPN actually encrypts your traffic, and doesn’t just disable it.
How to Test for VPN DNS Request Leaks
To find out if you’re leaking DNS requests, you use the same tactics as above. Astrill will test your connection for DNS leaks as well.
You can also get more detailed information from dnsleaktest.com if you’d like to find out who might have access to your DNS requests.
Here’s what it looks like when I run an unprotected DNS test on Astrill:
And after connecting to a VPN:
If you run a DNS test and see servers from Google, your local ISP, or anyone that’s not a VPN or a secure DNS provider, you’re likely leaking DNS information.
How to Prevent VPN DNS Request Leaks
Again, your best bet is to use a reputable VPN. Top VPNs will have DNS leak protection built in, and you won’t have anything to worry about.
Still, it’s worth checking to see if your VPN client has an option for DNS leak protection and to make sure that it’s on.
Using secure DNS servers or servers provided by your VPN will also help boost your security.
Test for VPN Leaks Today
No matter how secure your VPN provider says their service is, you should always run some tests. Testing for IP address and DNS leaks will help you find the gaps in your VPN armor—and if there are any, to stop them up.
As with all matters relating to VPNs, your best bet is to use a premium service from a reputable provider. Check out our recommendations for the best VPNs to see which services are the safest and most reliable.