When a VPN works like it should, it hides your traces online. It creates a virtual tunnel between your device and the online destination you want to reach. Your data stream is then encrypted, so your internet service provider (ISP) – or anyone else – can’t tell what you’re doing. It handily fools the basic DNS (Domain Name System) and IP checks. With a proper VPN service even ISPs that use invasive and resource intensive Deep Package Inspection can’t see what you’re doing.
If the VPN works as it is supposed to, nobody can tell where you’re connecting from. Your IP address – essentially the ID of your internet-connected device – is masked. Everyone considers the IP of your VPN server to be your actual IP. Premium VPNs like Surfshark even offer multi-hopping capability, which means that your traffic is secured by routing it via two different VPN servers.
But not all VPNs are made the same. Some of them are less secure. How to know if they’re safe to use? Let’s deep-dive into this by checking what data and how could they be leaking.
What Information Can My VPN Be Leaking
A failure on the part of your VPN can lead to one or several types of data leaking.
A DNS leak is the first way to leak information about the IP assigned to your internet contract and location (country). Checking the users DNS is the most basic test that many services that employ geo-blocking use.
The Domain Name System translates the web addresses that humans can understand and remember into IP addresses that computers use. Typically, your ISP’s server handles these processes. That way, it can also collect information on your web browsing habits, tying IP to addresses of websites visited.
Unlike opening an incognito tab on your browser, using a VPN hides this from the ISP. Consequently, when an ISP doesn’t have your browsing history, it can’t give it over to the government or sell it to advertisers.
Aside from leaving you disconnected from the content you want, a leaking DNS may also leave you vulnerable to DNS hijacking. It’s when someone makes your ISP’s DNS server route you to fake websites. That means you may be handing your email, social media and even bank account logins to criminals. You’re also vulnerable to DNS hijacking that ISPs themselves carry out to display ads or collect data.
IP is the address your device has on the internet. Leaking your IP is almost as good (or bad) as leaking the address of your home. In short, if a VPN isn’t hiding your IP, it’s useless.
If your IP is visible online, it can lead to many bad things. It’s what trolls and government operatives can use to track you down over your comments online. And if you’re using torrents, your real IP will now be visible to copyright protection agencies and copyright trolls.
Aside from these issues, a visible IP also leads to a bunch of inconveniences in your daily life. IP checkups are what streaming services use to identify whether you get access to geo-blocked content. All those libraries you were hoping to access? Gone. Depending on the company in question, you may also be facing temporary suspension of service or even bans.
An IP may leak because of incompatibility between two major internet protocols: IPv4 (deployed over 30 years ago) and IPv6 (ratified in 2017). While IPv6 was created to solve the issue of IP address depletion of IPv4 (as it only provided 4.3 billion IP addresses – way too few for a world where everyone has multiple connected devices), the protocols aren’t interoperable.
Web Real-Time Communication (WebRTC) comes with the most popular browsers. It enables them to offer real-time voice and video communication capabilities. This allows you to make a call from one browser to another without getting other software involved.
However, this feature has a flaw. It’s possible to code a program that creates a WebRTC connection to your browser. That way, your real IP address and country can be obtained. We already know it’s bad. As this leak comes from the browser, it is possible for the geo blocking websites to find out your real IP even if you’re using a VPN.
Some services that engage in geo blocking actually try to check for WebRTC leaks themselves. Chances are that you’re using a VPN to unlock streaming libraries. If the VPN can’t do that, then you might need a new one.
Preparing for VPN leak tests
You know that a good VPN won’t let you suffer DNS, IP or WebRTC leaks. But before you can test it, you have to set the baseline. In order to do that, you need to know what data we are looking for when we’re checking for the leaks. That’s why you must first run the tests to find out the information you’re trying to obscure. Afterwards, we can go to testing for leaks.The great thing is that these tests can be carried out without installing any new apps.
- Disconnect your VPN if you have one: we’re trying to find out your actual address now, and this might get in the way.
- Find out your IP: Use an IP test page to find out what your IP is. As an added bonus, it will also show the country your IP is tied to. At this step, you should be seeing your country’s flag.
- Write down your IP: this is your real address. We’ll compare it to the results of running those tests with a VPN on. You’re hoping not to see that set of numbers again.
- Find out your DNS: Much like with IP testing, you can use a DNS leak test page to figure out what your DNS is. The test will show not only your DNS provider, but also your country and the IP assigned to your internet connection (vs. the IP that your device has which is uncovered via IP leak checking).
- Note down the DNS results: Like with your personal IP, we’re hoping not to see it again during further testing.
Test if your VPN is leaking your DNS address
Obscuring your DNS is one of easiest, most basic ways of remaining hidden online. There are apps that can do it even without a VPN. However, any VPN should have this functionality just by the virtue of working. So here’s how the test goes:
- Turn on your VPN: connect to whatever server you want. The app will likely connect to the fastest server or the one you usually use .
- Go to the DNS test page: the test will be executed automatically as you enter the page. Check out the listed country, ISP-provided IP and DNS provider.
- Compare the results to your DNS from the preparation step: if they match, your VPN is leaking your DNS data.
- Rerun the test by connecting to different VPN servers: you may already know if a single server on the VPN app’s network is secure, but are the others secure as well? You should check that – a single leak here, even on a server you don’t use, may indicate troubles down the road.
Test if your VPN is leaking your IP address
IP address is essentially your address online. It’s a lot more personally identifiable than a DNS address. That’s why you mask your IP with a VPN. Time to run some simple tests and see if it’s leaking:
- Turn on your VPN: connect to any server.
- Go to the IP test page: the test will run automatically.
- Check whether the IP result matches the one we received previously: if the IP address on display is the same as your original one, your VPN is leaking.
- Run the tests with different servers: it’s an excellent way to make sure that your VPN is really airtight – and to see if those servers are in the country they claim to be in.
Check if your VPN is vulnerable to WebRTC leaks
WebRTC leaks are a bit different from DNS and IP leaks. WebRTC is a technology employed in your browser and not a part of the internet infrastructure. In fact, it requires some clever coding from the interested party to uncover information via WebRTC. Here’s how we can check if your VPN app prevents that:
- Launch your VPN app: you can connect to any server.
- Go to the WebRTC test page: the test will run automatically. It will show your IP, your internet protocol version (IPv4 or IPv6) and whether you have a leak.
- See if the IP address result matches your IP: if the addresses are the same, there is a WebRTC leak.
- Re-run the test with different VPN servers: better gather more data to be really sure.
Once you’re done with running the test, you will know if you’re vulnerable to WebRTC leaks. Armed with that knowledge, you can now work on improving your security. This will likely entail switching to another VPN provider – check “What to do if my VPN is leaking” section for details.
Bonus: check if your VPN is malware infected
If you’re using a free VPN, there’s a chance it might be malware-infected. That means that it’s snooping on you or stealing your data without leaks involved. Test it!
- Go to VirusTotal: it’s free, it’s web-based and it uses 70 antivirus tests and internet blacklists to check for malware.
- Upload the application file: that’s usually the .exe file found in the app installation directory for Windows users out there. For Mac, use the .dmg file.
- Run the test: somewhat self-explanatory. You won’t have to do anything yourself, as the website will carry it out for you.
- Check the results
A paper about VPN vulnerabilities says that failing about four tests would be a cause for concern. You can also see what rating the users have given to the file and the last time it was tested.
Bonus: make a VPN stress test
The other leaks tests are meant to determine if your VPN works when conditions are perfect. But what if they aren’t? What if your device encounters internet connectivity issues, and the VPN can’t handle them?
The following test is made to see if your VPN can maintain a tight seal even if your internet connection breaks and is reestablished. Therefore, it’s similar to the tests mentioned above, but with a few different steps.
- Launch your VPN app and connect to a server. Any server will do, though you’ll probably be using your usual server.
- Go to the DNS, IP, and WebRTC leak test pages. The links were provided in the previous tests above.
- Note the results. They should all match the parameters of the VPN server you have connected to.
- Interrupt your internet connection while the VPN is running. Disconnect your Wi-Fi. Disable mobile data (and then disconnect your Wi-Fi). Yank the internet cable out of your computer/router/modem.
- Reconnect to the internet.
- Revisit the leak test pages and check the results.
The above test will let you know if the VPN can handle the stress of connection loss successfully. If you want to, you can run this test a few times while connected to different VPN servers.
What to do if my VPN is leaking
What happens if you found out that your VPN is susceptible to DNS, IP or WebRTC leaks? You are now in the position to take action and solve this issue. The steps you can take are quick, easy to understand and will bolster your security in a big way:
- DNS/IP/country leaks: get a better VPN. Premium VPNs are more secure than free ones for a variety of reasons. For example, Surfshark not only passes all of those tests but also works on a no-logs policy and keeps no record of your online activities.
- WebRTC leaks: get a better VPN.
- Alternatively, you can try and find a browser that does not use WebRTC, which is hard to do in this day and age. You may also try to disable WebRTC on a browser, but this is a complicated process. Chrome users are better off with just using an extension.
- Malware: if your VPN is infected with malware, you should uninstall it, run the antivirus, and get a better VPN. Check it for malware before installing it. Surfshark passes that test handily.
It’s not easy to choose a VPN. When you finally commit to it, you want to know that it provides a quality service. That’s why you should test yours to see if it’s leaking information about you online. If your VPN app is leaking DNS, IP, your country location, or WebRTC, then you should definitely get one that doesn’t.