A virtual private network (VPN) is almost a necessity for using the internet these days if you’re concerned about your privacy! There are too many prying eyes with an interest in stealing your personal information to navigate the net without one. While VPNs are great for thwarting predators, they’re also nice for masking your IP address.
But it’s not only IP leaks that are a concern when a VPN fails.
3 Primary Ways a VPN Can Leak
By Way of Your IP Address
This type of leak shows your actual IP address, exposing your physical location as well as each site you visit. Since this is why you’re using a VPN, to begin with, you don’t want an IP leak.
By way of WebRTC
Most browsers have Web Real-Time Communication (RTC) protocols built into them. WebRTC is a newer internet standard that makes it easy to participate in chat and video exchanges as the protocol is non-proprietary and supported by almost every browser natively. And because of the manner in which WebRTC works, malicious websites that you visit can make a request and access your real IP address. Any VPN you use should absolutely address this or your privacy will be at risk.
By Way of DNS
The DNS handshake between you and a website gets handled by your VPN and is secure. Updates to operating systems like Windows have unfortunately created vulnerabilities. While Microsoft’s intent is to make the DNS process faster, the way they do it allows leaks through small side “tunnels” of information.
Our goal is to help you determine if your VPN is leaking data. From there, you can either troubleshoot it or switch to a more secure VPN company. No matter what, by the end of this article you should know where your security stands.
Why It Matters If Your VPN Leaks
Everyone should use a VPN to protect themselves online. Companies want your data to market to you, and criminals want your money and identity. Even your government might be spying on your activity online.
A VPN prevents a lot of snooping, but one major thing is that it stops your ISP from seeing your activity online. If you like to torrent movies or you game a lot, your ISP might slow down your connection. They do this to get you to buy their more expensive internet packages.
By using a VPN, they can’t detect what you do online, preventing this practice.
Streaming services like Netflix and Hulu have a lot of content that isn’t available in all regions. A VPN can allow you to access region-blocked content and stream as much as you want. These streaming services have security protocols in place to stop VPN usage, however.
If Netflix detects you’re connecting from a blocked country, they will ban your IP. While VPN services are working to get around this safeguard, it means nothing if you’re leaking data. A leak will put your streaming plans on hold.
Even high ranking VPN companies can falter and leak data sometimes. This leaves you exposed to criminals looking to steal your information. A simple IP leak can mean a big headache if:
- Your ISP detects higher-than-normal bandwidth usage and throttles your data.
- You are streaming and your VPN fails, exposing your activity.
- The streaming service you’re using blocks your IP address (Netflix, for instance).
- Anyone can use your IP address to determine where you’re located.
The purpose of a VPN is to obscure your IP by routing your connection through their servers; even a little failure is a big deal. The good news is that it’s pretty simple to determine if your VPN is leaking your IP:
- Go to Google and search for: “what is my IP address”
- It will give you a string of numbers; this is the IP address the internet sees you using. If you’re connecting from a VPN, this will be someplace different than where you are now.
- Input “IP” into Google again. It will show you the geolocation of that IP address. If it’s your actual neighborhood, you’ve got a problem.
If you don’t have a leak, then no problem – go watch some Netflix. Assuming you do have one, however, you might be wondering how to fix it.
The issue with an IP leak is that it’s likely to be a problem with your VPN in general. The easiest and most time-saving method of patching your IP leak is to switch VPN providers. There are many companies out there and the competition is forcing constant improvements.
Two of the companies known for the most secure VPNs are NordVPN and ExpressVPN.
There are other methods of securing your IP better, but they are not simple and are not much more effective than trusting a new VPN. If your current VPN is leaking your IP, it might be time for a switch.
Your DNS is the handshake protocol between your machine and the website you’re visiting. Robots don’t like names like “google.com” and instead translate that into a string of numbers. This information should go through your VPN tunnel, keeping your information safe.
The problem comes in because some programs want this process to go faster. Instead of a single river of information, the leaks happen because the information takes little streams instead. Anyone can spy on these information streams and that defeats the purpose of your VPN.
You can test to determine if you’re leaking information through your DNS at DNS Leak Test. Pick the extended test and though it isn’t as quick, it will tell you for sure if you’re leaking information. What you’re looking for are DNS servers provided by your VPN, otherwise, you’ve got a leak.
Unlike an IP leak, there are a few different types of DNS leaks to concern yourself with:
The concern with this type of error is on mobile for the most part. These arise when your mobile device is switching between WiFi and other connections. Sometimes your device will make a connection before routing through the VPN server.
You can mitigate this risk by keeping your mobile device from automatically connecting to networks.
These types of errors occur because up until the last few years, websites solely ran on a protocol called IPv4. Because of the desire to update and get rid of IPv4, developers have implemented IPv6. The problem is that many sites still run on the IPv4 platform and so computers use both.
This dual usage can cause issues when your IPv6 takes precedent and connects over any IPv4 protocols. This can and often does cause information leaks. Luckily you can disable the IPv6 system and prevent this type of leak.
This behavior relates to IPv6 leaks. There is a protocol in use that is helping the migration from IPv4 to IPv6, called Teredo. While it’s innocent and useful, it can be pretty unhelpful when it causes DNS leaks.
To connect your device, Teredo creates a tunneling system like your VPN, but it can override your VPN. This causes DNS leaks to occur but you can work around it by disabling IPv6.
This is a trick employed by your ISP to reroute your attempts to change your DNS. If they detect you’re using a VPN or a public DNS server, they’ll hijack the request to one of their own servers. The worst part of this is that you might not even know they’re doing it!
ExpressVPN and NordVPN both have tools built in to identify and avoid this type of behavior. This is one of the only ways to fight these proxies, unfortunately.
One way to fix DNS leaks is to change your DNS provider. Rather than routing through your PC, it’s like another VPN. Google and OpenDNS both provide this service. By routing your DNS requests through them, even if they leak it won’t be traceable to your actual PC.
It’s a lot easier to spot-check your own IP leaks using the method above but to find a DNS leak, you need a special test. Some VPNs like NordVPN have this type of test built-in. There are also companies like DNSCrypt that will encrypt your DNS for you for more security.
But if you’re doing that you’re paying extra for something your VPN should already do, and it’s another monthly expense. Like with IP leaks, switching VPNs is a reasonable workaround here. The beauty of switching to a different VPN is that if there is an issue, you need only to submit a support ticket to fix it.
WebRTC is a great tool that allows websites to connect you in real time to the site and other users. This is what allows you to send live audio and video without awful lag or choppiness. This ability is not without its trade-offs, though, and one of them is how vulnerable this communication is.
WebRTC leaks aren’t so much a failure of your VPN as they are a problem with your browser. It’s also not the browser’s fault – the WebRTC design that provides so much utility does so by opening you up to this weakness. Seeing as how this is a basic function of WebRTC, the only thing you can do to “fix” it is to block it.
Each of the major browsers has a workaround to addressing the WebRTC issue:
Chrome is easy to fix by applying for a simple extension. It won’t disable WebRTC, but instead, it addresses the settings that allow it to leak data.
For Safari, the process is a bit more involved:
- Click on Safari and choose “preferences”
- Click “advanced” and then the box that says “Show Develop menu”
- From the “Develop” menu choose WebRTC, and disable the button that says “Enable Legacy WebRTC API”. If this box isn’t checked, it’s likely not an issue.
Firefox actually has built-in processes for fixing WebRTC leaks.
- Type “about:config” into the address bar at the top of the Firefox screen
- Click through the warning pop-up and you’ll get to the settings panel. Using ctrl+f, find the phrase “media.peerconnection.enabled”
- From there, the three values to the right should say “default”, “boolean”, and “true” in that order.
- Double-click the “true” to change it to false. The status field should also say “modified” now.
- That’s all you need to do, and be certain to not touch anything else!
You also have the option of investing in a different VPN that prioritizes leak-management. NordVPN, in particular, has browser extension tools that watch your connection for leaks. They also have customer support to help address these leaks for you, so you don’t have to jump through hoops.
Solutions to These VPN Leaks
You can use the workarounds we’ve listed above to help seal up the holes in your data leaks. There are also a handful of other steps you can take to create more protection for your data:
Reconfigure your firewall – by setting up your firewall to block all DNS activity on port 53; you can allow for any activity that routes through your VPN, though.
Upgrade to a high-quality VPN – if you’re using a free VPN (you shouldn’t be) your best bet might be to invest in a paid service. The top companies have safeguards in place to prevent VPN leakage and to protect you if it does happen.
Some very basic tools that top tier VPNs use are:
Kill switches which are protocols that stop any programs you’re using if your VPN drops or leaks. This prevents your data from getting out, even if you’re midstream or torrent. Kill switches are very important if you want to torrent in particular.
DNS servers that the VPN owns themselves. While public Google DNS servers can be okay, there can still be a danger in using them. You want a VPN that owns its own servers so that you have multiple layers of protection.
There are also browser add-ons that check for leaks and can stop your activity if they detect one. Again though, you can avoid needing a third-party program if you simply invest in a good VPN, to begin with.
No matter what you’re using a VPN for, leaking information is a definite cause for concern. The first thing to consider is if you’re using a very cheap or free VPN. If you are, you need to upgrade to a service that offers better protection.
Paid services are in every way better:
Paid VPNs have far fewer people using them, which means better reliability.
These services are constantly reinvesting in their product, making them more secure.
Only paid VPNs have the workarounds in place to establish reliable connections to Netflix.
Paid VPNs will have tremendous customer service, whereas free ones won’t have any at all.
Quality VPNs have more servers in more countries, which means you can connect from wherever you need to.
Beyond getting a good VPN service, you should be checking for leaks on a regular basis. Chances are good that your VPN provider will have built-in checks, but if not, use the tools in this article to ensure you’re protected.
Configure your own firewall to direct the traffic on port 53 to only allow DNS requests through your VPN. If you have a good VPN, it will route that traffic for you.
Ensure that you have WebRTC disabled or configured correctly on your various browsers. There are also extensions for Chrome and Firefox that detect leaks and help resolve them.
Use a TOR browser for another layer of obfuscation. More layers of protection between your default IP and the sites you’re connecting to mean more privacy. A VPN on top of a TOR browser will create an extremely difficult path to follow for anyone who wants your data.
The first step in resolving security risks online is identifying them. Using these tools to find out if you have a leak can help you decide how best to solve the problem. Whether you end up with a new VPN or you find some other solution, we hope this information is helpful.
Can I Torrent with a VPN?
Most paid VPNs will not care if you torrent; in fact, they expect many of their customers are doing that exact thing. Some VPN providers even have optimization for torrenting users. This includes:
- Servers configured for torrenting. This makes downloads much faster as more people are likely to seed knowing they’re safe.
- They won’t slow down torrenting activity.
- Dedicated torrent servers mean less slowdown from other traffic.
A concern that still exists is that even if you determine your VPN isn’t leaking, you can still leak from torrents. If you’re connecting directly to peers, they will be able to see your IP.
Your torrent client also might default to your IP if it’s trying to establish the fastest connection. While most VPNs configure their servers to handle torrenting, there are those that don’t. The key is specifying an IP for your torrent client to use.
If it doesn’t have a VPN-routed IP designated, it will use whichever route is fastest.
Making sure your torrent works with your VPN is crucial to safe p2p sharing. NordVPN is very compatible with torrents and is a very safe bet for file sharing activity.