Can a VPN protect your data 100% of the time? Normally, yes, but there are exceptions – like when the service suffers leaks.
Not familiar with VPN leaks? No problem. This article will tell you everything you need to know; what they are, what causes them, how to detect them (try the VPN tool now if you’re in a hurry), and how to prevent them.
What Are VPN Leaks & Which Ones Put Your Privacy at Risk?
A VPN leak is when your IP address or traffic leaks out of the VPN encrypted tunnel. Basically, it means the VPN isn’t hiding your IP address or your online browsing. Also, websites are able to block your access with geo-restrictions, and ISPs and advertisers can track your digital footprints.
Right now, there are three VPN leaks you should worry about:
1. IP Leaks
Like the name implies, this is when your IP address is exposed, even if you use a VPN. There come in two different types: IPv4 and IPv6 leaks.
IPv4 is the standard IP format we’re all used to. If this kind of address leaks out of the VPN tunnel, it means there is a miscommunication error between your device and the VPN provider’s server. This often happens due to poor server configuration.
IPv6 is the successor to IPv4. It has a much more complex format, and we’re at the point where we have to use them because IPv4 addresses ran out.
Unfortunately, not a lot of websites and services support IPv6 yet – including VPN services. And that lack of support can cause an IPv6 leak. Simply put, the VPN will transport your IPv4 traffic through the encrypted tunnel, but will leave out the IPv6 traffic.
2. WebRTC Leaks
WebRTC is a cool open-source project that allows browsers to offer more convenient functionality with stuff like video calling, voice calling, and P2P sharing.
However, WebRTC is pretty problematic for VPN traffic, apparently, since it can actually cause serious IP leaks. That tends to happen because WebRTC can take precedence over the VPN tunnel.
3. DNS Leaks
A DNS leak is when your DNS queries leak out of the VPN tunnel. Instead of going through the VPN provider’s DNS server as usual, they will go through the ISP’s DNS server.
If you’re not sure what DNS queries are, just think of them as the connection requests you send to websites. Anyone who sees them will know what you want to browse online. In this case, that would be your ISP or the ISP of the WiFi network you’re using.
There are a lot of things that can cause DNS leaks:
- For starters – IPv6 leaks. They will expose your IPv6 DNS queries.
- Windows features like Teredo and SMHNR can cause DNS leaks. Teredo because it’s a tunneling protocol that can take precedence over the VPN tunnel, and SMHNR because it forces your device to accept DNS responses from the fastest DNS server (usually, that’s not your VPN’s server).
- Hackers can intentionally cause DNS leaks if they take over your router.
- Your ISP uses a transparent DNS proxy. That’s a server that intercepts your DNS traffic, and forcibly routes it to your ISP’s DNS server.
- The VPN you are using doesn’t use a DNS server, or they have a faulty client.
- You’re experiencing problems with your network configuration. Basically, it automatically changes your DNS addresses to your ISP’s server when it should be your VPN provider’s DNS server.
How Do You Know If Your VPN Is Leaking Data?
It’s not that hard, actually. ProPrivacy has a very user-friendly leak test you can run. Try the VPN tool now to see if there are any problems. The whole process takes just a few seconds, and you’ll quickly find out if you’re dealing with any:
- IPv4 leaks;
- IPv6 leaks;
- WebRTC leaks;
- DNS leaks.
How to Protect Yourself from VPN Leaks
ProPrivacy has a link to a very helpful guide on how to deal with this on the leak test tool web page. But if you’re in a hurry right now, here’s a quick list of things you can do:
- First, disable IPv6. Here’s how to do it on Ubuntu, Windows 10, and macOS and Windows 7/8.
- If you don’t want to disable IPv6, use a VPN that supports IPv6 traffic – like HIDEme and Perfect Privacy. Alternatively, use VPNs that block IPv6 traffic, and also protect against DNS and WebRTC leaks. ExpressVPN, NordVPN, and CyberGhost are good options.
- Disable Teredo and SMHNR on Windows. If getting rid of SMHNR is too much of a hassle, and you happen to be using the OpenVPN open-source app, install this patch instead.
- If your DNS addresses are still set to your ISP’s DNS server, change them to your VPN provider’s server instead. Or just use OpenDNS (126.96.36.199 and 188.8.131.52) or Google Public DNS (184.108.40.206 and 220.127.116.11).
- Dealing with a transparent DNS proxy? See if your VPN client has an option to force the use of the provider’s DNS server. And if you use the OpenVPN app, just open the .conf or .ovpn files for the servers you use and add this line: “block-outside-dns”.
- Use uBlock Origin to block WebRTC leaks, or just disable it completely.
Besides all that, you should also consider using a VPN that has a Kill Switch. That will protect you from traffic leaks – basically, your whole traffic becoming exposed if your VPN connection suddenly goes down. Unfortunately, that can happen even if you’re using a decent service, so it’s better to be safe than sorry.
If you’re not familiar with the concept of a Kill Switch, it’s a feature that shuts down your web access when your VPN goes down. You’ll only regain it when the VPN connection is up and running again.
A VPN can only protect your data if it doesn’t suffer leaks. That’s why you should test it regularly to make sure everything is fine.
Know any other leaks VPN users should worry about? Let us know about them in the comments below or on social media.