A VPN is an important privacy and security tool that protects you from having your browsing activity monitored by your ISP and provides security against hackers on unencrypted public Wi-Fi hotspots. A VPN also hides your real IP address from any website you connect to and can be used to bypass location-based content restrictions. One risk to your security and privacy when using a VPN is that information can leak out from your VPN and undermine the protections that it provides. The three types of leaks are DNS, IPv6, and WebRTC.
A VPN kill switch is a tool that blocks all outgoing network traffic if it detects that your device has disconnected from the VPN. This can protect you from leaks where your VPN silently disconnects in the background and you don’t notice.
DNS or Domain Name System is the protocol used to translate URLs into IP addresses. One of the problems with DNS is that it’s a plain-text protocol, this means that there is no encryption used to protect your DNS requests. Even if you change the DNS servers that you use to a server not owned by your ISP, they can still see your DNS traffic and use it to identify which websites you are browsing to.
Good quality VPNs should ensure that DNS requests are encrypted and are sent through the VPN connection. Unfortunately, sometimes DNS requests leak from a VPN connection. This allows your ISP to see what websites you are browsing to, even though this data should be hidden by the VPN.
To check if your DNS requests are leaking from your VPN you can use websites such as dnsleak.com. These tests should be run when connected to your VPN, just load the page, and click “Start”. In a few seconds, the results will be displayed. The details should match your VPN if everything is working properly, with the country and city aligning with where your VPN is located. If the location listed is instead your real location or at least the location you get when not using the VPN, then your DNS requests are leaking.
Tip: For some VPN providers you may still see warnings that your DNS might be leaking, even if the location matches your VPN server. You should use your judgment here, as the website is basing its decision off of the name of the ISP rather than the location information which should be more telling to you.
IPv6 Address Leaks
There are two IP address schemes used on the internet, IPv4, and IPv6. IPv6 is newer and was designed because the IPv4 address scheme was running out of space. Despite IPv6 being a standardised service since 2017, support is still not widespread. A lot of VPN providers don’t support IPv6. Most do so by blocking any IPv6 traffic, however, some VPN providers ignore IPv6 traffic. This can allow IPv6 traffic to bypass your VPN and expose your identity and browsing activities as if you weren’t using a VPN at all.
To test if your IPv6 address is being leaked, you can use websites such as ipv6leak.com when you’re connected to your VPN. Click “Start”, then after a short amount of time the result will be shown. If you receive the message “Your IPv6 is not leaking” then no IPv6 traffic can get through and your Ipv6 address is not being leaked.
There isn’t any surefire way to fix your IPv6 address being leaked as you can’t disable ipv6 on all platforms. Your best bet is to switch to a different VPN provider.
WebRTC or Web Real-Time Communication is a free and open-source API used to provide real-time communications in web browsers, including direct peer-to-peer communication without needing third-party plugins or apps. Unfortunately, in 2015 WebRTC was found to leak your internal private IP address and your public home IP address. Even when using a VPN your real home IP address is leaked by WebRTC.
You can test if your browser is leaking your IP address through the user of WebRTC by using websites such as PerfectPrivacy’s WebRTC leak test. If any IP addresses are shown on the page, then WebRTC is leaking your IP address. If there are no IP addresses shown, then the WebRTC leaks have been blocked.
If WebRTC is leaking your IP address, there are tools that can prevent the leaks. One example is the ad-blocker “uBlock Origin”, which offers an option to “Prevent WebRTC from leaking local IP addresses” in its settings. Some VPN providers also block WebRTC traffic to prevent IP address leaks.