For internet users who are concerned with their online privacy, a VPN is arguably the best tool they can use to keep their online activities undercover.
However, what users may not realize is that some VPNs let them down by leaking critical information about their connection and online activities.
A 2016 study of VPN apps revealed that 84% of all VPN apps they tested leaked the user’s real IP address. As you can well imagine, this is a serious problem, as leaks of your IP address or DNS requests could expose your online travels to prying eyes.
Some VPN apps also don’t do a comprehensive job of protecting your privacy if your VPN connection is interrupted. These apps offer faulty “kill switch” protection, which leaves your internet activities exposed if you lose your VPN connection.
Finally, some VPN apps do not adequately secure your IP address. A few leaked packets here and there can easily expose your online identity and associated activities.
In this article, I’ll walk you through connecting to your current VPN of choice and visiting a few websites that will put your “protected” connection through some quick tests. While these tests won’t identify all leakage issues with your VPN, they’re still a good indication as to whether or not it’s doing its job.
I’ll also share some more advanced methods for testing your VPN for leaks. However, only advanced users should attempt those tests, as they will require some advanced technical proficiency to run.
Basic VPN Tests & Checks
In this section, I’ll show you how to test your VPN for the following:
A DNS leak is when your VPN connection reveals information about your DNS requests to a third party. This is an unencrypted DNS query that is sent by your device outside of your VPN’s encrypted tunnel. This means your VPN isn’t performing its job properly.
IP Address Leaks
Your VPN should be “spoofing” your IP address and assigning your device a new IP, thereby hiding your actual IP and its associated location. If it isn’t performing properly, it could expose information about your actual IP address to a third party.
WebRTC (Web Real-Time Communications) allows mobile apps and web browsers to make resource requests from external servers and request real-time data and information from other users’ apps and browsers. It uses STUN (Session Traversal Utilities for Nat), a protocol that allows other users on the internet to discover your public IP address. If your VPN and browser aren’t performing properly, your actual IP address could be exposed to outsiders.
For most of these tests, I’ll be using the IPLeak website.
IPLeak does an excellent job of quickly running your internet connection through a battery of tests, and it’s always a good place to start your investigation if you suspect your VPN isn’t fully protecting you.
We’ll also take a look at a website that tests your VPN connection for WebRTC leaks.
How to Test Your VPN for Leaks
Before running each test with your VPN enabled, I highly suggest visiting the IPLeak website and running the tests on your unprotected connection. Then, either save the results as a PDF or print them out as a reference to use when running the tests with your VPN enabled.
Using these results as a reference will make it easier to see exactly where your VPN service might be letting you down.
Once you’ve loaded your VPN app and have connected to a VPN server (your app’s “Smart Location,” “Best Available Server” or similar connection option will be fine for these tests), run the tests again.
The IPLeak site will automatically run a battery of tests on your connection and will display the results, which will display as what’s shown in the image above. Below, I’ll explain which results you should take a close look at.
First, let’s discuss what the Domain Name System (DNS) is used for.
DNS is a system that converts a URL, such as pixelprivacy.com, into a numerical IP address. (For pixelprivacy.com, that IP address is 184.108.40.206).
DNS makes it easy to connect to websites and other services, as it removes that nasty step of needing to remember the IP address. (Be honest: “pixelprivacy.com” is a heckuva lot easier to remember than “220.127.116.11,” right? Put your hand down, Sheldon, that was a rhetorical question.)
Your Internet Service Provider usually handles the translation process for you, as it can remember the IP addresses for all of the websites and services on the internet.
However, this causes an issue on the privacy side of things. ISPs keep track of every website you visit, and in many countries – the United States included – they can sell those logs to advertisers, who use the information to more effectively target you with ads while you browse.
In still other countries, such as Australia, these logs are recorded and stored for up to two years and can be grabbed by the authorities any time they’d like. While I know none of us are doing anything illegal online, our online travels are no one’s business but our own.
When you’re using a VPN, the VPN provider’s DNS servers keep track of things, sending you where you need to go without your ISP (or anyone else) knowing where you’ve been and where you’re headed.
Identifying DNS Leaks
If your VPN is insufficient at keeping your DNS translations inside their encrypted tunnel, the true IP and location of your ISP, as well as your browsing history, could be revealed.
In the screenshot below, you’ll see some of the results from the IPLeak website. These results are from my unprotected, ISP-only connection.
In the screenshot, you see a highlight from the section showing the DNS addresses the test detected. In this case, it found 50 DNS servers that are being used by my ISP, which is why I didn’t include them all.
While this doesn’t explicitly reveal my IP address, it does expose the IP addresses and locations of the DNS servers used by my ISP, which could be linked back to me and be used to reveal the history of my online activities.
Now, we’ll take a look at the results when I run the IPLeak test while my connection is being protected by my VPN of choice, which is ExpressVPN.
As you can see, only one DNS address was detected: the DNS server used by ExpressVPN to route my requests. ExpressVPN’s DNS servers are secure, and since they’re located in the privacy-copacetic British Virgin Islands, they don’t save any logs connected to my online antics.
If any of the 50 servers that were listed in my unprotected tests had shown up on the list, it would have indicated a leak. If there is a leak, your current VPN isn’t doing its job, and you should look for a new provider.
IP Address Leaks
Your connected device is assigned an IP address whenever it connects to the internet.
An IP address is a numeric identifier, which works much like your home’s mailing address. The IP address offers a way to tell where information is sent from and where it should be sent to. Again, this is just like your mailing address.
Each country around the world is assigned a range of IP addresses for use by connected devices inside the country’s borders. If a website or other online entity can detect your IP address, they’ll know your geographical location.
Your IP address can be used to track your online movements, display ads based on your physical location or (worst of all) hit you with Denial of Service attacks that can slow or disable your internet connection.
Identifying IP Address Leaks
In the screenshot below, you can see my actual public IP address, provided to me by my ISP. (Well, part of it, at least. Remember these three things: privacy, privacy, privacy!)
As you can (almost) see, it shows my full IP address and the state it (and myself) resides in. As I mentioned above, this info can be used for all sorts of nasty tricks.
Now, in the screenshot below, I am connected to the internet using ExpressVPN, and the result is a different story. (I don’t mind if you see this IP address and location, as neither of them will lead anyone back to me.)
The IP address and location shown in the screenshot belongs to a VPN server owned and operated by ExpressVPN, leading to a dead end, privacy-wise. Obviously, if you still see your personal IP address, your VPN is not protecting you properly, and you should find yourself a new provider.
I should explain up front that WebRTC leaks are a vulnerability connected to the web browser you use, not your VPN.
Firefox, Opera and Chrome are vulnerable to these leaks, while Safari and Internet Explorer users should be safe, as both browsers prevent the leaks by default.
That’s why it’s important to know how to block the WebRTC in your browser or find a VPN that offers full WebRTC leak protection.
Identifying WebRTC Leaks
While IPLeaks does offer a WebRTC leak test, I prefer the one offered on the BrowserLeaks website, which provides more details and does a better job of detecting leaks.
Below is a screenshot of the WebRTC leak test with no VPN (I ran the test using the Chrome browser). As you can see, my public IP address is displayed for all to see. (While it also displays my local IP address, that’s no big deal, as that is the IP my computer was assigned by the router on my private internal network.)
Now, in the following screenshot, you’ll see the test results while I am connected to ExpressVPN. As you can see, the public IP address that is displayed is the IP address of one of the VPN provider’s servers, and it even spoofs a local IP address for me!
If your browser fails the WebRTC leak test, you’ll want to take steps to fix the issue, either by making changes to your browser’s settings or by using a VPN that protects against WebRTC leaks, as ExpressVPN does.
Advanced VPN Checks & Tests
The basic tests I’ve covered in the previous section will do a good job of identifying any issues you may be having with information leaks.
However, the best way to check for issues is to create a specialized testing suite for your system. This will allow you to run a battery of tests that will analyze all of your internet traffic for leaks.
Creating a custom testing suite is not for the faint of heart or a beginner. The process can be complex and should only be attempted by technically-proficient users.
Luckily, ExpressVPN has made the task a bit easier by releasing the leak testing tools they use to test their apps, making them available for download on GitHub. The tools are free, open source and available to all. Instructions for running the tools are available here.
Remember, only technically-inclined users should attempt to use these tools. If you read the instructions for using the tools and are not bewildered or confused, then you can likely handle it.
Additional Considerations for VPN Protection
While ensuring the VPN provider you’re considering will protect you against DNS, IP address and WebRTC leaks are of utmost importance, there are other factors to consider. In this section, I’ll briefly go over these factors and explain why they’re important.
When considering VPN protection, don’t open the door to malware being installed on your device. This has been a particular issue with VPN apps offered by “free” VPN providers.
If a VPN provider – or any other online service, for that matter – is offering their services to you for free, then they are likely making their money by selling information they collect from you to third parties, just like Google, Bing and Facebook.
Android VPN apps have been found to be a source of malware – and a recent study showed that 38% of all Android VPN apps contain malware! Stick to reputable VPN providers and stay away from the “free” providers.
If you suspect that a VPN app, or any of your apps, are malware, you can run one of the many available malware scanning apps – one of my favorites is MalwareBytes.
Users can also upload the file to the VirusTotal website, where it will be subjected to over 60 different tests.
Connection speed is arguably the most important factor to directly affect your satisfaction with your VPN experience. A slow connection will cause frustration, especially for users who enjoy streaming video and audio content, or who like online gaming.
Keep in mind that there are various factors that can affect your connection speed during testing. These include:
Many countries have poor internet infrastructure in place, and just like a highway at rush hour, it can get overwhelmed during times of heavy usage, slowing your connection speeds.The Overhead of the VPN App and Your Device’s Processing Power
The encrypted connection provided by your VPN’s app requires additional processing power, as it continually encrypts and decrypts packets of information on the fly. This slows down your device. No matter how fast your ISP or VPN connection, your speeds could be limited by the power of your device’s processor.The Distance Between You and the VPN Server You’re Using
As a rule, the distance between you and your VPN server can affect your VPN connection’s speed. The farther away it is, the longer it takes for the data to travel. Opt for a nearby server unless you’re trying to unblock content in a specific region.VPN Server Overload
You’ve been at your local sandwich joint during the lunch rush, right? Everybody wants their lunch now, but it takes awhile for the restaurant to process all of those orders. That’s how it is if too many users are on the same server. Look for a provider that has a large number of servers so the load is better balanced. Also, find out if your provider offers a real-time server status page or a similar feature in their app.
Take advantage of most VPN providers’ free trial periods or money-back guarantee offers to try various VPN services and test their connection speeds.
Visit a speed-testing website or a speed test app, like those offered by Speedtest.net, and test your connection speeds both with and without VPN protection.
Try going about your everyday activities to see how well a VPN performs compared to your ISP-only connections. Make sure to try your favorite streaming sites to determine how well they work while using the VPN.
Is There a “Leak-Proof” VPN?
I have found one VPN provider that consistently keeps IP address leaks, DNS leaks and WebRTC leaks from sinking your online privacy dinghy. That provider is ExpressVPN.
ExpressVPN performs well in all of the leak tests I’ve discussed with you in this article. It does an excellent job in protecting my real IP address, DNS information and WebRTC information safe from prying eyes. For more information, visit the ExpressVPN website.
No matter which VPN service you subscribe to, make sure to run the tests I’ve shared here on a regular basis to ensure that your provider is keeping up on your protections.