Different Types of Leaks
A DNS leak is perhaps the most common form of leak you may encounter while using a VPN extension.
It occurs when your DNS requests are routed outside of the encrypted VPN tunnel, meaning your ISP is able to see all of the websites you visit. The specific content remains hidden, but your browsing data will still be exposed.
IPv6 leaks are becoming increasingly common with VPN extensions during the transition from IPv4 to IPv6.
These types of leaks expose your true location, allowing you to be tracked and monitored by third parties, including your ISP. Worryingly, they can also be linked to your online activity.
WebRTC leaks are caused exclusively by a feature in your browser that allows it to form real-time communications with the websites you visit.
When these special communications channels bypass the VPN tunnel, your true IP address is exposed, meaning your ISP or government can snoop on or log your online activity.
Read through our detailed guide to IP, DNS, WebRTC & IPv6 leaks if you want to know more.
How VPN Leaks Affect You
Any sort of leak makes using a VPN totally pointless. It means it’s not protecting you in the way that it’s supposed to and could potentially do more harm than good in some cases.
Not only will DNS leaks allow your ISP to see everything you’re doing online, but if you’re in a country such as the US or UK, it may result in your browsing history being sold to commercial companies or stored on government-controlled databases. This may sound illegal but it’s unfortunately permitted in many different locations worldwide.
IPv6 leaks pose a whole different kind of issue in that they expose your exact location, which is the exact opposite of what you want a VPN to do. This, in turn, means you can be tracked and monitored by a range of third parties, including advertising companies, that wish to make money from your personal data.
Putting your confidential information at risk is not something you agree to when signing up for a VPN, so there’s no reason you should have to put up with it.
What Causes VPN Extensions to Leak?
There are many different reasons that VPN extensions leak, but these are perhaps the most common causes.
Network Configuration Problems
VPN users who switch networks on a regular basis (e.g. moving from their router at home to a public WiFi hotspot in a coffee shop) are most at risk from leaks caused by network configuration issues.
No matter what device you’re using, it has to connect to the local network before you connect to the VPN. Whenever you connect to a new network, the protocol that decides your IP address within the network can automatically assign any DNS server to handle your requests.
This server could be improperly secured or, even worse, owned by your ISP. Even if you were to then connect to a VPN, your lookup requests still wouldn’t be routed through the encrypted tunnel, resulting in a DNS leak.
Lack of IPv6 Support
If your chosen VPN doesn’t support IPv6, these kinds of requests will automatically bypass the VPN tunnel, exposing your true location.
Even if your VPN attempts to convert IPv4 traffic to IPv6 by sending it using a dual-stack tunnel, you’re still at risk. Teredo, a tunneling protocol used by Microsoft to improve compatibility between IPv4 and IPv6, can often bypass the encrypted tunnel, causing a gaping hole in security.
The majority of VPN providers will simply block IPv6 traffic to prevent this problem from happening.
Insecure Browser Features
These are most likely going to be an issue for those using a VPN extension on a Windows device. Windows operating systems from 8 onwards have introduced a new feature which sends out DNS requests to all available servers, increasing the likelihood of DNS leaks.
While this is primarily designed to improve browsing speeds, it also makes users vulnerable to all sorts of attacks, as their browser traffic will simply be routed through whichever server responds the quickest.
Another major issue is the location settings built into the majority of popular browsers, including Google Chrome, Mozilla Firefox and Safari. Unless you switch these off, they allow the pages you visit to access your geolocation API in order to serve you a more ‘customized’ experience.
How to Prevent Your Extension from Leaking
Use Your VPN’s DNS Servers
The simplest way to prevent DNS leaks through your VPN extensions is to ensure you’re using the servers owned and maintained by your VPN provider. This means that you’re not putting your browser traffic at risk by routing it through less-secure servers, such as those owned by your ISP.
Not all VPNs maintain their own DNS servers, so sometimes this isn’t an option. If this is the case for you, you can also manually configure your computer to use an open, third-party server such as Google Open DNS. You can find instructions on how to do that here.
Choose a Provider That Supports IPv6
The only way to prevent IPv6 leaks is to choose a VPN provider that supports (or completely blocks) IPv6 traffic. Unfortunately, no amount of manual configuration at your end will be able to stop these types of leaks unless your VPN is fully equipped to support this protocol.
Perfect Privacy is one of the very few VPN providers to currently support IPv6 connections.
Try Third-Party Software
The most effective way of blocking WebRTC leaks on Chrome is simply to add an extension that prevents them using the official API. It’s called WebRTC Leak Prevent and you can find and download it from the Chrome Web Store.
You could also consider using a firewall to block non-VPN traffic – this can either be done within your VPN client (if it supports this feature) or in your device’s Control Panel. This will only allow traffic in and out if it’s been routed through the VPN first, massively reducing the risk of any sort of leaks.
Make Some Changes in Your Browser
Alternatively, a few small changes in your browser could make all the difference. If you use Firefox or Safari, it’s really easy to disable WebRTC in your browser settings and doesn’t require any sort of manual configuration.
Turning off location services within your browser will also be a massive help in preventing leaks. This is very simple to do within all popular browsers and you can usually customize your settings so they best suit what you’re going to be doing online.
Run Regular Leak Tests
Even if you don’t find any leaks with your chosen VPN provider, you should still run regular leak tests to ensure the situation hasn’t changed.
Use a trusted site such as browserleaks.com to keep an eye on your VPN’s performance – this way, if it does happen to start leaking, you’ll find out sooner rather than later.