When you use a VPN you entrust it with a lot of your personal data. A good VPN will ensure that no one, even the VPN itself, can see what you do online.
However, there are plenty of VPNs out there that leak data, such as your location and the websites you’ve visited, to your ISP or any other snoopers.
Unless you know how to detect these leaks, you may never know that it’s happening and you won’t be able to prevent them from happening again. Read on to find out how.
Leak Test Tools
There are loads of leak testing tools available online to help you check for various types of leaks, and a handful of VPNs even provide proprietary leak testing software on their websites.
For this guide, we used browserleaks.com as it incorporates all four types of leak testing we cover and is easy to use once you get the hang of it.
What Is an IP Address?
IP addresses are unique identifiers that are assigned to devices on a network. For the public internet, your Internet Service Provider (ISP) assigns an IP address to your network router (at home, work, or a cafe, for example), which all your devices on the WiFi are then connected to.
In simple terms, devices need an IP address in order to communicate with other devices on the internet, which enables you to browse online, stream movies, send emails, or anything else you use the internet for.
There are two types of IP address formats, IPv4 and IPv6, but we’ll get to the last one later. Your IPv4 address will look similar to this: 198.51.100.1.
There’s no need to get bogged down in the fine details, but the main thing to take away from this is that your IP address counts as personal information – it can be used to identify your physical location as well as everything you do online.
What Is an IP Leak?
An IP leak happens when your VPN fails to mask your true IP address with one of its own, making it available for any prying eyes to see.
It’s a huge issue that puts your privacy at significant risk – once your ISP or any other nosy third party is able to see your true IP address they are able to link anything you do online back to you as an individual.
How to Test for IP Leaks
It’s pretty easy to discover whether your IP address is leaking – just follow these simple steps:
1. Open up a credible leak testing website – we use browserleaks.com. Run an IP leak test while the VPN is disconnected and note down your IP address.
2. Connect to any VPN server and refresh the browser page to re-run the test once the VPN has successfully connected.
3. Check the IP address again. It should be different to your original IP address and match the country and city server location you have connected to. If the IP address is the same as your own IP address, it is leaking.
If the IP address is different but the location doesn’t match the server you’re supposedly connected to it could mean that VPN isn’t working as it should be. Try reconnecting and test again, but if the issue persists get in touch with your VPN provider’s customer support.
How to Fix and Prevent IP Leaks
If your true IP address is leaking, the VPN isn’t doing it’s job; it’s as simple as that. Generally, the only way to prevent IP leaks is to use a good quality VPN.
Top-level VPNs will include a VPN kill switch feature which blocks internet traffic in the event of an unexpected VPN connection drop. This prevents your IP address and other personal data from leaking while the VPN connection is down. You can usually find this feature within the settings menu of the VPN app.
If your original IP address still shows up on leak tests, check with your VPN’s customer support team to ensure your computer is set up correctly and isn’t overriding the VPN connection.
If that fails to solve the issue, it’s time to get a new VPN, pronto.
What Is DNS?
DNS, which stands for Domain Name System, is a bit like a phone directory. A global network of DNS servers look up domain names, which are used in URLs such as www.top10vpn.com, and returns the IP addresses (e.g. 18.104.22.168) they are associated with. This ‘translation’ allows your device to access all kinds of content online.
These servers sometimes log the DNS queries (the websites or apps you’re browsing or using) along with the personally identifiable IP addresses that are making those queries. In short, they link you to your online activities.
What is a DNS Leak?
When DNS requests travel outside of the encrypted VPN tunnel, and are handled by your ISP, it’s called a DNS leak.
DNS leaks expose your browsing habits to your ISP or any on-path eavesdroppers, allowing them to track the websites you visit and the apps you use. In some countries, such as the US, ISPs can sell and share this information to advertising companies or the authorities.
ExpressVPN has a handy animation on its website that explains all things DNS very simply.
How to Test for DNS Leaks
Testing for DNS leaks is pretty similar to the previous leak test, just look at the DNS servers instead of the IP address:
1. Open browserleaks.com/ip while the VPN is disconnected and make a note of your DNS servers’ IP addresses (found in the ‘Your DNS Servers’ section). Unless you have changed your device’s DNS settings, the DNS servers shown will be those belonging to your ISP. You can see our DNS servers in the screenshot below.
2. Connect to any server on the VPN server list. Then, refresh the leak test page on your browser.
3. Look at the DNS server results again. If any of your ISP’s DNS servers appear, your VPN is leaking DNS requests.
Here are two examples of DNS leak tests we ran while connected to two different VPNs.
The first is ExpressVPN – only one DNS server appears and it belongs to the VPN company. The DNS servers listed above in the first test are not showing, therefore it’s not leaking DNS requests.
The second is VPN99 – you can see both Google DNS and our ISP’s DNS servers. VPN99 uses Google DNS rather than first-party servers, however the presence of our ISP’s servers in the results shows that it’s leaking our DNS requests.
How to Fix and Prevent DNS Leaks
There are few simple ways to fix DNS leak issues, but the most effective way it to pick a trusted VPN service that maintains its own zero-log DNS servers. The VPN should force all traffic to go through those and not any third-party servers (including your ISP’s), which prevents leaks from happening.
When you can, use the VPN’s custom apps. Manually configuring the VPN connection and DNS settings increases the risk of DNS leaks if you aren’t 100% sure of what you’re doing.
Sometimes you have to ‘switch on’ the DNS leak protection feature within the VPN’s app settings. This will force DNS requests to go through the VPN’s own DNS servers.
As always, remember to switch on the VPN kill switch to ensure that no traffic reaches your ISP if the VPN connection drops unexpectedly.
If you’re still experiencing DNS leaks, let your VPN provider know. This helps the tech team to find out if the issue is coming from their end or yours, and that way they can solve it…
… But if they can’t it’s time to switch to another provider with a proven leak-free history.
If you’re concerned that a VPN browser extension is leaking your data, make sure to check out our guide on stopping your VPN extension from leaking.
What is WebRTC?
WebRTC is a browser technology that allows audio and video communications to work inside web pages.
‘RTC’ stands for ‘real time communications’ – the technology helps deliver content more quickly as there is no need to download plugins (browser extensions) or native apps.
WebRTC is almost always enabled in your browser by default.
What is a WebRTC Leak?
WebRTC leaks are vulnerabilities within web browsers, such as Google Chrome and Firefox, that reveal your true IP address.
These leaks aren’t really flaws within the browser; it’s part of their design. Efficient IP sharing is supposed to provide convenience and speed, so WebRTC uses clever techniques to figure out your true IP address and get around any firewalls that might otherwise prevent your real-time connection from taking place.
However, it’s a huge threat to online privacy if you’re using a VPN, as your ISP – or any other snooping third parties – will have access to your personal data and online activity.
How to Test for WebRTC Leaks
Follow these simple steps to check for WebRTC leaks while using a VPN:
1. Run a WebRTC leak test when you’re disconnected from your VPN and make a note of the public IP address you see.
2. Connect to any VPN server location and refresh the browser page to re-run the leak test.
3. If your true public IP address appears while connected your VPN is leaking WebRTC. Don’t worry about the local (internal) IP address as this isn’t personally identifiable information.
How to Fix and Prevent WebRTC Leaks
Fixing WebRTC leaks isn’t as simple as getting a good VPN, although that helps. It’s a browser issue and not really your VPN’s fault.
But, if your VPN does offer a WebRTC blocking feature, be sure to enable it. These tend to be included in VPN browser extensions, though. You can check out our guide to fixing leaks within VPN browser extensions here.
If your VPN doesn’t block WebRTC by default or through a setting, disable WebRTC in your browser settings if it’s possible.
Unfortunately, certain browsers such as Google Chrome don’t allow you to this and instead you have to use a browser add-on or extension. It’s important to note that these aren’t always 100% effective, so using a browser that allows you to disable WebRTC is recommended. You can see our most highly-recommended browsers for privacy here.
What is IPv6?
When we talked about IP addresses, we mentioned that there are two formats: IPv4 and IPv6. Now it’s time to address the latter.
Currently, the most widespread version of the Internet Protocol is IPv4, but we are running out of IPv4-format IP addresses as the number of internet-enabled devices continues to grow. IPv6 has been designed to meet that demand.
IPv6 addresses look like this: 2001:4860:4860::8888
What is an IPv6 Leak?
While IPv6 is the future, it’s not currently supported by all VPN providers, which leaves them vulnerable to leaks. Many VPNs only route IPv4 traffic through the encrypted VPN tunnel, leaving IPv6 traffic unprotected.
IPv6 leaks cause both IP leaks and DNS leaks, meaning that your personal information and online activities could be visible to your ISP or other third parties.
How to Test for IPv6 Leaks
First and foremost, check if you actually have an IPv6 address – not every ISP offers them yet.
Use browserleaks.com and take a look at the ‘IPv6 Leak Test’ section. If it doesn’t show an IP address there, you don’t need to worry about IPv6 leaks as you don’t have an IPv6 address.
If it does show an IPv6 address, make a note of it and re-test again when the VPN is connected.
If you see your true IPv6 address, the VPN is leaking.
How to Fix and Prevent IPv6 Leaks
Other than choosing a VPN provider that supports IPv6 – there aren’t many that currently do – there are two ways to stop IPv6 leaks from jeopardizing your online privacy:
1. Block IPv6 traffic by enabling IPv6 leak protection within your VPN’s app settings. Some VPNs have it baked into their apps so you don’t have to mess around with settings. Be warned, though, not all VPNs provide this feature.
2. If you can’t block IPv6 traffic through the VPN, disable IPv6 at router or OS level. Many VPNs provide their own guides for this, so be sure to look there first. If not, check out this wikiHow guide to disabling IPv6 on PC or Mac.
Disabling IPv6 shouldn’t cause many issues as the vast majority of online services are still accessible through IPv4. However, if you absolutely need to use IPv6 make sure to choose a VPN that supports, rather than blocks, it.
Perfect Privacy is one of the few VPNs to offer support for IPv6 and you can see which of its servers are compatible by looking at the server list on its website.