Often times VPN’s can be as easy as one-click-connect, making it hard to know if the VPN is properly working and ensuring it’s securing all our data. Today we are going to teach you a bit about the different type of VPN leaks, why they are so critical and how to check your VPN connection is secure and working.
A YouTube video describing how VPN leaks occur and how you can check to ensure your VPN connection is secure and working.
What many people don’t know when using a VPN is there are several ways for your real identity to be exposed, even when the VPN is actively running on your system. This occurs through leaks, and there are a barrage of different type of leaks that can occur and spill your real identity.
When a VPN is actively running on the system, its job is ensure that every packet that goes in and out of the computer is encrypted and kept private. But what many don’t know is when the VPN is running, if a website is using a plugin you have installed on your system, such as Flash player, your real IP could be easily leaked. This could occur for any number of reason, but if your on YouTube.com, the website may see you are visiting from the VPN IP, however, when it asks your system to use the Flash player plugin, it will go ahead and start using the plugin on your system. This is when the leak occurs, meaning that Java, Flash, WebX among a number of other web-based plugins have the ability to be leaking your real IP address.
While that sounds bad, this isn’t even the worst part. Lets go ahead and say yeah, your VPN is on and not leaking anything through the system. Well what about the part of the VPN you can’t see? What are we talking about? We are talking about the DNS. Now in short, DNS stands for Domain Name System, and it changes domain names into machine readable IP addresses, allowing you to easily connect to Google.com without having to type in a lengthy IP address.
When using any type of wireless internet, your web requests can be seen by the DNS provider, presumably your Internet Service Provider (ISP). Now what you may not know is that when you use a VPN, your still required to use some form of a DNS, and that could be provided by the VPN, Google or other software. But this is where the scary part comes in. Some VPN’s out of box can continue to utilize your machines default DNS, meaning all websites you visited, or queries you sent through the DNS can be read and captured by your ISP.
As we described above, a DNS translates domain names to IP addresses that devices can connect to. Meaning when you use the Internet, you are sending queries to the DNS, telling it which domain to connect and direct you to. Well information can be leaked from these simple DNS queries. It works as so. You open your browser and visit VPNFTW.com, the DNS will do its magic and connect you to the domain, easy enough right? Wrong! When you visited vpnftw.com, whoever is serving your DNS just saw that your IP address made a request and connected to VPNFTW.com. Now DNS leaks don’t give specific information on what specific page of the website you visited, just the domain name.
These leaks can be detrimental in heavy censored countries and could lead to an individuals identity being exposed. DNS leaks could also harm how the VPN works, as some countries can set DNS blockades where websites are censored at the DNS level. A graphic below details how a DNS leaks works.
Check VPN Connection with Leak Tests
Now that we are briefed on a few type of leaks that can occur, lets get to ensuring your VPN connection is secure!
To ensure the VPN is actually connected and working, we will guide you through a series of tests to ensure the entirety of your system is being protected by the VPN. During these leak tests we will be using Private Internet Access VPN, our #1 recommended VPN of all time.
XMyIP Basic IP Address Test – Head over to xmyip and click the additional details button. When it’s done loading, ensure the IP address that the webpage displays is not your personal address, and be sure to check the Google Maps location that appears on the right. Ensure that all of the details appearing are not yours or where you live. Here is a photo while we were connected to our VPN’s west coast servers.
This is the most basic test and it it fails, this means your VPN is failing at protecting your IP address, a basic task. Try reconnecting to a new server or reaching out to your VPN if issues persist.
Now as we are not located in Los Angeles and that is not our hostname, we can ensure the VPN is masking our IP address, but don’t get to excited, far more severe leak tests lie ahead.
Whoer Extended IP Test – This VPN check is one of the most critical of them all, and will let you know if the entirety of the your system is being protected by the VPN. Now go ahead and click on the link and allow the page to fully load. We know, the page looks scary with a lot of information but don’t sweat it, we’ll walk through all of it in a breeze.
To start, at the top of the page the extended test will show you the IP address your computer is broadcasting, along with the host-name, blacklist and if your using an anonymizing tool. Now to start, the IP address the first part is broadcasting should not be your own. Second, if the words YES in all red appear under the blacklist don’t worry, it just means the IP address has been abused by multiple people and may be seen as malicious by some sites. However don’t worry, the web will still work the same and you shouldn’t notice any differences. Here is our test on the first screen:
Now lets move to the tab labeled “Interactive detection” and take a look. Now this is the test that will let you know if the VPN is really masking your machines IP address from any standpoint. Now if you have plugins like Flash and Java installed on your system, this page will go ahead and request them. Meaning it will go ahead and utilize the plugin from your system and let you know what IP address your system is broadcasting. On our personal systems, we have such programs uninstalled so our test appears N/A. Ensure the IP address you see is the same as your VPN IP and not your regular IP address. Also take a look over the DNS tab, you should also see your VPN IP, no other IP’s should be appearing under any circumstance.
Now head over to the third tab labeled “Location” and check that the location the website is displaying is not your real location. As well, below that is a test for the time being broadcasted on your system. When using a VPN, the program will simply mask and encrypt your Internet connection but will not make any physical changes on your system. This means while we are connected to a server in LA, if we lived in Canada or elsewhere, our system will be broadcasting the time in Canada, the time set on your system. This can be a big privacy loophole if you want 100% anonymity, but more often than not, webpages won’t request the time being displayed on your system. This means if you want the time to appear as if you were in that location, you need to go into your system settings and change it manually. For our privacy we went ahead and blocked out some of the displayed information.
The rest of the information below is of no use when you check your VPN connection.
My VPN is leaking, what do I do? If you find your VPN to be leaking through any of these tests, you are limited on what you can do. First, we recommend disconnecting and connecting to another server and giving the tests a try. If that continues, try clearing your browser cache or try the tests in another browser. If they persist, you may want to try and re-install your VPN client or give customer support a try. If you have tried all of the above and issues continue, we recommend you grab another VPN service. Specifically Private Internet Access, as they have dedicated clients for Windows, Mac OS X, iPhone and Android, and they all come with VPN leak protection. Meaning your VPN will stay secure and non-leaking just from the client itself. Here is a picture of their Windows client with the anti-leak technology.
DNS Leak Test – The most critical test of them all! Head over to the webpage, ensure the IP displayed is not yours, click “Extended Test” and let it run til the page is done loading, this could take several minutes depending on your setup.
As we explained above, DNS leaks can be critical and nearly defeat a huge part of why we use VPN’s today. Now when running this test, the results may vary. You may see as little as one DNS server, or may see something like 8-10 different addresses. Both are totally fine, but its what’s within those numbers that can tell us.
Now VPN providers may use any cocktail of DNS servers, but we need to ensure that none are leaking to your ISP. First, check the IP address and hostname, make sure that they are not yours. If they are different from the VPN IP this is okay, but make sure they are not linked to your ISP. You can do this by either looking at the hostname or by looking up the IP address through a search engine. When we did this test with out VPN, we got the following results.
What if my DNS is leaking? Don’t panic, there are quite a few ways to fix this and none of them require contacting the VPN provider.
One way is to manually change the DNS on your system. You can change it to Google’s free DNS, the privacy violating search giant, or can change it to something from OpenDNS or similar. Due to the variety of operating systems and specific versions, we cannot guide you on how to change your system DNS, that will have to be something you need to lookup if you are unsure how to do it yourself. You can generally change it within a few simple clicks.
Another way would be to choose a VPN with a dedicated DNS. A number of providers offer encrypted and secure DNS options as part of their plan, this includes the VPN we recommended above, they specifically have a DNS leak protection option.
There are any number of ways to change the way your DNS operates even if your using a phone or tablet, we recommend you take a look online for your specific device.
Checking your VPN connection is essential to ensuring that your VPN is working properly and secure. Whether it’s a Java leak, Flash leak or DNS leak, they can all be critical and need to be patched right away.
We hope our check your VPN connection guide worked and helped you secure your VPN. Let us know if the guide worked for you and what VPN your using in the comments below!