Is your VPN secure? How to check for leaks
A trusted virtual private network is a great tool for security and privacy, but if it’s not configured correctly it may not be so private.
Atrustworthy virtual private network (VPN; go.pcworld.com/yvpn) is a good way to keep your internet usage secure and private whether at home or on public Wi-fi. But just how private is your activity over a VPN? In other words, how do you know if the VPN is doing its job ( go.pcworld. com/5qvp) or if you’re unwittingly leaking information to prying eyes?
To find out, you first need to know what your computer looks like to the internet
without a VPN running. Start by searching for what is my IP on Google. At the top of the search results, Google will report back your current public Internet Protocol (IP) address. That’s a good place to start, but there is more to your internet connection and its potential for leaks.
DIVING DEEPER
Your public IP address is one way private information can leak over a VPN, but you can also leak information via Domain Name System (DNS) queries, WEBRTC ( go.pcworld. com/wrtc), torrents, and geolocation. To see what you look like in your default state, visit Ipleak.net ( go.pcworld.com/ipln). This website checks all the previously mentioned methods for leaking data. Take note of all the data you see on this page so you can compare it to your VPN’S.
Now close this site, connect to your VPN, and navigate back to Ipleak once again to see what you look like over your VPN of choice.
Not all of these tests happen automatically. The torrent test, for example, requires a small torrent file (available via magnet link) to run before it can detect any potential leakage.
The geolocation test is helpful, but keeping your location secure is pretty straightforward. Just don’t allow any website to use your location while on a VPN. One way to do that is to specify a browser, Firefox for example, as your Vpn-only browser. Then disallow location requests on that browser. Alternatively, you could use a browser extension that provides a fake location to websites that request it.
The most likely culprit for leaked information, however, is DNS. To navigate the web your machine requires contact with DNS servers to help translate website addresses from names to numeric IP addresses. Typically your PC automatically uses the DNS servers of your internet service provider. The problem is that if you’re using a VPN and leaking DNS through a local service provider, you can reveal enough
information to point anyone spying on you in the right direction. That’s why VPN services often funnel their customers’ queries through DNS servers that aren’t connected to your ISP.
DIVING EVEN DEEPER
Ipleak is great, but there’s nothing like a little redundancy to ensure you’re really private over a VPN. As a second check against DNS leaks go to Dnsleaktest.com ( go.pcworld. com/dnsl), and from the landing page choose the Extended test. This typically takes some time to complete, but it’s worth it as I have seen leaky results on this site that Ipleak didn’t catch.
If you are still seeing DNS servers from your VPN provider, and not your ISP, then you can be reasonably sure you aren’t leaking data.
SOME TOP VPN CHOICES
Many VPN services these days do a good job of preventing the various data leaks that could reveal your identity, and our top-rated VPN services ( go.pcworld.com/tvpn) should all work well. Still, if you’d like some specific advice, here are four VPNS that do a good job of protecting against data leaks on both Windows and Android. In most cases, you shouldn’t have to make any settings adjustments to the VPN, but if there are any notable settings to be aware of we will note them here.
First up is Hotspot Shield Elite ( go. pcworld.com/hsse). A recent addition to our best VPN roundup. HSS does a great job of stopping leaks, and unlike many of the other services here it uses multiple DNS servers on mobile. HSS Elite costs $72 for a full year’s subscription, or you can pay $120 for a lifetime of use. In the Windows app under Settings > General Settings there’s an option called Prevent IP leak that is turned on by default.
NORDVPN ( go.pcworld.com/nvpn) also does a good job of keeping leaks away and its app is easy-to-use as well. This service costs $69 for a year’s subscription. NORDVPN doesn’t have any DNS or IP leak settings to worry about, but it does have a new setting called Cybersec that blocks ads, and protects against various malware threats and botnet control. This is turned off by default, but it’s a good option to turn on since even
on a VPN cookies set by advertisers make it possible to track you online.
Windscribe Pro ( go.pcworld.com/wscr) is a great option that is also simple to use and costs $49 per year. It does not have any settings you need to worry about, but you can get enhanced privacy protections, such as ad blocking, if you install the service’s browser extension in addition to the desktop app. If you’re not willing to pay for a VPN, Windscribe offers a free version with up to 10GB per month.
Finally, Tunnelbear ( go.pcworld.com/ tnnl) is another fantastic option for preventing VPN and IP leaks. Tunnelbear costs $50 per year. It doesn’t have any leak protection settings you need to worry about. There is a Ghostbear ( go.pcworld.com/ ghbr) setting that is supposed to make your VPN traffic look closer to unencrypted traffic though it can make your browsing speeds slower.
WHAT TO DO IF YOU’RE LEAKING DNS
As we’ve just discussed, many set-it-and-forget-it type VPNS ( go.pcworld. com/fvpn) funnel your
DNS requests through their own providers, though some require an explicit settings change to do this. Check your VPN provider’s help pages if you are leaking DNS for advice on how to fix it.
Another way to address this issue is to permanently switch your PC to an alternative DNS provider such as Google ( go.pcworld. com/ggle), OPENDNS ( go.pcworld.com/ odns), or Comodo Secure DNS ( go.pcworld. com/coms). That way if your VPN provider’s DNS fails, you won’t be using DNS tied to your ISP.
Once you’ve fixed your DNS problems, return to Dnsleaktest to see what it reports. If it shows DNS servers that aren’t related to your ISP or general location, then you’re all set to enjoy added privacy over your VPN connection.