VPN services are popular because they make surfing the internet safer. Without them, your geographic location, system information, and internet activity are visible, which leaves you vulnerable. Your ISP and employer can log every website you visit, advertisers can track the products you’re interested in, and hackers can gather information to steal your identity.
How do VPNs help? In two ways:
1. Your internet traffic is passed through a VPN server, so others see its IP address and location, not yours.
2. Your internet is encrypted, so your ISP, employer, or government can’t monitor the websites you visit or the information you send.
They’re an effective first line of defense in maintaining privacy and security online—as long as they work. From time to time, your identity and activity may inadvertently leak through the VPN. It’s more of an issue with some services than others, especially free VPNs. Either way, it’s concerning.
Read on to find out how you can make sure your VPN gives you the protection it promises. We’ll cover three major types of leaks, then show you how to identify and fix them. Reputable VPN services are more reliable because they test for leaks. We’ll list the VPNs found to be least susceptible at the end of this article.
How to Identify and Fix IP Leaks
An IP (Internet Protocol) address uniquely identifies your computer or device on the internet and allows you to interact with websites. But it also provides information about you, such as your location (within 10 km), and enables advertisers and others to track your online activity.
A VPN makes you anonymous by switching your IP address with that of a VPN server. Once done, it appears that you’re located in the part of the world that the server is located. That is unless there’s an IP leak and your own IP address is used instead of the server’s.
Identifying an IP Leak
IP leaks normally occur due to incompatibilities between version 4 (IPv4) and version 6 (IPv6) of the protocol: many websites do not yet support the new standard. The easiest way to check for an IP leak is to make sure that your IP address is different when connected to your VPN than when disconnected:
1. First, disconnect from your VPN and check your IP address. You can do that by asking Google, “What’s my IP?” or navigating to whatismyipaddress.com. Write down the IP address.
2. Now connect to your VPN and do the same. Write down the new IP address and make sure it’s different from the first one. If it’s the same, you have an IP leak.
There are also some online tools that identify IP leaks, such as Perfect Privacy’s Check IP. These will display your externally visible IP address along with its location, browser settings, and other internet connection settings other users will see. If you want to be thorough, repeat the test when connected to different VPN servers.
Fixing an IP Leak
The simplest solution to an IP leak is switching to a VPN service that doesn’t leak your IP address. Premium VPNs are more secure than free ones. We list several recommendations at the end of this article.
Technical alternative: More technical users can block non-VPN traffic by creating appropriate rules for their firewall. How to do so is beyond the scope of this article, but you can find a tutorial for Windows at 24vc.com and one using Little Snitch on Mac at StackExchange.com.
How to Identify and Fix DNS Leaks
Whenever you surf to a website, the IP address belonging to it is looked up behind the scenes so your browser can take you there. The information required is stored on a DNS (Domain Name System) server. Usually, your ISP handles that—which means they’re aware of the websites you visit. They most likely log your browser history. They might even sell an anonymized version to advertisers.
When you use a VPN, that job is taken over by the VPN server you connect to, leaving your ISP in the dark and protecting your privacy. A DNS leak is when your VPN provider fails to take over the job, leaving your ISP to handle it. Your online activity is then visible to your ISP and others.
Identifying a DNS Leak
Many tools will identify any leaks, including Perfect Privacy’s DNS Leak Tool. If you want to be thorough, repeat the test when connected to different VPN servers.
You may also want to run the test using several tools. Here are some alternatives:
Fixing a DNS Leak
The easiest solution is to switch to a VPN service that has built-in DNS leak protection. We recommend reputable services at the end of this article.
Technical alternative: More advanced users can guard against DNS leaks by disabling IPv6 completely on their computers. You’ll find guides on NordVPN’s support pages on how to do this on Windows, Mac, and Linux.
How to Identify and Fix WebRTC Leaks
A WebRTC leak is another way that your IP address can be leaked. In this situation, it’s caused by a problem with your web browser, not your VPN. WebRTC is a Real-Time Communications feature found in many popular web browsers. It contains a bug that exposes your real IP address, potentially allowing advertisers and others to track you.
Identifying a WebRTC Leak
WebRTC leaks can affect these browsers: Chrome, Firefox, Safari, Opera, Brave, and Chromium-based browsers. If you use one or more of these, you should check to see whether your VPN is affected by using an online tool such as Perfect Privacy’s WebRTC Leak Test.
Alternatively, try one of these tests instead:
Fixing a WebRTC Leak
The simplest solution is to switch to a different VPN service, one that protects against WebRTC leaks. We list several recommendations at the end of this article.
Technical alternative: A more technical solution is to disable WebRTC on each web browser you use. An article on Privacy.com gives steps on how to do this on each browser. You might also like to check the WebRTC Leak Prevent extension for Google Chrome.
So What Should You Do?
People use VPN services for many reasons, including finding low prices for airline tickets, accessing restricted content in other countries, and making their browsing experience more secure. If you’re in the last camp, don’t just assume that your VPN is doing its job—check! An unreliable VPN is worse than not using one at all because it can give you a false sense of security.
The best solution is to choose a VPN service you can trust. This is far more reliable than trying the various technical hacks that we’ve linked to. Why do the hard work for a provider that doesn’t care enough about your privacy and security to plug the holes themselves? What other issues did they let slip through the cracks?
So, which services are trustworthy?
The VPN Experts have run extensive tests on tons of VPN services. Here’s a list of VPN services they find most reliable in terms of not leaking your IP address of DNS:
– Surfshark (from $2.49/month) the winner of our Best VPN for Amazon Fire TV Stick roundup. We cover it in detail in our Surfshark review.
– NordVPN (from $3.71/month) is the winner of our Best VPN for Mac roundup. Learn more from our NordVPN review.
– ExpressVPN (from $8.33/month) is the runner-up in our Best VPN for Mac roundup. For more information, refer to our ExpressVPN review.
– IPVanish (from $6.49/month) is another popular VPN service. We compare it in detail with NordVPN.
– CyberGhost (from $1.83/month) is the second runner-up in our Best VPN for Amazon Fire TV Stick roundup.
VPN Mentor offers a second opinion. They, too, have tested a wide range of VPN services, and their list of recommended providers is almost identical. We recommend the same services ourselves and have written a number of articles that will help you choose the VPN that will best meet your needs: