We all know how useful VPN extensions are as internet tools for our privacy.
They protect the user’s browser traffic and make sure that their personal information is secured from any and all prying eyes.
But the problem is that some VPN extensions in the market today have the tendency to leak the user’s data.
And when that happens, the user is at risk.
In this guide, we will take a look at how and why VPN extensions leak user data and how to protect your data from leaks.
Types of Leaks
The only things that cause these are specific features in the given user’s web browser.
These are features which enable users to establish real-time communications online with all the websites that the user visits.
Sometimes, these special online communication channels are able to bypass your VPN service’s tunnel. When that happens, the user’s real IP address gets exposed.
In other words, third parties like the user’s government or internet service provider can easily log data on the user and/or snoop on their online activity.
This type of leaks was once rare. Now, IPv6 leaks are pretty much as common as anything else.
And the reason for that is simple.
A lot of VPN extensions are still in the transition period of moving from IPv4 to the new IPv6.
As with all other types of leaks, if you have IPv6 leaks, you are basically exposing your real physical location.
Again, this leads to third-party companies or other entities monitoring and tracking you. And that includes your internet service provider.
The more worrying bit here is that these companies can link all of that data to the user’s future online activity as well.
This is arguably the most common type of leak.
You will encounter DNS leaks on a large number of VPN extensions for the simple reason that a lot of VPN extensions are simply not very good.
This type of leak occurs when the user’s DNS request somehow gets routed via the standard, unsecured Wi-Fi network, rather than the VPN tunnel that’s protected with encryption.
As a result of this leak, the user’s internet service provider may see almost all of the services and websites that the user might have visited.
With that said, we should mention here that even if user suffers from DNS leaks, the actual content of the places that the user has visited remains hidden.
But in today’s online world, exposing one’s browsing data is bad enough already.
How Do VPN Leaks Affect Users?
You probably don’t need us to explain why any amount of leak or any type of leak can render a VPN service totally and utterly useless and pointless.
VPN leaks simply mean that the VPN service in question is not really protecting the user’s data as it is supposed to.
Moreover, we believe that VPN extensions that have leaks are potentially more harmful to the VPN user when compared to the user who is doing nothing to protect their data.
We’ve already mentioned the fact that DNS leaks simply expose user data, enabling the user’s internet service provider to pretty much see anything and everything that the user is doing in the online world.
However, for people living in countries such as the U.K. or the U.S., having a VPN extension that has leaks may result in their web browsing history getting stored on various databases controlled by their government or getting sold to various third-party companies who are only interested in increasing their profits.
And that’s just for DNS leaks.
If you have a VPN extension that does not block IPv6 leaks, then the issue becomes very different in the sense that IPv6 leaks can potentially expose the user’s exact location.
It goes without saying that this is the exact thing that VPN users do not want to happen to them.
And when your VPN extension does not protect you against IPv6 leaks, it means that a broad range of third-party companies such as advertising firms and others can monitor and track the user’s whereabouts in the online world.
As mentioned before, these companies exist for one main reason and that is to make a ton of money even at the cost of selling personal data.
We should remind you that whenever a user installs and uses a good VPN extension, they’re actually signing up with a service that’s promising to keep their confidential information secured and at no risk.
Why Do VPN Extensions Leak Data?
The answer is surprisingly not as simple as some would have you believe.
There are lots of reasons why VPN extensions leak. Let’s take a look at some of the most common ones:
Insecure Features in Various Web Browsers
Insecure or vulnerable web browser features are always going to present problems for users who are making use of VPN extensions on a device that is running Windows.
The other thing you should know is that from Windows 8 onwards, Microsoft introduced a brand new OS feature which would send out various DNS requests from the user to all running and available servers.
This, as some of you might already know, did nothing but increase the likelihood that they would suffer from DNS leaks.
Now, we are aware of the fact that such features usually have one aim and that is to increase web browsing speeds. However, such features also make the user a lot more vulnerable to various types of cyberattacks.
Hackers know that the browser traffic would simply get routed via the server that is able to respond the fastest to the user’s request.
One other major problem with web browsers is that their location settings are confusing.
Most mainstream web browsers including the likes of Safari, Firefox and Chrome have location settings. But what most users don’t know is that these location settings allow the websites they visit on a regular basis to access their geolocation API.
Websites and other online services do that because they want to serve their visitors with more targeted experiences.
You can only get away from this problem by switching these location services to OFF.
No IPv6 Support
Or rather lack thereof.
If the VPN extension you’re using does not offer any support for IPv6, then such types of requests would bypass your VPN tunnel automatically. In the process of doing so, they would also expose your real location.
It is possible that your VPN extension may try to make attempts in order to convert all IPv4 traffic to the newer IPv6 by simply sending IPv4 traffic via a working dual-stack VPN tunnel, there is no guarantee that your data will not be at risk.
Microsoft makes use of the Teredo tunneling protocol in order to enhance the compatibility between IPv6 and IPv4. However, Teredo has a tendency to bypass the encrypted VPN tunnel, hence causing a giant security hole.
Our research shows that the vast majority of good VPN extensions would simply block all IPv6 traffic in order to stop this problem from ever occurring.
Problems with Network Configuration
There’s a subset of VPN users who are always on the move, regularly switching networks.
For example, one could move their connection from a router that is present in their home to an insecure and probably compromised public Wi-Fi hotspot present in a local coffee shop.
Our research shows that these type of users are actually the most at risk due to network configuration problems.
It doesn’t really matter which type of device you are using. If it is a device that has to make a connection to a local network to work (which all devices do), you have to make sure it does so after connecting to a VPN.
Now, whenever a user tries to form a connection with a completely new network, the actual protocol which makes the decision regarding the user’s IP address within the given network, may assign the user a DNS server automatically. That DNS server is responsible for handling all of the user’s requests.
There is no guarantee that the DNS server has proper security. If your internet service provider owns the DNS server, then you are in trouble.
If you somehow manage to connect to a good VPN extension, not all of your online lookup requests would get routed via the encrypted VPN tunnel.
And as a result, you may experience a DNS leak.
How to Block VPN Extensions from DNS Leaks, IPv6 Leaks and WebRTC Leaks
Run Scheduled Leak Tests Regularly
The first thing you should make a habit of is regularly running leak tests. That should be the case even if you have signed up for a good VPN service provider.
Running regular leak tests is a great way for any online consumer to make sure that their security has not altered.
You can also make use of sites like ipleak.net to check if your VPN extension is giving you the performance that you expect from it.
Having this habit will also allow you to start taking action if/when your VPN extension does start leaking your data sooner rather than at a time when any action would be of zero value.
Make Small Changes to Your Web Browser
One other approach that seems to work for some if to tinker with web browser settings. Our research shows that users who make use of either Safari or Firefox can easily disable WebRTC from the web browser’s settings menu. There is no need to do any kind of manual configuration.
Apart from that, turning off all location services within your web browser can also massively assist you in preventing all sorts of leaks.
It is not difficult to disable location settings in a web browser, if that is what you’re thinking.
All popular web browsers allow users to customize their settings so that the browsers are able to best suit what the user would actually
be doing in the online world.
Give Some Third-Party Software a Try
One other effective way to block WebRTC leaks on common web browsers such as Chrome and others is to use additional browser extension that can prevent such leaks from ever making use of the official API.
The extension that we are talking about here is known by the name of WebRTC Leak Prevent, available on the Chrome Web Store. Apart from that, you may also want to make use of a firewall in order to block all or some of the non-VPN traffic.
If you have a VPN client, it may already have this feature. If not, then there are no two ways about it. Though we should mention that you can check the Control Panel menu of your device to possibly see more options.
Now, you should keep in mind here that blocking non-VPN traffic would only allow internet traffic out and in, if it is established that the traffic has gone through the encrypted VPN tunnel first. That should reduce the possibility or risk of you suffering from a leak in a massive way.
Select VPN Extensions That Have Support for IPv6
In some senses, the only real way in which you can actually prevent IPv6 leaks is by signing up with a VPN service provider that completely blocks IPv6 traffic or supports IPv6 traffic.
The unfortunate thing here is that, there is actually no amount of manual configuration on your part that can ensure you will never suffer from any kind of leaks.
That is, unless the VPN extension that you are using has the capability to fully support the newer protocol.
Try to Use DNS Servers That Belong to Your VPN Service
Our research shows that the easiest way to prevent all DNS leaks via nothing but your VPN extension has to be to simply ensure that you’re only making use of those servers that your VPN service provider owns and maintains.
In other words, you should not put your internet web browser traffic at any kind of risk by taking the easy way and routing it via less-secure servers. Yes—the less secure servers are the ones that your internet service provider owns.
The other thing you should know is that a lot of VPN services maintain and support DNS servers that they own themselves.
But some don’t. And in those situations, you don’t really have an option.
If you find yourself in that situation, what you should do is manually configure all the related settings in your computer.
You could also make use of an open source third-party DNS server such as Open DNS by Google. If you want to know how to do that, click here and follow the step-by-step guide.