If you’ve been fishing around for a VPN, you may have seen providers promising something along the lines of “leakproofing”. But what does that even mean? How exactly does a VPN “leak” and why should VPN users care?
Those of you who already have a subscription will want to test out your VPN client with this leak test tool. After all, it’s worth having the peace of mind that your provider is sticking to their promises. We offer some to-the-point explanations on what all the results mean in the lines below.
Why Is VPN Leak Protection Important?
Let’s be a little selfish here and state the obvious: if you’re paying for a VPN subscription, you expect it to work properly, right? If your private data starts leaking, you won’t be too happy about it. Especially not with the knowledge that your ISP is probably selling your browsing history and location data to advertisers. Think about that one the next time you see an eerily specific ad online.
Still, targeted advertising may be the least of your problems, considering cybercrime is still on the rise. And it shows no signs of stopping. Having your VPN leak your data can spell disaster to your very livelihood. This is where leak protection comes in.
What Is IPv6 Leak Protection?
There are currently two standards for IP addresses everywhere:
- IPv4 – which looks like this: 126.96.36.199
- IPv6 – which looks like this: 2601:7c1:100:ef69:b5ed:ed57:dbc0:2c1e
The first type is fairly limited considering the sheer amount of Internet-connected devices nowadays. It’s gotten to the point where IPv4 addresses have basically run out as of 2019. Thanks, smart fridges, and toasters. Now, this was expected as early as the 90s, and IPv6 was created to mitigate the issue.
Despite that, adoption of IPv6 has been sluggish at best, forcing Internet Service Providers (ISPs) to support both IPv4 and IPv6. VPN providers haven’t felt the need to adapt to the change either, meaning your client is unlikely to route IPv6 traffic properly. What this means is that your ISP can still spy on your browsing habits despite having a VPN.
Most of the time, a VPN offers IPv6 leak protection just means that their software will block all IPv6 network traffic. If your VPN tested positive for an IPv6 leak – and you don’t want to switch to a different provider – you may need to disable IPv6 traffic manually from your network adapter.
What Is DNS Leak Protection?
The purpose of a Domain Name System (DNS) is to translate domain (website) names into an IP address, and vice versa. When you type in youtube.com in your browser, a DNS request will be sent to a DNS server (for example, your ISP’s). Think of it as a phonebook that has the associated IP address for that link. In the case of YouTube, it’ll be something like 188.8.131.52 (though they have quite a wide range of IP addresses at their disposal).
The problem with using your ISP’s DNS servers is the same as before – they can see what websites you access. A VPN will most likely redirect all DNS requests from your device through their own servers to prevent that from happening. Unfortunately, some OS features like Teredo or Smart Multi-Homed Name Resolution (SMHNR) in Windows 8 and 10 may cause DNS requests to go through your ISP’s servers in some situations.
Those features may be disabled, but choosing a VPN with DNS leak protection is the only real solution to this problem. Such VPNs will monitor DNS requests and ensure they always go through your VPN rather than your ISP.
What Is WebRTC Leak Protection?
Did you know you could make audio and video calls straight from your browser, without needing to install third-party apps like Skype or Slack? That’s what the Web Real-Time Communication (WebRTC) browser feature is for.
For the privacy-minded, however, WebRTC is just a huge security flaw. Websites can perform STUN requests to log both your VPN’s and your real IP address. This issue appears to be limited to devices running Windows.
WebRTC leaks can be prevented by disabling WebRTC in your browser, though that comes at the cost of losing WebRTC functionality. Browser add-ons like WebRTC Control can also prevent your IP address from leaking. If you already have one, a script-blocking extension like NoScript, uMatrix, or ScriptSafe will do the job as well. As always, though, getting a VPN with built-in WebRTC leak protection is your safest bet.
Even if your provider offers full leak protection, make it a priority to test your VPN with the tool mentioned in the beginning at least once a week. Software or service issues can pop up at any moment, and it only takes one slip-up to compromise your online security.