How to Test How Secure Your VPN Is

Man installing VPN on a laptop.
VPNs are used to secure privacy, yet many VPNs leak users’ data. Find out how you can check if your VPN is leaking data.

Charles Comiskey had seen it coming way back in his time when he said it’s the small things in life that matter, but it’s the negligible leak that empties the greatest reservoir.

Similarly, no matter how much money you will save by getting a cheap safety lock, it is no good if all it does is break by the slightest sight of effort. It may have cost you some extra money to get a better lock, but that would eventually have led you to be… still having a bicycle.

Now look at you, saved a few dollars just to lose a few hundred; And to top it off… You have to walk back home.

On the other hand, if you could have just tested the product before buying it, it would have changed your thoughts a bit.

Maybe you wouldn’t even be in a position like this.

VPNs are the same; it is their job to keep your identity private and safe from outsiders. They are no good if they leak your information.

No matter how small or infrequent that leak maybe, eventually, they are proving to be bodyguards who aren’t just bad at their jobs; they prove to be traitors who let some people pass through every now and then, let them do whatever they want and you don’t even have a clue how they got there.

The celebrity you had hired bodyguards to keep paparazzi out of the house…so, what are they doing in your bedroom?

The smallest of leaks… would be bringing down your great ship of privacy.

What most people don’t know about is that VPNs leak all the time… even the paid ones.

How good is a faucet that leaks almost all the time?

Our Plumber: On Fixing Faucets

You will be shocked to find out that more than 80 percent of VPN apps were leaking users’ IP address. Then there is the problem of broken features. Features that are promised but aren’t fully functional.

The thing going for you, dear reader, is that VPNs are software services and are relatively easily tested.

VPN icon on a tablet.
VPNs are the same; it is their job to keep your identity private and safe from outsiders.

They won’t need any experts running them for you, you can do them on your own and find out whether your VPN is the one giving those paparazzi access to your Jacuzzi or is it John Wick assassinating all incoming threats.

The tests we discuss here can be distinguished into two different categories depending on the setup required…

  • Basic tests
  • In-depth tests

Let’s start off with…

Basic Tests

These are tests that require no setup and can be performed with tools pre-prepared online. The only problem with these tests is that they cannot verify all the leaks. Usually, the leaks happening during reconnections are not found. There is a workaround for that, which we will discuss, but it is what it is—a workaround.

1.    DNS Leak Test

DNS (Domain Name Server) is to internet users what a dictionary is for anyone learning a language. It is essentially a dictionary where all websites’ addresses are saved. As words are saved in table formats with their meaning in a dictionary, the DNS contains tables of website names against their IP addresses as meanings.

Whenever you enter the name of a website in your browser, that information goes to your internet service provider. The internet service provider has a DNS server that resolves human understandable (Domain Names) addresses to computer understandable ones. It is that server which contains the DNS table where your entered website address is searched and the respective IP address is then contacted.

If the DNS table does not have that site’s address entered in its table, then it requests its nearest situated DNS server and so on.

Your internet activity is logged at your internet service provider in a simple text file and hence can be used by them or anyone with access to it.

While using a VPN, technically the DNS translation is taken care of by the VPN service provider. This is why even though your service provider might have logs of you connecting to a VPN provider but that’s about it. Further logs are at the VPN’s end and they are then discarded due to some of them having a no-log policy.

But, there can be leaks…

How Do I Know I Have a DNS Leak?

There are online tools available to see whether your VPN is leaking your DNS records or not.

Connect to any of the following tests…

DNS Leak Test homepage screenshot.

Perfec Privacy DNS Leaktest screenshot.

IP Leak homepage srcreenshot.

…while your VPN service is on and see whether the test results show where you come to appear from.

This does not have to be perfect since your internet service provider covers a large area, even if it shows which city you originate from, it is evidence enough that the VPN you are using is leaking DNS data.

Note that, although it may not look initially that your IP address is at stake, your browsing history is. Your internet service provider is a third party who may be interested in using that for its own benefit too.

For easy comparison, while connecting to your VPN, you can choose servers which are in other countries outside of yours.

2.    IP Leak Test

If hiding your point of origin was one of the jobs of the VPNs, hiding your IP address is the job of the modern age VPN service providers.

An IP leak occurs when your VPN fails to hide your IP address while you are connected to it. This could be during small fluctuations of connectivity that users face while being connected to the VPN or this could be due to lack of support for the new tech.

In short, the causes are generally due to …

  • Connection fluctuation
  • Lack of IP v6 support

How Do I Know I Have an IP Leak?

Hop on to the internet wagon and go to the following destinations. These sites provide easy to run online tests that can help you determine whether your IP is leaking or not.

IP LEAK IP address check screenshot.

ipv6 homepage screenshot.

Perfect Privacy IP check screenshot.

Make sure you have turned your VPN on.

After running the tests, you see that your VPN has passed with flying colors… there is still something bugging you though… what happened to that connection fluctuation problem?

These sites are good at checking the IP leaks at normal states… but you can’t actually make your VPN’s connection fluctuate on command while running the tests… or can you?

Turns out, you can.

For testing IP leaks during connection fluctuation, all you need to do is…

  • While connected to the VPN and running the tests, turn off your Wi-Fi/internet connection.
  • Now… Reconnect your internet.
  • As soon as you reconnect the internet, your VPN will try to connect back to its servers as well.
  • At this time, refresh the testing sites’ tabs so that they can run the test at that time.
  • Check results.

Although not 100% guaranteed, this way you can force the VPN to fluctuate and run the test at the same time.

3.    WebRTC Leak Test

WebRTC leaks are the reality of the life of VPNs … they are bound to happen. They are the kryptonite to the Super-VPN-Man. To understand whether you have them or not… it is important to understand what they are.

What Is the WebRTC

WebRTC or Web Real Time Communication is a project supported by almost all the browser developer tech giants. It is an open-source project that provides APIs for real time communication between two parties.

The issue (at least for the VPNs users) arises while setting up communication between two parties; both the parties’ real IP addresses are visible to the APIs. The request for IP read is not visible to the developer console of the browsers, so you don’t really know if someone is reading it or not. Furthermore, the IP addresses are also accessible through Javascript.

VPNs are fundamentally used to protect privacy while being on the internet. WebRTC provides APIs which are applied by almost all the browsers. Browsers are used to surf the internet.

Do you see the irony here?

If you are using browsers for surfing the internet, then WebRTC leaks are bound to happen.

How Do I Know If I Have a WebRTC Leak?

You can use online tests to see whether the leak is there or not. The following sites provide basic tests.

Browser Leaks homepage srceenshot.

Perfect Privacy WebRTC Leaktest screenshhot.

WebRTC detection screenshot.

Once you find that the leaks are there, it is time you need to find a premium VPN service which is dedicated on saving you from a WebRTC leak.

Either this or you can nip the bud in the evil by disabling the WebRTC from your browser altogether.

Here is how you can do it in different browsers…

Firefox

Firefox, being the developers’ favorite, has all the options available for customization. It is relatively straight forward to disable WebRTC in it.

All you need to do is…

1. Open up the about:config window by typing about:config in the address bar of the browser.

2. Here you will be asked whether to accept the risk of changing default settings, accept it by pressing the “I accept the risk!”

Firefox advanced settings change screenshot. 3. Here search for the “peerconnection.enabled” property.

peerconnection.enabled Firefox screenshot.

4. Set its value as false by double-clicking it.

That’s it.

Chrome

Chrome is developed keeping ease of use in mind and hence does not allow such freedom that Firefox does. At least not on its desktop version, considering WebRTC.

What we can do is download an extension which changes the behavior of the browser. In this case… the following have been found pretty useful:

The Network Limiter is an official extension from Google that does not block the WebRTC traffic but does hide your IP.

If your experience with extensions or add-ons is not that great with varying results, it’s better to simply not use Chrome on your desktop computer. You can use it on your Android device though… since you can disable WebRTC in it simply by…

  1. Opening up the Chrome app in your device and go to “chrome://flags/#disable-webrtc” address.

Disable WebRTC in Chrome screenshot. 2. Once the page is loaded… search for WebRTC Stun origin header. Once found, disable it…

WebRTC screenshot from Chrome.

And you are done.

Opera

Opera follows the same product path that Chrome does… ease of use, and in turn, no options to play around with. The most you can do is download and use the following extension.

Once installed, you can then select the extension’s Settings menu to access the following option:

  • IP Handing Policy

Here, select the value Disable non-proxied UDP (force proxy). Once selected, apply the settings.  

Edge

Microsoft’s answer to the changing times was upgrading its old, reliable but clunky Internet Explorer. In the process where a lot was gained… some core features which made the Internet Explorer click were lost.

In the Edge browser, there is no clear cut way of disabling WebRTC. The most you can do is hide your local IP.

You can do that by:

  1. Navigating to the address about:flag.
  2. Here search and then set the option Hide my local IP address over WebRTC connections as on.

Doing this will hide your local IP address. The real threat to your privacy, however, is through your public IP.

There are some VPNs which offer desktop solutions for the Microsoft OS platform… it is best to check them out to avoid this on Windows platform.

Brave

Brave is an open-source browser which is getting famous for its built-in ad and website tracker blocking approach. So it is only natural that it gives you the option of blocking WebRTC.

You can do that in fairly simple steps:

  1. Go to Preferences and then to WebRTC IP handling policy under Security.
  2. Here set the policy as Disable non-proxied UDP.

That’s it!

4.    Malware Detection

When you use a product for free… most of the times… the actual product is you. Third-party software solutions or free apps in the market usually provide services on different models. One of the most popular models is selling user data.

If you have one of these apps in your device as a VPN, the whole purpose of VPN is lost whatsoever. It is like having your football coach sharing and selling your secret game plans in the open market, eventually helping your opponents find and counter it.

Avoid free apps for this purpose… and if that is not possible then upload them to…

Virus Total Homepage screenshot.

… and it will detect malware in the app through its 60 different tests. There should not be more than three positive results out of all the tests. If there are, then stay clear of such apps if privacy is your concern.

In Depth Tests

If your inner test engineer is not satisfied by the level and number of tests we have mentioned, then you can always set up a test environment with the help of ExpressVPN’s VPN testing suite.

The testing suite is completely free and open-source. It supports three major platforms, i.e.

  • Windows
  • Mac OS
  • Linux

The testing suite also has a beginner’s guide to get started with setting up the test environment and running the tests.

Once you are done with the tests, you will know how protected you are. Whether the results are good or bad, keep two things in mind…

  • WebRTC is a newer technology, and there will be ways to exploit it in the future.
  • The free app model for security may sound good, but unless you exactly know how the specific app makes money, it is as good as a cat guarding milk.

Choose a VPN which actively seeks to keep you secure in the face of advanced tech, no matter the cost.

More from Muhammad Adnan Ikram
Google Home: 9 Tips & Tricks
The room brightens up as you enter. “Good morning!” You sit on...

Leave a Reply

Your email address will not be published. Required fields are marked *