You may think you need to be a tech whiz to know if your VPN actually works, but that hasn’t been the case for quite a while. There are now plenty of free and readily available online tools to confirm the quality of your VPN provider.
Simply clicking here will take you to a leak tool that will expose the main flaws in your VPN client before your data is compromised. Which flaws exactly? Read on for the full details.
VPN Leaks Should Be Your Main Focus
As mentioned above, VPN leaks are your primary cause of concern (though we’ll get into a bit more advanced stuff later). Here’s what it means for your VPN to leak, and what you can do to patch things up – aside from switching providers, that is.
1. IPv6 Leaks
IP addresses, A.K.A. the main way devices are recognized on the Internet, come in two different flavors: IPv4 and IPv6. The pool of IPv4 addresses (which you may recognize by this example format: 172.16.254.1) has basically run out as of 2019 due to how many Internet-capable devices there are nowadays.
IPv6 is the newer standard and looks like this: 2001:db8:0:1234:0:567:8:1. The format allows for exponentially more variety in IPs, making it virtually impossible for them to run out any time soon. Unfortunately, slow adoption of IPv6 has caused a number of issues, including IPv6 leaks in VPN clients without leak protection.
Essentially, most VPN providers don’t feel the need to support IPv6 when most websites or ISPs don’t offer support for it either. As such, IPv6 leak protection usually means your VPN will block out that traffic entirely. Without this feature, your ISP and other online snoopers can see what you’re doing online, voiding the anonymity offered by your VPN.
If the leak tool detected an IPv6 leak, your only course is to disable IPv6 through your network adapter settings.
2. DNS Leaks
Another way your ISP could still spy on your browsing habits is through Domain Name System (DNS) requests sent to their servers. These DNS servers help translate human-readable website links like www.google.com into an IP address that can be read by a machine – and vice versa. Think of these DNS servers as phone books that help your device find out the “phone number” of the websites you access.
Now, VPN providers usually have their own DNS servers and automatically route traffic through them to prevent your ISP from reading your requests. Unfortunately, certain OS features (mainly Windows ones) can bypass that and still send DNS requests to your ISP.
Given that telecom giants aren’t exactly trustworthy, it’s worth patching up any DNS leaks detected by the tool above. Thankfully, the most common culprits can be easily disabled:
- For Teredo, simply open up a command prompt (Windows + R, type in “cmd” and click OK), and type this in: netsh interface teredo set state disabled
- Here’s a guide to disable Smart Multi-Homed Name Resolution on Windows 8 and 10.
3. WebRTC Leaks
What WebRTC actually does is allow audio/ video communication through your browser, exactly as if you were using a dedicated app (Skype, Slack, etc.) Of course, the browser feature could expose your IP address to any website through things called STUN requests. Yes, even if you use a VPN.
Again, the solution to this is as easy as entirely disabling WebRTC in your browser of choice. Alternatively, you can install a browser add-on that either:
- Exclusively blocks WebRTC requests at the click of a button, such as WebRTC Control.
- Gives you more fine-grain control over what scripts websites can run, such as uMatrix or NoScript. These script-blockers also prevent WebRTC requests and give you an upper hand in online privacy and security in general. Do be warned they have a bit of a learning curve.
As a final recommendation, don’t hesitate to re-use the leak test tool once a week just to be safe. And with that out of the way, let’s take a look at the slightly advanced tip we promised earlier.
Does Your VPN Obfuscation Work?
One of the primary functions of a VPN is to encrypt all network traffic to and from your device(s). Encryption basically means that people trying to snoop in on your online activity will just see a bunch of gibberish. This includes anyone from your ISP, to cyber criminals, to government surveillance agencies like the NSA.
For the average VPN user, this is nothing to worry about. Encryption is a VPN provider’s bread and butter, and they’d be out of business fast if it didn’t work for some reason. So how do you check that it works short of trusting some online reviewer? By using a packet sniffer such as Wireshark.
Packet sniffers capture the data packets sent over a network, analyze them and present the information in a human-readable form. They are used by network technicians to diagnose problems or cyber criminals trying to steal your data over an unencrypted Wi-Fi connection, for example.
If you want to see what your average hacker does at your local café, here’s a guide on how to use Wireshark to test your VPN.
Does Your VPN Contain Malware?
Sure enough, malware is serious business, with over 50% more mobile devices being affected in 2019 compared to 2018. In the VPN sector, 20% of the top 150 free Android VPNs have been identified as potentially carrying malware, among other risk factors.
Your first thought was probably “Wait, what? Why isn’t this further up on the list, then?” Well, you’ll notice that it was mainly “free” VPNs that were untrustworthy, showing that there is always a price to pay for privacy.
Still, you can always verify the installation file of your VPN software (even paid ones) with some decent anti-malware. Alternatively, you can upload the installer to a service like VirusTotal which uses over 70 antivirus scanners for a more than thorough inspection.