Every internet user has an Internet Protocol (IP) address. This is an online identity that every user must have. But who provides your IP? Your internet service provider (ISP) does.

If anybody wants to track your internet activity, they simply use your IP to locate and monitor you.

Only a Virtual Private Network (VPN) can keep prying eyes at bay. VPNs are wonderful online security resources that many people use to hide their online identity or to change their IP address. A VPN encrypts your online traffic and sends it to a virtual server. The server handles your information and encrypts it so that any hijacking attempt is derailed.

What does this tell you? Anyone trying to track your online movements only sees the virtual IP address given by your VPN provider rather than your real IP. A competent provider takes rigorous measures to safeguard their users’ IPs. Good VPN services also don’t keep logs of the users’ activities. Is there a chance that your virtual IP can get discovered? Only if it gets leaked. You may be asking, “How to check if my VPN is leaking?” If so, read on to learn more.

No VPN is 100% immune to IP leaks.

The good news is that you can detect and combat the leakage. A VPN that’s not configured properly is no longer private. Just because you are using the most popular VPN software doesn’t mean that your online activities are completely concealed. It is unfortunate that even the most expensive VPNs sometimes have trouble protecting users from IP leaks, especially those caused by the operating system and browser.

The only way to be certain that your information is anonymous is ensuring that your computer system is not prone to DNS and IP leaks. You can start by asking Google, “What’s my IP address?” However, the IP address is not the only aspect of your internet connection. There is a potential for IP leaks to take place at different times. How private is your online activity when using a VPN? Is your VPN doing its job properly or are you unknowingly leaking private information to snoopers?

IP leaks explained

leaking vpn

When you activate VPN on your device, you can choose any of the available servers from different countries. The VPN makes you look like you are browsing from the region you select. But when you see a message like “This content is not available in your area,” it’s a sign that the site you want to access is tracking your original IP. It could mean that your virtual IP is leaking! You should perform a VPN leak test immediately. First, you should understand the various types of IP leaks.

IPv4 DNS leak

Your operating system can be confused when sending IPv4 requests to DNS servers which are default to your system and usually managed by your internet service provider. This is particularly common in Windows OS. If you are using Windows, it’s time to ask yourself, “Is my VPN secure?” To protect yourself from IPv4 DNS leaks, consider using a VPN with built-in protection against it. This is a firewall that ensures all traffic flows only through the VPN when leaving your computer. Alternatively, use VPNCheck Pro (Windows).

IPv6 DNS leak

This is a common type of VPN leak. The IPv6 uses 128-bit IP addresses. All the current operating systems support it. Sometimes, a VPN fails to channel your online traffic through a safe tunnel as it should. When you try to access an IPv6-enabled site, your browser makes an IPv6 request that doesn’t pass through your VPN. This means that your ISP will handle the request. That is how your real IP is discovered. How do you protect yourself from this problem?

First, you can subscribe to a VPN client that includes DNS leak protection in the package. This will disable the IPv6. Secondly, you can disable the IPv6 manually by following the instructions provided by Windows, Linux, and OSX Mac. Lastly, use OpenVPN for Android which provides an option for routing your IPv6 traffic over VPN.

Unproxied DNS

You may be using a VPN that doesn’t proxy DNS requests. This means it sends requests directly to third-party DNS services. These third-party DNS services see your online activities as well as your actual IP address. This compromises your privacy. This is technically a DNS leak by design and not an accident. The only way to combat the leak is by switching to another VPN provider. It’s not easy to know whether your DNS requests are proxied or unproxied, but you can confirm this from your VPN client.

How to detect IP leaks over VPN

  1. The first step is to check your IP when you are not connected to a VPN. Just type “What’s my IP” on your search engine.
  2. Then, enable your VPN and connect to your preferred server. Check twice to see that you are connected.
  3. Go to the search engine bar and type in “What’s my IP” again. A new IP address corresponding to the country of your choice should show up.
  4. Next, carry out an IP leak test which is available on various free websites. An IP leak test tool is a web app that provides a free API which you can use on your device.

However, a vast number of DNS leak tests are not mobile-ready and may be outdated. A good API helps you to find out if DNS over TLS has been activated. This is a new protocol but a very important feature of IP leak tests. It ensures that all your DNS requests are encrypted. Also, it checks whether DNSSEC is active. DNSSEC guarantees origin authority and data integrity.

What’s the difference between DNS leak and WebRTC leak?

DNS stands for Domain Name System which keeps a database of domain names and configures them to their equivalent numerical IP addresses. They are like a phone book directory. Without a VPN, your device contacts the ISP’s server to request the IP address of the site you want to visit. With a VPN, the device only contacts the VPN server for DNS requests. A DNS leak happens when your request is forwarded to the ISP server when using a VPN. How does it differ from WebRTC leak?

WebRTC leak explained

This refers to Web Real-Time Communication which is a specialized program or API interface that is built-in to web browsers. It reveals your real IP address even when you have activated a VPN. So, how does a WebRTC (Browser IP) leak happen? It takes a lines of code to make WebRTC show your actual IP address through a server called STUN. This server allows devices to penetrate your internal network and discover your real location. In fact, VPNs use STUN servers to convert your internal IP to a public IP.

STUN servers accomplish this because they hold a database of your virtual IP as well as your local IP during the connections. It doesn’t matter how secure your VPN is; an IP leak is bound to happen if your browser’s WebRTC is weak. If it accepts STUN queries, it will send back a response revealing both your VPN IP and public IP, in addition to other information. The responses are then accessed through JavaScript. As long as your browser has a WebRTC support and JavaScript program, your IP can leak.

How to prevent WebRTC from risking your online privacy

There are two measures you can take to ensure that your browser doesn’t leak your IP over a VPN. To start with, set appropriate firewall rules to block any request coming from your established VPN network. The specifics depend on the operating system of your device. The second option is to disable WebRTC in your browsers. Thoroughly screen the privacy settings on your browser. If you find these instructions confusing, you may simply ask Google how to terminate WebRTC. There is an abundance of tutorials on this subject.

You must not rely on the DNS server that your ISP provides even with an active VPN connection. You may try public DNS servers like those offered by Google, but when you have a paid VPN, there is no need to include a secure DNS on a dedicated server. The only sure way to stop IP leakage is to subscribe to a VPN with built-in DNS leak protection and dedicated servers. Also, consider a VPN that supports IPv6 or one that can disable IPv6 in the OS.

What is the easiest way to disable WebRTC?

You don’t need to wait for your VPN client to disable the WebRTC on your browser. There are several steps you can take to solve the problem right away. It can be as easy as disabling a feature or downloading an app. But the most straightforward method is disabling the WebRTC extension which, by default, is enabled in Opera, Firefox, and Chrome. The Internet Explorer and Safari browsers do not have WebRTC, hence they are not affected. So, you can switch to these browsers to bypass the WebRTC IP leaks.

If you want to stick to Chrome, Opera, and Firefox browsers, there are steps you can follow to disable WebRTC. In Chrome, install the ScriptSafe extension that is available on the Chrome Web Store. If you are an Opera user, download ScriptSafe but you’ll have to navigate through some loops. But the simplest and easiest way is to install PureVPN’s Chrome Extension. On FireFox, download an add-on known as “Disable WebRTC.” Also, you can disable WebRTC on FireFox from the address bar. Just go to “about: Config” menu.

VPN leaks are a concern for any user. To make sure your privacy is protected, make sure to test for VPN leaks on a regular basis.

Why is Windows Operating System prone to IP leaks?

In Windows 10, DNS requests are sent to all available network adapters. Whichever DNS server responds first, it directs your browser to your target website. So, even if you have enabled the VPN on your computer, the DNS request can reach your ISP, leaving your information vulnerable. The other problem with Windows is the IPv6 addresses. Since Windows utilizes Teredo tunnels to support IPv6 addresses which are hosted on IPv4 networks, your DNS can still leak. But you can turn off the Teredo tunneling to prevent IP leaks.

Other leaks that can expose your online identity

Apart from DNS and browser leaks, there is a common leak referred to as “dropped connection.” It happens when the VPN disconnects all of a sudden. In this case, your internet traffic is routed through the regular network that is less secure. Luckily, this type of leak is easy to fix. You can choose a VPN provider with a kill switch even on your smartphone. This feature monitors your connections to ensure that the real IP remains masked in case of a dropped VPN connection.

If the kill switch detects a change in IP address, it immediately terminates all your online connections and tries to reconnect you to the VPN server. Always check for this feature when selecting a VPN. As mentioned before, always check if your VPN is working. If your IP address tool reveals your actual IP when you are still connected to a VPN, know that your IP has leaked. If it shows the address of the virtual server location, then you have much less to worry about.