Is Your VPN Leaking? | PCMag
Just how secure is your private data? You may think you have a Fort Knox-like setup, but don’t take risks with your personal info. It’s worth confirming that the virtual private network, or VPN, software you use is actually doing its job, or if it’s allowing your personal data to go hither and thither without your knowledge.
For the most part, if you pick one of our top VPN services, you’ll be well protected, be it on a PC or even a smart device (most of the best services offer software across all operating systems). But it never hurts to check. Things break, new exploits are found, and there’s always a chance your VPN may be leaking more data than you prefer. Here are some steps you can take to see if that’s true.
Check Your IP Address
Your home has an IP address, not just a street address. The IP (internet protocol) address is the unique number assigned to your router by your ISP. (Your internal home network in turn gives each node in your home—PCs, phones, consoles, smart appliances, anything connected to the router—an IP address. But in this case, we’re only concerned with your public-facing IP address. )
The IP address is how your computers/router talk to servers on the internet. They don’t use names—like —because computers prefer numbers. IP addresses are typically bound not only to the ISPs that assign them, but also specific locations. Spectrum or Comcast have a range of IP addresses for one town and a different range for another town, etc.
When someone has your IP address, they get a lot more than just some numbers: they can narrow down where you live.
IP addresses come in several formats, either a IPv4 (internet protocol version 4) version like 172. 16. 254. 1 or an IPv6 type that looks like 2001:0db8:0012:0001:3c5e:7354:0000:5db1.
Let’s keep it simple. Your own public-facing IP address is easy to find. Go to Google and type “what’s my IP address. ” Or go to sites like Tenta Browser Privacy Test, IPLocation,, or They’ll display more than your IP; they’ll also give you the Geo-IP—the location linked to the address.
Take the IP address that comes up and search for it in Google with IP in front, like “IP 172. 1” (sans quotation marks). If it keeps coming up with your city location, your VPN has a big, messy leak.
The leak could be caused by what’s known as the WebRTC bug; WebRTC is a collection of standards that look hard to find your IP address, to make things go faster when you use the internet and services like video chat and streaming. If you’ve got a modern desktop browser, you’re likely to have this, as the browsers all enable WebRTC to work better. You can check with the Hide My Ass WebRTC Leak Test.
VPNs that work via an extension in a browser will turn it off, among other things. Or disable WebRTC in browsers directly yourself.
Chrome Requires an extension like WebRTC Network Limiter or WebRTC Leak Prevent, or try WebRTC Control to toggle it on and off from the toolbar.
EdgeYou can’t really fix it, but you can hide your local IP address entirely by typing “about:flags” and checking the box next to “Hide my local IP address over WebRTC connections. ” It probably hurts you with location services more than it helps protect you.
Safari It shouldn’t be an issue, as Apple’s browser doesn’t share like the rest.
Firefox Type “about:config, ” click on the “I accept the risk! ” button, type “erconnection. enabled” in the search box, then double-click to change to the Value column to say False.
Opera Go to View > Show Extensions > WebRTC Leak Prevent > Options. Choose to disable it and save the settings.
Check for DNS Leaks
The internet domain name system (DNS) is what makes IP addresses and domain names (like “”) work. You type the domain name into a web browser, the DNS translates all the traffic moving back and forth from your browser to the web server using the IP address numbers, and everyone is happy.
ISPs are part of that—they have DNS servers on their networks to help with the translation, and that gives them another avenue to follow you around. This video from ExpressVPN spells it out (and tells you why a VPN with DNS services on their servers is great).
Using a VPN means, in theory, your internet traffic is redirected to anonymous DNS servers. If your browser just sends the request to your ISP anyway, that’s a DNS leak.
There are easy ways to test for a leak, again using websites like Hidester DNS Leak Test,, or DNS Leak You’ll get results that tell you the IP address and owner of the DNS server you’re using. If it’s your ISP’s server, you’ve got a DNS leak., in particular, gives you a nice color-coded result, with “Looks like your DNS might be leaking… ” in red, or green if you appear to be in the clear. Hidester gives you a full list of every DNS server you may hit. When several correspond to your actual ISP, that better underscores your leaky-ness.
Fix the Leaks
If you do have a leak, you have a couple options. One, change your VPN to one that specifically works to prevent DNS leaks. All our Editors’ Choice picks—Private Internet Access VPN, NordVPN, and TunnelBear—promise to be leak-free.
If you like your current VPN too much to switch, maybe buy Guavi’s VPNCheck Pro for $19. 92. It has its own DNS leak fix, and monitors your VPN for other issues.
Recommended by Our Editors
You can also change the DNS servers used by your router when you send requests to the internet. This can be a little complicated as it requires you to go into the settings for your router, but might be worth it for other reasons. Services like Google Public DNS or Cisco’s OpenDNS provide instructions on how to set them up with most routers. The latter has a personal version with various free options, even one geared specifically to family/parental controls that block questionable sites. You can pay $19. 95/year for extra services like usage stats and whitelists of sites under the OpenDNS Home VIP option.
There’s even a DNS service specifically for mobile devices: Cloudflare’s 1. 1. It not only encrypts DNS queries but promises faster internet. It can also be configured to work with routers and PCs, however. (Learn more in our recent interview with Cloudflare CTO John Graham-Cumming. )
Making a DNS update to your router means all the traffic in your home or office uses the new DNS service and whatever ancillary features it provides. That includes PCs, phones, tablets, consoles, even smart speakers, you name it.
With these services, you’re handing your DNS traffic over to another corporation. You could instead invest in hardware at the router level to add extra security, but that may be overkill if you’re not feeling terminally paranoid. At the very least, on individual PCs and handheld devices, get VPN software/apps for supplemental security all around.
Plug Other Leaks
Your location is probably something you’ve plugged into your browser at some point. If so, your browser is typically more than willing to share that information with the websites you visit, even if your VPN does not. Check the massive amount of data you may be giving up by visiting
Use an alternative browser when you want to be at your most secure—the Tor Browser, for example. It’s all about keeping you anonymous, by bouncing your requests around the world before they land on the web server you want, then back again. That makes it hard for you to find your local info and can slow things down overall, but it’s a good bet for security.
If you can’t stand the thought of giving up your current browser, use incognito mode, go the complicated route of setting up a fake location, or just get an extension like Location Guard (for Chrome, Opera, or Firefox) to spoof your whereabouts.
If you’re worried about your web-based email system, switch to ProtonMail. Not only does it redirect messages over the Tor network, it keeps everything encrypted. (For more, read How to Create an Anoymous Email Account. ) Proton Technologies also offers ProtonVPN for Mac, Windows, Linux, and Android. There is a tier of service that’s free forever for one device—including DNS leak protection—while the paid versions support Tor servers and more.
Disclosure: PCMag’s parent company Ziff Davis is owned by j2 Global, which also owns various software products and services including, IPVanish, andStrongVPN.
Like What You’re Reading?
Sign up for Security Watch newsletter for our top privacy and security stories delivered right to your inbox.
This is the kind of information that all the sites you visit, as well as their advertisers and any embedded widget, can see and collect about owser default: Fallback: If you are now connected to a VPN and you see your ISP IP, then your system is leaking WebRTC requestsDNS Address detectionIf you are now connected to a VPN and between the detected DNS you see your ISP DNS, then your system is leaking DNS requestsIf the above map is your correct location and you don’t want to allow this kind of tracking, ensure that geolocation feature of your browser is disabled or asking a permission, or install an extension that fake your 64. 235. 38. 185AirVPN Exit Node: NoCountry: United States (US)Region: California (CA)City: Santa ClaraMetro (US-Only): 807Time Zone: America/Los_AngelesLatitude & Longitude: 37. 353, -121. 9543 Geolocation map (Google Map) based on IP Address Activate Accuracy Radius:1000 KMLast data update:Tue, 05 Oct 2021 12:06:40 +0000Detected informationYour User Agent: Mozilla/5. 0 (Windows NT 6. 1; Win64; x64) AppleWebKit/537. 36 (KHTML, like Gecko) Chrome/92. 0. 4515. 107 Safari/537. 36What document you can accept: text/html, application/xhtml+xml, application/xml;q=0. 9, image/avif, image/webp, image/apng, */*;q=0. 8, application/signed-exchange; v=b3;q=0. 9What encoding you can accept: gzip, deflate, brSystem information(your browser, your language, your operating system, etc)Screen information(your display hardware)Plugins information(your browser plugins)Mime-Types information(what document you can read)HTTP Request HeadersUser-Agent: Mozilla/5. 36Accept-Encoding: gzip, deflate, brAccept: text/html, application/xhtml+xml, application/xml;q=0. 9Connection: keep-aliveHost:
What are WebRTC leaks?
WebRTC implement STUN (Session Traversal Utilities for Nat), a protocol that allows to discover the public IP address. To disable it:
Mozilla Firefox: Type “about:config” in the address bar. Scroll down to “erconnection. enabled”, double click to set it to false.
Google Chrome: Install Google official extension WebRTC Network Limiter.
Opera: Type “about:config” in the address bar or go to “Settings”. Select “Show advanced settings” and click on “Privacy & security”. At “WebRTC” mark select “Disable non-proxied UDP”.
What are DNS leaks?
In this context, with “DNS leak” we mean an unencrypted DNS query sent by your system OUTSIDE the established VPN tunnel.
Why does my system leak DNS queries?
In brief: Windows lacks the concept of global DNS. Each network interface can have its own DNS. Under various circumstances, the system process will send out DNS queries without respecting the routing table and the default gateway of the VPN tunnel, causing the leak.
Should I be worried for a DNS leak?
If you don’t want that your ISP, and anybody with the ability to monitor your line, knows the names your system tries to resolve (so the web sites you visit etc. ) you must prevent your system to leak DNS. If you feel that you’re living in a human rights hostile country, or in any way the above mentioned knowledge may harm you, you should act immediately to stop DNS leaks.
How does torrent detection work?
To detect data from your torrent client we provide a magnet link to a fake file. The magnet contains an url of a controlled by us tracker which archives the information coming from the torrent client.
VPN Leak Test
What is DNS?
DNS or the domain name system is used to translate domain names such as into a numerical IP addresses, e. g. 123. 98. 12. 1 which are required to route packets of data on the Internet. Whenever your computer needs to contact a server on the Internet, such as when you enter a URL into your browser, your computer contacts a DNS server and requests the IP address. Most Internet service providers assign their customers a DNS server which they control and use for logging and recording your Internet activities.
How can DNS leak?
Under certain conditions, even when connected to the anonymous network, the operating system will continue to use its default DNS servers instead of the anonymous DNS servers assigned to your computer by the anonymous network. This is called a leak. DNS leaks are a major privacy threat since the anonymous network may be providing a false sense of security while private data is leaking.
Why should I care?
When your DNS requests are leaked, no actual data sent to / from websites is captured. But it can still give an eavesdropper enough information about what websites you are visiting. It also opens door for DNS poisoning which can be used for phishing attacks.
What can I do?
Astrill provides an easy way to fix a DNS leak on Windows, which is very well known to have DNS leaks. Astrill also perfectly masks your real IP. It is advised to turn off Java and Flash and enable them only on demand.
How is Astrill the Best VPN to defeat DNS leak?
With implementation of innovative and latest technology protocols, AstrillVPN ensures that there isn’t a DNS leak on your device maintaining high standards of privacy.
Any communication between your device and Astrill’s Domain Name Server is heavily encrypted to keep all the data secure and defy malicious intentions in the event of interception.
Astrill’s Domain Name Servers are much speedier than your ISP’s servers enabling high speed internet experience.
Astrill’s Domain Name Servers neither maintain activity logs nor do they record your browsing history to ensure you get the best DNS leak protection.
Sign up for Astrill VPN now
Frequently Asked Questions about best ip leak test
How do I know if my IP is leaking?
Go to dnsleaktest.com or dnsleak.com (or any other DNS leak test tool you trust). Make sure you’re not using any VPN providers’ DNS leak testing websites, though. Write down the resulting information the page displays. This is going to be your ISP IP address, ISP’s name, and geographical location.Feb 27, 2020
Is DNS leak test safe?
If you are connected to a VPN server and the VPN leak test displays DNS servers that don’t belong to your actual ISP, your traffic is secure.
How do I fix an IP leak?
The easiest/best way to fix DNS leaks is to choose a VPN provider that has built-in DNS leak protection. These providers use their own custom (and private) DNS servers, and use special technology to ensure that your DNS requests are always routed securely, inside the encrypted VPN tunnel.Nov 7, 2020