You bought a new VPN service after long research. The internet says that the VPN you have is the best when it comes to protecting your privacy. But you shouldn’t rest here. The first thing you should do is take the VPN for a test drive to see if it’s worth the reputation.
I’ll be walking you through what exactly I mean by testing a VPN and why it’s necessary to ensure maximum privacy – all the time.
Why You Should Test VPN
Virtual Private Networks are designed to give you private access to the internet. The virtual tunnel that you create between your device and a remote server encapsulates data passing through it. Just like a tunnel hides the passing train from the outside world, VPN hides your data from the Internet Service Provider (ISP). Moreover, the encryption part of VPN scrambles data; only the VPN server has the key to decode the incoming data.
But like a hole in a boat, VPN can leak your identity and activity if it’s not set up properly. It’s why VPN services go to great lengths to advertise that their VPN is safe from IP leaks and DNS leaks. But as with any advertisement, you should take it with a spoon of doubt.
Understanding How Internet Communication Works
When we talk about digital “identity” we refer to an IP address. An IP address is one of the fundamentals of a network and allows for communication between devices. Each device online right now has a unique public IP address and points to an ISP. An IP address is what allows the ISP to return a request (such as opening a webpage) to you instead of someone else on its network. So, the ISP knows who you are on the network, and since it handles your internet requests, it knows what websites you visit.
A VPN server is a proxy for your internet communication. Instead of the ISP, the VPN server fetches all the webpages that you request, or whatever data you send back and forth. Because the website connects to the VPN server and not to you directly, it allows you to mask the IP address.
Returning to the part about ISP, encryption prevents it from checking the contents and the source and destination IP header on the data packets.
Like an arrhythmia, the VPN could potentially fail to hide your activities, thus leading to what’s known as a “leak”.
As I explained above, an IP address is your digital identity, which gets exchanged by the VPN server’s IP address as soon as you connect.
Bear in mind that this IP address is not the one that you see in your device’s network settings – that’s a private IP address assigned by your router. Just like how the ISP uses IP address to distinguish you on the network, your router assigns you an IP address to identify you among the various other devices connected to it.
NAT (Network Address Translation) is the part of a router that converts a private IP address into a public IP address. The public IP address is essential to surf the internet.
An IP leak means that connection to the VPN server was lost momentarily. That small window of time was enough to expose your identity to the ISP or on the service you’re trying to unblock. For instance, if you’re trying to unblock Disney+ in Philippines, you need to make sure your original IP address isn’t exposed.
You can check for any leaks yourself, here’s how:
- Go to ipleak.net
- Let the test run itself. Note down the results, your country, region, and the IP address.
- Now connect to your VPN service. Any server will do; we just need to check for any leaks.
- Run the test on ipleak.net again and not down the results. If the details have changed to the region you are connected to, then the VPN is successfully hiding your identity.
Keep taking the test every once in a while. Because while it may not be leaking at that particular moment, it can still do in the future – especially with future updates.
How to test a VPN for DNS leaks
DNS leak is similar to an IP leak. It gives away your activity. But to understand how a DNS leak compromises privacy, let’s understand first how DNS works.
Domain Name Search serves as a massive repository of public domains on the internet. Think of it as a phone book of the internet. Whatever address added you want to dial, you check the phonebook for the number.
The need for DNS is because we use alphanumeric names instead of IP addresses to connect. Remember that I said everything on the internet has an IP address? It’s true for websites as well. Websites are hosted on computers that assign an IP address to a particular website. So, whenever you connect to topvpnservice.com, the DNS server looks up the domain name and returns the relevant IP address.
The approach allows people to remember names instead of numerical digits. And IPv6 addresses are even harder to remember.
Your ISP uses a DNS server to fulfill your requests. When you connect to a VPN service, it uses its own DNS server. Here’s where you can realize how a VPN keeps your activities private. It not only hides your identity from the destination server, it also wraps your data in encryption, leaving it for the VPN server to decode and handle the DNS query.
A leak occurs when your device sends a DNS query to the ISP’s default DNS server instead of the VPN server’s resolver. DNS queries normally are not encrypted. The ISP can look inside the query and log your entire internet activity, what websites you visit, and when you visit them.
There have been a couple of solutions to address the naked DNS queries, such as DNS over TLS (DoT) and DNS over HTTPS (DoH). The idea is to encrypted DNS queries so that no third-party can see what request has been made. DoT and DoH both have their pros, but DoH is generally preferred as it can bypass stringent checks on Port 953 – which is from where DoT traffic travels.
Mozilla Firefox has enabled DoH in its web browser, allowing users to use the assigned DNS server with encryption. But I digress.
Connecting to VPN also encrypts your DNS queries. But if your device tries to use the ISP’s DNS server, it’s going to leak your activity. So, testing for IP leak and DNS leak is equally important. Here’s how to do it:
- Head over to https://ipleak.net/ and let the test run itself.
- Note the servers under DNS Addresses.
- Connect to your VPN; any server.
- Run the test again.
- Now, compare the servers with the servers when you were not protected by the VPN. If any of your ISP’s servers show up, it is proof that your VPN is leaking DNS queries.
- You can also run a test on https://www.dnsleaktest.com/ and cross-check the results to be completely certain.
What can you do here? Nothing, really. Except for getting a VPN protects your connection through and through or setting up a DNS routing yourself, there’s nothing more you can do. One of the reasons why VPNs are popular is thanks to its convenience – a simple click of a button encrypts your web traffic and DNS traffic.
We are not quite done yet; there is one aspect of web communication that needs checking. Web Real-Time Communication is a technology that allows two web browsers to talk to each other without the need of an intermediary server in a Peer-to-Peer (P2P) fashion. It’s not entirely serverless since it uses STUN and TURN servers, but they only go as far as to assist in enabling the P2P communication.
WebRTC allows video streaming, audio streaming, and file-sharing directly in the web browser without requiring any plugin. Because it’s open-source, WebRTC has been picked up by the development community, and its API is available to all. The feature is built-in the leading web browsers – Mozilla Firefox, Google Chrome, Safari. The days of installing Adobe Flash Player or Microsoft Silverlight are long gone; interoperability is the need of the hour.
STUN server’s job is to fetch the public IP address and port of the peer trying to connect. Peer A has to traverse NAT (Network Address Translation) to connect to the internet. NAT is the function of your router that assigns a public IP address to a private IP address. STUN server has to determine the correct IP address sitting behind NAT so that the correct user gets connected to Peer B. Once it has the information, it will signal the other peer and establish a connection.
All that wall of text was to explain how WebRTC leak occurs. Even though you connect to the VPN server, the web browser might still reveal your actual IP address, especially on video-streaming platforms. It is how Netflix knows you are connected to a VPN when you stream through a modern web browser.
WebRTC pushed VPN services to act expeditiously to secure their service against this new type of leak. Currently, the top VPN services advertise WebRTC as one of the selling points.
Checking for a leak is straightforward:
- Connect to the VPN
- Run a test on https://ipleak.net/.
- Notice if your ISP’s IP address pops up under WebRTC leak.
VPN services also offer web browser extensions that take up a small footprint and allows you to toggle VPN protection directly from the browser. Albeit limited, the extensions target WebRTC and disable it to protect against leaks.
What is Kill Switch
Another popular feature that gets used around during advertisements is Kill Switch. In a perfect scenario, the VPN connection will remain stable and connected throughout your use. But that might not always be the case. If the connection to the VPN server drops, your IP address will get exposed to the ISP.
It’s so abrupt that it’s realistically impossible to act quickly unless you have some mechanism that automatically gets triggered and terminates your internet connection. That’s exactly what a Kill Switch does – it prevents your device from establishing a connection to the ISP’s server in the event of a disconnection. For the Kill Switch to work, it needs application-level access to gain permission to terminate internet connection, which is why it does not work in VPN browser extensions.
There are several situations where a disconnection can occur. The VPN server may go offline or poor Wi-Fi connection; in any situation, Kill Switch is the feature that will cover your tracks.
How to Get the Best Speed
Speed relies on several factors. The first is how well the VPN is built, including the servers that are hosting it. The next is the distance to the server, which is known as latency.
Latency refers to the time it takes for data to travel to and from the server. Distances the most significant role in latency; the closer you are to the server, the better your experience will be. If you live in the United States, then connecting to Canada or Brazil will yield better results than connecting to Germany or the Middle East.
Protocols are another factor. But for the average user, it might not matter much as VPN clients come default with the best VPN protocols out-of-the-box.
The processes explained show you how we test a VPN service through its categories. Our list of the best VPN providers offer a curated list of services that have proved their mettle. We have tested the services so that you don’t have to.
Being “leak proof” is an absolute must – there are no compromises to be made here. When you set up a VPN, it’s expected to keep your activities private no matter what the circumstances may be. As a piece of advice which I also gave earlier, keep checking for leaks periodically.
VPN clients receive new software builds, and new builds can introduce new problems. Alerting the VPN service of the leak is a good tip on your part. Meanwhile, you can rollback to an older build until the issue gets addressed in a future update.