PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Is Your VPN Leaking?

Check your virtual private network of choice to see if it's truly private, or if that VPN's middle name is just a suggestion.

Eric Griffith
 & Eric Griffith Senior Editor, Features

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

Just how secure is your private data? You may think you have a Fort Knox-like setup, but don't take risks with your personal info. It's worth confirming that the virtual private network, or VPN, software you use is actually doing its job, or if it's allowing your personal data to go hither and thither without your knowledge.

SecurityWatch

For the most part, if you pick one of our top VPN services, you'll be well protected, be it on a PC or even a smart device (most of the best services offer software across all operating systems). But it never hurts to check. Things break, new exploits are found, and there's always a chance your VPN may be leaking more data than you prefer. Here are some steps you can take to see if that's true.

Check Your IP Address

Your home has an IP address, not just a street address. The IP (internet protocol) address is the unique number assigned to your router by your ISP. Your internal home network also gives each node in your home—PCs, phones, consoles, smart appliances, anything connected to the router—an IP address. But in this case, we're only concerned with your public-facing IP address.

The IP address is how your computers/router talk to servers on the internet. They don't actually use names —like PCMag.com—because computers prefer numbers. IP addresses are typically bound not only to the ISPs that assign them, but also specific locations. Spectrum or Comcast have a range of IP addresses for one town and a different range for another town, etc.

When someone has your IP address, they get a lot more than just some numbers: they can narrow down where you live.

IP addresses come in several formats, either a IPv4 (internet protocol version 4) version like 172.16.254.1 or an IPv6 type that looks like 2001:0db8:0012:0001:3c5e:7354:0000:5db1.

Let's keep it simple. Your own public-facing IP address is easy to find. Go to Google and type "what's my IP address." Or go to sites like Tenta Browser Privacy Test, IPLocation, WhatIsMyAddress.com, or WhatIsMyIP.com. That latter three will show more than the IP; they'll also give you the Geo-IP—the location linked to the address.

Tenta Browser Privacy Test

Take the IP address that comes up and search for it in Google with IP in front, like "IP 172.16.254.1" (sans quotation marks). If it keeps coming up with your city location, your VPN has a big, messy leak.

The leak could be caused by what's known as the WebRTC bug; WebRTC is a collection of standards that look hard to find your IP address, to make things go faster when you use the internet and services like video chat and streaming. If you've got a modern desktop browser, you're likely to have this, as the browsers all enable WebRTC to work better. VPNs that work via an extension in a browser will turn it off, among other things. Or disable WebRTC in browsers directly yourself.

  • Chrome: Requires an extension like WebRTC Network Limiter or WebRTC Leak Prevent, or try WebRTC Control to toggle it on and off from the toolbar.
  • Edge: You can't really fix it, but you can hide your local IP address entirely by typing "about:flags" and checking the box next to "Hide my local IP address over WebRTC connections." It probably hurts you with location services more than it helps protect you.
  • Safari: It shouldn't be an issue, as Apple's browser doesn't share like the rest.
  • Firefox: type "about:config," click on the "I accept the risk!" button, type "media.peerconnection.enabled" in the search box, then double-click to change to the Value column to say False.
  • Opera: Go to View > Show Extensions > WebRTC Leak Prevent > Options. Choose to disable it and save the settings.

Check for DNS Leaks

The internet domain name system (DNS) is what makes IP addresses and domain names (like "pcmag.com") work. You type the domain name into a web browser, the DNS translates all the traffic moving back and forth from your browser to the web server using the IP address numbers, and everyone is happy.

ISPs are part of that—they have DNS servers on their networks to help with the translation, and that gives them another avenue to follow you around. This video from ExpressVPN spells it out (and tells you why a VPN with DNS services on their servers is great).

Using a VPN means, in theory, your internet traffic is redirected to anonymous DNS servers. If your browser just sends the request to your ISP anyway, that's a DNS leak.

There are easy ways to test for a leak, again using websites like Hidester DNS Leak Test, DNSLeak.com, or DNS Leak Test.com. You'll get results that tell you the IP address and owner of the DNS server you're using. If it's your ISP's server, you've got a DNS leak.

DNSLeak.com, in particular, gives you a nice color-coded result, with "Looks like your DNS might be leaking..." in red, or green if you appear to be in the clear. Hidester gives you a full list of every DNS server you may hit. When several correspond to your actual ISP, that better underscores your leaky-ness.

DNSLeak.com

Be aware, there are actually some Google Chrome extensions for specific VPNs that have been found to have DNS leaks of their own. As of July, TheBestVPN had found 8 out of 17 tested had leaks. The worst of the lot appears to be Hola VPN, Touch VPN, Betternet, and HoxxVPN. Many that leaked got fixed (like TunnelBear and PureVPN); it didn't impact a few, like our Editors' Choice VPNs.

In fact, TheBestVPN has tested 74 VPNs, both free and paid, and found that almost 22 percent had some sort of leak, be it DNS, WebRTC, or something caused by extensions. Caveat emptor, kids.

Fix the Leaks

If you do have a leak, you have a couple options. One, change your VPN to one that specifically works to prevent DNS leaks. Among our Editors' Choice picks, both Private Internet Access VPN and NordVPN promise to be leak-free. (Our third EC, TunnelBear, had a leak according to TheBestVPN.com, but fixed it.)

If you like your current VPN too much to switch, maybe buy Guavi's VPNCheck Pro for $19.92. It has its own DNS leak fix, and monitors your VPN for other issues.

You can also change the DNS servers used by your router when you send requests to the internet. This can be a little complicated as it requires you to go into the settings for your router, but might be worth it for other reasons. Services like Google Public DNS, Comodo Secure DNS, or Cisco's OpenDNS provide instructions on how to set them up with most routers. The latter has a personal version with various free options, even one geared specifically to family/parental controls that blocks questionable sites. You can pay $19.95/year for extra services called OpenDNS Home VIP.

Cisco OpenDNS

(If you were using Norton ConnectSafe, take it out of your router ASAP—Symantec is shutting that service down on Nov. 15, 2018.)

On the upside, making a DNS update to your router means all the traffic in your home or office uses the new DNS service and whatever ancillary features it provides. That includes phones, tablets, consoles, even smart speakers.

Keep in mind that with these services you're handing your DNS traffic over to another corporation. You could instead invest in hardware at the router level to add extra security, but that may be overkill if you're not feeling terminally paranoid. At the very least, on individual PCs and handheld devices, get VPN software/apps for supplemental security all around.

Plug Other Leaks

Your location is probably something you've plugged into your browser at some point. If so, your browser is typically more than willing to share that information with the websites you visit, even if your VPN does not. Check the massive amount of data you may be giving up by visiting IPLeak.net.

Use an alternative browser when you want to be at your most secure—the Tor Browser, for example. It's all about keeping you anonymous, by bouncing your requests around the world before they land on the web server you want, then back again. That makes it hard for you to find your local info and can slow things down overall, but it's a good bet for security.

If you can't stand the thought of giving up your current browser, use incognito mode, go the complicated route of setting up a fake location, or just get an extension like Location Guard (for Chrome, Opera, or Firefox) to spoof your whereabouts.

If you're worried about your web-based email system, switch to ProtonMail. Not only does it redirect messages over the Tor network, it keeps everything encrypted. Proton Technologies also offers ProtonVPN for Mac, Windows, Linux, and Android. There is a tier of service that's free forever for one device—including DNS leak protection—while the paid versions support Tor servers and more.

About Our Expert

Eric Griffith

Eric Griffith

Senior Editor, Features

My Experience

I've been writing about computers, the internet, and technology professionally since 1992, more than half of that time with PCMag. I arrived at the end of the print era of PC Magazine as a senior writer. I served for a time as managing editor of business coverage before settling back into the features team for the last decade and a half. I write features on all tech topics, plus I handle several special projects, including the Readers' Choice and Business Choice surveys and yearly coverage of the Best ISPs and Best Gaming ISPs, Best Products of the Year, and Best Brands (plus the Best Brands for Tech Support, Longevity, and Reliability).

I started in tech publishing right out of college, writing and editing stories about hardware and development tools. I migrated to software and hardware coverage for families, and I spent several years exclusively writing about the then-burgeoning technology called Wi-Fi. I was on the founding staff of several magazines, including Windows Sources, FamilyPC, and Access Internet Magazine. All of which are now defunct, and it's not my fault. I have freelanced for publications as diverse as Sony Style, Playboy.com, and Flux. I got my degree at Ithaca College in, of all things, television/radio. But I minored in writing so I'd have a future.

In my long-lost free time, I wrote some novels, a couple of which are not just on my hard drive: BETA TEST ("an unusually lighthearted apocalyptic tale," according to Publishers' Weekly) and a YA book called KALI: THE GHOSTING OF SEPULCHER BAY. Go get them on Kindle.

I work from my home in Ithaca, NY, and did it long before pandemics made it cool.

The Technology I Use

My first computer was a Laser 128, an Apple II-compatible clone with an integrated keyboard, matched with an eye-straining monochrome green monitor. I used it to type papers in college for other people for money...until I discovered the Mac SE in the college computer room. That changed my life. My first cellphone was a Samsung Uproar—the silver one with the built-in MP3 player from the Napster days (the pre-iPod era).

I use an iPhone 15 Pro hourly and an iPad Air infrequently (but I'm always in the market for a cheap Android tablet). I have a PlayStation 5 just to play Spider-Man, and several Windows machines, including a work-issued Lenovo ThinkPad. I talk to Alexa and Siri all day long. I do the majority of my computing on a 15-inch LG Gram laptop attached to a Thunderbolt hub to run a multi-monitor setup—I overdid it on the power needed to simply work from home.

I'm most at home in Microsoft Word after decades of writing there. More and more, I turn to services like Google Docs, using tools like Grammarly. I use Google's Chrome browser due to an addiction to several extensions I think I can't live without, but probably could. I use Excel extensively on data-intensive stories, but for chart creation, we've switched over entirely to using Infogram for interactive features that are hard to find elsewhere. I do a lot of graphics work for my stories, but limit myself to the free and amazing Paint.NET software to edit images.

I'm a firm evangelist for using the cloud for backup and syncing of files; I'm primarily using Dropbox, which has never failed me, but I also have redundant setups on Microsoft OneDrive, plus extra picture backups on Amazon Photos and iCloud. Why take chances? For entertainment, mine is a streaming-only household—my kid has never seen network TV and barely been exposed to commercials, thanks to Roku and Amazon Music. The house is peppered with smart speakers from Amazon for instant gratification and control of smart home devices like multiple Wyze cameras and Nest Protect smoke detectors. I've got accounts on all the major social networks, to my horror. I have a robot vacuum for each floor of the house. I want a 3D printer, but not sure what I'd use it for.

Read the latest from Eric Griffith

Read full bio