Surfing the web without proper protection makes you extremely vulnerable to all sorts of different dangers. And make no mistake, those dangers do exist. That’s why you should always use VPNs since they’re one of the best ways to protect yourself and ensure safety and anonymity. However, there are still dangers, even with VPNs activated. For example, there might be a flaw that’ll make your VPN leak your true identity.
If you wish to prevent this, or at least reduce the risk, you’ve come to the right place. In this article, you’ll learn about accidental disconnections, DNS leaks, IPv6 leaks, and also WebRTC/STUN leaks. We’ll tell you what causes them, as well as how you can check if you’re vulnerable or not. First, though, let’s see what IP leak is, and what it really means.
What’s an IP leak?
When using VPNs, you’re using one of the provider’s servers. That server, in turn, gives you a new, fake IP address, that helps you surf the web anonymously. Many websites or persons might try to learn about you via your IP, but if it’s a fake one, then they won’t get the right info. That makes your privacy safe, as well as your identity, location and everything else. Now, if your real IP gets exposed for some reason, it’s considered to be an IP leak.
The IP address is given to you by your Internet provider, and all of your devices that are connected to your home internet share the same one. It serves as your online signature and says a lot about you to those who know how to read it. This is why you should always try to keep it hidden.
What can cause an IP leak?
Most of the time, IP leaks aren’t a problem that originated in the VPN app, but instead, some other software might be flawed. This might include your browser’s software, it’s plugins, or perhaps even the operating system itself.
Most of the VPNs will even include this type of flaws into the account and protect you accordingly. Still, perfection doesn’t exist, and even they might encounter an error that they haven’t experienced before. Let’s take a look at the types of IP leaks, as well as recommend the best VPNs for this sort of problem.
IP leak caused by a failed VPN connection
This is one of the problems that happen on regular basis, but it’s easy to fix. It mostly occurs when your VPN disconnects, which usually happens suddenly, and without warning. If that happens, the secure tunnel that your VPN creates around your data flow disappears, and you start displaying your real IP address instead of the fake one. This can be dangerous because it starts showing your true identity, but can easily be fixed with a kill switch.
Killswitch is one of the features that most VPN providers offer these days. It’s never recommended to use a VPN that doesn’t have one. It serves as a bit of code, that’s built into VPN app, and it watches your connection. If it detects that the connection is dropping it’ll completely cut you off the internet, to prevent the leak. You won’t have access to the internet until you reset the network adapter, or reconnect to the VPN.
Using a killswitch is very effective, and the technology itself is simple enough too. As we already mentioned, many VPNs already include kill switches in their desktop apps. Many also have one in the smartphone apps as well. For your safety, we recommend using TorGuard, IPVanish, and PIA (Private Internet Access).
DNS leaks happen when your DNS request goes to one of the DNS servers that aren’t secured. This includes servers that are being controlled by the ISPs. DNS itself is short for Domain Name System. Basically, whenever you type an URL in your browser, the request is sent to a server. That server then translates the website’s name into an IP address that belongs to the server on which the website exists.
DNS leaks are mostly caused by a tech called Transparent DNS Proxy. This is what ISPs use to intercept DNS requests that go through their own servers. It’s possible that your request might get intercepted even if you specify another server, one that you know for a fact that it doesn’t belong to ISPs.
There are two biggest problems with DNS leaks, and those are the fact that your ISP can see your browsing history, and that leaks can even go as far as to expose your real IP to the DNS servers. You can check if you have a leak on several different websites, like ipleak.net, or DNSleaktest.com. It’s simple enough, and fast too. It’ll show you a list of servers that you’re known to use, and that’s fine, as long as none of those belongs to your own ISP.
This problem is best fixed with VPNs since many of them have DNS leak protection as a part of their features. Once again, we’ll recommend TorGuard, PIA, and IPVanish, since their security’s among the best ones.
What many people aren’t aware of is that their devices have two IP addresses. One of them is an IPv4 address, and the other is IPv6 address. IPv4 are short and look like this: 192.168.1.1. On the other hand, IPv6 are much longer, and here’s an example of one of those as well: 2001:0db8:85a3:0000:0000:8a2e:0370:7334.
IPv6 were introduced into the whole story relatively recently. This is because we don’t have enough IPv4 addresses, with so many devices connected, and each of them has its own IPv4. This includes smartphones, smartwatches, tablets, even the smart toasters, and when you put all of them together, you might go as far as having 20-25 internet-connected devices.
A website that you’re visiting will only see one of the addresses, and this depends on whether IPv6 is enabled on your device’s system, as well as whether the website itself supports IPv6. If it doesn’t, it won’t be able to see it, and will instead search for your IPv4.
This sort of leaks are mostly caused because some of the most popular VPN protocols were made before the IPv6 was introduced. Basically, they don’t cover that technology, instead, they’ll only tunnel IPv4. There are two easy fixes for this kind of problem. The easier way is to disable IPv6 on your computer. This can be done on Mac, Windows, Android (but it requires root). iOS might be immune to this sort of leaks, though. You can turn it off on your router as well.
There’s another solution, and that’s to start (or continue) using a VPN that does support IPv6 too. Once again, these include TorGuard, IPVanish, and PIA, and we recommend them once more.
This one isn’t an operating system problem, but more of a browser issue. It’s a P2P technology, and it’s included in many of the modern browsers so that it would enable video streaming, and sharing things like PC peripherals (microphones, for example) between the website and the user who owns it.
Some sources, like TorrentFreak, have reported that WebRTC may even be used in an attack. It could, theoretically, trick your browser into showing the real IP, instead of the one that the VPN has provided. This risk is pretty low in reality, and it won’t work unless you go to a malicious website, which is, once again, pretty unlikely. Your VPN would probably warn you of the dangerous website anyway, so you wouldn’t even get to the part where you get infected.
Still, if this sort of leak miraculously does happen, you should probably know how to deal with it. For this to work, you must disable WebRTC in the browser, so that STUN leaks would be prevented. Either edit the browsers config files or install the WebRTC leak extension that will do it for you.
Of course, you should know how you can tell if you need to do this in the first place. We recommend using the tool called IPLeak.net. It will check for all of the big leak types. Try it out with and without your VPN, and if the IP is the same, then you have one of the leaks that we’ve mentioned in this guide.
IP leaks are a real problem, and you should be very careful and not allow one to happen. Most of the time, it can be prevented by methods we described in this text. VPNs are not perfect, but they’re still the best way of protecting yourself.
Still, remain vigilant, check if you have a leak from time to time, and if you do, remember our explanations on how to find them and fix them. Other than that, just find a good, quality VPN provider, and use it for as long as it works for you. We recommend the three mentioned before: TorGuard, PIA, and IPVanish. You can choose others if you like, but make sure that they have what it takes to protect you.