Just how secure is your privacy? You may think you have a Fort Knox-like setup, but don't take risks with your personal info. It's worth confirming that the virtual private network (VPN) software you use is actually doing its job, or if it's allowing your personal data to go hither and thither without your knowledge.
When you're running a VPN, the expectation is that all the traffic sent and received over the VPN encrypted tunnel is protected. That includes info like your IP address, your location, even what internet service provider you're using. If that information is knowable, then tracking your online behavior isn't far behind. If you're lucky, all that happens is your web activity is monetized. But that's not alway the case.
For the most part, if you pick one of our Best VPN Services, you'll be well protected, be it on a PC or even a smart device (most of the best services offer software across all operating systems). But it never hurts to check. Things break, new exploits are found, and there's always a chance your VPN may be leaking more than you like. Here are some steps you can take to see if that's true.
Check Your IP Address
Your home has an IP address, not just a street address. The IP (internet protocol) address is the unique number assigned to your router by your ISP. Your internal home network also gives each node in your home—PCs, phones, consoles, smart appliances, anything connected to the router—an IP address. But in this case, we're only concerned with your public-facing IP address.
The IP address is how your computers/router talk to servers on the internet. They don't actually use names —like PCMag.com—because computers prefer numbers. IP addresses are typically bound not only to the ISPs that assign them but also specific locations. Spectrum or Comcast would have a range of IP addresses for one town and a different range for another town, etc. When someone has your IP address, they get a lot more than just some numbers: they can narrow down where you live.
IP addresses come in several formats, either a IPv4 (internet protocol version 4) version like 172.16.254.1 or and IPv6 type like 2001:0db8:0012:0001:3c5e:7354:0000:5db1.
Let's keep it simple. Your own public-facing IP address is easy to find. Go to Google and type "what's my IP address." Or go to sites like IPLocation, WhatIsMyAddress.com, or WhatIsMyIP.com. That latter three will show more than the IP; they'll also give you the Geo-IP, as in the location linked to the address.
Take the IP address that comes up and search for it in Google with IP in front, like "IP 172.16.254.1" (sans quotation marks). If it keeps coming up with your city location, your VPN has a big, messy leak.
Check for DNS Leak
The internet domain name system (DNS) is what makes IP addresses and domain names (like "pcmag.com") work. You type the domain name in a web browser, the DNS translates all the traffic moving back and forth from your browser to the web server using the IP address numbers, and everyone is happy. ISPs are part of that—they have DNS servers on their networks to help with the translation, and that gives them another avenue to follow you around. This video from ExpressVPN spells it out (and tells you up front why a VPN with DNS services is great).
Using a VPN means, in theory, your internet traffic is redirected to anonymous DNS servers. If your browser just sends the request to your ISP anyway, that's a DNS leak.
There are easy ways to test, again using websites like Hidester DNS Leak Test, DNSLeak.com, or DNS Leak Test.com. You'll get results that tell you the IP address and owner of the DNS server you're using. If it's your ISP's server, you've got a DNS leak.
DNSLeak.com, in particular, gives you a nice color-coded result, with "Looks like your DNS might be leaking..." in red, or green if you appear to be in the clear. Hidester gives you a full list of every DNS server you may hit. When several correspond to your actual ISP, that better underscores your leaky-ness.
Fixing the Leaks
If you do have a leak, you have a couple options. One, change your VPN to one that specifically works to prevent DNS leaks. Among our Editors' Choice picks are PureVPN, Private Internet Access VPN, and NordVPN. If you like your current VPN too much to switch, maybe buy Guavi's VPNCheck Pro for $19.92, which has its own DNS leak fix, in addition to monitoring your VPN for other issues.
You can also change the DNS servers used by your router when you send requests to the internet. This can be a little complicated as it requires you to go into the settings for your router, but might be worth it for other reasons. Services like Google Public DNS, Comodo Secure DNS, Norton ConnectSafe, or Cisco's OpenDNS do the trick and provide instructions on how to set them up with most routers. The latter has a personal version with various free options (even one geared specifically to family/parental controls that blocks questionable sites), or you can pay $19.95/year for extra services.
On the upside, making a DNS update to your router means all the traffic in your home or office uses the new DNS service and whatever ancillary features it provides. That includes phones, tablets, consoles, even talking speakers like Amazon Echo.
On the other hand, you're just handing your DNS traffic over to another corporation. You could instead invest in hardware at the router level to add extra security, but that may be overkill if you're not feeling terminally paranoid. At the very least, on individual PCs and handheld devices, get VPN software/apps for supplemental security all around.
Other Leak Plugs
Your location is probably something you've plugged into your browser at some point. If so, your browser is typically more than willing to share that information with the websites you visit, even if your VPN does not. Check the massive amount of data you may be giving up by visiting IPLeak.net.
- How to Stay Anonymous Online How to Stay Anonymous Online
Use an alternative browser when you want to be at your most secure—the Tor Browser, for example. It's all about keeping you anonymous, bouncing your requests around the world before they land on the web server you want, and back again. That makes it hard to find your local info and can slow things down overall, but it's a good bet for security.
If you can't stand the thought of giving up your current browser, use incognito mode, go the complicated route of setting up a fake location, or just get an extension like Location Guard (for Chrome or Firefox) to spoof your whereabouts.
If you're worried about your web-based email system, switch to ProtonMail. Not only does it redirect messages over the Tor network, it keeps everything encrypted. Proton Technologies also just released ProtonVPN for Mac, Windows, Linux, and Android. There is a tier of service that's free forever for one device—and includes DNS leak protection—while the paid versions support Tor servers and more.