According to research by GlobalWebIndex, in 2018, around 25% of Internet users have used a VPN service. There are several reasons for this spike in popularity, which you can read about in my previous article. One of the main reasons is the ability to bypass geo-blocks and gain access to, for example, a full Netflix library.
However, in the past few months, the use of VPNs shifted more towards cybersecurity. Protests in Hong Kong, Russia developing their version of the Internet, and, of course, China, — scared their citizens with the danger of the restricted Internet. Journalists and critical towards government regulations protesters turned to VPNs to ensure their online anonymity.
This is a far more serious use of a VPN than accessing BBC in the UK from Spain. That’s why I decided to write a brief analysis of VPN leaks, specific vulnerabilities that might undermine the anonymity VPN provides. Continue reading about six possible VPN leaks.
By far, this is the most critical and dangerous VPN leak. A VPN encrypts and reroutes online data traffic through their servers, that’s why ISPs, or any other third party spectator, can’t take a peek at what you’re up to online. The traffic is decrypted only after leaving VPNs server, so there’s a slim chance of it being traced back to the user.
Sadly, even the best VPN connections sometimes fail. And if a connection drops your device will most likely reconnect to original network thus exposing your further traffic without your knowledge. When picking a VPN server, always look for the ones that have a Kill Switch. Once turned on, a Kill Switch will block any attempt to reconnect to anywhere else than a VPN server, thus preventing the traffic leak from happening.
Of course, encryption algorithms can also be broken, but this is a topic worth another article and the consequences of that happening would go beyond VPN borders.
An IP address is your online address issued by your Internet Service Provider. It’s an essential part of how devices communicate on the Internet. However, since you are (typically) issued one IP address, it becomes possible to track your activities by monitoring the same IP address.
This is where VPN jumps in. It allows you to change your IP address, for example, you can choose one in Brazil, even though you are in Australia. Because all your traffic is encrypted and, as mentioned above, rerouted to VPNs server, — all your ISP can see is that you’re connected to some VPN, that is all.
Unless there’s an IP address leak.
An IP address leak might happen because of a flawed VPN design when instead of the chosen server, the user still is connected to the original one. However, this is rarely the case, and IP leak is a dangerous side effect of a few other leaks that I will explain below.
Now we’re getting a bit more specific when it comes to IP leaks.
Currently, most of the Internet communication happens via IPv4 addresses, a technology developed in the 1980s. However, due to the limited amount of the addresses it can provide, and the rapid growth of the Internet, there is a need for more IP addresses. And so IPv6 was developed, and slowly the Internet is adapting to this new technology.
The tricky part happens when there’s a conflict between the version of the address of the device and a web site. If a user is issued both IPv4 and IPv6 and communicates with a web site that also supports IPv6 (most of them don’t, so far), then IPv6 address will be sent to the website.
It’s vital to notice that it will happen even if the user has a VPN turned on and changed the primary IP address. IPv6 will bypass VPN change of IPv4 address and send the original IPv6 address to the website, thus resulting in an IPv6 address leak. That’s why reliable VPN providers implement IPv6 leak protection and only allow traffic between IPv4 addresses.
This is a rare, although probable, circumstance, which means it’s worth mentioning. If you know something about VPNs, privacy, or piracy, then you know that torrenting with an original IP address is a dangerous thing. However, there is a small nuance.
To put it short, a torrent client has to send tracker requests ahead of the packets that are being downloaded/uploaded. And for that reason, User Datagram Protocol (UDP), which is faster, is used. It is also one of the least protected protocols for device communication on the Internet.
In Layman’s terms, the torrent client sends these request through the faster channel, and can even bypass VPNs protection. This rarely happens, because most commercially available VPNs have implemented protection that blocks UDP traffic. However, it’s useful to double-check whether the required security measurements are there. Even if you use a Proxy IP address for torrenting session, UDP traffic will flow from the original one, thus resulting in a torrent IP address leak.
WebRTC stands for Web Real-Time Communication. This technology allows web browsers to share video and audio communication in real-time without the need for additional software. For example, you can make a Facebook video chat call using Mozilla to your buddy using iOS — all thanks to WebRTC. Sadly, due to the necessary functionality, WebRTC communication exposes users original IP address.
Firefox and Chrome have implemented WebRTC that allow requests to STUN servers be made that will return the local and public IP addresses for the user. These request results are available to javascript, so you can now obtain a users local and public IP addresses in javascript. This demo is an example implementation of that.
That’s how Daniel Roesler explained the logic behind the vulnerability, which he exposed in 2015. In other words, even if a user has a VPN turned on, WebRTC will send some requests to different servers from the original IP address, thus endangering the user. Once again, some VPN providers have implemented WebRTC protection and will block any requests made from the original IP address. On the other hand, cybersecurity experts recommend to turn off WebRTC support on a browser level, which is elaborately explained in this article.
This is by far the most common leak that is haunting low quality or free VPN services. DNS stands for Domain Name System, and, basically, it is the internets phone book. When you enter “www.amazon.com" this string of letters has to be transformed into an IP address of the server that is hosting their web page. So your device sends a request to a DNS server, which converts “www.amazon.com" into “52.91.237.17” and the communication between your device and Amazons server can begin.
Usually, particular ISPs have their own DNS servers. Imagine you’re on a VPN that encrypts your traffic and hides it behind their IP address but has no DNS Leak protection. Your device will then keep sending DNS requests to your ISP DNS server and this way they will know what web pages you visit. A good VPN provider will have their DNS servers, or will at least use a Cloudflare DNS, which is much harder to track.
All of these leaks can be easily checked for online. I prefer www.ipleak.net that shows IP address, DNS, WebRTC, IPv6 leaks. It has much more info that is not related to the topic of this article but is nonetheless useful for privacy concerned netizens. Being exposed is a bad thing, but being exposed under the false impression of security is even worse. So even when using a VPN, do an extra step and double-check whether your chosen service is not leaking.