Can you trust your VPN to keep your data private and secure? While some VPN providers do a good job of securing your connection, many others do not. In fact, in our own VPN tests conducted over the past six years for various reviews, we have found numerous popular VPN services leak data. This data includes IP addresses that could expose your identity and DNS requests that expose your browsing history.
One in-depth study of Android VPN apps found that 84% of the VPNs tested leaked the user’s IP address. In other words, many VPN services that market themselves as privacy and security solutions are in fact leaking your data when you go online.
Also concerning is the fact that many VPNs have broken features. This is often the case with “kill switches” that do not effectively block traffic or “IPv6 leak protection” that does not secure your true IPv6 address at all times. It only takes one leaked packet to expose your identity and activities to third parties.
In this VPN test guide we will cover two different levels of VPN tests:
- Basic tests – These are the tests that anyone can run. Simply connect to your VPN and then hit the testing sites. Unfortunately, these basic tests may not identify all leaks (such as brief reconnection leaks).
- Advanced tests – These tests require more technical proficiency to get everything set up correctly and involve analyzing traffic.
We’ll start with basic VPN test procedures to identify obvious problems.
Basic VPN testing procedures
Below are basic steps for identifying:
- DNS leaks
- IP address leaks (IPv4 and IPv6)
- WebRTC leaks
With these basic tests, you are relying on the testing website to identify problems.
For basic tests, I like to use ipleak.net as a general all-in-one testing site (created by AirVPN) along with the different Perfect Privacy test tools.
How to test for VPN leaks
To test for active leaks, simply connect to a VPN server and visit the test site. You are checking to see how the VPN performs when the connection is active and stable.
You can also simulate different interruptions to see how well the VPN does if network connectivity drops. For example:
- Connect to a VPN server and load ipleak.net in your internet browser.
- Manually interrupt your internet connection (disconnect) while the VPN client is running.
- Load a few different test websites while the VPN is reconnecting. This may identify brief reconnection leaks.
One common problem we find with many VPNs is IPv6 leaks. Since very few VPN service support IPv6, they will instead attempt to block it on your operating system. However, we have found that your real IPv6 address may still be leaking, even if your VPN is connected and stable.
VPN test websites
Here are a few testing sites you can use to check for different leaks:
- ipleak.net (IPv4, IPv6, WebRTC, and DNS) – from AirVPN
- Perfect Privacy Test tools (IPv4 and IPv6, DNS, WebRTC) – from Perfect Privacy
- ExpressVPN leak tests (IPv4, DNS, WebRTC) – from ExpressVPN
- test-ipv6.com (IPv4 and IPv6)
- dnsleaktest.com (use extended test to identify DNS leaks)
- BrowserLeaks WebRTC Test
- IPX.ac (IPv4, IPv6, WebRTC, DNS, browser fingerprinting, location data, and more) – from VPN.ac
- ipleak.org (IPv4, IPv6, WebRTC, DNS) – from VPNArea
Now let’s see what a VPN leak looks like.
Identifying VPN leaks
When you use the testing site ipleak.net, it is fairly easy to identify leaks and problems, especially when you are connected to a VPN server outside your country. Note, the WebRTC leak test will show local IP addresses (usually beginning with 10.xxx or 192.xxx or sometimes an alpha-numeric IPv6 address that is also local). These are not leaks, but rather your local IP addresses (further explained in our WebRTC leaks guide). If you see your real (Public) IPv4 or IPv6 under the WebRTC section, then these are indeed WebRTC leaks.
Below I am testing a popular VPN service for leaks. You can see that I am connected to a VPN server in the UK, but it is still leaking my private data.
With the test results above, you can see that my IPv4 address matches the IPv4 address of the VPN server (no IPv4 leak). However, there were still the following leaks:
- IPv6 address is leaking out of the tunnel (IPv6 leak)
- Under DNS Addresses, you can see there is a DNS leak on the right with my German ISP showing up.
- In the WebRTC section, my real IPv6 is again exposed (WebRTC leak)
Now let’s look at an example with no leaks.
VPN test with no leaks
Below is a leak test result from our NordVPN review:
Above, you can see there are no leaks with the IPv4 address matching the VPN location. IPv6 was blocked (no leaks) and there were also no WebRTC leaks. Finally, NordVPN’s encrypted DNS resolvers are handling all DNS requests. This is a perfect test result with no leaks detected.
For a list of recommended VPNs that have passed all tests with no leaks detected, see our list of the best VPNs here.
Advanced VPN tests
A more accurate method for identifying VPN leaks is to create a testing suite for your operating system and then run a barrage of tests to analyze traffic for leaked packets. Unfortunately, this is very time-consuming and simply not an option for many average VPN users.
Additionally, you will need a different VPN testing suite for every different operating system, from mobile to desktop operating systems.
If you want to devote some time to leak testing, there is an open-source leak testing suite available on GitHub here. This is a project that was released by ExpressVPN and the tools they use to test and ensure their own VPN is secure and leak-proof.
Checking your VPN for DNS leaks
The Domain Name System (DNS) is a system for converting URLs, such as restoreprivacy.com, into a numerical IP address, such as 205.251.197.66.
Without a VPN, this translation process is handled by your internet service provider (ISP). But this can be problematic because your DNS requests are clear text logs of every website you visit. Internet service providers can easily log these requests to record all browsing history of their customers. In the United States, the data can be sold to advertisers and other third parties. In the UK and Australia, the data is recorded and stored for up to two years and is available to authorities for whatever they want to do with it.
A DNS leak occurs when the translation request leaks out of the VPN tunnel, exposing the IP address (and location) of your internet service provider, as well as your browsing history. Many VPNs do not provide adequate DNS leak protection. This means your DNS requests may still go through your ISP and thereby exposing your online activities via DNS leaks.
DNS leak test sites
Here are some good websites to test your VPN for DNS leaks:
- Perfect Privacy DNS Leak Test (This site seems to detect DNS leaks when other websites do not find problems. Below the tests results you can also find a detailed explanation of DNS leaks.)
- IP/DNS Test at ipleak.net (This is another DNS leak test tool that also includes IP address leak results.)
To easily check your VPN for DNS leaks, first connect to a VPN server outside of your country. Then, if you see IP addresses in your country, and they belong to your ISP, then you have a DNS leak. You can see above there are two DNS requests leaking out while connected to a VPN server in the United States.
A DNS leak does not expose your IP address, but instead the IP address and location of your internet service provider (which can be linked back to you). Additionally, this exposes your browsing history via DNS requests.
Solution to DNS leaks: Find a VPN that uses its own secured and encrypted DNS resolvers. Below are four VPNs that use only their own secure DNS resolvers and did not have any leaks when I tested them for the respective reviews:
- NordVPN (based in Panama)
- Surfshark (based in the British Virgin Islands)
- ExpressVPN (based in the British Virgin Islands)
- Perfect Privacy (based in Switzerland)
You can also manually configure your operating system to use a third-party DNS provider. Here’s a list of alternative DNS options from WikiLeaks. Keep in mind, however, that these third-party DNS services could also be logging the requests. Therefore we still think a verified no logs VPN is the safest bet.
Check your VPN for IP address leaks (IPv4 and IPv6)
IP address leaks are a problem with many free VPN services – as well as some paid VPN services.
Here are some tests sites to check your VPN for IP leaks:
Solution for IP leaks: The best solution is to simply get a VPN that does not leak IPv4 or IPv6 addresses. Another option is to manually create firewall rules that block all non-VPN traffic, but this can be a hassle. IPv6 can also be manually disabled on most operating systems, but the gradual transition to IPv6 is still underway.
Testing VPNs for WebRTC leaks
A WebRTC leak test is important for anyone using Firefox, Chrome, Opera, or Chromium-based browsers. As explained in the WebRTC leak guide, the WebRTC issue is essentially a vulnerability with the browser – although there are some VPNs that protect against this. A WebRTC leak occurs when your IP address leaks out via WebRTC APIs.
Here are three different WebRTC leak tests:
- Perfect Privacy WebRTC Test (This tool will test to see if you have a WebRTC leak, while also providing a detailed explanation of WebRTC leaks at the bottom of the page.)
- BrowserLeaks WebRTC Test (Another WebRTC test that works well, also includes helpful WebRTC information.)
- ipleak.net
Solution for WebRTC leaks: Follow the steps in the WebRTC leak guide to disable or block WebRTC in your browser.
VPN speed test tools
If you’re looking to test VPN speed, here are three options:
What affects VPN speed?
There are many factors affecting speed that you should consider when testing. Here are a few:
- Distance between you and the VPN server – This is usually the biggest factor affecting speed. The further the distance, the slower the speed.
- Number of users on the VPN server – With so many VPNs over-selling their services, some VPNs have overloaded servers which results in slow speeds and dropped connections for their users.
- Regional bandwidth restrictions – Many countries have poor bandwidth infrastructure, which will limit your speed, regardless of how fast your ISP or VPN server is. A few examples of this are Germany and Australia. Another regional consideration is how many people are online at a given time of the day. High usage times can slow down speeds for everyone.
- Internet Service Provider – No matter how fast your VPN is, it won’t be faster than the speed provided by your ISP. The only (rare) exception to this rule is if your ISP is throttling (limiting) your bandwidth. They sometimes do this if you’re doing something they don’t like (such as torrenting). A VPN can potentially help with this issue by encrypting your connection and hiding your online activity from your ISP.
- Processing Power – Whenever you’re using a VPN, your computer is working in the background to encrypt and decrypt packets of information. This takes processing power. The faster your internet speed when using a VPN, the more processing power is needed. So even if your ISP and VPN are fast, your CPU may be limiting your full speed potential (but this mainly applies to very high speeds).
Here is the record for the fastest VPN speed test result, currently held by NordVPN, with downloads speeds up to 445 Mbps:
NordVPN offers the fastest speeds with the WireGuard VPN protocol, which they call NordLynx. There are also a few other VPNs that support WireGuard as well, such as Surfshark VPN and also VyprVPN.
VPN malware tests
Malware embedded in mobile VPN applications is a major problem to be aware of with free VPN apps.
There has been an explosion of various free VPN apps available in the Google Play and Apple Stores. Just like with other free products, such as Gmail and Facebook, the platform is monetizing the user by collecting data and selling it to third parties.
One study found that 38% of Android VPN apps contain malware.
Test for malware – To test for malware, simply upload the software file to VirusTotal. The database will scan the file using over 60 different Antivirus tests. While there is a chance for false positives, some researchers define a malicious app as one having four or more positive test results.
VPNs with excellent leak protection and security features
There are three VPNs that I have found to do the best job of protecting users against leaks in all types of scenarios including, reconnections, network interruptions, and VPN crashes. These two VPNs offer the best built-in leak protection features:
1. NordVPN – Based in Panama, no logs, fast, secure, and fully-featured
VPN | NordVPN |
Based in | Panama |
Logs | No logs (audited) |
Price | $3.29/mo. |
Support | 24/7 live chat |
Refund | 30 days |
Website | NordVPN.com |
NordVPN remains our top recommendation, simply because it excels in all areas. Whether you need a VPN with the maximum privacy and security, or a fast VPN for streaming and torrenting, NordVPN delivers. Having passed both security and audits and privacy audits verifying its no-logs claims, NordVPN earns high marks.
NordVPN offers numerous privacy and security features. They offer a VPN ad blocker called CyberSec to block ads, trackers, malware, and even phishing domains. NordVPN also has double-VPN servers that encrypt your traffic over two locations, thereby giving you a higher level of privacy and security. Below you can see the double-VPN servers I tested with NordVPN:
It is also a cheap VPN, coming in at around $3.29 per month with the coupon below. You can also see how NordVPN outperforms other industry leaders, such as in our ExpressVPN vs NordVPN comparison.
Drawbacks: The main drawback with NordVPN is that the best prices are only available with long-term subscriptions, but the coupon below will give you the best savings.
NordVPN’s Cyber Deal is live:
Get 63% Off NordVPN plus an additional 3 months FREE:
(Coupon is applied automatically.)
Our NordVPN review also has more test results and info.
2. Surfshark – Based in the British Virgin Islands, no logs, fast, and user-friendly
VPN | Surfshark |
Based in | The Netherlands |
Logs | No logs |
Price | $2.30/mo. |
Support | 24/7 live chat |
Refund | 30 days |
Website | Surfshark.com |
Another one of our top recommendations is Surfshark. It passed all of the VPN tests we put it through while also offering excellent performance. Both Surfshark and NordVPN now support the WireGuard VPN protocol, and can give you speeds up to 400 Mbps and more.
Like NordVPN, Surfshark is also a no-logs VPN service and has also passed a security audit conducted by Cure53. It works well for streaming and torrenting, while also offering user-friendly and reliable applications.
Drawbacks: Surfshark does not currently support WireGuard with Linux, but this is coming later in the year. Support for VPN routers is also limited with Surfshark. This may make it difficult to use a VPN with Apple TV and other devices that do not directly support VPNs.
Check out our Surfshark review for more info.
3. ExpressVPN – Based in the British Virgin Islands, no logs, secure, and reliable
VPN | ExpressVPN |
Based in | British Virgin Islands |
Logs | No logs (audited) |
Price | $6.67/mo. |
Support | 24/7 live chat |
Refund | 30 days |
Website | ExpressVPN.com |
ExpressVPN is another great option for a secure VPN that does not have any leaks. It is based in the British Virgin Islands and is an audited no-logs VPN service. ExpressVPN offers a tie selection of apps for all devices that are user-friendly and security. And while it does support many streaming services, it did not perform as well with unblocking BBC iPlayer, as we covered in the Surfshark vs ExpressVPN comparison.
Unlike NordVPN and Surfshark, ExpressVPN does not support the WireGuard VPN protocol. Instead, they have developed the Lightway protocol, which also offers fast speeds and quick connections. However, as noted in our NordVPN vs ExpressVPN comparison, NordVPN still comes out on top in head-to-head speed tests with WireGuard giving it a big advantage.
Drawbacks: ExpressVPN has fewer features than you will find with other VPNs. It also has an above-average price tag.
Check out our ExpressVPN review for more details.
You should regularly test your VPN
OK, so you now have a reliable VPN service and you’ve tested it to ensure everything is secure.
All done, right? Not quite.
We recommend running periodic checks of your VPN to ensure it is still working correctly. This is particularly important after updates, which can cause new issues with the VPN and its ability secure all traffic. Therefore you should check your VPN regularly with the VPN tests above.
See our current recommendations of the best VPN services here.
This VPN test guide was last updated with new information on January 8, 2023.
What do you think about whoer as a testing site?
whoer.net
UPDATE for readers:
NordVPN is running a Christmas sale with 3 months free.
this VPN is suppose to be groverment free app with VPN points operating you get points and they supply V P N false
What do you think of this article? Do you think the fact that ExpressVPN was bought by Kape might have an impact on the security and reliability of this service?
[https://www.cloudwards.net/kape-technologies-buys-expressvpn/]
I have a few questions (I use ExpressVPN):
1. When I try to test my internet speed on Speedtest app on my phone while VPN is activated, the app is able to detect my SIM provider! Why does that happen? Seems like this defeats the whole VPN purpose as my SIM provider’s name easily pinpoints where I am.
2. When I connect to YouTube using a server from France for example, YouTube takes me to a different YouTube version (not the french one). Why does this happen? I use Firefox and have all the add-ons that delete cookies, clear history, block ads, HTTPS, etc. Why does YouTube use a different country (it’s not the same country I’m in but close enough).
3. When I connect through France, some websites indicate that I am in Greece! Not sure why this happens.
I did all the tests on ExpressVPN and everything seems to be fine with no leaks and my IP address is not the real one. Not sure why such things happen. Would appreciate your response. I tried to contact ExpressVPN but they were of no help.
Hi, they may have reshuffled IP addresses and the third-party databases that track IP geolocation are not yet updated. These databases are maintained by other organizations, such as RIPE, not the VPN providers. This would explain the issues you are having.
Thanks for the response. It may explain the third point, but not the first two. It does not explain why my real SIM provider is detected and why YouTube detects a country very near to me (possibly because I have a language setting in my browser that this country also speaks but I also disabled the language completely from my computer and YouTube still showed the same country). I would really appreciate your opinion on this. Just makes me doubt the whole “anonymity” of where the connection is coming from.
IP geolocation is not the only way to track you as far as I know. The browser or other app might be able to access you wifi and your vicinity by using the googles ssid geolocation. If you ar using a mobile device it might be able to access you gps?
A website can read SIM provider name and other hardware identifiers by executing Java script in the browser of your device!
Hope thats answers your concer.
Dear big brother,
excellent site for a novice like me to understand privacy and how to increase our protection online.
i am enjoying your articles.
one question-
How to hide MAC address as it can also be traced by ubiquitous google and other companies??
I’m not sure how useful this would be and/or if it’s even worth the effort, since the MAC should only be visible to other local devices on your network. But anyway, I don’t have any guides on MAC spoofing.
iOS generates a different MAC address for each different wifi network you connect, indeed meant to prevent you mac address to be used as a global identifier accross networks.
Additionally when it scans for wifi networks when not connected it changes the mac for each scan I seem to recall. This second part I am not sure if it is each scan but it randomizes frequently.
For these generated MAC addresses they use adresses uit the “Localy Administrated” range as such preventing also the identification of the network vendor. See https://en.wikipedia.org/wiki/MAC_address. Section Ranges of group and locally administered addresses for the 4 ranges to be used.
Hi Sven,
ExpressVPN is more expensive than f.e. NordVPN or Surfshark. Is it worth the extra money to get ExpressVPN?
And is NordVPN reliable enough, when it comes to privacy/leaking data?
Hi Lolalina, it’s a close call. ExpressVPN and NordVPN are both excellent VPNs. NordVPN is probably the best value, however, at $3.30 per month with the current 63% discounted rate here.
Surfshark is also a good option, and it’s cheap, but speeds aren’t as good as ExpressVPN and NordVPN.
What about the paid version of ProtonVPN, is that as good as ExpressVPN or Perfect Privacy?
Yep, ProtonVPN is a solid choice, although speeds are not as good as with ExpressVPN or Perfect Privacy. See the ProtonVPN review for details.
My subscription for Norton 360 comes with a VPN feature, how would you rate it’s effectiveness?
Norton Secure VPN Review
can we change vpn timing
hello Sven – any thoughts on the security of surfshark vpn. i tested it for the last 2 days, the speed looks pretty good and tested for dns leak and stuff, i didn’t find any, but i’m not a technical expert in this field. can you shed some light on the reliability/credibility of surfshark vpn.
Hey Nate, Surfshark did well in testing for the Surfshark review. It’s a solid VPN for a low price.
And you can’t go wrong with the 81% discount prices.
Hi! What do you think about namecheap VPN? Is it good? Any reviews soon?
We’ll be reviewing it soon.
Sven,
When I use a VPN on a Linux distro and run a DNS leak test, it shows the IP is changed correctly, but it lists two DNS servers– one is from the VPN service and the other is my default DNS. That is, the one used when I do not use my VPN. How can I tell if the default DNS is in the VPN tunnel, and hence not leaking, or outside the tunnel and thus leaking?
Thank you for your help.
Sounds like you have a DNS leak. I’d reach out to your VPN about fixing DNS leaks on your Linux OS.
Hello Sven – I wonder if you can answer this. I am connecting via a well known & well rated VPN service, to a well known Speedtest service, so I can see how my internet connection is performing. However, when the Speedtest screen displays, it seems to know where I (really) am. How is this possible if the VPN service is working properly (we did a leaks check and it didn’t appear to be leaking) ? Also, if the Speedtest service knows where I am, then presumably some of the streaming services I try to connect to via the VPN will also know and will block my access – which makes use of the VPN pointless. Would really appreciate your wisdom on this. Thanks in advance for your reply.
There are many variables and potential leaks. Perhaps it’s just a cookie on your browser from when you visited the speed test site without a VPN. Try clearing cookies and cache.
Thanks for the advice, appreciate it.
Interestingly, after clearing cache and cookies, I ran the App again and it still picked up where I am. But then I went to the Speedtest website (not the App) and ran the test, it thinks I am in the location routed by my VPN. So the App knows something the website version doesn’t !!….?
Device location is most likely why, turn it off
Hi seven,
I live outside US and I have an offer to work online data entry operator for an American company but they said i have to work through vpn US based server. If by some means vpn is disconnected and my original ip showed during entry, my id will be blocked. So i am interested to purchase VPN. Which vpn will you recommend to purchase for for throughout connecting to US server 🇺🇸.
Hi, my current top VPN recommendation is ExpressVPN (with three months free coupon). It has a large US server network and a secure kill switch (Network Lock) to keep your data safe and ensure your non-US IP address is not exposed.
Have you tested Surfshark VPN
Not yet, but I will do that soon.
Hi Sven,
Would you recommend any free VPNs?
Probably the only free VPN I’d recommend is ProtonVPN.
Hi Sven,
I friend of mine recommended Hexatech VPN for Android.
Have you done any reviews of this VPN?
If so, is it a good choice?
Hi Henry. Hexatech VPN is definitely not recommended. It is from the same people behind Betternet VPN (see in their website footer). Betternet was caught embedding malware and tracking libraries in their mobile VPN apps for data collection – discussed in the Betternet review.