One little secret of the VPN industry is that many VPNs leak.
One in-depth study of Android VPN apps found that 84% of the VPNs tested leaked the user’s IP address. I’ve also confirmed in my VPN reviews that many paid VPNs are vulnerable to traffic leaks as well.
In other words, many of the VPN services that market themselves as privacy and security solutions are in fact leaking your IP address and/or DNS requests all over the internet.
Also concerning is the fact that many VPNs have broken features. This is often the case with “kill switches” that do not effectively block traffic or “IPv6 leak protection” that does not secure your IPv6 address. It only takes one leaked packet to expose your identity and activities to third parties.
In this guide we’ll cover two different levels of VPN tests:
- Basic tests – These are the tests that anyone can run. Simply connect to your VPN and then hit the testing sites. Unfortunately, these basic tests may not identify all leaks (such as brief reconnection leaks).
- Advanced tests – These tests require more technical proficiency to get everything set up correctly, but they will identify any leaks you may have with your VPN. ExpressVPN put together the best testing suite available for in-depth leak testing. These testing tools are open source and available here on GitHub.
We’ll start with basic VPN test procedures to identify obvious problems.
Basic VPN tests
Below are basic steps for identifying:
- DNS leaks
- IP address leaks (IPv4 and IPv6)
- WebRTC leaks
With these basic tests, you are relying on the testing website to identify problems.
For basic tests, I like to use ipleak.net as a general all-in-one testing site (created by AirVPN) along with the different Perfect Privacy test tools.
Testing for VPN leaks
To test for active leaks, simply connect to a VPN server and visit the test site. You are checking to see how the VPN performs when the connection is active and stable.
You can also simulate different interruptions to see how well the VPN does if network connectivity drops. For example:
- Connect to a VPN server and load ipleak.net in your internet browser.
- Manually interrupt your internet connection (disconnect) while the VPN client is running.
- Load a few different test websites while the VPN is reconnecting. This may identify brief reconnection leaks.
One common problem we find with many VPNs is IPv6 leaks. Since very few VPN service support IPv6, they will instead attempt to block it on your operating system. However, we have found that your real IPv6 address may still be leaking, even if your VPN is connected and stable.
VPN test websites
Here are a few testing sites you can use to check for different leaks:
- ipleak.net (IPv4, IPv6, WebRTC, and DNS) – from AirVPN
- Perfect Privacy Test tools (IPv4 and IPv6, DNS, WebRTC) – from Perfect Privacy
- ExpressVPN leak tests (IPv4, DNS, WebRTC) – from ExpressVPN
- test-ipv6.com (IPv4 and IPv6)
- dnsleaktest.com (use extended test to identify DNS leaks)
- BrowserLeaks WebRTC Test
- IPX.ac (IPv4, IPv6, WebRTC, DNS, browser fingerprinting, location data, and more) – from VPN.ac
- ipleak.org (IPv4, IPv6, WebRTC, DNS) – from VPNArea
Now let’s see what a VPN leak looks like.
Identifying VPN leaks
When you use the testing site ipleak.net, it is fairly easy to identify leaks and problems, especially when you are connected to a VPN server outside your country. Note, the WebRTC leak test will show local IP addresses (usually beginning with 10.xxx or 192.xxx or sometimes an alpha-numeric IPv6 address that is also local). These are not leaks, but rather your local IP addresses (further explained in our WebRTC leaks guide). If you see your real (Public) IPv4 or IPv6 under the WebRTC section, then these are indeed WebRTC leaks.
Below I am testing a popular VPN service for leaks. You can see that I am connected to a VPN server in the UK, but it is still leaking my private data.
With the test results above, you can see that my IPv4 address matches the IPv4 address of the VPN server (no IPv4 leak). However, there were still the following leaks:
- IPv6 address is leaking out of the tunnel (IPv6 leak)
- Under DNS Addresses, you can see there is a DNS leak on the right with my German ISP showing up.
- In the WebRTC section, my real IPv6 is again exposed (WebRTC leak)
Now let’s look at an example with no leaks.
VPN test with no leaks
Below is a leak test result with ExpressVPN, our top VPN for 2020.
Above, you can see there are no leaks with the IPv4 address matching the VPN location. IPv6 was blocked (no leaks) and there were also no WebRTC leaks. Finally, ExpressVPN’s encrypted DNS resolvers are handling all DNS requests. This is a perfect test result with no leaks detected.
Advanced VPN tests
The best method for identifying VPN leaks is to create a testing suite for your operating system and then run a barrage of tests to analyze traffic for leaked packets.
Creating a testing suite to capture and analyze traffic can be somewhat complex depending on the operating system you are using.
If you want to devote some time to leak testing, there is an open-source leak testing suite available on GitHub here. This is a project that was released by ExpressVPN and the tools they use to test and ensure their own VPN is secure and leak-proof.
Quick start – Check out the quick start guide to set up your test machines to identify leaks with your VPN service.
Checking your VPN for DNS leaks
The Domain Name System (DNS) is a system for converting URLs, such as restoreprivacy.com, into a numerical IP address, such as 205.251.197.66.
Without a VPN, this translation process is handled by your internet service provider (ISP). But this can be problematic because your DNS requests are clear text logs of every website you visit. Internet service providers can easily log these requests to record all browsing history of their customers. In the United States, the data can be sold to advertisers and other third parties. In the UK and Australia, the data is recorded and stored for up to two years and is available to authorities for whatever they want to do with it.
A DNS leak occurs when the translation request leaks out of the VPN tunnel, exposing the IP address (and location) of your internet service provider, as well as your browsing history. Many VPNs do not provide adequate DNS leak protection. This means your DNS requests may still go through your ISP and thereby exposing your online activities via DNS leaks.
DNS leak test sites
Here are some good websites to test your VPN for DNS leaks:
- Perfect Privacy DNS Leak Test (This site seems to detect DNS leaks when other websites do not find problems. Below the tests results you can also find a detailed explanation of DNS leaks.)
- IP/DNS Test at ipleak.net (This is another DNS leak test tool that also includes IP address leak results.)
To easily check your VPN for DNS leaks, first connect to a VPN server outside of your country. Then, if you see IP addresses in your country, and they belong to your ISP, then you have a DNS leak. You can see above there are two DNS requests leaking out while connected to a VPN server in the United States.
A DNS leak does not expose your IP address, but instead the IP address and location of your internet service provider (which can be linked back to you). Additionally, this exposes your browsing history via DNS requests.
Solution to DNS leaks: Find a VPN that uses its own secured and encrypted DNS resolvers. Below are four VPNs that use only their own secure DNS resolvers and did not have any leaks when I tested them for the respective reviews:
- ExpressVPN (based in the British Virgin Islands)
- NordVPN (based in Panama)
- Perfect Privacy (based in Switzerland)
- Surfshark (based in the British Virgin Islands)
You can also manually configure your operating system to use a third-party DNS provider. Here’s a list of alternative DNS options from WikiLeaks. Keep in mind, however, that these third-party DNS services could also be logging the requests. Therefore we still think a verified no logs VPN is the safest bet.
Check your VPN for IP address leaks (IPv4 and IPv6)
IP address leaks are a problem with many free VPN services – as well as some paid VPN services.
Here are some tests sites to check your VPN for IP leaks:
Solution for IP leaks: The best solution is to simply get a VPN that does not leak IPv4 or IPv6 addresses. Another option is to manually create firewall rules that block all non-VPN traffic, but this can be a hassle. IPv6 can also be manually disabled on most operating systems, but the gradual transition to IPv6 is still underway.
Testing VPNs for WebRTC leaks
A WebRTC leak test is important for anyone using Firefox, Chrome, Opera, or Chromium-based browsers. As explained in the WebRTC leak guide, the WebRTC issue is essentially a vulnerability with the browser – although there are some VPNs that protect against this. A WebRTC leak occurs when your IP address leaks out via WebRTC APIs.
Here are three different WebRTC leak tests:
- Perfect Privacy WebRTC Test (This tool will test to see if you have a WebRTC leak, while also providing a detailed explanation of WebRTC leaks at the bottom of the page.)
- BrowserLeaks WebRTC Test (Another WebRTC test that works well, also includes helpful WebRTC information.)
- ipleak.net
Solution for WebRTC leaks: Follow the steps in the WebRTC leak guide to disable or block WebRTC in your browser.
VPN speed test
If you’re looking to test VPN speed, here are three options:
What affects VPN speed?
There are many factors affecting speed that you should consider when testing. Here are a few:
- Distance between you and the VPN server – This is usually the biggest factor affecting speed. The further the distance, the slower the speed.
- Number of users on the VPN server – With so many VPNs over-selling their services, some VPNs have overloaded servers which results in slow speeds and dropped connections for their users.
- Regional bandwidth restrictions – Many countries have poor bandwidth infrastructure, which will limit your speed, regardless of how fast your ISP or VPN server is. A few examples of this are Germany and Australia. Another regional consideration is how many people are online at a given time of the day. High usage times can slow down speeds for everyone.
- Internet Service Provider – No matter how fast your VPN is, it won’t be faster than the speed provided by your ISP. The only (rare) exception to this rule is if your ISP is throttling (limiting) your bandwidth. They sometimes do this if you’re doing something they don’t like (such as torrenting). A VPN can potentially help with this issue by encrypting your connection and hiding your online activity from your ISP.
- Processing Power – Whenever you’re using a VPN, your computer is working in the background to encrypt and decrypt packets of information. This takes processing power. The faster your internet speed when using a VPN, the more processing power is needed. So even if your ISP and VPN are fast, your CPU may be limiting your full speed potential (but this mainly applies to very high speeds).
Here is the record for the fastest VPN speed test result, currently held by NordVPN.
NordVPN offers the fastest speeds with the WireGuard VPN protocol, which they call NordLynx. And you can get a 68% discount here.
VPN malware tests
Malware embedded in mobile VPN applications is a major problem to be aware of with free VPN apps.
There has been an explosion of various free VPN apps available in the Google Play and Apple Stores. Just like with other free products, such as Gmail and Facebook, the platform is monetizing the user by collecting data and selling it to third parties.
One study found that 38% of Android VPN apps contain malware.
Test for malware – To test for malware, simply upload the software file to VirusTotal. The database will scan the file using over 60 different Antivirus tests. While there is a chance for false positives, some researchers define a malicious app as one having four or more positive test results.
VPNs with the best leak protection
There are three VPNs that I have found to do the best job of protecting users against leaks in all types of scenarios including, reconnections, network interruptions, and VPN crashes. These two VPNs offer the best built-in leak protection features:
- ExpressVPN – This VPN has excellent leak protection features on all apps and strong encryption. It is known for solid performance, but it does not support the WireGuard protocol.
- NordVPN – All desktop and mobile VPN apps include built-in leak protection and strong encryption. Additionally, NordVPN offers double-VPN servers and a CyberSec feature that blocks ads, trackers, and malware domains.
- Perfect Privacy – This VPN offers advanced leak protection settings along with full IPv6 support, but it’s somewhat expensive.
Whatever VPN you are using, it’s a good idea to periodically check for leaks and other issues, especially after any updates.
Last updated with new information on June 25, 2020.
I have a few questions (I use ExpressVPN):
1. When I try to test my internet speed on Speedtest app on my phone while VPN is activated, the app is able to detect my SIM provider! Why does that happen? Seems like this defeats the whole VPN purpose as my SIM provider’s name easily pinpoints where I am.
2. When I connect to YouTube using a server from France for example, YouTube takes me to a different YouTube version (not the french one). Why does this happen? I use Firefox and have all the add-ons that delete cookies, clear history, block ads, HTTPS, etc. Why does YouTube use a different country (it’s not the same country I’m in but close enough).
3. When I connect through France, some websites indicate that I am in Greece! Not sure why this happens.
I did all the tests on ExpressVPN and everything seems to be fine with no leaks and my IP address is not the real one. Not sure why such things happen. Would appreciate your response. I tried to contact ExpressVPN but they were of no help.
Hi, they may have reshuffled IP addresses and the third-party databases that track IP geolocation are not yet updated. These databases are maintained by other organizations, such as RIPE, not the VPN providers. This would explain the issues you are having.
Thanks for the response. It may explain the third point, but not the first two. It does not explain why my real SIM provider is detected and why YouTube detects a country very near to me (possibly because I have a language setting in my browser that this country also speaks but I also disabled the language completely from my computer and YouTube still showed the same country). I would really appreciate your opinion on this. Just makes me doubt the whole “anonymity” of where the connection is coming from.
Dear big brother,
excellent site for a novice like me to understand privacy and how to increase our protection online.
i am enjoying your articles.
one question-
How to hide MAC address as it can also be traced by ubiquitous google and other companies??
I’m not sure how useful this would be and/or if it’s even worth the effort, since the MAC should only be visible to other local devices on your network. But anyway, I don’t have any guides on MAC spoofing.
Hi Sven,
ExpressVPN is more expensive than f.e. NordVPN or Surfshark. Is it worth the extra money to get ExpressVPN?
And is NordVPN reliable enough, when it comes to privacy/leaking data?
Hi Lolalina, it’s a close call. ExpressVPN and NordVPN are both excellent VPNs. NordVPN is probably the best value, however, at $3.71 per month with the current 68% discounted rate here.
Surfshark is also a good option, and it’s cheap, but speeds aren’t as good as ExpressVPN and NordVPN.
What about the paid version of ProtonVPN, is that as good as ExpressVPN or Perfect Privacy?
Yep, ProtonVPN is a solid choice, although speeds are not as good as with ExpressVPN or Perfect Privacy. See the ProtonVPN review for details.
My subscription for Norton 360 comes with a VPN feature, how would you rate it’s effectiveness?
Norton Secure VPN Review
can we change vpn timing
hello Sven – any thoughts on the security of surfshark vpn. i tested it for the last 2 days, the speed looks pretty good and tested for dns leak and stuff, i didn’t find any, but i’m not a technical expert in this field. can you shed some light on the reliability/credibility of surfshark vpn.
Hey Nate, Surfshark did well in testing for the Surfshark review. It’s a solid VPN for a low price.
And you can’t go wrong with the 81% discount prices.
Hi! What do you think about namecheap VPN? Is it good? Any reviews soon?
We’ll be reviewing it soon.
Sven,
When I use a VPN on a Linux distro and run a DNS leak test, it shows the IP is changed correctly, but it lists two DNS servers– one is from the VPN service and the other is my default DNS. That is, the one used when I do not use my VPN. How can I tell if the default DNS is in the VPN tunnel, and hence not leaking, or outside the tunnel and thus leaking?
Thank you for your help.
Sounds like you have a DNS leak. I’d reach out to your VPN about fixing DNS leaks on your Linux OS.
Hello Sven – I wonder if you can answer this. I am connecting via a well known & well rated VPN service, to a well known Speedtest service, so I can see how my internet connection is performing. However, when the Speedtest screen displays, it seems to know where I (really) am. How is this possible if the VPN service is working properly (we did a leaks check and it didn’t appear to be leaking) ? Also, if the Speedtest service knows where I am, then presumably some of the streaming services I try to connect to via the VPN will also know and will block my access – which makes use of the VPN pointless. Would really appreciate your wisdom on this. Thanks in advance for your reply.
There are many variables and potential leaks. Perhaps it’s just a cookie on your browser from when you visited the speed test site without a VPN. Try clearing cookies and cache.
Thanks for the advice, appreciate it.
Interestingly, after clearing cache and cookies, I ran the App again and it still picked up where I am. But then I went to the Speedtest website (not the App) and ran the test, it thinks I am in the location routed by my VPN. So the App knows something the website version doesn’t !!….?
Hi seven,
I live outside US and I have an offer to work online data entry operator for an American company but they said i have to work through vpn US based server. If by some means vpn is disconnected and my original ip showed during entry, my id will be blocked. So i am interested to purchase VPN. Which vpn will you recommend to purchase for for throughout connecting to US server 🇺🇸.
Hi, my current top VPN recommendation is ExpressVPN (with three months free coupon). It has a large US server network and a secure kill switch (Network Lock) to keep your data safe and ensure your non-US IP address is not exposed.
Have you tested Surfshark VPN
Not yet, but I will do that soon.
Hi Sven,
Would you recommend any free VPNs?
Probably the only free VPN I’d recommend is ProtonVPN.
Hi Sven,
I friend of mine recommended Hexatech VPN for Android.
Have you done any reviews of this VPN?
If so, is it a good choice?
Hi Henry. Hexatech VPN is definitely not recommended. It is from the same people behind Betternet VPN (see in their website footer). Betternet was caught embedding malware and tracking libraries in their mobile VPN apps for data collection – discussed in the Betternet review.
Nothing is said about PIA vpn in any of the pages. Has this been tested?
See the PIA review.
And in recent news, PIA was acquired by Kape, a company that produced malware and adware.
Bro did u check Kaspersky vpn
Hi Sven
i tested most of TOP VPN services in premium mode and all of them FAIL in 99% of tests on [https://www.ipqualityscore.com].
VPN/Proxy using is in most cases detected with even FRAUD SCORE for tested IP dedicated by VPN.
any way to “look clear” there ?
Tnx
VPNs use commercial (data center) IP addresses, rather than residential IP addresses. Of course this tool will classify them as more “suspicious” than a residential IP, but I don’t see why that matter or make any tangible difference on anything. Banks and payment processors may blacklist certain IP addresses that have been used for fraud or email spam in the past. If you’re running into issues, just connect to a different VPN server.
Hi Sven,
Just a general question regarding VPNs, if I may. ANY VPN can see all of my unencrypted traffic, right?
If yes, how much protection does a VPN actually provide if Interpol or the NSA told the VPN to “co-operate” or else?
Thanks
Hi, in general, yes, a VPN can technically see traffic going through their servers and that’s why choosing a trustworthy VPN is so important. Some VPNs operate all servers in RAM-disk mode, rather than hard drives, thereby making it impossible to store or record any data on the servers – see with Perfect Privacy and also ExpressVPN with their new TrustedServer feature.
Sven, you give me hope.
I’d like your comments on this article:
https://arstechnica.com/information-technology/2015/10/how-the-nsa-can-break-trillions-of-encrypted-web-and-vpn-connections/
How often do the VPNs change their prime number keys?
It all depends on your adversary and threat model. If the NSA has singled you out for advanced targeted surveillance, where they will deploy vast resources to see exactly what you’re up to, then that’s a tough situation. Good luck and who knows. I still trust the math, which says OpenVPN with AES-256 encryption is currently unbreakable, but there are many ways to de-anonymize someone, aside from just the VPN cipher, and who knows the full capabilities of NSA and GCHQ. Regarding prime number keys, I’d pose that question to the VPNs you’re interested in.
Sir,
Excellent discussion & links for: Tests, resolution of errors & alternative VPN providers.
ThanX
LightMan
Nice to know some little things.
Would you mind giving me some little info on HIDEMAN VPN.
Hi Sven,
I am wondering with ExpressVPN (or any other VPN for that matter) do you know if they support drop protection or kill switch with the Android app? I have been trying to find information on this but it does not seem to be available. All that is really stated is that all the applications they make for Windows/Linux/Android etc. are all equally secure. Is this true or is their a difference in protection from one platform to another?
Hi Xavier, yes, ExpressVPN offers a kill switch feature with their Android app which is activated under Network Protection settings of the app. In the ExpressVPN Android app, go to the menu (≡) > Settings > Network Protection, and then toggle Block internet when unable to connect or reconnect to VPN.
Thanks for you quick reply Sven, could you tell me what version of the ExpressVPN Android app you’re using? I believe I am using the latest 7.3.0 (9662) but I do not have the menu “Network Protection” under my Settings menu. I only have VPN Protocol.. Connect on Startup.. Split Tunneling.. App and Website Shortcuts.. Help Improve.. and Language.
Xavier, I don’t have it currently loaded on an Android device I can test. That info was from the website, you should contact their support.
Most Android phones have this feature. Hopefully yours is running a relatively recent Android version. I don’t know when they implemented it.
Go to settings –> WiFi –> advanced –> VPN –> assuming you’re currently using the VPN you want to always be on and block it when the connection drops, check “always-on VPN” and check “block connections without a VPN”. If your Android doesn’t have that feature, it’s either too old and hasn’t been updated or your phone manufacturer must have restricted it(I don’t know if that’s legal or whatever but it is what it is). Hope this helps.
Hello,
Sorry for my English, I speak French.
If I adhere to vpn express and install their firmware on my Linksys wrt1900acs to always have my network my cell laptop and smart tv devices always on the right aies-I need to always connect to my laptop via their servers and keep my computer connected and running And if I don’t connect my laptop on their server is what my network is secure like it would with the firmware Linksys without vpn?
Thanks
Hi Sven,
Is there actually a list with all of the VPNs that you have already tried and tested?
Just wondering as I am using the Cyber Ghost VPN based in Romania and am posing myself a few Qs. What is your general impression of the service if you tested it before. Also with some of the tests that you provide above I noticed that the particular test still managed to find the country that I am in. At least that is what I assume. After all I cannot be entirely sure as I am always using the above mentioned VPN and the TOR browser for enhanced security… Although this also entails some issues since some sites do not “support” the TOR browser as they want to get your data…
Also I am as you say concerned about privacy. I am, however, not a programmer and am not entirely sure that I sufficiently understand the git hub link that you published above. Do I need to get into serious programming to understand this: https://github.com/expressvpn/expressvpn_leak_testing ?
I have by the way stumbled several times across the Git Hub site now. Is there a general “instruction manual” / website etc. i.e. to better understand how this functions, please? THX
Hello, see the CyberGhost review and also all VPN reviews.
Yes, there is some technical know-how required to run the tests through ExpressVPN’s python script.
Hello Sven,
All I can say is s***. I cannot believe what I just read with regards to the review that you wrote. What a bugger! All I can say is that it is time to switch… Thank you very much for your sorrow investigations concerning the VPN investigation that you do.
Hi Sven,
thank you for your great work! Please tell me do you know if ExpressVPN is able to see the IP address of their user and the websites he/she is visiting if they would monitoring it in a real-time? Thanks
Yes, any VPN could monitor traffic, including incoming/outgoing IP addresses, through their servers, hence the importance of getting a trustworthy VPN.
These are the tests I’ve been using for years:
https://www.dnsleaktest.com/ (extended test)
https://diafygi.github.io/webrtc-ips/
http://ipleak.net/
https://www.browserleaks.com/webrtc
http://test-ipv6.com/
It seems like all these tools is web-based. But if you need to test your DNS leak in the command line, you probably would like to use another tool like this one https://github.com/macvk/dnsleaktest
ExpressVPN’s tools on Github are not web-based.
Sven,
What are your thoughts about StrongVPN? Have you ever reviewed them?
Hi Steve, I don’t have a StrongVPN review, but it’s based in the US and the feedback I’ve seen online hasn’t been very positive. That being said, I’ll withhold any opinion until I get a review of their service done.
Based on your reviews, I’m considering purchasing ExpressVPN. Do you have any personal or business affiliation with them or anyone in that company?
Jay
Hi Jay, how the site is financed is explained on the mission page here. ExpressVPN is an affiliate, as are many other VPNs (but not all).
I have the same question as mruad. I am about to buy NordVPN but I can’t find any “real” reviews about NordVPN and I need to make sure my connection is safe because I’m YIFY-ing it up at Hotel rooms. Would like to know about NordVPN because it seems great so far but I would like to hear from someone here first. (Google yify if you don’t know what I’m talking about because I’m at a Best Western Hotel now and need to stay safe.)
Hi Murphy, I did not find any leaks or problems in the NordVPN review. Be sure the kill switch is on and you should be good to go!
Did anyone test nordVPN, or has any kind of notes on it?
Review on NordVPN from this very same site RestorePrivacy.com
https://restoreprivacy.com/vpn/reviews/nordvpn/
Cheers 🙂
I recently purchased a Netgear x6s AC 3000.
Netgears OpenVpn doesn’t connect. In order to enable it u have to create a Dynamic dns and use OpenVpn Connect to import your profile to connect. It doesn’t connect. There OpenVPN is only used to connect outside your network to your network.
Would you purchase a Asus router instead or use Vypyn VPN on the Netgear?
Hi Mark, I’m not too familiar with that router. Perhaps you could check out flashing it with a different firmware that would work better for you – see the VPN router guide.
Wish I would have found your article before, when I was seriously annoyed trying to figure out where exactly my leak was coming from. I use Nordvpn, and set it up on my router. As they don’t (yet) support IPv6, that was where the leak came from. I had to disable IPv6 (wan6) interface on my router, otherwise the IPv6 address was generated by ISP as VPN provider doesn’t support it. Official applicaiton will block IPv6 because of no support for it, but OpenVPN on router doesn’t (maybe there is a way to configure it to do so, though I’m not sure). As like DNS was the previous leak i had, which i had to configure wan interface by unchecking ‘use dns advertised by peers) and use primary and secondary dns of vpn provider, otherwise it would be a leak. As I also hard to disable WebRTC in firefox, but I prefer using Tor Browser when I dont have huge files to download (400kbps download speed would be too slow to download ~20GB) other than that, I everything is already now. I’ve used all testing sites you have in this article, as well as I’ve performed the advanced test @ github. Just wanted to say, thank you 🙂
Hi Daryn, happy to help. Disabling WebRTC is easy in Firefox via about:config – see instructions here.
Hi Sven
What do you think about privacy browsers, such as Epic? the tool has built-in VPN/proxy something – I’m not an expert but the browser has passed (i think so) tests from links you have shared. (DNS leak, ipvanish, penta…) please check if these tools are protected and trustworthy.
Hi Pepe, I’d opt for the Tor browser in combination with a VPN and the Tor network disabled. This is explained more in the browser fingerprinting article. I’ve read that Epic browser leaks (here and here).
I am using free TunnelBear VPN and so far it’s great. There are lots of infomation on the bussiness. It also passed Iv4P, DNS, IP, but it didn’t have Iv6P. Is that a problem? If so, why?
Hi CP, most VPNs do not support IPv6, which means you will only get an IPV4 address when you connect to a VPN server and they will block IPv6. For mobile devices, this can be a problem because we are moving toward IPv6-only mobile networks. For computers, this is not such a big problem… yet. But we’re slowly transitioning to IPv6.
Thank you for your reply. That explains why some websites crash whenever I use a VPN. I have to turn off so I could access IPv6 websites, which is a big inconvenience.
Do you know the difference between a proxy and a VPN? You’ve mentioned it that Opera has one, but it didn’t go into much detail how a proxy works.
Hi CP, the main difference is encryption, even though both allow you to hide your true IP address. A VPN, however, will offer a higher level of encryption, which provides more security and privacy protection. Some VPNs offer browser extension proxies as well, such as VPN.ac. There is also a difference in performance. A proxy will generally be faster than a VPN – again, because of encryption.
Is windscribe okay
I don’t think it is dangerous/malicious like many of the free VPN apps you find. Windscribe uses the “freemium” business model, giving users about 10 GB of free bandwidth, before they have to pay.
Hi Sven, can you suggest a number of good VPN to use within the UK? Thanks.
Hi Queen, if you are in the UK, I’d generally recommend avoiding UK providers. Any of the recommended providers on the best VPN page should work fine. I’ve tested all of them with European and American servers – if they are on the list they did well in testing.
Another good test you can find here: https://www.doileak.com/
I shall highly appreciate your feedback on IP HIDER PRO. I find that it passes all the leak tests – IP, DNS, Web RTC etc. Speed is also great. I am planning to buy it and hence need your assessment.
Thanks
Hi PB, I’m not so sure about that one. The website looks like it hasn’t been updated since 2016 and there is barely any information about the business, jurisdiction, or operating details of the company. These are red flags to me.
I have pure VPN and with a few exceptions I find it pretty good. I am not sure what it is related to, but there are some DNS leaks with it dependant upon the test. PureVPN seems to pass all tests you throw at it from your blog, except the DNS tests. It passed DNS leaks across 4 other web sites showing google in chile. However, on your DNS leak tets 4 of the listed addresses were not mine, but the IP of my service provider. What does that mean? I have not run into any blocked sites of yet, and have been using it for some time. I know that there are a few sites that rank it as pretty good, as not being in one of those 14 nations. I just wanted to know what those DNS leaks meant where they were not detected on DNS leak test or some others but were found on yours. Thanks.
Hi John. When you run a DNS leak test and see the IP address of your internet service provider, that means your DNS requests are leaking out of the VPN tunnel and being handled by your ISP. A DNS request is just a simple translation that converts a regular website URL into an IP address. Without a VPN, your ISP will handle all of these requests when you visit various websites. This is an easy way for ISPs to monitor and record every website you visit. It also is a privacy issue because when these requests are leaking it can be traced back to your location and internet service provider (and essentially you). So this is bad from a privacy standpoint.
The test results may vary depending on which testing website you are using, which VPN apps, operating system, settings, and other variables. You can manually change/configure your operating system to use some other DNS, but you definitely don’t want to be having these DNS leaks with your ISP. For a nice overview on the DNS issue, VPN.ac put together a good article here.
ive got hide.me VPN Android have you tested this vpn they have a windows version also its got good ratings in a few vpn reviews
Hi John, no I have not tested it yet – but hopefully in the next few months.
Have you tested 360 Total security Turbo VPN comes with 360 total security Windows
Hi John, no I have not tested it. But from what I can find all of the products you mentioned (360 Total Security and its Turbo VPN) are offered by Qihu 360 – a Hong Kong company. Looking at Qihu 360’s Privacy Policy, I find they are collecting extensive amounts of data from their users, including all browsing history, devices, and personal information. So from a privacy perspective, I would not personally stay away from this company and all of their products.
thanks for feedback i decided to use virus total the 360 security app android result scan was 4 out of 60 detected one being a trojan spy Jiangmin . opened my eyes a bit
Yep, lots of Android VPN apps contain malware and tracking. Good job testing it out with VirusTotal.
You particularly point out PureVPN which I had recently purchased. I have a knowledge of an average computer user.
I read that you can use the OpenVPN client and just use the PureVPN servers. This will essentially remove the PureVPN software from the equation. Would this solution work?
One troubling aspect I do encounter when I use Pure VPN is that it seems some websites block PureVPN server addresses because I guess their users are known for unscrupulous activity? I just want to maintain my privacy and security, that’s all.
Can you recommend anything I can do?
Hi Johnson, you can definitely use third party OpenVPN clients, but I suspect you will still have problems. The DNS leaks, for example, are a problem with the server network and the way it’s configured. When I pointed this problem out, PureVPN’s proposed using Google DNS – which gives Google your browsing history. The IP leaks are likely a network and software issue – but you can test it out to see. One great option is Viscosity, which works on Windows or Mac. You can try it free for 30 days, after that you’ll need to buy the license for $9 (lifetime). Free clients include Tunnelblick (Mac OS) and OpenVPN GUI (Windows).
Regarding blocked websites, you are correct – that’s usually caused by spammers using the VPN, and then those IP addresses getting banned. The only solution here is to find another server. You may want to cut your losses and go with another provider, but you can test out PureVPN with the third party clients first to see how well it works.
Hi Sven,
Regarding OpenVPN GUI, there are a few security-issues that have to be taken care of before you’re completely safe. First, there is the DNS-leak. To fix this, you need to add the following line to your openVPN-config file:
block_outside_dns
Second, when you use openVPN with windows10, you are leaking DNS data through the windows10 resolver. To fix this, you need to get this fix:
https://github.com/ValdikSS/openvpn-fix-dns-leak-plugin
also, don’t forget to add this line to your OpenVPN-config:
plugin fix-dns-leak-32.dll
for 32 bit system or
plugin fix-dns-leak-64.dll
for 64 bit system
After plugging the above leaks, test your OpenVPN against a good test-site like whoer.net. You should be able to get a 90% score now, even with a free service like vpnbook or similar.
Just my 2 cents, again. 🙂