Check If Your VPN Is Leaking Private Data

Uploaded on 2017-01-05 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

A virtual private network (VPN) is a great way to keep your Internet usage secure and private whether at home or on public Wi-Fi. But just how private is your activity over a VPN? How do you know if the VPN is doing its job or if you’re unwittingly leaking information to those trying to pry into your activities?

One simple way to see if the VPN is working is to search for what is my IP on Google. At the top of the search results, Google will report back your current public Internet Protocol (IP) address. If you’re on a VPN, it should show the VPN’s IP. If it doesn’t, you know you have a problem.

If you’re not sure what your VPN's actual IP is then take the IP address Google gives you (such as 107.152.98.165) and enter that into Google like so: IP 107.152.98.165. The top several search results should indicate where that IP is located. If you’re in Toronto and the IP is registered in California, then the VPN is working.

Your public IP address is just one-way private information can leak over a VPN. To see how fully private, you are visit IPLeak.net. This website checks a number of ways that your IP address and other information can leak, including over WebRTC (an up-and-coming browser-based chat technology), DNS leaks, torrenting, and geolocation.

Not all of these tests happen automatically. The torrent test, for example, requires a small torrent file, available via magnet link, to see if torrents are funneling through your VPN or not.

The geolocation test is helpful, but keeping your location secure is pretty straightforward. Just don’t allow any website to use your location while on a VPN. One way to do that is to specify a browser, Firefox for example, as your VPN-only browser. Then disallow location requests on that browser. Alternatively, you could use a browser extension that provides a fake location to websites that request it.

The most likely culprit in leaked information, however, is via the Domain Name System (DNS). To navigate the web, your machine requires contact with DNS servers to help translate website addresses from names to numeric IP addresses. Typically, a PC automatically uses the DNS servers of your internet service provider. The problem is that if you’re using a VPN and leaking DNS through a local service provider, you can reveal enough information to point anyone spying on you in the right direction.

Many set-it-and-forget-it type VPNs funnel your DNS requests through their own servers, though some require an explicit settings change to do this. Check your VPN provider’s help pages if you are leaking DNS for advice on how to fix it.

Another way to address this issue is to permanently switch to an alternative DNS provider such as Google, OpenDNS, or Comodo Secure DNS. Once you’ve fixed your DNS problems, return to IPLeak to see what it reports. If it shows DNS servers that aren’t related to your ISP, or general location, then you’re all set to enjoy added privacy over your VPN connection.

PCWorld:              Cybersecurity: A Personal Plan:

 

« Germany Wants To Order Social Media To Police Hate Speech
Turkish Lender Akbank Under Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Daon

Daon

Daon offers a universal biometric authentication platform for mobile devices.

OASIS Open

OASIS Open

OASIS Open is where individuals, organizations, and governments come together to solve some of the world’s biggest technical challenges through the development of open code and open standards.

Trustlook

Trustlook

Trustlook's SECUREai engine delivers the performance and scalability needed to provide total threat protection against malware and other forms of attack.

GreyCastle Security

GreyCastle Security

GreyCastle Security is a leading cybersecurity services provider dedicated exclusively to cybersecurity and the practical management of cybersecurity risks.

Claranet

Claranet

Claranet are experts in modernising and running critical applications and infrastructure through end-to-end professional services, managed services and training.

CSIRT GOV - Poland

CSIRT GOV - Poland

Computer Security Incident Response Team CSIRT GOV, run by the Head of the Internal Security Agency, acts as the national CSIRT responsible for coordinating the response to computer incidents.

ATIA

ATIA

ATIA provides consulting services in the design and implementation of IT system, Information Security, ISO certification, and professional IT training and education.

La Fosse Associates

La Fosse Associates

The InfoSec Recruitment team at La Fosse Associates specialises in placing Information Security & Risk professionals on a permanent and contract basis.

NinjaJobs

NinjaJobs

NinjaJobs is a community-run job platform developed by information security professionals. We focusing strictly on cybersecurity positions.

Carbonite

Carbonite

Carbonite offers all the tools necessary for protecting data from the most common forms of data loss, including ransomware, accidental deletions, hardware failures and natural disasters.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

LogicHub

LogicHub

LogicHub is built on the principle that every decision process for threat detection and response can and should be automated.

Otto

Otto

Stop Client-Side Attacks. Plug otto into your application security suite and protect your supply chain.

Cisco Systems

Cisco Systems

Cisco helps seize the opportunities of tomorrow by proving that amazing things can happen when you connect the unconnected.

Skyhawk Security

Skyhawk Security

Skyhawk Security is the originator of Cloud threat Detection and Response (CDR), helping hundreds of users map and remediate sophisticated threats to cloud infrastructure in minutes.

PolySwarm

PolySwarm

PolySwarm is a crowdsourced threat intelligence marketplace that provides a more effective way to detect, analyze and respond to the latest threats.