There are multiple reasons why VPNs leak.
But a leaking VPN is useless.
You purchase VPN service for one very simple reason: Hide your IP and protect your data while browsing the Internet or using public Wi-Fi.
Leaks completely undermine this vital service, exposing your true location and activities right before the prying eyes of your ISP, government agencies, and cybercriminals.
It’s like buying a vacuum cleaner and having it blow dirt out all over your house.
We don’t take leaks lightly.
Every VPN that we review goes through an extensive leak-detection process. We establish a connection with their servers and then use six different third-party tools to reveal our IP address.
If they don’t match the VPN’s stated server location, it means they are leaking…
Different VPN Leaks + How We Tested
Three most common leaks are:
- DNS leaks
- WebRTC and IP leaks
- Chrome extension leaks
We used the following sites (in addition to our own Chrome extensions test):
- https://ipleak.net/
- https://www.perfect-privacy.com/check-ip
- https://ipx.ac/run
- https://browserleaks.com/webrtc
- https://www.perfect-privacy.com/dns-leaktest/
- https://dnsleak.com
Unfortunately, this problem isn’t as far-fetched as it sounds.
We found leaks in as many as 15 of the 74 VPNs we’ve reviewed. That’s a whopping 21.62% of the ‘best’ VPNs in the marketplace.
Those 15 leakers also occupy bottom 15 ranking spots in our best VPN list. That’s no coincidence.
So which ones are they? Find out in this list of VPNs that threaten your internet security with different leaks.
15 VPNs That Leak
- Hoxx VPN (free & paid version)
- Hola (free version)
- VPN.ht (paid version)
- SecureVPN (paid version)
- DotVPN (free version)
- Speedify (free version)
- Betternet (free version)
- Ivacy (free version)
- Touch VPN (paid version)
- Zenmate (free version)
- Ace VPN (paid version)
- AzireVPN (paid version)
- BTGuard (paid version)
- Ra4w VPN (paid version)
- VPN Gate (free version)
Below is a list of both free and paid VPNs where we found DNS, WebRTC, IP, or Chrome extensions leaks:
1. Hoxx VPN – DNS, WebRTC, and Chrome extension leaks found
Server used for testing: Canada
This was a VPN that failed just about every test that we put it through, including half of our leaks tests. WebRTC leaks were just one of the multitude of issues we faced with this problematic system.
They log your information and expose your IP, through both standard WebRTC leaks and Chrome extension leaks. Coupled with its outdated VPN protocols and encryption standards, you’re better off just not using a VPN like this one.
WebRTC Leak (exposing our true IP):
DNS Leak:
Chrome extension leak:
Read more in our Hoxx VPN review.
2. Hola VPN – DNS and WebRTC leak
Server used for testing: United States
Hola is one of our lowest ranked VPNs. This free VPN logs your information and uses a sketchy peer to peer connection in lieu of traditional VPN servers.
It might be one of the least secure VPNs we’ve ever seen. It’s another ‘double trouble’ VPN that managed to fail both our browserleak.net and WebRTC tests.
Hola WebRTC leak:
Hola DNS leak:
Read more in our Hola VPN review.
3. VPN.ht – IP and DNS leaks detected
Server used for testing: Netherlands
VPN.ht uses a series of adorable aliens to let you know that with their service, you can be completely anonymous.
But apparently, they don’t run leak tests on whatever planet these little guys are from. Aside from the leaks, it was a pretty good VPN. They don’t log any information and they exist outside of the established surveillance alliances. This winning combination always eases my security fears a bit.
I just couldn’t get past the leaks…
We found IP leaks, but Spoiler Alert: this isn’t the last time you’ll be seeing this product on the list.
VPN.ht IP leak:
VPN.ht DNS leak:
Read our full VPN.ht review
4. SecureVPN – IP and DNS leak detected
Server used for testing: Netherlands
This VPN claims to hold “the key to online privacy” on their official website. But we found IP leaks that completely undermine this claim.
It’s a shame too because there was really a lot to love about this VPN. Fast speeds coupled with Netflix functionality and torrenting capabilities made it a strong streaming product. But those leaks were just too much to overlook.
SecureVPN IP leak found:
SecureVPN DNS leak found:
Read our full SecureVPN Review.
5. DotVPN – WebRTC leak detected
Server used for testing: United States
This company claims that they are “a better way to VPN.”
What they ARE is a slow (but affordable) VPN based out of Hong Kong. That means they’re free of the overbearing 5, 9, and 14 Eyes Surveillance alliances that pool government espionage information together. Yet still under China’s “government approval.”
They’re also ripe with WebRTC leaks. This VPN failed our usual WebRTC test.
DotVPN WebRTC leak found:
Read more in our DotVPN Review.
6. Speedify – 1 DNS leak detected
Server used for testing: Finland
We found DNS leaks on this VPN, but the presence of a kill switch feature helps somewhat. A kill switch will automatically disconnect you from the VPN service if the signal becomes compromised.
No logging and five simultaneous connections are some of the positives, but they don’t outweigh the danger posed by these leaks.
DNS leak:
Read more in our Speedify VPN Review.
7. Betternet – 1 IP leak through Chrome extension
Server used for testing: United States
Betternet is a 100% free VPN…
… and proof of the old adage that you get what you pay for.
For starters, it’s the slowest app we’ve ever reviewed. If that’s not bad enough, the company sells ads based on your own activity. Security is a huge concern thanks to the company’s policy of data logging.
But all of that pales in comparison to the leaks we found when investigating this service. Betternet’s Chrome browser extension was the main culprit this time.
Not shocking, since 70% of Chrome extensions leak your IP.
Leak through Chrome extension:
Read more in our Betternet Review.
8. Ivacy – 1 IP leak through Chrome extension
Server used for testing: United States
Leaks, limited torrenting, and no Netflix derail what looked on paper to be a decent VPN. This is another one that passed our WebRTC test but failed when we examined their Chrome extension. The presence of a kill switch helps, but not enough.
9. TouchVPN – 1 IP leak through Chrome extension
Server used for testing: United States
TouchVPN is free. But its porous browser extension means it’s still overpriced.
Free was the only positive thing we found to say about this VPN. It’s slow, logs your information, doesn’t work with torrenting or Netflix. Plus, they’re located within the 5 Eyes alliance jurisdiction. Steer clear.
Read more in our TouchVPN Review.
10. Zenmate – 1 IP leak through Chrome extension
Server used for testing: United States
This app left our IP address completely exposed. It has a decent server park and the built-in kill switch helps security somewhat.
But the presence of leaks plus a problematic logging policy forces us to question whether or not we can trust Zenmate.
Response from Zenmate:
The problem is that WebRTC, as a protocol, leaks IP Addresses under certain circumstances. The change we made that prevents leakage may prevent WebRTC from working, so the user has the ability to switch this off, and use WebRTC. Once switched off, we remind the user to switch is back on as much as we can, but it is up to the user to do so.
Also, our smart locations feature may cause leakage. This feature switches the user’s selected server based upon the website they are visiting so that it is more likely to work that otherwise. This feature, again, may leak IP Addresses under certain circumstances. This feature is valuable to a lot of users as it improves their geo-unblocking where they are not 100% concerned about total security. This feature is turned off by default, but the user has the option to turn it on.
All in all, we are as good as or better than all other VPNs on the market as far as preventing leakage, however not all of our users want this as it may prevent them accessing certain features and function. So, we made is user configurable and warn the user when they may be compromising their configuration. If the test still shows that they are detecting leakage, then it is most likely they need to upgrade their version of the client.
Read more in our Zenmate review.
11. AceVPN – 1 DNS leak detected
Server used for testing: Belgium
AceVPN started off OK. However, results quickly went downhill when we started putting them through our series of tests.
This is a slow-moving system that logs your data and only allows for two simultaneous connections. That being said, it worked with Netflix and features a kill switch.
But the DNS leaks were the last straw.
Read more in our Ace VPN Review.
12. AzireVPN – 1 DNS leak detected
Server used for testing: Sweden
It’s hard to be “privacy-minded” when you’re suffering from DNS leaks. Another one, unfortunately, bites the dust.
On paper, it looked pretty good. No logging and there was Netflix/torrenting support. And with five simultaneous connections, it seemed like a decent VPN that the whole family could enjoy.
A lack of a kill switch coupled with the aforementioned leaks were some of the only dents in this program’s otherwise impressive armor.
13. BTGuard – 1 DNS leak detected
Server used for testing: Netherlands
BTGuard is extremely torrent friendly. Too bad it also suffers from DNS leaks. The point of VPN use while torrenting is to protect your system from malicious hacking attempts made by other users who are connecting to your system.
That protection is meaningless if your IP is exposed. While BTGuard focuses on torrenting services, it tends to ignore most other important features of a modern VPN. They log information, it’s a slow program, they don’t have a kill switch, and they only allow for one connection.
Leaks were just the cherry on top.
Read more in our BTGuard Review.
14. Ra4W – 1 Chrome Extension leak detected
Server used for testing: United States
This VPN has secure encryption and an awesome customer service team, but it was undermined by both DNS leaks and some potentially malicious programs that we found in its install file. A kill switch could have gone a long way toward re-instilling some of my faith, but they don’t have one.
Read more in our Ra4W VPN Review.
15. VPN Gate – 1 DNS leak detected
Server used for testing: Belgium
VPN Gate is a free VPN service from Japan. Unfortunately, that gate has a few holes in it in the form of DNS leaks. There’s not a lot to love here aside from the price point and the fact that it worked with Netflix.
Due to the leaks we found, it’s not recommended to use this VPN for anything other than light streaming. Nothing that requires anonymity.
Why Do VPNs Leak?
VPNs leak for a variety of reasons. DNS server issues and WebRTC API conflicts can cause your true location to shine through. The problem is that these often strike when you least expect it.
Your VPN connection looks legit. There’s no notifications or other errors. But your ISP, government agencies, or cybercriminals will see absolutely everything.
You can have strict no logging policies, exist outside of every major surveillance alliance, and have lightning speeds, but if a VPN is leaking your IP, you’re toast.
That’s why when you find a VPN that is airtight, with no leaks whatsoever, you should stick to it like glue. Here are some of our favorite.
Top 5 Leak-Free VPNs
- No logging and some advanced encryption make this a security powerhouse.
- You can torrent away and stream Netflix on some servers, so it’s great for browsing
- With over 1,500 servers in 93 countries, you can use this VPN for years and never use the same server twice.
- Six connections and over 3,000 servers make this a truly versatile service.
- Four out of the six servers we tested worked with Netflix.
- Super fast speeds and a kill switch ensure that your sessions will be quick and protected.
- Unlimited connections allow you to connect to multiple devices without ever having to sign out.
- A strict no logging policy ensures that you remain completely anonymous.
- Torrent to your heart’s content.
4. CyberGhost
- 1300 servers in 65 countries with five connections. This is a service that gives you options.
- Not a part of any major surveillance alliance, so your information is secure.
- The company won’t log your information, so browse confidently.
- A lightning fast VPN that lets you torrent and watch Netflix.
- A no logging policy helps but the “trust” in Trust.Zone.
- Built-in kill switch ensures that even if there were leaks, you would be protected.
For a more in-depth analysis, check out our list of the top ranking VPNs.
Did you test Private Internet Access (PIA)?
We found no leaks when using PIA. Here’s more info: https://thebestvpn.com/reviews/private-internet-access/
Came to ask this too. Thanks for answering!
PIA does leak from WebRTC.
Hey Kyle,
I haven’t re-done the tests yet, should be done within a couple of months and then I’ll see as well. Thanks for the input, though!
Did you test Strong VPN
No leaks found for StrongVPN…
Did you test Proton VPN, free and paid? How is that one ?
We tested the paid version and it didn’t leak. As far as I know, their free version shouldn’t be leaking either unless they launch a vulnerable Chrome extension…
ProtonVPN leaks with Linux and the openvpn extention
Can you provide screenshots?
Did you test zoog at all?
P.S good work and good information, thanks.
Thanks for the support.
We did test ZoogVPN and didn’t find any leaks 🙂
What about IPvanish, where would you rank this within the leakage table?
According to us, IPVanish doesn’t leak. But they are located in 5 eyes jurisdiction, which we don’t recommend using: https://thebestvpn.com/5-9-14-eyes-countries/
What version of VPNArea’s app did you test?
Did you conduct these tests all with the Windows app?
What is the point of testing an extension?
Also, CyberGhost is run by an Israeli data analytics company named CrossRider.
Hey Jon H,
We used Windows computer to perform these tests on our PC. We fond IP and DNS leaks. CyberGhost should be Romanian (CyberGhost S.R.L.), no?
Sorry, but you didn’t answer the question. What version of the VPNArea app did you test? They just released version 2, which I understand fixed these issues… Could you please clarify which version you tested? Because in your review is version 1, but your review is outdated. thank you
Hey Jon,
From our experience, VPNArea is flawed and should be avoided… We tested version “2”.
Holy f***! Thanks for the heads up on that one!! We’d be basically handing them our info.
Great article. Did you test PureVPN? How did they do?
Hey George,
PureVPN had Chrome extension leak few months ago, but they fixed it fairly quickly. We didn’t find any IP, DNS or WebRTC leak tests in our current research.
Did you test the F-Secure Freedome VPN?
Yes we did, no leaks found: https://thebestvpn.com/reviews/f-secure-freedome/
Good to see PureVPN didn’t leak. That’s what I use.
It used to leak, but they’ve fixed it now.
Hi
how safe is goose vpn regarding webrtc and ip leak, without the additional protection of the cost level of 1 € monthly, on PC and Android Device?
I’m impressed with the work you guys are doing here. Its very very very commendable. Keep it up
Thanks 🙂
Please test VPN4ALL. Thank you
From all the DNS leak test site I’ve tried only the WebRTC Leak showed that I’m leaking my real IP. Think one needs to be careful when it comes to the tests.
Which VPN did you use :)?
Learned a lot from this forum, great job guys, keep it up 🙂
Great article.
Did you test the Opera browser built-in free VPN?
Thanks
Yes, you can read our review here: https://thebestvpn.com/reviews/opera-vpn/
Please did you test Windscribe VPN?
Hey David,
We didn’t find any leaks using WindScribe. You can read our full review here: https://thebestvpn.com/reviews/windscribe-vpn/
For more privacy:
“Luckily, with SOCKS5 Firefox can control which side of the proxy handles DNS lookups. By default, it does the lookups locally resulting in the scenario above. To change this, set network.proxy.socks_remote_dns = true in about:config. This makes the SOCKS proxy more like a regular proxy, where DNS is handled by the remote end of the tunnel.”
https://outflux.net/blog/archives/2006/12/07/paranoid-browsing-with-squid/
network.dns.disablePrefetch = true
“DNS queries, you can save some kilobytes of transfer by disabling DNS-prefetching and link-prefetching.”
http://b.agilob.net/better-security-privacy-and-anonymity-in-firefox
How about shield vpn. I found no detectable speed loss. Actually makes me a little suspicious. Tested Bitdefender and found it 50% slower. Used ookla. Any leaks ? Great work, really appreciate your expertise.
Didn’t find any leaks on Hotspot Shield. You can read the full review here: https://thebestvpn.com/reviews/hotspot-shield/
Hey there
How about bitdefender? Thank you.
Will review this soon 🙂
Awesome. Thank you.
Here’s the review: https://thebestvpn.com/reviews/bitdefender-vpn/
Hi, would you review on VPN Unlimited by KeepSolid.
You can find VPN Unlimited review here: https://thebestvpn.com/reviews/vpn-unlimited/
Hey Guys,
I believe it could be useful for your readers to include IPLeak.org in the links for checking your VPN.
It would sometimes show WebRTC leaks that other leak testing web sites mentioned won’t catch. Its DNS Leak Test is also very robust and you can showcase your results with a link like speedtest.net.
How about Express VPN?
How did that perform?
No leaks found: https://thebestvpn.com/reviews/expressvpn/