In recent years there has been a massive boom in VPN usage, spurred on by security breaches and privacy leaks.
While prospective VPN users pay a lot of attention to the various policies VPN providers have when it comes to logging or leak protection, the user’s own responsibility is often entirely ignored.
When there’s a leak of sorts, such as the common WebRTC, Ipv6, DNS or torrent client leaks, people are quick to point their finger at the VPN provider, even though they could have easily prevented issues themselves.
It’s clear that a good VPN provider should do everything in its power to prevent leaks. At the very minimum, they should inform users about possible risks. Better yet, they should regularly test for vulnerabilities.
Still, VPN users themselves can also take a more proactive approach. The problem is that many people don’t take their own VPN security very seriously.
After signing up at a VPN service, many assume that they are perfectly protected. Aside from checking whether their IP-address has changed, they expend very little effort to make sure that this is the case.
What new VPN users should do instead is a series of VPN leak tests. Not just one, but at least a couple. Also, this should be repeated on all devices and in all browsers that are used, just to make sure.
It would also be smart to redo these tests on a regular basis, as devices and applications change. If there are any problems, fix them, with or without help from the VPN provider.
Aside from testing how leak-safe the setup is, VPN users might want to read the documentation and setup guides their VPN service provides. What is the most secure protocol? Does the software have built-in leak protection? What about a kill-switch?
If you use a custom VPN application offered by the provider it may come in with built-in leak protection, but that’s not always the case.
Also, some providers offer these features but don’t have them enabled by default, as it may lead to various connectivity issues. Others leave it up to the user to secure their browsers and apps. These are all things that should be taken into account.
If there are any leaks, let your VPN provider know. They should fix them if they can, after all.
Similarly, torrent users should not forget to test if their torrent client is setup correctly, and test for leaks there as well. This is easily overlooked by many.
While checking for leaks is crucial, things get even complicated when it comes to anonymity.
Some people are extremely focused on choosing a “zero log” VPN to maintain their privacy, but then use the same VPN to log in to Google, Twitter, Facebook and other services. This links the VPN address to their personal account, creating extensive logs there. And that without mentioning the other privacy-sensitive and tracking data these services collect and store.
While most are not too worried about that, it shows that full privacy or anonymity is hard to accomplish, even if a VPN is secure.
The bottom line is, however, that both VPNs and their users should be vigilant. VPN providers should take responsibility to prevent or warn against possible leaks, but people should remember that a “zero-log” VPN really is worthless if the user hasn’t set it up correctly, or uses it the wrong way.
Do I leak offers a comprehensive and independent VPN leak test, but Google should be able to find dozens more.