3 data leaks that could be undermining your online privacy
Protecting your online privacy is important. There has been a lot of discussion in recent years about how to stay safe online, and an increasing number of people are turning to Virtual Private Networks to keep their browsing data hidden from advertisers and overzealous intelligence agencies.
However, your privacy could still be at risk even behind the protection of a VPN. There are three common vulnerabilities that can leak information about you online: WebRTC and DNS leaks which affect VPN users, and app data leaks which can affect anyone and everyone. Read on to find out more about these three types of data leak, and what steps you can take to prevent them.
WebRTC (Web Real Time Communication) is a protocol that allows for peer-to-peer exchange of high-quality audio and video through your browser. It has exploded in popularity over the past couple of years, and is integral to web apps like Google Hangouts, Discord and Facebook Messenger.
While WebRTC is a useful tool, the peer-to-peer connection it creates is a vulnerability that is especially dangerous for VPN users. The connection that WebRTC creates to share data will bypass the protection of your VPN, unless your VPN is designed to watch out for it and catch it. If you’re not protected, whatever web app created the connection, as well as the device on the other end of it, will have access to your real public internet protocol (IP) address.
Your IP address is potentially key to revealing your identity, as it is unique to your device. Even a simple Google search will let anyone with access to your IP know your general location and the internet service provider (ISP) that you use. Anyone that gains access to your ISP’s database -- as hackers have done before -- will have access to all the data that is linked to your IP, including potentially your actual postal address.
Since WebRTC leaks could be giving away your details even from behind a VPN, it’s important to test whether you are being protected. To do this, you can use a simple WebRTC leak checker.
If WebRTC is leaking your IP address, you will need to take steps to stop it from happening. There are a couple of ways you can do this:
- If you are using Mozilla Firefox, you can disable WebRTC directly in your browser. To do this, head to the about:config page, and turn off the peerconnection.enabled setting
- On Google Chrome, there is no native setting for disabling WebRTC, however you can find apps for disabling it on the Chrome Web Store
- On Safari and Edge, there is no way to disable WebRTC. To stop IP leaks, you will either need to use another browser or switch to a VPN that has a built-in WebRTC leak blocker.
Domain Name Server leaks can potentially reveal your online activity to your internet service provider even from behind a VPN.
When you type a website’s URL into your browser’s address bar, your browser asks a DNS for the IP address of the web server connected to that URL. Your browser is then able to ask the host server for the webpage you want to see, and display it.
There are many DNS services available, but your browser will automatically use the ones provided by your ISP if you don’t specify otherwise – which means that sometimes, even when your VPN is active your DNS requests can bypass that protection.
This means that whenever you go to a website, your ISP’s DNS servers are contacted and they could potentially be saving logs of your online activity.
Fixing a DNS leak is fortunately quite easy. There are two ways you can do it:
- You can manually switch your DNS settings to use another service like Google DNS or OpenDNS, rather than your ISP being the default. To do this you will need the IP address of the DNS you wish to use, simply switching your computer to use that address in your Internet Adapter settings
- Alternatively, you can use a VPN that automatically switches your browser to a secure DNS whenever you turn on the VPN
App leaks are perhaps the most concerning of these three leak types. We are spending more and more time on our mobile devices, doing everything from sharing memes to handling our online banking. The apps we use for these tasks have access to a lot of information about us, and it’s impossible to know which apps may be leaking which data.
Leaks happen when apps fail to properly secure your data. Apps will often connect with online services to exchange information -- for example when you sign in to a social media app, it needs to send your login details to the servers of the social media network to verify you.
It’s important that apps use HTTPS, which is the secure connection type for exchanging data between two devices over the internet. Unlike the older HTTP, HTTPS encrypts the data sent with it, making it harder for anyone intercepting your web traffic to decipher it. Apps that rely on HTTP are seriously susceptible to data leakage, and it’s not just ad-laden gaming apps that you need to be wary of -- news and sports apps are often the most likely to leak your data, closely followed by business apps.
Some of the information that apps could potentially leak include your real name and username, email address and postal address, and even your credit card information. This is highly concerning, and should encourage people to think twice about what information they allow apps to access.
If you aren’t already using a VPN, installing and activating one is the simplest way to add protection against data leaks from other apps. A VPN can’t plug encryption holes left by other app developers, but it can prevent the leaked data from being connected together via your IP address and can therefore help to render it much less useful.