You know that your VPN can protect your privacy. You know that your VPN can help you evade censorship and geoblocking. And you know that your VPN is an important part of your online security.

But how do you know it’s working?

We’re not being funny. While some VPN services operate automatically, such as when you connect to an untrusted network, others require you to turn them on and off manually. It’s easy to forget about them, especially if they don’t sit in your menu bar – which is why it’s a good idea to let them sit in your menu bar if that option is available, as that gives you either a graphical indication or one-click access to your VPN status. The following screenshot shows NordVPN’s menu bar on a Mac.

But there’s more to your VPN than whether it’s actually switched on. Some VPN services can still leak data, and they can do that in three different ways: DNS leaks, IP leaks and WebRTC leaks. Let’s find out what that means.

What is a DNS leak?

Every time you try to access an online site or service your computer or device needs to know where it is – and to do that it needs to convert its domain name into an IP address. Your device will connect to Domain Name Servers (DNS) to access that information, and if your VPN service doesn’t use its own DNS then you may be leaking location data by using your ISP’s default DNS servers. You can test what DNS you’re using by turning your VPN on and visiting www.dnsleaktest.com.

What is an IP leak?

An IP leak is when your real IP address is revealed when you don’t want it to be. It can sometimes happen because of incompatibilities between IPv4 and IPv6 – turning IPv6 off on your device can solve the issue if that’s the case – but it’s often leaked as a result of a WebRTC leak.

WebRTC is short for Web Real-Time Communication, and it’s a standard used by most of the big-name browsers for things such as voice chat and videoconferencing. Unfortunately a bug in WebRTC that’s been around for five years or so enables bad actors to identify users’ real IP address, not the IP address that their VPN supplied. In 2018 security researcher Paolo Stagno found that 17 out of 83 VPN systems were leaking users’ IP addresses via this bug.

Some VPNs now explictly block WebRTC leaks in their plugins for Firefox or Chrome, and there are also third-party extensions that can toggle WebRTC on and off such as DisableWebRTC for Firefox.

How can I protect myself against a leaking VPN?

Paid-for VPNs from names you know are generally more secure against such problems than free ones, and it’s really important that whatever VPN you get is from a reputable source: any software can contain malware, and VPN users are a tempting target. So Dodgy Dave’s Download Den is probably a poor choice when it comes to finding a VPN app.

It’s also important to consider the bigger picture when it comes to privacy. A VPN can only do so much, as the WebRTC leak demonstrates: if something on your computer is giving away personal information, it can be compromising your privacy. It’s wise to think of your VPN as just part of your online privacy and security system and to lock down your web browser and ensure you don’t install any other apps, or fall for any online scams, that might undo the work your VPN is doing.