Apple is known to have more stringent standards for privacy and security than most, even fighting the FBI over its users’ privacy rights. That doesn’t mean Mac users should ignore privacy-focused practices, such as using a VPN online. And in case you’re already using one, testing it to see if it works properly.
Yes, VPNs aren’t the infallible privacy tools we’d like them to be just yet. OS and software incompatibilities can often mess with the protection offered by VPNs, especially if yours doesn’t offer leak protection. Before we continue in more detail, take a minute to check if your VPN works here.
What Is a VPN Leak?
The main job of a VPN is to encrypt your online data (i.e. make it unreadable to outsiders) and hide your IP address. The last part is important since it hides information that could be linked with your physical location:
- Country and city of residence
- Your Internet Service Provider (ISP)
- ZIP code
A leak happens when your IP address is revealed in some fashion, even though you’re using a VPN. Mac users have less to worry about than Windows users, for example, who have to deal with built-in features (Teredo and Smart Multi-Homed Name Resolution) that cause what is called Domain Name System (DNS) leaks.
Yet there are ways your VPN could leak even on Mac, discussed below.
DNS Leaks on Mac
When you type a website name into your browser, your device usually contacts your ISP’s DNS server(s) where the domain name (say, youtube.com) is translated to an IP address. These are called DNS requests, and they are routed through your VPN’s own DNS servers in order to hide your browsing activity from your ISP.
A leak may occur if your Mac sends DNS requests to your ISP even with an active VPN. This may happen with certain OpenVPN configurations on OS X and macOS. Luckily, it’s pretty easy to deal with the leak by switching to an independent DNS provider.
One suggestion is OpenDNS, which has multiple guides on how to switch your DNS settings, complete with guides to flush your DNS resolver and web browser caches wherever necessary. You could also use Google Public DNS, but they aren’t exactly known as a privacy-oriented company.
WebRTC Leaks on Mac
Most browsers nowadays (including Safari) have WebRTC included so you can make audio and video calls through services such as Discord, Skype, and so on, without the need for extra plug-ins. Unfortunately, the feature can also cause your real IP address to leak if your VPN doesn’t have WebRTC leak protection included.
There are multiple ways you can deal with this:
- Turn off WebRTC in your browser
- Use a browser extension like WebRTC Control to get an on/ off button for the feature, in case you want to use your browser for audio or video chatting. Only available for Chrome, Firefox, and Opera. Safari users are stuck with disabling the feature
- Use script-blockers like NoScript or uMatrix to block WebRTC requests and many other privacy killers (such as ad trackers). Do note that these add-ons may take some time to get used to
IPv6 Leaks on Mac
There are two types of IP addresses available: IPv4 and IPv6. Technical details aside, IPv4 addresses have basically run out as of 2019. Despite that, ISPs, enterprises, websites, VPN providers, and everyone else have found it expensive or otherwise cumbersome to adapt to the new standard.
This slow adoption of IPv6 has caused several issues, one of them being IPv6 leaks in VPN clients. Most providers that don’t support it will completely block out IPv6 traffic. If your VPN doesn’t, your IPv6 address will leak – revealing all the details discussed in the beginning.
The only solution aside from getting a VPN with leak protection is to disable IPv6 on your Mac entirely. Once you’ve dealt with all these issues, give the leak tool, in the beginning, another try; just to make sure your changes took effect.