- Chaotic good, true neutral: The 2020 Democrat alignment chart Today 6:30 AM
- How to stream Mexico vs. Brazil live in the U-17 World Cup final Today 3:00 AM
- Influencer gets prison time for performing illegal cosmetic procedures on followers Saturday 5:13 PM
- Parent immediately regrets baby monitor after seeing ‘possessed’ baby Saturday 3:53 PM
- Buttigieg used Kenyan stock photo to promote plan for Black America Saturday 2:29 PM
- Disney+ is the best streaming service for families available today Saturday 1:43 PM
- Netflix to amend Nazi docuseries after being accused of rewriting history Saturday 1:09 PM
- Everything you need to know about TikTok Saturday 1:00 PM
- Screaming drummer girl steals hearts with passionate Nirvana cover Saturday 12:50 PM
- The Kardashians receiving backlash for food fight Instagram post Saturday 10:26 AM
- How to stream Artem Lobov vs. Jason Knight in BKFC Saturday 9:00 AM
- Lizzo sued by Postmates runner she accused of stealing her food Saturday 8:39 AM
- How to stream Jan Blachowicz vs. Ronaldo ‘Jacare’ Souza on UFC Fight Night Saturday 8:00 AM
- How to watch Georgia vs. Auburn live Saturday 6:30 AM
- How to stream Navy vs. Notre Dame live Saturday 3:30 AM
A test conducted by cybersecurity researcher and ethical hacker John Mason of the Best of VPN found 10 of 15 Chrome VPNs leaked queries from domain name servers (DNS), or the protocol used to translate a normal domain name (like www.dailydot.com) to an IP address so a browser can load it.
The issue stems from a Chrome feature called DNS prefetching, which is designed to reduce latency by guessing what website you’re about to visit and pre-loading its IP address. For example, if you hover over a link, Chrome will make a DNS request, so the site loads faster once you press on it.
Obviously, VPNs should not be leaking data to an observer and potentially giving them the tools to track your browsing habits. The point of a VPN is to securely access a private network and remotely tunnel encrypted data to it. By leaking DNS requests, the VPN undermines its entire purpose.
“VPN extensions shouldn’t leak DNS data as it’s similar to IPs, can be used to see where a user is and one major use of VPNs is anonymity,” Mason wrote in an email to the Daily Dot. “They should block all kinds of outgoing DNS queries while they are running or route it through them.”
Without getting too technical, DNS data is leaked because DNS prefetching continues to operate when one of two VPN extension modes is in use. This allows bad actors to create web pages that force visitors to leak DNS requests and gives ISPs the ability to collect the URL of a user’s favorite websites.
Mason posted a list of the 10 VPN extensions he tested that leaked DNS requests.
- Hola VPN
- HotSpot Shield
- VPN Unlimited
- ZenMate VPN
- Ivacy VPN
“Since A LOT and I mean A LOT of users use the web extensions to browse anonymously, this is a severe hole in it,” Mason said. “For example, HolaVPN has over 8 million users, Tunnelbear more than 700k. Both of them leak DNS. This only happens with web extensions though, if you use a VPN app, this won’t affect you.”
He also outlined steps for users to determine whether their VPN leaks DNS. They are as follows:
- Activate the Chrome plugin of your VPN.
- Go to chrome://net-internals/#dns.
- Click on “clear host cache.”
- Go to any website to confirm this vulnerability.
If your VPN is leaking requests, you can navigate to your Chrome settings, type “predict” in “search settings” and disable “Use a prediction service to help complete searches and URLs typed in the address bar” and “Use a prediction service to load pages more quickly.”
If you want to use a VPN, we suggest downloading a full app, which won’t be affected by this strange vulnerability. Here is a list of the five best VPN apps.
We have reached out to Google and will update this article if we learn more.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.