- Kanye West appears on David Letterman’s Netflix show to talk Trump, TMZ, and Drake Today 3:27 PM
- QAnon believers link small-town arrest to deep state conspiracy without evidence Today 1:58 PM
- Instagram photos showing prison conditions spark massive protest Today 1:33 PM
- ‘Gay rat wedding’ headline sparks amazing new meme Today 1:03 PM
- ‘I read a gossip piece’ meme mocks Moby’s Instagram post Today 12:39 PM
- Rotten Tomatoes wants to see your ticket stub to leave a verified review Today 11:46 AM
- ‘Sonic the Hedgehog’ movie delayed to 2020 to fix his look Today 11:39 AM
- ‘Swamp Thing’ gets off to a promising start, but can it tell a convincing love story? Today 11:34 AM
- ‘Falling on deaf ears’: ‘Queer Eye’ star sparks conversation about ableist idioms Today 11:15 AM
- Parents are spending thousands on YouTube camps that teach kids how to be famous Today 10:43 AM
- In season 2 of ‘She’s Gotta Have It,’ Spike Lee remains unapologetically himself Today 10:36 AM
- Trump selling Pride shirts is a grotesque insult to the LGBTQ community Today 10:27 AM
- Logan Paul is being mocked for pulling out of slapping competition Today 9:57 AM
- 47 House Democrats sign criticized net neutrality working group letter Today 9:17 AM
- How ‘and I oop’ became the perfect reaction meme for shocking developments Today 8:47 AM
Den Rise/Shutterstock (Licensed)
Here’s what you need to know.
A test conducted by cybersecurity researcher and ethical hacker John Mason of the Best of VPN found 10 of 15 Chrome VPNs leaked queries from domain name servers (DNS), or the protocol used to translate a normal domain name (like www.dailydot.com) to an IP address so a browser can load it.
The issue stems from a Chrome feature called DNS prefetching, which is designed to reduce latency by guessing what website you’re about to visit and pre-loading its IP address. For example, if you hover over a link, Chrome will make a DNS request, so the site loads faster once you press on it.
Obviously, VPNs should not be leaking data to an observer and potentially giving them the tools to track your browsing habits. The point of a VPN is to securely access a private network and remotely tunnel encrypted data to it. By leaking DNS requests, the VPN undermines its entire purpose.
“VPN extensions shouldn’t leak DNS data as it’s similar to IPs, can be used to see where a user is and one major use of VPNs is anonymity,” Mason wrote in an email to the Daily Dot. “They should block all kinds of outgoing DNS queries while they are running or route it through them.”
Without getting too technical, DNS data is leaked because DNS prefetching continues to operate when one of two VPN extension modes is in use. This allows bad actors to create web pages that force visitors to leak DNS requests and gives ISPs the ability to collect the URL of a user’s favorite websites.
Mason posted a list of the 10 VPN extensions he tested that leaked DNS requests.
- Hola VPN
- HotSpot Shield
- VPN Unlimited
- ZenMate VPN
- Ivacy VPN
“Since A LOT and I mean A LOT of users use the web extensions to browse anonymously, this is a severe hole in it,” Mason said. “For example, HolaVPN has over 8 million users, Tunnelbear more than 700k. Both of them leak DNS. This only happens with web extensions though, if you use a VPN app, this won’t affect you.”
He also outlined steps for users to determine whether their VPN leaks DNS. They are as follows:
- Activate the Chrome plugin of your VPN.
- Go to chrome://net-internals/#dns.
- Click on “clear host cache.”
- Go to any website to confirm this vulnerability.
If your VPN is leaking requests, you can navigate to your Chrome settings, type “predict” in “search settings” and disable “Use a prediction service to help complete searches and URLs typed in the address bar” and “Use a prediction service to load pages more quickly.”
If you want to use a VPN, we suggest downloading a full app, which won’t be affected by this strange vulnerability. Here is a list of the five best VPN apps.
We have reached out to Google and will update this article if we learn more.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.