- Alleged gunman tried to rob YouTuber Adam22 during livestream 12 Months Ago
- Turkish president used New Zealand shooting footage at campaign rallies 12 Months Ago
- 8 adorable tea infusers that will warm you with cuteness Today 10:26 AM
- The Super Nintendo Pro is the wireless controller of your dreams Today 10:25 AM
- Lori Loughlin reportedly dropped from ‘Fuller House’ final season Today 10:10 AM
- The Legend of Zelda Encyclopedia Deluxe Edition is a true treasure Today 10:00 AM
- Even Republicans are angry with the GOP’s anti-Beto tweet Today 10:00 AM
- ‘Egg Boy’ vows to send GoFundMe money to mosque shooting victims Today 9:55 AM
- Noom is a weight loss program that prioritizes your mental health Today 9:10 AM
- Shane Dawson once joked about ejaculating on his cat—and people are furious Today 8:54 AM
- Rep. Steve King posts Civil War fantasy meme—accidentally mocks own state Today 8:41 AM
- Gaming company Valve removed tributes to Christchurch shooter Today 8:39 AM
- The best new bands at SXSW 2019 Today 8:00 AM
- 10 literary journalism classics that should be on your reading list Today 7:00 AM
- You can watch DC Universe’s acclaimed original shows for free Today 6:28 AM
Den Rise/Shutterstock (Licensed)
Here’s what you need to know.
A test conducted by cybersecurity researcher and ethical hacker John Mason of the Best of VPN found 10 of 15 Chrome VPNs leaked queries from domain name servers (DNS), or the protocol used to translate a normal domain name (like www.dailydot.com) to an IP address so a browser can load it.
The issue stems from a Chrome feature called DNS prefetching, which is designed to reduce latency by guessing what website you’re about to visit and pre-loading its IP address. For example, if you hover over a link, Chrome will make a DNS request, so the site loads faster once you press on it.
Obviously, VPNs should not be leaking data to an observer and potentially giving them the tools to track your browsing habits. The point of a VPN is to securely access a private network and remotely tunnel encrypted data to it. By leaking DNS requests, the VPN undermines its entire purpose.
“VPN extensions shouldn’t leak DNS data as it’s similar to IPs, can be used to see where a user is and one major use of VPNs is anonymity,” Mason wrote in an email to the Daily Dot. “They should block all kinds of outgoing DNS queries while they are running or route it through them.”
Without getting too technical, DNS data is leaked because DNS prefetching continues to operate when one of two VPN extension modes is in use. This allows bad actors to create web pages that force visitors to leak DNS requests and gives ISPs the ability to collect the URL of a user’s favorite websites.
Mason posted a list of the 10 VPN extensions he tested that leaked DNS requests.
- Hola VPN
- HotSpot Shield
- VPN Unlimited
- ZenMate VPN
- Ivacy VPN
“Since A LOT and I mean A LOT of users use the web extensions to browse anonymously, this is a severe hole in it,” Mason said. “For example, HolaVPN has over 8 million users, Tunnelbear more than 700k. Both of them leak DNS. This only happens with web extensions though, if you use a VPN app, this won’t affect you.”
He also outlined steps for users to determine whether their VPN leaks DNS. They are as follows:
- Activate the Chrome plugin of your VPN.
- Go to chrome://net-internals/#dns.
- Click on “clear host cache.”
- Go to any website to confirm this vulnerability.
If your VPN is leaking requests, you can navigate to your Chrome settings, type “predict” in “search settings” and disable “Use a prediction service to help complete searches and URLs typed in the address bar” and “Use a prediction service to load pages more quickly.”
If you want to use a VPN, we suggest downloading a full app, which won’t be affected by this strange vulnerability. Here is a list of the five best VPN apps.
We have reached out to Google and will update this article if we learn more.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.