Google Chrome has a feature names DNS Prefetching, this attempt by the most used browser was in order to resolve the domain names before a user walks in and follows the link. Using this solution, the latency delays of DNS became minimal and guessed which website the user is most likely to visit next by pre-solving the domains of those websites. It, however, led to a problem.
There are reports that a ton of popular best VPNs was leaking the user’s data, and a new study has found that chromes extensions played a huge role in it. It must be noted that DNS leak is not related to the WebRTC issue, but DNS issue is activated by default as “Prefetching” in Chrome.
What is a DNS Leak?
Privacy has become scarce as ever, especially in the online world. The numbers of cyber attacks have been exponentially increased as governments and ISPs are taking an immense interest in people’s search trends and their data.
When a user wishes to escape from prying eyes, he uses a best VPN and feels he’s done protecting himself online. However little does he know that these VPNs themselves are not enough and can leak his identity?
A DNS server is like a phone book to all the website of the world. When a browser searches a website, a request is sent over to the DNS server with the URL which then directs it towards the authentic IP address.
If a browser ignores that the VPN is set in place and send the request on your real IP, then a DNS leak occurs. In simpler words, a DNS leak is a breach of your online privacy which happens when the DNS request is sent through the unencrypted DNS server.
What is DNS Prefetching?
As per Google, a DNS Prefetching is a phenomenon where the domain names are resolved before a user even tries to follow the link. All this is done using the normal DNS of the computer while no connection of Google is used throughout the process.
While using a VPN browser extension, Chrome offers two modes to configure the proxy connections these include;
In this mode, the extension gives a PAC script which allows changing the HTTPS/SOCKS proxy server’s host dramatically. For instance, a VPN extension can use the PAC script to determine the user’s preference for visiting Netflix. It then uses a rule which optimizes the experience by assigning a proxy server to give a smooth streaming experience.
Since Pac_Script is more dynamic than fixed servers, it is widely used across many VPNs chrome extensions.
In the fixed_servers, the extension uses specific HTTPS/SOCKs proxy servers to connect all connection that goes through the proxy servers.
The issue comes when DNS Prefetching uses Pac_Script. Since HTTPS proxy rarely supports proxying DNS request and Chrome itself does not support DNS over SOCKs protocol thus all prefetched request go through the DNS system which eventually leads to a DNS leak.
There are 3 scenarios that lead to DNS Prefetching;
- DNS Prefetch Control
- Manual Prefetch
How to Fix the Issue?
Users who seek protection need to look at these steps and follow the remedy.
- Launch chrome
- Go to settings
- Type predict in the search settings bar
- Disable that option that says “Use a prediction to complete the search when typed in the URL.”
- Also, disable “Use a prediction service and load pages quickly.”
Popular DNS leak detector DNSleaktest.com was unable to detect the DNS leaks that are mentioned in this article. This is because the DNS leaks requests are only issued by the popular website under specific circumstances.
VPNs that Passed the Test as of 13 July 2019
We tested the industry’s most popular vpn services and were not surprised by what we saw.
- Cyber Ghost
Affected List of VPNs as of 13 July 2019
Following are the VPNs when tested they were found leaking the DNS information of the users.
- Setup VPN
The aforementioned VPNs are the choice of millions around the world. It is daunting to see that they failed the basic test of online security.
Test your VPN for DNS Leak
To test if the VPN is vulnerable to a DNS leak, conduct the following test.
- Activate the chrome extension of the VPN
- Go to chrome://net-internals/#dns
- Click “clear host cache.”
- Go to any website and see if you are vulnerable or not.
Important note for Chrome Users
Over 20 million chrome users are using malicious ad blockers. Avoid installing such extensions which are playing a vital role in exposing your data and information online. They are not only making you susceptible to cyber attack but are also leaking your precious information is, which is not to be shared with any stranger.