VPNs rely on encryption to provide users with a secure service. But how do you really know if a VPN is encrypting your online traffic? How can you tell whether encryption is being used, and what type?
VPNs and Encryption
The number one feature your VPN should provide is encryption. Encryption stands at the heart of a VPN’s function, taking your online traffic and converting it to unreadable ciphertext. Without encryption, your VPN is pointless, as your ISP, government agencies, and prying hackers can see what you’re doing online.
This is why it’s so crucial to ensure that your VPN is definitely encrypting your data.
There are a few ways to do this. We’ll be using TunnelBear, a popular VPN that uses AES-256 encryption, to test whether encryption has been applied. But keep in mind that you can use the methods listed below with any VPN.
1. Check for DNS Leaks
One of the best ways to determine whether your VPN is encrypting your data is to check for DNS leaks. Your DNS (Domain Name Server) connects your IP address to domain names.
To check for DNS leaks, head to a DNS leaks website. Examples of these sites include DNS Leak Test and BrowserLeaks.
Even if you’re connected to a VPN, at least one DNS request will come up, but this doesn’t mean you’re in danger. If the IP address shown is different from your real IP, and the country shown is the same as the server location you’re connected to, that means you’re good to go.
If the DNS leak test results show that you’re connected to a different server location than the location you chose on your VPN app, then something is amiss. In other words, if you’re connected to a remote server in France, but the DNS leak test shows your location as local, chances are you’re not connected or your IP is not being masked.
2. Check Your IP Address
Your IP address is supposed to be masked by your VPN. The VPN will display your IP address as the address of the remote server you’re connected to, making it almost impossible to know who or where you are.
If your VPN provider is masking your IP address, you’ll be able to tell in your device’s settings. Head into settings, then to the network or connections section (the exact name of this will differ from OS to OS). In the network settings, you should be able to easily view your IPv4 address.
If your settings keep displaying the same IPv4 address before and after you connect to your VPN, this may not necessarily mean that it isn’t working. To get the most up-to-date IP address on your device, you may be better off using the command prompt.
On Windows, hit Windows+R and then type “cmd” into the small window that pops up. You’ll now be taken to the command line terminal. Now, type “ipconfig /all” and hit the Enter key (make sure to include a space between the two words). You’ll then be able to view a huge amount of network information, including your IPv4 address.
Check your IPv4 address via the command line terminal before connecting to the VPN, and do so again after connecting.
If the IPv4 address is the same each time, then it’s very likely that something is wrong, as your raw IP is still being used despite your device being connected to a remote server.
If you don’t want to deal with the command line terminal, you can also use your browser to check your IP address. Websites like whatismyipaddress.com let you view your IPv4 and IPv6 addresses at any time. NordVPN also offers a service for this.
Some of these sites can be inaccurate, placing you in the wrong geographical area. For instance, you may be located in Los Angeles, but the IP checker places you in San Diego. If you’re trying to find your true IP, this poses a problem. However, in this case, you’re simply trying to discern if your IP address changes before and after connecting to a VPN.
3. Use GlassWire
GlassWire is a freemium app available on Windows only.
It’s easy to see if you’re truly being protected by your VPN using GlassWire. All you have to do is head to the Usage section at the top of the window and then click the Traffic option on the left-hand side. Here, you’ll be able to see all the traffic types traveling to and from your computer.
Now, you’ll need to look for the specific VPN protocol you’re using. For instance, if you’re using OpenVPN, look for OpenVPN Daemon in the traffic list. If this is present, then your traffic is being encrypted via the OpenVPN protocol.
If you’re using the WireGuard protocol, look for “wireguard.exe” to make sure your data is being encrypted.
Download: GlassWire (Free, premium version available)
4. Use Wireshark
If you’re using macOS or a Linux-based operating system, GlassWire won’t be accessible to you. But the Wireshark app could make a great alternative, as it is available on macOS and a number of different Linux distributions. Even if you’re not using Linux or macOS, you may prefer Wireshark overall on a Windows system.
Wireshark certainly isn’t as nice on the eyes as GlassWire, but it still works well at identifying the incoming and outgoing traffic on your device. Once you’ve got the app set up, click on the kind of traffic you want to monitor. If you’re connected to a Wi-Fi network, then you’ll want to click on this option.
Once you’ve selected your connection method, you’ll be able to see all your online traffic in real-time. Click on a data packet, and check the contents. If the contents are in the form of ciphertext (i.e. it is unreadable), then your data is being encrypted. If you see data written in plaintext, then your VPN is not encrypting your traffic.
Wireshark has a single download page, wherein you can find the installers for Windows and macOS. You can also find the source code here to facilitate installation on Linux distributions.
VPN Errors and Scams Are Common
Even the best VPNs can sometimes malfunction, while other providers have shady features that may not align with the security promises made. So, to know for sure if your chosen VPN service is encrypting your traffic, use one or more of the tips above. This way, you’ll know for certain if you’re being protected.