People commonly use commercial VPN services for privacy. They want to protect online activity from ISPs. They want to keep their identity and location private. So VPN services promote themselves accordingly. Some even claim to provide "anonymity".
But there's a problem: VPN protocols were not designed with those goals in mind. By default, they leak in too many ways to reliably protect privacy. They leak queries to default DNS nameservers. They leak IPv4 traffic when forced to reconnect. And they are often entirely oblivious to IPv6 traffic.
These are well known issues. Most VPN services now claim to prevent DNS and IPv4 leaks. Some even claim to prevent IPv6 leaks. And knowledgeable users know how to test for leaks, and how to prevent them.
But there's another problem: most users are far from knowledgeable about VPNs. They are naive. And sadly, there is no reliable way for naive users to know which VPN services deliver on their promises. Certainly, there are many sites that review VPNs. But most of these reviews are just marketing bullshit. They're a product of VPN marketing and affiliate programs.
IVPN did provide funding and technical support for this prototype. And I did know that IVPN wouldn't leak, because I had written a guide on leak testing for them. But that doesn't invalidate my results.
In Windows, just six of 29 VPN services tested were leak-free. In Mac OS X, just four of 27 VPNs tested were leak-free. Only IVPN provided leak-free clients for both Windows and Mac OS X. For the rest, clients leaked IPv4 traffic and/or DNS queries while reconnecting after uplink interruption.
Worse, many VPNs leaked IPv6 traffic whenever the machine was connected to the Internet, revealing its ISP-assigned IPv6 address to remote sites and intervening routers. That address is globally unique, and so those VPNs did not protect user identity.
That is a huge problem for users with IPv6 connectivity, and generally in areas where IPv6 connectivity is common. Over the next few years, as IPv6 connectivity becomes increasingly common, it will become far worse. Unless, that is, VPN providers get their acts together.More Background For VPN Providers