logo

About this service

Who we are

Doileak naturally grew out of an interest in internet privacy, how to test it and improve it.
While testing some web proxies for security leaks we found sites for several separate tests ( for example ip-check.info, panopticlick.eff.org, dnsleaktest.com or ipleak.net) but there wasn’t a single service which could check all the most common leaks.
Necessity is the mother of invention, and work began on the project.
Now Doileak.com tests for all the most common leaks, including tests for torrent leaks.

Who this site is for

Maybe you torrent files regularly and want to make sure your IP address is properly shielded. Maybe Netflix geoblocked you when you used a VPN and you want to know what gave you away. Maybe you’ve heard you might be leaking for the first time and want to know more about what that means.
This site is meant to be a quick and dirty test to show possible leaks and get people thinking about their security. It’s not a guidebook for how to stop leaking - any guidebook would be enormous and outdated far too quickly.

Implemented Tests

We test most of the common leaks, with a few uncommon ones thrown in too. Check back frequently or follow us on Twitter as new tests are added and developed.
 

Request IP

Before running further tests, we get your request IP - what you show to the internet at large.
This test shows if you’re using a visible proxy, for example if you are connected through a company or university’s internet service. An anonymous proxy will not be detected by this test, but the other tests on this page could help to detect if you are using one.
This also tests if you’re arriving from a TOR exit node. This won’t reveal your identity, but websites can block traffic from TOR users as they assume you have something to hide.

 

Operating System

We use three methods to detect your Operating System:
  • Javascript: A website or test can use Javascript to detect your Operating System via your browser in a few different (and simple) ways. It’s easy to detect OS in this way, and equally easy for someone to feed the test fake results.
  • ‘User Agent’: We use ‘User Agents’ (such as browsers) to access webpages. User Agents send some information about themselves to that webpage via User Agent string. Webpages can use this string as an easy way to detect someone’s Operating System, but it’s equally easy to spoof.
  • TCP/IP fingerprinting: The TCP/IP protocol controls how data is sent between computers and how the sender and receiving computers are identified. Mostly this is done identically by every computer, but some small parameters are implemented differently by different operating systems, creating a ‘fingerprint’. This result is very difficult to fake, but has a larger error rate.
If different OS detection methods deliver different results you may be a bot, or a human using a proxy or a virtual machine.
 

Browser

Similar to OS detection, we use three methods to detect your browser:
  • Javascript: A website or test can use Javascript to detect your browser in a few different (and simple) ways. It’s easy to detect your browser using this method, and equally easy for someone to feed the test fake results.
  • ‘User Agent’: We use ‘User Agents’ (such as browsers) to access webpages. User Agents send some information about themselves to that webpage via a User Agent string. Webpages can use this string as an easy way to detect someone’s browser, but it’s equally easy to spoof.
  • TCP/IP fingerprinting: The TCP/IP protocol controls how data is sent between computers and how the sender and receiving computers are identified. Mostly this is done identically by every computer, but some small parameters are implemented differently by different browsers, creating a ‘fingerprint’. This result is very difficult to fake, but has a larger error rate.
If different browser detection methods deliver different results you may be a bot, or a human using a proxy or a virtual machine. You could also be spoofing your results.
 

Connection type

The TCP/IP protocol controls how data is sent between computers and how the sender and receiving computers are identified. Mostly this is done identically by every computer, but some small parameters are implemented differently by connection types (e.g. DSL, Modem, Ethernet, T3). Using this information we can detect (with some errors) how the tested computer is connected to the internet.
This can detect if your connection is typical of a home user. Strange connection types could imply a data center, where a proxy/VPN would be placed.
Dissecting the TCP/IP packets sent by you we can also detect how many steps (hops) a request took. Requests from the same country take fewer hops than requests from the other side of the world - which could identify proxy/VPN use. Most proxies and VPNs open new requests and reset the hop counter, so they won’t be identified by this test.
 

Timezone Difference

Your timezone configuration can be detected from your browser with a simple Javascript request. If your browser timezone doesn’t match the timezone of your request IP location, it’s a hint that you’re not where you say you are… or you’ve just configured your time settings badly.
 

DNS Request Source

While surfing the internet your browser not only creates HTTP requests, it also converts domain names into numerical IP addresses via DNS requests. When using a secure VPN, both HTTP and DNS requests should be sent through your VPN tunnel or you should use a DNS server which does not reveal your location.
Sometimes if your settings are badly configured your computer can get mixed up and send DNS requests via your ISP’s server instead of through the VPN. Our test checks if your HTTP and DNS requests are coming from the same network - if they aren’t, it’s a sign you are trying to hide your real IP address.
While DNS leaks won’t expose the IP address itself, they can reveal that things aren’t what they seem. Netflix for example does use such hints to prevent geo-spoofing. An interested observer with the right authority could force your ISP to reveal the true IP address.
A ‘green’ result means that the DNS and HTTP requests match and appear to come from the same area, it doesn’t mean your real IP is hidden.
When using a proxy, VPN, or TOR server this test can give a false alert if you are using an anonymous DNS server which is not on our list of safe servers and/or if your DNS and HTTP endpoints are located on different networks.
 

IPv6 Request Source

Until recently, the whole world used IPv4 to define the numerical values of IP addresses. Unfortunately, no one considered how many people would eventually use the internet, and they’re running out or already have ran out depending on who you ask. Most internet users use an IPv4 IP address.
To keep up with the spiralling demand for new IP addresses, the IPv6 standard has been introduced - for now it’s supported by all modern Operating Systems, but the vast majority of websites haven’t caught up yet.
This forces IPv6 compatible websites to support both IPv4 addresses and IPv6 addresses, depending on who is connecting to them. Many proxies or VPN client and server software have been lagging behind to become IPv6-ready. If you have IPv6 enabled and your proxy or VPN does not support dual-stack Internet connectivity, IPv4 traffic will be routed through the VPN, but IPv6 traffic is routed straight to the ISP, revealing your real IP address.
 

SSL traffic

If your proxy does not support SSL, you will transmit all your data (important stuff like passwords, credit card numbers, logins) all in plain text. It goes without saying you don’t want this to happen and you want to test new or unknown proxies for this before entering anything sensitive.
 

WebRTC IP Leak

Web Real-Time Communication (WebRTC) is enabled by default in Firefox, Opera and Google Chrome, and enables video chat, voice calling and P2P sharing from within your browser.
A neat trick, but it allows any website to instantly see your true IP address. The only way to avoid sharing your IP address this way is to disable WebRTC completely.
 

Torrent IP

With this test you can validate that your Torrent client is using your VPN to send requests to a Torrent tracker. We test HTTP and UDP based tracker requests.
We also check the request content for eventually stamped-in IP addresses in HTTP tracker requests.
 

Torrent DNS

If a magnet link or a torrent file contains a tracker which is addressed with a domain name, your torrent client has to resolve the domain name to an IP address. This tests helps you to detect the DNS server your torrent client is using.
 

Flash support

The Flash Player is like a big open hole in your internet privacy - far too easy to poke around and cause damage. As well as causing serious security vulnerabilities if not regularly updated (and even then…) it also offers multiple weak points to leak your identity IP address, even while using a proxy or VPN. Block it completely, or as an absolute minimum stop it starting automatically.
Our test doesn’t check if your IP is leaking through Flash, it just tests if Flash is enabled.
 

WebGL support

WebGL is a Web standard used to render 3D graphics and comes automatically with some browsers like Chrome, Firefox, and Safari. WebGL runs code directly on the video card, and keeping it enabled means websites could access your video card APIs. These APIs have not been designed with security in mind (because they were kept safe and unconnected) and flaws in them could be exploited by malicious attackers.
This is less of an IP leak (though leaking your IP is one way a flaw could be exploited) and more of a - for now - security risk of unknown magnitude. To stay on the safe side we recommend you disable WebGL whenever you don’t need it.
 

SSL Setup Security

If your computer, proxy or VPN has an unsecure SSL setup, your communication encryption might be broken.
The topic is too big to cover here, but you can get more detailed information about your SSL setup and its weaknesses from How’s my SSL if you’re interested.
 

Third party cookies

The only use for third party cookies is to make your online presence really easy to track. While it might be nice to have ads reflect what you’ve been looking at, it can also provide enough information to relate your anonymous IP to your real IP.
 

HTTP Request Leaks

Webpages and other HTTP documents can request external resources to display properly. Requests for external resources might be fulfilled by the browser itself, browser plugins or even external programs on your computer. Browser plugins or external programs are prone to ignore proxy, DNS, and IPv6 configurations, which results in a leak of your real IP address.

Credits

For our test we used/modified the following projects:
WebRTC IP Detection:webrtc-ips by Daniel Roesler
SSL Test:howsmyssl.com by Jeff Hodges
HTTP Request Leaks:HTTPLeaks
HTTP Fingerprinting:p0f
JavaScript Client Detection:Viazenetti GmbH (Christian Ludwig)
Virtual machine detection:Web-based virtual machine detection using the HTML5 Performance object by Amit Klein
Third party cookies:Third party cookies Detection by MindMup