Windscribe VPN Leaking DNS in Linux

This post pertains to the Windscribe GUI app on Linux as encountered here on Debian and Ubuntu based Linux Mint with the latest version 2.6.14 as well as the previous version. To be fair the GUI app is still marked as in beta.

If you go to the download page it funny enough first attempted to serve me the older and more reliable CLI program, supposedly tried and tested, and only at the second attempt offered the GUI program for download. I'ld have to check if this problem is also present in the CLI version (it wasn´t previously when used around three years ago as I ran frequent tests) but for now with the move to a more comfortable graphical interface I've only got the new app installed.

Most sites like whatismyip.com will tell you that everything is fine. It seems like they're only running one test. Also, when tested on AirVPN's ipleak.net everything appears fine at first glance. However, they're running more tests and eventually after around 20-30 seconds suddenly a second DNS is detected and pops up as visible in the screenshot below. This is the DNS of the ISP.

The same problem was evident on browserleaks.com.

 

After 173 tests run on ipleak.net original ISP's DNS is revealed.

This happens even after ipv6 is disabled. The app was even more leaky with this enabled as is the default now in most browsers and persisted across all protocols, be it Wireguard, OpenVPN, Stealth or Wstunnel.

Settings for above test

 Windscribe advise to use the browser plugin for what they call multi-hop and additional in-browser management but this is not always practical and not all apps that make DNS requests are browsers so this is a dead giveaway to any attacker who's watching your internet traffic. Not just that, a lot of people these days are using a VPN to circumvent geo-restrictions to stream their favorite movies or news sites and I believe I first started looking into this when I was getting blocked as being in the wrong country despite selecting the right location - BBC iplayer for example while abroad.

 

Sky ISP shining through with browser plugin enabled

Even worse, the leaks persisted even with the browser plugin enabled. Windscribe has its followers and long-time customers who are claiming now DNS leaks but that is not correct as shown above.

I still appreciate them for their generous free 10GB a month plan and their streaming and unblocking abilities in the past but one shouldn´t rely on them for true privacy or even for streaming to work flawlessly for as long as the real ISP shines through - this is probably why iplayer works for a while and then apparently inexplicably stops working once your DNS is compromised.

 I'll have to check whether this works better in the CLI version - it used to - which would mean this is a problem only with the beta of the GUI app. Stay away from it for now on Linux if you want airtight security and streaming.

I can't talk about other OS's, it may work fine on Windows and Apple's OS and no problems were detected on Android.