DNS Leak

[issuant]

Checking https://mullvad.net/en/check, it says there are no DNS leaks but with https://dnscheck.tools, both the IP addresses of the desktop app and the browser proxy are visible. What's up with that? No other extensions installed. If it is a leak in the browser, to whom is it leaking? My ISP? Mullvad itself?

[issuant]

Does this also leak to websites? I am not sure if this is relevant but I now remember once in the past, a temporary Reddit account I created recorded my sign up location as that of the desktop app's server which was different from that of the browser's proxy.

[ruihildt]

As noted in the Mullvad Browser Extension help page:

Note: Unproxied DNS requests If another extension is using the dns API permission, then the Mullvad Browser Extension DNS requests might not be proxied. This is notably the case if Uncloak canonical names is enabled in the uBlock Origin settings. However since our proxy only works when you are connected to Mullvad, any DNS requests outside the proxy made by a third-party extension should not leak.

While this is not strictly a Mullvad Browser issue, we are investigating the best course to take:

• warn in the extension about it
• disable "Uncloak canonical names"

As an aside, please take note that in Firefox 129 up to Firefox 132 (which will be released in October 29th of this year), there is a bug in Firefox creating a similar DNS leak. See: https://bugzilla.mozilla.org/show_bug.cgi?id=1910593

[issuant]

To whom is it leaking? Not my ISP I'm guessing. Can websites observe this leak, causing the issue described with Reddit?

https://bugzilla.mozilla.org/show_bug.cgi?id=1910593

This says Status: RESOLVED FIXED. Does that mean it is fixed in Firefox 132?

[ruihildt]

Yes the fix is planned to ship in Firefox 132, which should be released October 29th.

[issuant]

Good to hear. What about this?

To whom is it leaking? Not my ISP I'm guessing. Can websites observe this leak, causing the issue described with Reddit?

[ruihildt]

Any entity intercepting traffic between the user's device and the DNS server can potentially observe DNS leak (ISP included).

Websites can as well, if they setup DNS leak tests (which should be fairly obvious to notice if you look at the browser network connections).

[ruihildt]

But it's good to note that in the case of the Mullvad socks5 proxy, since the proxy tunnel can only run through a Mullvad VPN connection (WireGuard or OpenVPN), then there isn't really any leak.

[issuant]

What might have caused the thing with Reddit then?

[ruihildt]

I guess it shows that Reddit is actively looking for DNS leaks.