Can You Tell If Someone Is Using a VPN?

vector diagram of people connected around the world with vpn

Using a VPN provides a level of protection across the internet to make sure what’s private remains private. However, some people feel if websites know a VPN is being used, this may make it difficult to use a VPN effectively.

Can you tell if someone is using a VPN? You can tell if someone is using a VPN as all their connections will be to a single IP address of the VPN server they are connected to. They will also have a VPN server assigned IP address that is different from their real IP address and this can be checked against known VPN addresses.

By being able to see the traffic from someone connected to a VPN, it’s easy to see they are connected to a VPN as all their traffic goes to a single IP address, that is the address of the VPN server they are connected to. If they weren’t using a VPN then reviewing the traffic from their device would result in many different IP address destinations of the different websites being visited.

Internet Service Providers (ISP) won’t be able to see which websites are being visited if a VPN is being used. The ISP services used to find out the IP address of the websites to connect to, that is the ISP DNS service won’t also be used, as the VPN will provide its own DNS service. Without having any detailed DNS log data to review, the ISP will only see DNS log entries for the VPN server and nothing for the websites being visited.

The IP address assigned to the VPN user can in some cases be compared to known VPN IP addresses and this could also give away the fact a VPN is being used. This is one of the ways services like Hulu and Netflix try to keep tabs on people trying to circumvent their regional restrictions by using a VPN. As soon as these services work out the IP address being used is from a VPN, the connections are either blocked like with Hulu or the service becomes restricted like with Netflix.

Wi-Fi

Connections made on Wi-Fi can be checked to see if a VPN is being used, as long as whoever is checking the connections has suitable access to the Wi-Fi access point or to the router. By looking at the traffic and seeing encrypted connections going to the same IP address will indicate the possible use of a VPN.

The same applies to public Wi-Fi like those in coffee shops, malls and just about everywhere these days. Anyone who has access to the public Wi-Fi access point, can easily see if VPN connections are being made just by looking at the IP addresses being visited. If these IP addresses are just a single IP address, then it becomes more obvious a VPN is being used.

Can websites tell if you are using a VPN?

Websites can’t tell if you are using a VPN directly but as they can see which IP address is being used, they could use the IP address to determine if it is one used by VPN providers, whether it is being shared across many users and if it’s being used differently to how normal customers would behave.

As soon as these services work out the IP address being used is from a VPN, the connections are either blocked like with Hulu or the service becomes restricted like with Netflix. If an IP address keeps appearing many times over a 24-hour period then this could indicate multiple people are using the IP address, as it would not fall into a normal customer behavioral pattern.

My usage of Netflix is typical with many other customers and I don’t watch Netflix for hours on end, especially not 24 hours as I need to work, sleep and live my life. But if customers are connecting from different time zones to the same VPN servers then the IP address of the VPN server is going to be used to connect to Netflix over and over again during a 24-hour period.

This may be alert Netflix to the fact the IP address is being for prolonged periods of time atypical with normal customer use. Some VPNs regularly cycle their IP addresses making it more difficult to work out if the IP address is from a VPN or not.

Connecting to a website and then switching on the VPN connection, could give away the fact a VPN is being used, especially if the location or region changes. So, if you’re a customer in Atlanta and you open a website in your web browser, the website could determine your location and using browser fingerprinting techniques be able to create a unique way of tracking you.

If all of a sudden you switch on the VPN and connect via a VPN server in Seattle, then the website will know your new IP address and could depending on the sophistication of the website, work out that within a space of a few seconds you’ve changed location, indicating you’re using a VPN. The browser fingerprint they’ve set up to identify you doesn’t match the one with the previous location, another anomaly they could use to identify VPN use.

I tend to do a couple of things first before connecting through a VPN. I use private mode browsing in my web browser (Incognito mode in Chrome, Private Browsing in Mozilla Firefox). I then connect to the VPN service and once the connection is up and running, only then do I connect to the website.

With this approach, I’m not leaving any browser fingerprints to be able to determine my region or location (not exact location but my home town or city) and the IP address I’m using isn’t being associated with any browser fingerprints, making it difficult for the website to determine who I really am.

Can you prevent a website from knowing you are using a VPN?

Yes, if you use a VPN which regularly rotates it’s IP addresses then a website may find it difficult to know if you are using a VPN. If the VPN uses the same IP addresses all the time, the website may be able to work out if the IP addresses are from a VPN based on usage patterns.

VPNs that regularly rotate the IP addresses assigned to their customers instead of sticking to the same IP addresses all the time, will make it much more difficult for websites to work out if a VPN is being used. As stated earlier, if the website keeps receiving connections from the same set of IP addresses over a prolonged period, this may alert the website to an unusual pattern not typical with normal customers.

Tracking cookies could also give away VPN usage, as these may be able to give away your real location based on previous browsing habits and if the location derived from the tracking cookies is different from the location derived from the IP address, then this could be another indicator of VPN usage.

I tend to do a couple of things first before connecting through a VPN. I use private mode browsing in my web browser (Incognito mode in Chrome, Private Browsing in Mozilla Firefox) this stops any tracking cookies leaving something behind when I exit the web browser. I then connect to the VPN service and once the connection is up and running, only then do I connect to the website.

I connect to a VPN in the same location, if I can’t do this as I need to access something that is region restricted then I may look at connecting to a different region but I try to remain within a few hours of my time zone. This is my way of ensuring any change in normal browsing behavior doesn’t alert the website to me possibly using a VPN. This is something I’m currently testing to see its effectiveness.

Conclusion

Websites and internet services are getting smarter at recognising when VPNs are being used and may as a consequence take steps to either block access or reduce the ‘user experience’, thereby limiting what customers can do on their websites.

This doesn’t mean these websites and services will always be able to work out if a VPN is being used, as the VPN providers themselves are also working hard to stay one step ahead, making it more difficult for their services to be blocked.

Wi-Fi

Can websites tell if you are using a VPN?

Can you prevent a website from knowing you are using a VPN?

Conclusion

Recent Posts