More and more professionals recognize that Virtual Private Networks (“VPNs”) are a valuable privacy tool. Many legal professionals use VPNs to protect sensitive client communications and maintain confidentiality when working remotely. However, a common browser setting may be undermining your VPN’s privacy protections without your knowledge.
The Hidden Problem: DNS Leaks
Modern browsers include a feature called “Secure DNS” (also known as DNS-over-HTTPS or DoH). While this feature enhances privacy in normal browsing, it creates a significant vulnerability when used alongside a VPN.
Here’s what happens:
When Secure DNS is enabled in your browser, your DNS queries—the lookups that translate website names into IP addresses—bypass your VPN tunnel entirely. Instead of routing through your encrypted VPN connection, these queries go directly to third-party DNS providers like Google or Cloudflare, or they may go through the internet service provider (e.g. Spectrum, Comcast, Verizon, etc.) that may not have a secure system to manage sensitive information, like bank records, deal documents, or health records.
This means your VPN isn’t actually protecting all your traffic!!!!
Why This Matters for Legal Professionals
DNS queries reveal your browsing patterns, even when the content itself remains encrypted. For attorneys, this metadata can expose:
- Which legal research databases you’re accessing
- Court systems or government portals you’re visiting
- Client-related domains or services you’re researching
- Industry-specific resources tied to particular matters
Even though the actual content of your communications remains encrypted, DNS leaks create a trail of your digital footsteps outside your VPN’s protection—potentially visible to your ISP, network administrators, or other observers, like an authoritarian government.
The Solution
If you use a VPN, you should disable Secure DNS in your browsers:
Chrome/Edge: Settings → Privacy and security → Security → “Use secure DNS” → Turn OFF
Firefox: Settings → Privacy & Security → “DNS over HTTPS” → Select “Off”
Safari: Settings → Privacy → Uncheck “Enable DNS over HTTPS”
As Firefox is my preferred browser, it has a “Default Protection” setting that uses Secure DNS in safe networks, like your home or office networks, but it will automatically switch off Secure DNS when the browser detects that you’re using a VPN (see image below).
Verify Your Protection
After disabling Secure DNS, test for leaks:
- Connect to your VPN
- Visit dnsleaktest.com
- Run the extended test
- Confirm you see only your VPN provider’s DNS servers (not your ISP’s or Google/Cloudflare)
The Bottom Line
VPNs and browser Secure DNS are both valuable privacy tools—but they work against each other when enabled simultaneously. By disabling Secure DNS while using a VPN, you ensure all your traffic, including DNS queries, flows through a single encrypted tunnel.
For legal professionals handling confidential client matters, this simple configuration change can close a significant privacy gap.
Burrell Law, P.C. provides business and tax law services with offices in New York City and Washington D.C. For questions about cybersecurity, data privacy, or technology law matters, contact one of our offices.
