Well, there's an important distinction about "pings can be allowed should the lock be on and the VPN not connected". I mean, if I manually disconnect the VPN, I'd expect that pings would be allowed. But if the VPN client is reconnecting after a network interruption, I'd expect that pings would be blocked. Because that could happen while you're torrenting or whatever, so whatever apps are running could be pinging stuff. Yes, for sure. Always use a firewall. But then, people who use VPN clients from providers tend toward cluelessness about configuring firewalls. And that was the point of the leak testing project. To see how well VPN clients protect clueless users. I will let all y'all know It'll be a few days before I get to this. I'm currently obsessing with ping localization of VPN servers. It turns out that it's not as straightforward as I had expected. Maybe some of the ping probes aren't where they claim to be. Or maybe lots of stuff isn't really where it claims to be. Or rather, maybe ping times reflect complexities of network routing more than simple physical distances.