use DNS with DoT (dns over tls) or DoH (dns over https)
This is critical because the most people use a DNS with their own ISP.
The DNS can leak their true location.
Your vpn solution is not complete without DNS encryption.
And please don't forget Linux not just Windows, Apple or Google.
If people use a DNS with their own ISP and ProtonVPN they will just use Proton's DNS as soon as they use the VPN and that doesn't leak, since all traffic is protected.
It is a different story when you set a custom DNS server for ProtonVPN and the DNS traffic is forwarded to that custom DNS server. Here DoH or DoT would have to be used to avoid a leak, but tbh. even that DNS leak should just point to your VPN location (not an expert though, so not sure).