Library Technology – Reviews, Tips, Giveaways, Freeware

How Bad Are WebRTC Leaks?

Posted In Security - By Techtiplib on Wednesday, March 25th, 2020 With No Comments »

If you use a VPN, you probably heard other users talking about WebRTC leaks at one point or another. But you probably thought finding out what it is would be too difficult and not worth it. Well, I’m here to tell you a WebRTC leak shouldn’t be ignored. It can really endanger your privacy, in fact.

How Bad Are WebRTC Leaks?

If you want to learn more about that, keep reading. Or you could perform a WebRTC leak test right now if you’re in a hurry and come back to see how you can handle the leak if your VPN connection has one.

Either way, here’s all you need to know about WebRTC leaks. And don’t worry – I’ll keep it as simple as possible.

So What Is WebRTC Anyway?

WebRTC is an open-source project that equips web browsers with the ability to support:

  • Voice calls;
  • P2P sharing;
  • Video chat.

The highlight is that a web browser that uses WebRTC can offer those features without needing any additional extensions/add-ons.

To make that possible, WebRTC will establish special communication channels between your web browser and the website it’s connecting to.

What’s a WebRTC Leak?

Unfortunately, those very same special communication channels can cause a WebRTC leak. Basically, the channels will bypass the VPN encrypted tunnel, leaking your IP address.

How does WebRTC actually know your IP address, you ask?

Well, it’s all thanks to the ICE (Interactive Connectivity Establishment) protocol. WebRTC uses it to discover IP addresses through advanced methods like:

  • STUN/TURN servers – These servers make it possible for two devices behind a NAT firewall to communicate with each other. While that is a cool feature, it also allows said servers to discover your IP address. They can actually see it exactly how a website would see it.
  • Host candidate discovery – What you might not know is that your device actually has multiple IP addresses. It’s just that they’re associated with the hardware. Browsers and STUN/TURN servers shouldn’t be able to see them thanks to firewalls. However, the ICE protocol allows browsers to read those IP addresses off your device, anyway.

How Dangerous Is a WebRTC Leak, Really?

Pretty risky for your privacy. I mean, your real IP address will leak out of the VPN tunnel. That pretty much defeats the purpose of using a VPN in the first place. After all, almost anyone will be able to use your address to find out sensitive information about you, like:

  • What country and city you live in;
  • Who your ISP is;
  • What your ZIP code is.

Hackers could use that info to target your ISP with phishing attacks, and websites can use it to restrict your access with geo-blocks.

Also, WebRTC leaks will make it easy for advertisers to exploit your browsing habits. They can actually track STUN requests to see your real IP address. All they need to do is set up their own STUN server and make it use a wildcard DNS record (also called a wildcard domain).

And WebRTC leaks aren’t easy to block. Some people might tell you to use Ghostery or Adblock Plus, but they don’t stop these leaks at all.

What Browsers Can Suffer WebRTC Leaks?

Pretty much any web browser that enables WebRTC by default. Basically, you’re at risk if you use any of the following:

  • Mozilla Firefox
  • Microsoft Edge
  • Google Chrome
  • Opera
  • Brave
  • Safari

How to Detect a WebRTC Leak

There aren’t any signs you can look for. Instead, you’ll have to use an online tool to check your VPN connection for these kinds of leaks.

There are plenty to choose from, but I recommend ProPrivacy’s VPN leak test tool. It’s very comprehensive and simple to use. In fact, with just a few clicks, you’ll quickly find out if you have anything to worry about or if you’re in the clear.

How Bad Are WebRTC Leaks?

What’s more, the tool will also check your VPN connection for DNS, IPv4, and IPv6 leaks to make sure everything is 100% secure.

Ideally, you should use this tool to test your VPN connection every time you pick a provider, and on a regular basis too (like at least once per month).

How to Prevent a WebRTC Leak

Whether you’re dealing with one, or you want to make sure there won’t be any, here’s what you need to do:

Use a VPN with WebRTC Leak Protection

While many VPNs say they protect you from leaks, few go into detail about how they implement WebRTC leak protection.

Right now, the best ones you can use are ExpressVPN and Perfect Privacy. Both services configured their clients to protect against WebRTC leaks. They also use firewall rules to accomplish that. NordVPN is also a decent option since it has a browser extension that blocks WebRTC leaks. Allegedly, their VPN service does that too.

Use Add-Ons/Extensions That Disable WebRTC

There are specific add-ons/extensions you can try like WebRTC Leak Prevent on Chrome and Opera. VPN extensions (like those from NordVPN and ExpressVPN) can also work very well – especially on browsers that don’t let you disable WebRTC (like Microsoft Edge).

But I personally recommend just using uBlock Origin. It’s fully open-source, works on pretty much all browsers, and successfully blocks WebRTC leaks. Plus, it’s very lightweight so it won’t eat up a lot of your system’s resources.

Manually Disable WebRTC on Your Browser

If you want to be really sure there’s no risk of WebRTC leaks, you can try disabling the feature on browsers that allow it. Here’s how:

  • Firefox – Type “about:config” in the URL bar, hit Enter, and click on “I accept the risk.” Type “media.peerconneciton.enabled” in the Search bar and check the Preference Name tab for it. Click on it and change the value to False.
  • Brave – Go to Preferences > Shields > Fingerprinting Protection and select Block all fingerprinting.
  • Safari – Head to Preferences > Advanced and check the box for Show Develop menu in menu bar. Next, go to Develop > WebRTC, and disable Enable Legacy WebRTC API.
  • Chrome (Android) – Copy this in the URL bar: “chrome://flags/#disable-webrtc”. Find WebRTC STUN origin header and disable it.

More contents in: ,

About - Hey, this blog belongs to me! I am the founder of TechTipLib and managing editor right now. And I love to hear what do you think about this article, leave comment below! Thank you so much...