WebRTC is a modern browser-based technology that provides support for real-time communication to improve chat and rich-media communication between users. The problem of this protocol, from a privacy point of view, is that some flaws can expose sensitive data of users such as the real IP addresses, even if they are connected to VPNs.
The news about this WebRTC IP leaking flaw has already gone mainstream:
- Huge Security Flaw Leaks VPN Users’ Real IP-Addresses (Torrent Freak)
- Massive security flaw involving WebRTC reveals VPN users real IP addresses (TechWorm)
- WebRTC Vulnerability leaks Real IP Addresses of VPN Users (The Hacker News)
If you use a browser that supports WebRTC, such as Chrome or Firefox, you should fix this if you don’t want to expose your real IP online when using a VPN.
How to test if your browsers leaks IPs through WebRTC?
Visit this demo on GitHub.
How to fix the WebRTC IP Leaks?
On Firefox, WebRTC can be disabled completely. To disable it, open about:config, search for media.peerconnection.enabled. Double click on it to set it to False.
On Chrome (mobile), visit the URL chrome://flags/#disable-webrtc and enable the option.