WebRTC IP leak: are you affected?

Find out if your IP address is discoverable

Web Real Time Communications (RTC) was developed to help connections between browsers, removing the need for plugins or extensions.

F.A.Q.

What is WebRTC?

Its open source API is used for data transfers and communications activities. For example, video and voice calls, and Peer-To-Peer filesharing. This eliminates the need to use VOIP services such as Skype, or file transfer tools such as FTP or Dropbox. Which made it easy to use…. but also revealed vulnerabilities – even for VPN users.

How does it leak my IP address?

WebRTC relies on Javascript, which is where the vulnerability exists. A website can insert some Javascript code, so requests are made outside your VPN tunnel. When you try to access its pages, the code makes requests (User Datagram Protocol packets) to Session Traversal Utilities for NAT (STUN) servers.

These servers then send back a packet of the original request, enabling applications to access the following information, which can be used to identify you:

Your real IP

Your VPN’s IP

Local network addresses

There’s no way of knowing if you’re being tracked. These requests are made outside of the XMLhttpRequest API, so they won’t show in developers’ logs. Even if you have browser add-ons blockers such as Ghostery or AdBlock, these don’t guarantee your anonymity.

If you were thinking, “What about blocking the script?”, then sorry, that’s not secure either. Script-blockers, such as NoScript, are vulnerable.

It’s not clear when the first WebRTC leak was discovered, although rumours first started appearing in 2013.

Who is affected?

Reports have so far focused on users of Chrome and FireFox, plus Windows users. If you’re a Mac or Linux user reading this and thinking, “Phew, I’m safe”, then please still check. When it comes to staying anonymous online, you can never be 100% sure.

How do I check for WebRTC leaks?

Use Hidester’s WebRTC IP leak checker. This will instantly show you whether your IP is leaking. The tool will display your local IP address, plus your IPv4 and IPv6 addresses.

How do I fix a WebRTC leak?

When the WebRTC leak was first discovered, several patches and fixes were released. Initially, these were reported to be a success. However, subsequent reports showed that users were still at risk.

If you follow the instructions below, please be aware you might experience reduced WebRTC functionality. But remember that nothing can fully guarantee your online privacy. And of course, make sure you always use a VPN!

Hidester has developed a complete VPN application including a WebRTC leak test. Through Hidester network of high speed VPN servers, combined with the VPN kill switch integrated function, our Members reach an excellent level of protection.

WebRTC leak fix for FireFox users

Open a new browser tab Search for “about:config” (without typing in the speechmarks)

FireFox will display a warning message. Click the “I’ll be careful, I promise!” button In the search box at the top of the page, type “media.peerconnection.enabled” (without the speech marks)

Under the value column, this should be set to “false”. If it says “true” just double-click on it, and it will change to “false” That’s it

WebRTC fix for Chrome users

Several attempts have been made to fix the WebRTC leaks, such as ScriptSafe. After initially installing, users reported the fix had successfully disabled the WebRTC script. However, over time users have still reported IP address leaks.

Some people recommend running your VPN tunnel directly on your router. This connects you to straight to Wi-Fi, making it difficult for a malicious script to discover your IP. Others recommend configuring your firewall, to only permit traffic through the encrypted VPN tunnel.

In conclusion

The WebRTC vulnerability shows that you’re only as anonymous as the systems you use. Take care to ensure you have covered every possible risk, by regularly using Hidester’s portfolio of free internet security & privacy tools: