WebRTC Leaks – A Complete GuideLast Updated by Gray Williams on January 28, 2019
WebRTC leaks are most associated with VPNs and can occur on many web browsers. Let’s take a closer look at what they are, what these mean for you, and how to protect yourself.
What is WebRTC?
Though not commonly talked about, WebRTC refers to Web Real-Time Communication. It allows voice, P2P, and video chat sharing inside a browser without the need for additional browser extensions.
These standardized technologies allow browsers to communicate without the need for any intermediate server. Some of the benefits to this include faster connections and reduced lag time while video chatting, transferring files, or live streaming.
For two devices to utilize WebRTC, they must know each other’s official IP address.
This might be beneficial for some people, but ends up putting others in harm’s way. This is especially true if you utilize services with a VPN and want to maintain your online privacy while hiding your IP address.
Testing for a WebRTC Leak
If you don’t utilize a VPN, you’re already exposing your private information to third parties, the government, and your ISP. Even if you have a VPN, there’s a chance that you might experience a leak.
Here’s how to perform a test and check your connection.
Does a VPN Protect from WebRTC Leaks?
The simple answer is sometimes. The issue isn’t related to a VPN, but with browsers. That’s why it’s always best to repair the problem from a browser level, which we have the steps for.
With that said, some VPNs offer protection from WebRTC vulnerabilities, like ExpressVPN. They ensure whenever you open a web page through their connection that your public IP address won’t be leaked.
If you still have an open tab from before you connected to your VPN provider, you might be at risk. It’s common for your IP address to remain cached in the memory of your browser. Even if you refresh that tab, you are at risk.
Because WebRTC is a relatively new technology, ExpressVPN continues to update its protocols to protect users. That’s why it’s still possible to experience a WebRTC leak, but engineers are always testing out new solutions. If you’re connected to a VPN and it still leaks, you should speak with customer support so they can resolve the issue.
Fix WebRTC Leaks
Here are the three main ways to handle WebRTC leaks:
You could also utilize the Tor browser. This hardened Firefox version disables WebRTC by default.
Here are some specific fixes based on the browser you’re using.
Firefox offers one of the simplest ways of disabling WebRTC.
- Type about-config into your URL bar. Hit enter. Make sure to agree to its warning message and then click, “I accept the risk!”
- Type “media.peerconnection.enabled.”
- Highlight the preference name, double-click, and change that value to false.
Your Firefox no longer has WebRTC enabled, so you are protected.
WebRTC can’t be disabled through the Chrome desktop. Instead, your only option is add-ons. This path isn’t always effective and still leaves you vulnerable to leaks. We recommend that you cease using Chrome and avoid giving Google all your data.
If you won’t give up Chrome, there are a couple of add-ons you might consider trying:
- uBlock Origin
- WebRTC leak prevent
Disabling WebRTC on your Chrome mobile browser is possible.
- On your device, open Chrome.
- Navigate to chrome://flags/#disable-webrtc
- Find “WebRTC STUN origin header” and disable it.
- You might want to disable the WebRTC Hardware Video Encoding/Decoding options as a secondary measure as well.
As an Android user, it is possible to install Firefox to avoid using Chrome altogether. Once you’ve installed it, make sure you follow the steps outlined above to disable WebRTC.
You can’t disable the WebRTC vulnerability without the use of an extension, just like with Chrome. This isn’t a recommended solution and still leaves you vulnerable.
If you desire a high level of security and anonymity while online, then WebRTC leaks is something you need to think about. Your browser remains the weakest link in your privacy chain.
Remember, these threats are relatively new, so many VPN providers aren’t yet equipped to deal with them the way ExpressVPN can.