WebRTC Leaks – A Complete Guide

Last Updated by Gray Williams on January 28, 2019

WebRTC leaks are most associated with VPNs and can occur on many web browsers. Let’s take a closer look at what they are, what these mean for you, and how to protect yourself.
WebRTC logo

What is WebRTC?

Though not commonly talked about, WebRTC refers to Web Real-Time Communication. It allows voice, P2P, and video chat sharing inside a browser without the need for additional browser extensions.

These standardized technologies allow browsers to communicate without the need for any intermediate server. Some of the benefits to this include faster connections and reduced lag time while video chatting, transferring files, or live streaming.

For two devices to utilize WebRTC, they must know each other’s official IP address.

This might be beneficial for some people, but ends up putting others in harm’s way. This is especially true if you utilize services with a VPN and want to maintain your online privacy while hiding your IP address.

WebRTC Leaks

The main vulnerability with using WebRTC is the exposure of your real IP address. It occurs through a STUN request with Chrome, Opera, and Firefox browsers, even if you’re connected to a VPN service.

Any site could run some Javascript commands and easily obtain your true IP address from the web browser.

Testing for a WebRTC Leak

If you don’t utilize a VPN, you’re already exposing your private information to third parties, the government, and your ISP. Even if you have a VPN, there’s a chance that you might experience a leak.
ExpressVPN WebRTC leak test

Here’s how to perform a test and check your connection.

  1. Disconnect from the VPN provider and head to the test site from ExpressVPN.
  2. Write down the public IP addresses that the site lists.
  3. Close out the webpage.
  4. Reconnect with your VPN and do the test once again.
  5. If they show any of the same public IP addresses you saw before, you’re facing a privacy leak.

Does a VPN Protect from WebRTC Leaks?

The simple answer is sometimes. The issue isn’t related to a VPN, but with browsers. That’s why it’s always best to repair the problem from a browser level, which we have the steps for.

With that said, some VPNs offer protection from WebRTC vulnerabilities, like ExpressVPN. They ensure whenever you open a web page through their connection that your public IP address won’t be leaked.
ExpressVPN If you still have an open tab from before you connected to your VPN provider, you might be at risk. It’s common for your IP address to remain cached in the memory of your browser. Even if you refresh that tab, you are at risk.

ExpressVPN’s browser extension works with Firefox, Safari, and Chrome to solve the issue directly. From the settings menu, it’s an easy adjustment to disable WebRTC and ensure your browser isn’t caching the IP address.

Because WebRTC is a relatively new technology, ExpressVPN continues to update its protocols to protect users. That’s why it’s still possible to experience a WebRTC leak, but engineers are always testing out new solutions. If you’re connected to a VPN and it still leaks, you should speak with customer support so they can resolve the issue.

Fix WebRTC Leaks

Here are the three main ways to handle WebRTC leaks:

  1. Disable WebRTC in your browser and only utilize browsers that allow disabled capability.
  2. Use extensions and add-ons if you can’t disable WebRTC. This solution isn’t 100% effective, so the vulnerability still exists.
  3. Work with a VPN which offers protection from WebRTC leaks; we recommend ExpressVPN.

You could also utilize the Tor browser. This hardened Firefox version disables WebRTC by default.

Here are some specific fixes based on the browser you’re using.

Firefox WebRTC

Firefox offers one of the simplest ways of disabling WebRTC.
Firefox disable WebRTC

  1. Type about-config into your URL bar. Hit enter. Make sure to agree to its warning message and then click, “I accept the risk!
  2. Type “media.peerconnection.enabled.
  3. Highlight the preference name, double-click, and change that value to false.

Your Firefox no longer has WebRTC enabled, so you are protected.

Chrome Desktop

WebRTC can’t be disabled through the Chrome desktop. Instead, your only option is add-ons. This path isn’t always effective and still leaves you vulnerable to leaks. We recommend that you cease using Chrome and avoid giving Google all your data.

If you won’t give up Chrome, there are a couple of add-ons you might consider trying:

  • uBlock Origin
  • WebRTC leak prevent

Chrome Mobile

Disabling WebRTC on your Chrome mobile browser is possible.
Chrome disable WebRTC

  1. On your device, open Chrome.
  2. Navigate to chrome://flags/#disable-webrtc
  3. Find “WebRTC STUN origin header” and disable it.
  4. You might want to disable the WebRTC Hardware Video Encoding/Decoding options as a secondary measure as well.

As an Android user, it is possible to install Firefox to avoid using Chrome altogether. Once you’ve installed it, make sure you follow the steps outlined above to disable WebRTC.

Opera

You can’t disable the WebRTC vulnerability without the use of an extension, just like with Chrome. This isn’t a recommended solution and still leaves you vulnerable.

Final Thought

If you desire a high level of security and anonymity while online, then WebRTC leaks is something you need to think about. Your browser remains the weakest link in your privacy chain.

Remember, these threats are relatively new, so many VPN providers aren’t yet equipped to deal with them the way ExpressVPN can.

If you want to browse the web anonymously, you must take steps to protect yourself with the highest levels of security available. Try out ExpressVPN and see if it works for you –they even offer a 30-day money-back guarantee, so there’s nothing to lose.

Gray Williams
Gray Williams is an experienced data and communications engineer and cross-platform copy and content writer and editor with a keen interest in cybersecurity. He has been working with and researching, VPNs and other online privacy tools for many years.