WebRTC VPN “Bug” and How to Fix It

Ali Raza No Comments Blog
software-762486_640

Two years ago, early in 2015, Firefox and Chrome decided to introduce a new feature for their browsers and called it WebRTC. This “feature” turned out to be nothing less than a spy add-on that permits every website you visit to scan and record your real IP address, and not even the use of a VPN can protect you from this.

WebRTC

WebRTC is short for a Web Real-Time Communication, and it’s supposed to allow browsers that have it to incorporate several different features, including video chat, voice calling, and even things like P2P file sharing system and all of it would go directly into your browser.

For example, Firefox’s (now removed) Firefox Hello video and chat client, which was very useful since it allowed everyone to securely talk to pretty much anyone who had an updated version of Chrome, opera or Firefox.

What’s The Problem?

This seems like a great thing that allows you to stay in contact with others, whether they’re friends, family or business partners, and to lead secure conversations without the fear of being listened on or spied on by anyone. So what’s wrong with that, you might wonder? The problem is that WebRTC was discovered to allow any website to immediately scan and recognize your real IP address, even if you’re using the best VPN out there. You might be connected to any server in the world, but the websites will still see your real IP, and therefore know your real location.

In an attempt to deal with the problem, a tool was created to help you discover if your browser is vulnerable to this security leak, and the creators of the tool have explained how it works and how are websites even able to discover your real IP through the STUN servers.

It’s discovered that Firefox, Chrome, Opera and even Android browsers can be affected by WebRTC, however, Internet Explorer and Safari do not support it, so they’re still safe to use.

Find Out If You’re Affected

If you’re using VPN and you’re interested in finding out whether it’s doing its job, you can do a browser test for leaking and discover it in a matter of seconds, simply by accessing ipleak.net. The website will then show you two IP addresses, the one that your browser is seeing, and the one you’re trying to show as your real one. If two are the same, the WebRTC is not leaking your address, and if they’re different, then the leak exists and you’re not truly safe.

The only way to ensure that your IP doesn’t leak is to disable WebRTC or to use the browser that doesn’t support it. There is, of course, the third option, but that one is not up to you, but rather to your VPN provider. If they’ve fixed the leak, then you could, theoretically, still safely use Chrom, Firefox, and other browsers.

It’s important to note that this is not the fault of VPN providers, but rather an attempt to trick even those who use VPNs into revealing at least some of their secrets. VPNs are actually doing a pretty good job at reacting to the situation and fixing the problem as soon as they could,

How To Fix The Issue

There are several ways of fixing the issue, depending on what browser you use, and so we’ve decided to show you some of them:

Firefox Fix

  1. As you might have imagined, the easiest way to deal with this problem is to simply disable WebRTC. This is relatively easy to done in Firefox, just follow the next steps:
  • go to URL bar and type in ‘about:config’, and click through ‘I’ll be careful I promise!’ filter
  • search for ‘media.peerconnection.enabled’
  • change the Value to ‘False’ by double-clicking the entry

This method should also work on mobile versions if your choice browser is Firefox.

  1. Disable WebRTC add-on is also a decent option. as well as uBlock Origin extension, that will stop the leak of the IP address. Once again, these add-ons are also available on mobile versions as well.
  1. The best way to deal with this problem is the NoScript add-on, but this tool is so powerful that it might pose a problem with dealing with websites, and it takes quite a bit of know-how to make this one work with your everyday browsing sessions. It’s not recommended for casual users, and it should also be mentioned that this one doesn’t work on the mobile version, but desktop only.
  1. Another example of a good desktop only add-on is Statutory, which allows you to decide on which websites can WebRTC do its thing, and where you don’t want it. This one made our list because, as we mentioned, WebRTC can actually be very useful, if you don’t mind leaking your IP.
  1. Not Firefox-related, but we thought it might be worth mentioning – Tor browser disables WebRTC by default and there’s no need for any sort of intervention from you there.

Chrome Fix

  1. The first fix for Chrome that we recommend is the extension called uBlock Origin, and this one can also be found in Opera.
  1. Other than that, you can use WebRTC Network Limiter extension, which is one of Google’s official ones, and it disables the IP leak while still leaves the WebRTC to do its job in peace.
  1. You can manually disable it if you’re an Android user, all you need to do is type in ‘chrome://flags’ into the search bar and scroll down until you find ‘WebRTC STUN origin header’. This is the one that you need, and after you disable it, you’ll be good to go.

Opera Fix

Most of the Chrome add-ons can be used in Opera, but they don’t really do the job as they should, so you might as well give up on that. WebRTC Leak Prevent has shown to work, though, so that one’s an exception.

To activate it and make it work properly, you’ll still have to do a couple of things manually, and here are the steps to do so:

  1. Go to Menu > Extensions > Manage Extensions WebRTC Leak Prevent > Options
  2. Set “IP handling policy” to ‘Disable non-proxied UDP’ (force proxy), and set both options under ‘Legacy’, and then just Apply settings, and you’re done.

If you’re a VPN user, this “bug” can be dangerous for you, since it’ll leak your real IP. However, as we already mentioned, the WebRTC does have its uses, and the leaking isn’t VPN provider’s fault, so don’t give up on them just because of this. Every one of these solutions is sure to fix your issues, and all you have to do is pick a method and apply it and it’ll be as if nothing had ever happened.

Are you Using VPN to Protect Privacy on Chrome?

Chrome and Google itself collects a lot of information about users in order to place highly targeted ads. If you want to protect your privacy, I would suggest checking out one of the VPNs below in the comparison table!

WebRTC VPN “Bug” and How to Fix It WebRTC VPN “Bug” and How to Fix It
Multi-platform Compatible
256-AES Encryption
PRICE $5 for 1 month with code "best10VPN" $6.95 a month
Website Rating 9.9 8.8
24/7 Live Chat
Residential / Dedicated IP for permanent streaming access
Has Mobile App + PC / Mac Support
Stealth VPN / Advanced Obfuscation techniques
Visit VPN Provider Visit TorGuard Visit PIA
Ali Raza
Passion for Cyber Security and Technology.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*

Lost Password

Sign Up