What Are WebRTC Leaks?
Technical Features

What Are WebRTC Leaks?

Ben Thornton
Ben Thornton

Web Real-Time Communication, or WebRTC, is an open-source tool with Javascript APIs that adds (believe it or not) real-time communication capabilities to applications and websites. It does this by establishing peer-to-peer (P2P) connections between two browsers or two apps.

It’s a very handy and widely used tool, and the average internet user will encounter websites and apps using WebRTC on a fairly regular basis.

But why do you need to know about it?

Whilst WebRTC has a lot of upsides, it has one major downside: the potential for IP leaks.

What is a WebRTC leak?

A WebRTC leak is a term used to describe when the WebRTC API is used to determine your true IP address.

This, obviously, presents a vulnerability that the privacy and security conscious should be aware of, especially as not all VPN services account for WebRTC leaks.

Testing your VPN for WebRTC Leaks

Finding out if your VPN service has a WebRTC leak is pretty straightforward.

  1. Find and note down your true IP address (you can search “what’s my IP” to do this, but make sure you’re disconnected from your VPN service first)
  2. Close your browser and start up your VPN
  3. Relaunch your browser and go to https://browserleaks.com/webrtc
  4. Check the “WebRTC IP Address Detection” Section. If either the Public IP or IPv6 IP displayed is your real ISP address, you’ve got a leak!

Preventing WebRTC Leaks

There are two ways to prevent WebRTC leaks: the Hardmode option, or the Recommended one.

The Hardmode option involves manually disabling WebRTC in your browser settings. This is awkward to do, however, as it involves more advanced editing of settings - and it’s entirely possible that an error can lead to your browser breaking.

In Firefox:

  1. Type “about:config” in the address bar and hit enter. When prompted, hit accept.
  2. Click on “Show All” to reveal a loooooong list of settings that, honestly, you really shouldn’t mess with. Instead, just search for “media.peerconnection.enabled”.
  3. Hit the toggle button so that the function reads “false”.
  4. WebRTC is now completely disabled in Firefox!

In Safari:

  1. Go to Preferences in the Safari menu.
  2. Go to the Advanced tab and check the box labeled “Show Develop menu in menu bar”.
  3. Click on the new “Develop” button on the menu bar, and select “Experimental Features” from the drop-down menu.
  4. Scroll until you find “WebRTC mDNS ICE candidates”, and make sure it isn’t checked.
  5. WebRTC is now completely disabled in Safari!

In Edge:

  1. Type “about:flags” in the address bar and hit enter.
  2. Scroll through the settings until you find “Hide my local IP address over WebRTC connections” and make sure it’s turned on.
  3. Restart Edge. WebRTC is now completely disabled in Edge!

In Chrome:

  1. Don’t even try to edit the settings files yourself. No, seriously.
  2. Use the Recommended option below.
  3. If you really insist on not going with the recommended option, give the WebRTC Leak Prevent Chrome extension a go.

The Recommended option is simply to use a VPN service with built-in functionality to handle WebRTC, like Windscribe. Our browser extensions disable WebRTC in your browser when you enable the “WebRTC Slayer” privacy option, preventing the websites you visit  from accessing your true IP address.

Of course, our WebRTC Slayer isn’t the only neat feature we have to offer, and with a trusted VPN service like Windscribe, you can gain a measure of comfort knowing that your internet experience is private and secure.

Ben Thornton
Ben Thornton