WebRTC (Web Real-Time Communication) is an open-source technology that enables peer-to-peer communication in web browsers and similar applications.
Initially released in 2011, WebRTC eliminates the need for browser plugins and third-party software. If you’ve ever used Discord or Google Hangouts, for example, you’ve used a WebRTC-powered service.
But there’s one problem with WebRTC: the possibility of IP address leaks.
What’s a WebRTC leak?
Tech giants such as Google, Microsoft, and Apple use WebRTC. Most browsers nowadays use this technology as well, which means there’s always a chance your IP address (a string of characters unique to your computer or network) leaks without you knowing. But what are WebRTC leaks exactly, and how would one take place?
Let’s say you’re using a VPN to browse the internet, whether to protect your privacy or just because you need to bypass geographical restrictions. A good VPN uses strong encryption, obscures your real IP address, and spoofs your location, making it seem like you’re based in a different country and thus protecting your privacy.
But even with a VPN turned on, a browser using WebRTC technology may be leaking your real IP address. So if you’re trying to video chat with somebody through your browser, or talk through Google Hangouts, WebRTC might be bypassing the protections you’ve put up and leaking your real IP address.
WebRTC leaks don’t just defeat the purpose of using a VPN, but also represent a major security vulnerability that a competent threat actor could exploit, were they to intercept your communications in some way. For example, they might launch an IP spoofing attack and deploy malware to your computer.
How to Check If WebRTC Is Leaking Your Real IP Address
If you don’t have VPN software installed, your real IP address is visible regardless of which browser or device you’re using. But, as explained above, even if your VPN is on, your IP address might be visible due to a WebRTC leak.
Here’s how to check if your IP is leaking.
The first thing you need to do is disconnect your VPN, and then head over to a site like WhatIsMyIP—here, you can easily check what you real IP address is.
After you do that, turn on your VPN and go to BrowserLeaks. This is a free online tool anyone can use to test their browser for different types of security and privacy issues. Once on the BrowserLeaks website, navigate to WebRTC Leak Test. Click the hyperlink, and let the page load. Your real IP address will be displayed here.
What you need to do next is repeat the process with your VPN turned on. So, turn on your VPN, go to BrowserLeaks, and launch the WebRTC Leak Test once again. If your VPN is doing its job properly, your real IP address will not be visible.
This test was conducted on ProtonVPN, which—as you can see below—does not seem vulnerable to WebRTC leaks. Instead of showing our real IP address, it’s showing the IP address of a random server it connected to in the Netherlands.
Evidently, using a safe and reliable VPN is a good way to prevent WebRTC leaks, but to ensure maximum protection you should disable WebRTC in your browser.
How to Disable WebRTC In Your Browser
The good news is, it’s possible to disable WebRTC in many popular browsers, and so prevent leaks. Here’s how to disable WebRTC in Chrome, Firefox, and Safari.
How to Disable WebRTC In Chrome
It is not possible to manually disable WebRTC in the Chrome browser. However, there are several free extensions that can do just that. WebRTC Leak Prevent is one of them. It’s available on the Chrome Web Store, and should work in most Chromium-based browsers, including Brave. All you need to do is install the extension and turn it on.
How to Disable WebRTC In Firefox
If you’re using Firefox, launch the browser and type “about:config” in the address bar and hit Enter. If you see a warning page, click the Accept the Risk and Continue button. Next, type “media.peerconnection.enabled” in the search box. Change the value from true to false by pressing the toggle button.
How to Disable WebRTC In Safari
If you’re using Safari, you can disable WebRTC in the Preferences menu. Once you enter it, navigate to the Advanced tab at the bottom, and check the Show Develop menu in menu bar box. After that, click Develop and select Experimental Features. Find WebRTC mDNS ICE candidates, and click on it to disable WebRTC.
Disabling WebRTC: What to Keep In Mind
After you disable WebRTC in your browser, head over to BrowserLeaks once again to check if your IP address is leaking. Conduct the test with and without your VPN turned on. If you followed the steps outlined above, your real IP address should not be visible in BrowserLeaks’ WebRTC Leak Test.
However, keep in mind that disabling WebRTC in your browser does not come without its downsides. Doing so may cause websites and services that use WebRTC technology to malfunction, or not work at all. In any case, you can refer back to this guide, and enable or disable WebRTC however you deem fit.
Using a good VPN and disabling WebRTC are certainly steps in the right direction if you want to boost your security and privacy. But there are other things you can do to protect yourself online; switch from Chrome or Microsoft Edge to a more secure browser, start using encrypted email services and chat apps, and familiarize yourself with Tor.
Prevent WebRTC Leaks to Stay Safe
WebRTC is an ambitious project that will likely stick around for years to come. As useful and convenient as it is, it does have some security issues that need to be addressed. If you want to protect your online privacy, you should probably consider disabling WebRTC in your browser.
And if you’re using a VPN, make sure it does a good job protecting you from different types of leaks. However, leak protection is not the only feature you should look for when choosing a VPN provider, so do your research accordingly before making any major decisions.