Data Security Security Bloggers Network 
SBN

WebRTC Leaks and Your Privacy (+ how to fix them)

by Avoidthehack! RSS on August 28, 2022

This post was originally published on 31 JAN 2021; it has since been updated and revised.

WebRTC can prove useful when users need to use it, which is most commonly during peer-to-peer (P2P) calling in the browser.

However, a critical flaw yet to be directly and adequately addressed across all browsers exists in WebRTC that leaks users’ internal IP addresses? Even if using a trusted and leak-resistant VPN service, the IP address can leak through this flaw.

This phenomenon is known as a WebRTC leak and it can have an impact on privacy while remaining “invisible” to the user.

What is WebRTC?

WebRTC = Web Real Time Communication

WebRTC allows users to communicate by voice, video chat, and other forms of P2P sharing from directly inside the browser – without downloading any additional extensions or add-ons. WebRTC was released officially in 2011. However, only in recent years has it become more popular.

WebRTC is an open-source project, but it is created, backed, and heavily endorsed by Google.

WebRTC leaks and privacy

WebRTC leaks a user’s internal IP address and can leak the external IP address as well. This leak can occur from even behind a well implemented and trusted VPN provider. WebRTC leaks are not the same as DNS leaks or IPv6 leaks which are almost entirely a problem with VPN configuration settings.

Your internal IP address is not the same as your external IP address. Your external IP address is assigned by your Internet Service Provider (ISP) and is “meant” to be shared with the internet. However, users who wish to hide their IP address via a VPN are compromised via these leaks.

The internal IP address is meant to only be shared with other devices connected to your local network, such as a user’s home Wi-Fi. If leaked to the outside world, it can serve as an even more unique identifier than the external IP address meant to be shared with other machines on the internet.

Naturally, this poses a problem in protecting and maintaining online privacy.

While IP addresses exposed on the internet aren’t necessarily a large concern of itself, the collection of IP address data alongside other tracking methods and fingerprinting methods pose a serious hurdle for users seeking improved online privacy. This is especially true if a user is accidentally and silently leaking their IP address even while taking privacy and cybersecurity enhancing measures.

IP addresses can be used to collect or infer with reasonable accuracy information such as:

  • Your precise geo-location (frequently within 1-2 miles accuracy)
  • Excessive details about the device you’re using (make, operating system, software version{s}, exact model, etc.)
  • Information about other devices on your network
  • ISP information

Perhaps the worse thing about WebRTC leaks is that most methods websites use to pull an IP address via WebRTC are silent. In fact, just a few lines of JavaScript executing silently can use a WebRTC leak to pull an IP address even from behind a VPN as WebRTC traffic doesn’t always route through the VPN.

Most times, the end-user would be totally unaware of this happening.

Is your browser leaking your IP address?…

*** This is a Security Bloggers Network syndicated blog from Avoidthehack! RSS authored by Avoidthehack! RSS. Read the original post at: https://avoidthehack.com/webrtc-leaks-how-to-fix

Avoidthehack! RSS , ,