What Is a WebRTC Leak & How To Test For It

There are so many ways your privacy could be compromised on the internet. In some cases, your Internet Service Provider (ISP), government agencies, or hackers, don’t necessarily have to do much to gain access to your traffic. They just wait for the perfect opportunity.

A data leak is an example of such an opportunity. WebRTC leak is a common type of data leak. The average person online may not be aware of WebRTC leaks and the risks of suffering from them. This article will discuss what it means to suffer a WebRTC leak, how you can check to know if your data is leaking, and other details about WebRTC leaks.

What Is WebRTC?

WebRTC, or Web Real-Time Communication, is one important open-source project that facilitates audio calls, video chats, P2P sharing, and more on your web browser without you having to download extensions or add-ons. It reduces lag or buffering while you make your online calls, transfer files, or stream media.

WebRTC is available on computer and mobile-based applications. It uses JavaScript to establish real-time communications without external plugins, but it requires external servers to function. WebRTC uses STUN (Session Transversal Utilities for NAT) protocol, which uses your IP address for peer-to-peer connection.

WebRTC discovers your IP address through the Interactive Connectivity Establishment (ICE) protocol. When you communicate with someone else via WebRTC, both ends need to know each other’s ISP IP address. This makes it possible for a third party to use the WebRTC feature in your browser to discover your real IP address and identity. This major vulnerability with WebRTC causes WebRTC leaks.

What Is a WebRTC Leak?

As we mentioned, WebRTC uses ICE to discover your real IP address and establish connections through STUN/TURN servers. And it’s through the WebRTC feature in browsers that someone could detect your real IP address and discover your identity.

STUN requests are not always detected or blocked by extensions and add-ons. This makes it easy for your requests to be tracked if the STUN servers are configured to use a wildcard DNS record (also referred to as a wildcard domain).

Your browser sends your request to STUN servers which deliver results that include your IP address. These results are in Javascript, so anybody with the right knowledge can get their hands on the results. Unfortunately, plugins like AdBlockPlus or Ghostery don’t block the requests.

WebRTC leaks tend to occur in web browsers such as Opera, Google Chrome, Firefox, and Brave when you’re connected to a VPN server. A leak is a convenient opportunity for your ISP, the government, or hackers to keep tabs on you and take advantage of your data.

Using a VPN with WebRTC protection is one way to prevent WebRTC leaks. Premium VPN services secure data traffic through encrypted servers. They use the latest encryption and security protocols to protect your privacy, so you may expect that your WebRTC wouldn’t leak, right? Well, WebRTC leaks could still occur if any of your communication channels are not routed through your VPN tunnel if you use a substandard VPN.

How to Test for WebRTC Leak?

You’re not always exposed by your WebRTC, but you should test for leaks frequently to be on the safe side. To check for a WebRTC leak, you can follow these steps:

1. Disconnect from your VPN client.

2. Visit Google on your browser, and type “What is my IP?” into the search bar. The result would be your real IP address.

3. Exit your browser.

4. Launch your VPN, and connect to a server.

5. Return to your browser and repeat the search in step 2. This time around, the results should display the IP address from the VPN server. If you still see your real IP address, you’re suffering an IP leak.

Alternatively, you could follow this process:

1. Launch your VPN app and connect to an available server.

2. Go to your browser, visit the BrowserLeaks website and use their WebRTC Leak Test Tool.

3. Similarly, if you’re suffering a leak, the tool would display your real IP address.

You could also visit WhatIsMyIPAddress, IP8, or IPLEAK.NET to carry out the test in step 2. However, if you discover that you’re experiencing a leak, there are certain ways to prevent it from happening, and we’ll be getting to that shortly.

How To Prevent WebRTC Leaks

There are a couple of ways you can prevent a WebRTC leak from occurring in the first place or stop it if the tests show you already suffer a leak. Some of these methods include:

1. Disable WebRTC In Your Browser

One quick and common way to prevent WebRTC leaks is to disable the feature on your devices. When you do this, you block your browser from sending WebRTC requests. There are different methods of disabling WebRTC on browsers. Some methods may be complicated to beginners, and they could disable the WebRTC feature completely. Also, websites and other services use WebRTC for audio and video communications. Thus, disabling the feature may cause these websites and services to malfunction or stop working.

How to Disable WebRTC on Firefox

If you are using a Firefox browser on your computers, you can disable WebRTC in these short steps:

  1. Launch Firefox.
  2. Type “about:config” in the URL bar and press Enter.
  3. Click on “I accept the risk.” 
  4. Next, type “media.peerconnection.enabled” in the search bar.
  5. Look out for the “Preference Name” tab under the Search bar.
  6. Double-click the item to change the value to “false.”

How to Disable WebRTC on Chrome

For Chrome, the process depends on whether you’re using mobile or computer platforms. On mobile, follow these steps:

  1. Type “chrome://flags/#disable-webrtc” into your Chrome URL bar.
  2. After the page loads, look for  “WebRTC STUN origin header,” and disable it.

You could also disable the “WebRTC hardware video encoding” and “WebRTC hardware video decoding” options for extra safety, but it’s not compulsory.

Unfortunately, you can’t disable WebRTC on PC versions of Chrome, so you’ll have to use browser extensions like uBlock Origin or WebRTC Leak Prevention.

How to Disable WebRTC on Safari

It is also possible to disable WebRTC on Safari. You may have difficulty locating the option, but these steps will help you find it:

  1. Click on “Safari” and select “Preferences” from the list.
  2. Click on the “Advanced” tab and check the “Show Develop menu in menu bar” box.
  3. Open the “Develop” tab, and select “Experimental Features.” Scroll through the options to “WebRTC mDNS ICE candidates” and uncheck it to disable WebRTC.

How To Disable WebRTC on Opera

It is impossible to manually disable the feature on the Opera browser, so your best bet is to use the WebRTC Leak Prevent add-on. Install the add-on and disable WebRTC by following these steps:

  1. Access the extension’s configuration page (View > Show Extensions > WebRTC Leak Prevent > Options).
  2. Select Disable non-proxied UDP (force proxy) from the drop-down menu.
  3. Click the Apply settings button.

However, extensions and add-ons are not guaranteed to work all the time perfectly.

2. Use a VPN with WebRTC Leak Protection

A Virtual Private Network (VPN) is a great tool if the provider offers WebRTC leak protection. There are several VPN services available, but only several of them have the leak protection feature.

Using ExpressVPN for WebRTC Leak Protection

As we mentioned, you could get WebRTC leak protection from several VPN providers, but here is our top recommendation:

ExpressVPN

ExpressVPN devices

Features

  • Number of servers: More than 3,000
  • Speeds: Unlimited
  • Server locations: 160 in 94 countries
  • Maximum devices supported: 5
  • 24 live chat: Yes
  • 30 day money back guarantee: Yes

Pros/Cons

  • Fastest VPN out there
  • Strict no logs policy
  • 256-bit AES encryption
  • Few discounts
Visit ExpressVPN

ExpressVPN is the best VPN service with WebRTC protection. The company protects you from online threats such as WebRTC leaks with state-of-the-art tools that protect you.

The provider operates more than 3000 servers in over 90 countries. It uses 256-bit AES encryption and supports L2TP/IPSec and OpenVPN protocols. ExpressVPN ensures that your IP address won’t leak as you connect to web pages.

Some browsers don’t get rid of your data from old tabs. So if you have a web page open from before your VPN connection, your real IP address could still be cached in your browser’s memory. That is not the case with ExpressVPN.

ExpressVPN provides a browser extension for Chrome, Firefox, and Edge. This feature completely disables WebRTC. It is available on Android, Windows, macOS, and iOS. You can enjoy its WebRTC leak protection and other security features when you purchase a subscription plan. Whichever plan you choose, you get a 30-day money-back guarantee.

  • Pros: Fastest VPN out there; Strict no logs policy; 256-bit AES encryption;
  • Lowest price: $6.67

Conclusion

WebRTC is essential for online communications. However, if WebRTC causes your IP address to leak, your personal information could be exposed. Browsers are usually vulnerable to WebRTC leaks. As we’ve pointed out, there are methods to test for a leak. You can also prevent WebRTC leaks from occurring by disabling the feature yourself or by using a VPN.