WebRTC leaks: what they are and how to prevent them

Even with a VPN, your privacy can still be exposed to dangers

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Even thebest VPNservices cannot prevent your privacy from being exposed at times. This is something that can occur from a leak on your browser, for example.

First discovered in 2015, WebRTC leaks are a serious vulnerability with web browsers that anyone concerned about their online anonymity should be aware of.

Chrome, Firefox,Safari, Opera, Brave, Chromium-based browsers: all these can be affected.

But what even is WebRTC? Here we assess the risks of it leaking as well as the best practices to help prevent it - even if you’re somebody who already uses a VPN to try and stay anonymous online.

What is WebRTC?

Short for Web Real-Time Communication, WebRTC it is an open source tool first introduced in 2011 that allows web browsers to manage real-time peer-to-peer connections with the websites they visit.

WebRTC basically enables voices and video communication to work inside web pages, without the need to add any extensions to your browser.

As the Covid-19 pandemic madeworking from homeand other remote communications a necessity, there’s been a huge surge in its use. Today, WebRTC is widely popular for video calling and data transferring applications.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Although users can find WebRTC technology really useful, its intrinsic vulnerabilities pose a threat to those concerned of their privacy - whether or not they are using a VPN.

When does a WebRTC leak occur?

It’s worth noting from the outset that for WebRTC to work, itmust expose yourIP addressin order to establish its connections. A leak then accordingly occurs when you are trying to establish communications with someone through a browser that uses WebRTC technology. So if you’re somebody who is privacy conscious or doesn’t like the idea of being tracked as you navigate the internet, this is likely to be of alarm.

And even if you’re a conscientious web user who takes care to cover their tracks by using a VPN, WebRTC leaks can stillbypasstheencrypted tunnelthrough which your VPN is supposed to protect your privacy. If a leak occurs, your real IP will be then revealed.

How to prevent WebRTC leaks

Thankfully, there are a few tips and tools that can help you prevent these leaks.

The first step for people already using a VPN is is tosee whether your real IP address is actually leaking. Carrying out a test is one of the best ways to prevent WebRTC leaks from endangering your privacy, and it’s really simple:

If your IP is not being revealed, it should come out a completely different address each time. But if the the series of numbers is the same, a WebRTC leak is likely exposing your IP address.

It is worth mentioning that WebRTC leaks can vary per browser. So if you use Chrome and Firefox for instance, you should test both. You may also want to verify your results by checking your IP address on different platforms.

Once you are sure that there is a WebRTC leak affecting your browser, you have some options to secure your online privacy:

1.  Disable WebRTC on your browser

Depending on which search engine software you’re using, the process to follow will be different.

Disabling WebRTC technology onMicrosoftEdge couldn’t be any easier. Simply type into the address barabout:flagsto enter the settings. Scroll down and enable the optionHide my local IP address over WebRTC connectionsbefore restarting the browser.

Also doing so onOperais quite intuitive. Open thesettingson the left window and tap onPrivacy & security. Head down to the sectionWebRTCand enable the optionDisable non-proxied UDP. Restart then the search engine.

With Safari, go toPreferencesand click on theAdvancedtab. Here, check the box sayingShow Develop menu in menu bar. Click onDevelopin the menu bar and head onExperimental Featurestab you can find in the drop-down menu. Scroll down to disable theWebRTC mDNS ICE candidatesoption.

If you are using Firefox, write on the search barabout:config. A warranty warning will appear, click on Accept the risk for carry on. At this point tap onShow all. You will see a long list of settings - be careful not to mess them up. To make it easier, search formedia.peerconnection.enabledin the top bar. Press theToggle buttonon the right so that the value in the middle will be identified asFalse.

If WebRTC tech can be disabled inGoogleChrome for Android via the URLchrome://flags/#disable-webrtc, it cannot be switched off for the desktop version. That’s where you must add a dedicated browser extension.

It is worth nothing that Chrome on iOS does not seem to apply the vulnerable parts of WebRTC technology responsible to expose local or external IP addresses - for now, at least.

2. Use a browser extension

Adding a browser extension to your search engine software can be an effective way to prevent WebRTC leaks from happening. As we mentioned before, it may be the only way if your browser doesn’t permit switching it off.

Compatible with Chrome and Chromium browsers,WebRTC Leak Preventprevents WebRTC leaks by controlling hidden WebRTC privacy settings.

WhileWebRTC Leak Shieldprotects you from this security threat by disabling the WebRTC technologies and prevent IP leaks.

3. Choose a better VPN service

While many providers claim to prevent WebRTC leaks, many fail to do so. But the good news is that thebest VPNswork hard to protect users from WebRTC leaks in their apps.

TheExpressVPNbrowser extension - currently available from Chrome, Firefox and Edge - is meant for protecting your privacy by preventing websites from discovering your true IP address and location. Among the providers offering a similar feature there also areNordVPN,SurfsharkandAvast SecureLine VPN.

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up.She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com

Should your VPN always be on?

3 reasons why PIA fell in our best VPN rankings

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)