Your private information may be compromised, even if you’re using a VPN.
What is WebRTC?
WebRTC stands for Web-Real Time Communication. As the name suggests, this technology allows for real-time communication between browsers without requiring an intermediate server (after the connection has been already established). The benefits of WebRTC include:
- It reduces lag time for video chat, audio chat, live streaming, and even large file sharing
- It’s free for both personal and commercial use
- It utilizes technology that is constantly improving
- It’s an open source software, as opposed to an extension or plugin
- It’s available for mobile applications
- It’s an excellent choice for group calling services and webinars
- It offers better sound quality as opposed to Flash with adjustable built-in microphone settings
Although WebRTC was originally developed by Google, many browsers support this technology, including Microsoft Edge, Mozilla Firefox, Opera, Google Chrome, and Safari. WebRTC is most notably recognized for its ability to enhance video and audio chats, but it is also a powerful tool for other applications, such as the transfer of data.
What does it mean to have a WebRTC leak?
WebRTC is a powerful application. The problem, however, is that each device's public IP address must be revealed in order to establish communication. Simply put, it’s your IP address’s visibility that’s referred to as a WebRTC leak. Who does a WebRTC leak pose a threat to?
- Anyone who is using a VPN (virtual private network)
- Anyone who prefers to keep their online identity anonymous
How does a WebRTC leak pose a threat to your privacy?
As mentioned above, the problem is that WebRTC must obtain your public IP address. That’s because your public IP address:
- Is unique to each device
- Reveals your country, state, and zip code
- Discloses your internet service provider
Websites have the ability to obtain information from browser finger-printing, cookies, and metadata when you visit their sites. This information combined with the data collected from your public IP address gives unauthorized parties the capability of creating an in-depth profile on you.
There are different routes in which WebRTC identifies your IP address by using Interactive Connectivity Establishment Protocol, also known as ICE. Let's take a look at two of methods and how they put your information at risk.
1. Host candidate discovery
Host candidate discovery means that the ICE protocol allows browsers to obtain IP addresses by reading them off of your device. In most cases, IP addresses are hidden from both websites and STUN/TURN servers by firewalls.
The problem is this leaves the door open for malicious websites and other predators to trick your STUN/TURN servers or browser into revealing your IP address. The scary part is that this can happen without you having a clue.
2. STUN/TURN servers
STUN/TURN servers have two functions when it comes to WebRTC. These are:
- Allow two or more devices to communicate with each other even if they are behind NAT (Network Address Translation) devices
- Allow WebRTC to discover your public IP address
It is the second function that puts your privacy at risk. STUN/TURN servers use similar methods as websites to obtain your IP information.
How does the WebRTC leak checker work?
The first thing you need to know is that when you use the WebRTC leak checker you will see two classes of IP addresses:
- Private IP addresses
- Public IP addresses
Remember that discovery of your private IP address does not reveal identifying information about yourself and therefore does not pose a threat. It is your public IP address that you are concerned about protecting.
WebRTC leak checker with a VPN
When you use a VPN, the sites you visit will see your VPN server’s IP address, which could be anywhere in the world, instead of your public IP address. For instance, let's say you live in California, but your VPN server is located in Maine. Your public IP address will show that your device is located in Maine, giving you anonymity and protecting your privacy.
If you are operating with a VPN and the leak checker picks up the VPN server's IP address, your public IP address is secure. If the leak checker detects your public IP address as opposed to the VPN server's IP address, your privacy is at risk to unauthorized third parties.
WebRTC leak checker without a VPN
If you aren't using a VPN and the leak checker is able to obtain your public IP address then your privacy is at risk and available for predators to exploit.
7 steps to test for a WebRTC leak (with and without a VPN)
There is an excellent chance that you are exposing yourself to risk if you are not using a VPN. If the WebRTC leak checker suggests that you have a leak, here are the 7 steps you can take to confirm whether or not you have a leak.
- Disconnect from your VPN.
- Open a new page in a new window.
- Write down any and all public IP addresses you see.
- Close the page.
- Reconnect to your VPN and reopen the page.
- If you see any of the same public IP addresses once reconnected to your VPN, you have a leak.
- If you are using a VPN and the tool tells you that there isn't a leak, then your IP address is secure.
How does Surfshark protect you from WebRTC leaks?
Browsers have the ability to store a wealth of information for long periods of time without your knowledge. If you are using a VPN now, your browser can still be tricked into revealing information that predates your VPN. Simply restoring your browser or deleting your history and cookies will not solve the problem. This is where Surfshark comes into play.
Our dedicated engineers are constantly researching new avenues and scenarios for WebRTC leaks to occur. Once a vulnerability is identified, they quickly develop effective fixes to ensure your privacy is always protected. Please note that this stands for Surfshark Windows, Android, iOS, and macOS apps, as well as browser extensions. We recommend always using the apps (or extensions) before attempting manual setup.
Have peace of mind by protecting your personal information
We understand the dangers that are lurking at every corner of the world wide web. Our team is dedicated to ensuring that you are able to harvest the benefits of everything the internet has to offer while being protected from the dangers.