Warning! Firefox and Chrome are giving away your ip address, even through a vpn

Share this story:

It has been recently reported that the true ip address of a user can be determined via the WebRTCfunction in Firefox and Chrome, even when a vpn or another anonymizing technique is being used. WebRTC is a function that makes video calls within browser windows possible and is activated in Firefox and Chrome by default. Daniel Roesler of daylightpirates.org has reported this flaw and has demonstrated how to exploit it. Visitors of a website running his code will have their true ip address revealed by their browsers. So far, it seems that only Windows users are affected by the issue. At the moment, the only possibility to protect yourself is by either deactivating WebRTC in your browser settings or by using blocking AddOns. How to fix the issue:

In Firefox, visit the configuration at about:config and change the value for “media.peerconnection.enabled” to “false”. Alternatively, you can use the No-Script AddOn to block WebRTC.

Chrome users can install an extension called WebRTC Block.
Update: there is now a better extension that will prevent the leak without disabling WebRTC completely: WebRTC leak prevent. After the installation of the extension, WebRTC will be blocked and your browser will be safe again.

We hope, that this flaw will be fixed as soon as possible in order to make safe obfuscation of your true ip address possible again, without expert knowledge and extensions.

Share this story:

2 Comments:

  1. Any update on whether the issue has been addressed in either Firefox or Chrome?

    • Hi Gary,

      it turns out that this is actually widely considered a feature rather than a bug so it is not likely that this behaviour will ever be fixed…

      Cheers,
      Max

Leave a Reply

Your email address will not be published.