UPDATE: December 6, 2017
ExpressVPN has a great new WebRTC leak test page to help you check for and learn about WebRTC leaks.
For Chrome users: Good news! webrtc.org has just released its official fix for preventing leaks on Google Chrome. You can get it from the chrome web store here and double check that it’s working as expected at ipleak.net.
Firefox users: If you’re in Firefox, you can use this fix:
- Type about:config in the address bar of Firefox.
- Click on “I’ll be careful, I promise!” (or some security message similar to that) [the message depends on the version of Firefox you have]
- A list will open with a search bar above. In that search bar, please type: media.peerconnection.enabled and hit enter.
- When the result comes up, double-click on it to turn its value to false.
- Close the tab to finish the procedure.
There’s a security issue reported last week affecting some web browsers, mostly Chrome and Firefox on Windows, although OSX users are affected too. The risk is that a malicious website might obtain a visitor’s true IP address even if the user is connected to a VPN. For example:
Use the following steps to check if you’re affected and mitigate the issue if necessary:
- Connect to a VPN.
- Open our WebRTC Test. <– this test is only relevant if you use it while connected to a VPN.
- If your browser is secure, you should see something like this:
- If your browser is affected by this issue, you’ll see this message:
To fix, try the following steps:
- Chrome: Install the WebRTC Block extension.
- Firefox: Type about:config into the address bar, search for media.peerconnection.enabled, and toggle its setting to false.
- Close your browser and open our WebRTC Test again to confirm that the site can no longer determine your true IP address.
We’re waiting to see what the teams at Chrome and Firefox will do about this. Hopefully, they’ll disable the WebRTC feature by default and allow users to choose whether they want to enable it.