Sign in Subscribe
By SparkForge in General

WebRTC - Embedded Content Tracking

One of the little-known threats to users on websites is Web Real-Time Communication (WebRTC). This is a free and open-source project that enables web browsers and mobile applications with real-time communication. This protocol allows audio and video to work directly inside of web pages and peer-to-peer communications. This direct connection allows for discovering your true IP and location, potentially through a VPN. All modern apps and browsers support it.

Visit WebRTC.org for more information.

To protect against the risk that WebRTC presents, there are a few actions that need to be taken according to the method you are utilizing the internet.

The first step is to check if you are at risk to WebRTC. Utilize the following.

BrowserLeaks.com – Great resource with multiple tests.
– Select the WebRTC Leak Test. It will run automatically. If the

At the bottom of that page, the following helpful mitigation steps is provided:

*** Firefox is the only browser that can fully disable the WebRTC threat. ***

Disable WebRTC in Firefox

  • WebRTC in Mozilla Firefox has been supported since Firefox 22, and it’s enabled by default.

o To disable RTCPeerConnection and protect IP addresses leakage:

Type "about:config" in the address bar.

Toggle media.peerconnection.enabled to false.

o To disable Media Devices:

Toggle media.navigator.enabled and media.peerconnection.enabled to false.

*** This may break some websites. This is where the separation of browsing habits comes into play. Use different browsers for different things and set up how you need to protect yourself. ***

Disable WebRTC in Chrome

  • WebRTC in Google Chrome and Chromium-based web browsers has been supported and enabled by default since Chrome version 23.

o To protect IP addresses from leaking, use the official webrtc.org extension WebRTC Network Limiter. It has few options, depending on what you’re looking for.

*** In testing, this does not work very well. The best thing to do is disable javascript on a Chrome Browser using the ScriptSafe Plugin.

Resources for reference and further reading:

[1] https://mullvad.net/en/help/webrtc/ *** Contains more ways to prevent WebRTC
[2] https://webrtchacks.com/an-intro-to-webrtcs-natfirewall-problem/

Subscribe to SparkForge

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe