Guide | How To How to check if sites use WebRTC

The associated guide may contain user-generated or external content.

CyberTech

Level 44
Thread author
Verified
Top Poster
Well-known
Nov 10, 2017
3,280
WebRTC is one of these new technologies that is on the one hand pretty useful and on the other a privacy nightmare as it can be abused.

WebRTC, the RTC stands for Real-Time Communications, is a set of APIs that all major web browsers support. Its primary use is to integrate better communications capabilities in the browser that websites and services may utilize for voice and video chat, and other communication forms.

WebRTC is enabled by default in Firefox, Chrome and other browsers, and websites and services may use it without user interaction.

One of the issues with WebRTC from a privacy point of view is that browsers may leak the "real" IP address of the device to websites. Since there are no WebRTC permission prompts, sites may do so without users even knowing about it.

Users who connect to a VPN, Socks proxy or Tor, may have the IP of their device leaked automatically because of this which is a huge privacy issue that is ignored for the most part by browser makers.

Only a few browsers include options to block WebRTC IP leaks. Vivaldi has an option under Settings > Privacy to disable the broadcasting of the device's IP address, and Firefox users may disable WebRTC entirely even by setting media.peerconnection.enabled to false on about:config.

Add-ons like uBlock Origin, WebRTC Leak PRevent for Chrome, or Opera.

Privacy conscious Internet users know that WebRTC may leak the IP address of the device, but the bulk of users don't.

Check if sites use WebRTC
If you use Google Chrome, or most Chromium-based browsers such as Opera or Vivaldi: load chrome://webrtc-internals/ in the browser's address bar to list all WebRTC connections.

web-rtc-connections.png


The site that tried to establish the WebRTC connection is listed at the top (in this case IP Info.

Mozilla Firefox users need to load about:webrtc in the browser's address bar to display WebRTC connections.



firefox-webrtc-internals.png


Firefox lists the site address under Session Statistics.

The fact that a WebRTC connection is listed by the browser does not necessarily mean that the IP address of the device was leaked.

If you have configured the browser to block WebRTC leaks, or if the software that your VPN provider uses blocks WebRTC IP leaks automatically, then it won't have been leaked.

You may use the internal pages to find out if sites use or abuse WebRTC. While you'd expect WebRTC use on sites that offer communication services and apps, you may be hard pressed finding a reason why a news site might want to do the same.

Closing words
If you ask me, I'd argue that browsers should never implement features that may leak data such as the IP address without asking users for permission first.

I hold some browser makers, Mozilla for instance, to a higher standard than others when it comes to privacy, and I find it puzzling that Firefox does not display permission prompts before WebRTC connections are established (or at least include an option to enable this).

Source: How to check if sites use WebRTC - gHacks Tech News
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top