So, you’ve done your research and set up your first VPN. Great! No more worries about who’s snooping on you or accessing your personal data – you’re just another anonymous netizen.
Don’t relax just yet, though. There are still a few ways that your internet connection might be revealing your true identity and location, even if you’re using a well-reviewed VPN service.
Mercifully, it is possible to plug the ‘IP leaks’ responsible for exposing too much information.
In this week’s article we’re going to take a look at the WebRTC flaw, how to test if you’re affected, and how to plug the leak so you can continue to enjoy complete anonymity.
What is an IP Leak?
To recap quickly: Your IP (internet protocol) address is the unique numerical identifier assigned by your internet service provider (ISP) to your internet connection. Whenever you use a website or web service your IP address will be among the data exchanged, revealing your location, ISP and other bits of technical information.
A VPN allows you to obscure your real IP address and even appear to be on an entirely different continent. It does this by sending all data from your computer via an encrypted tunnel to an exit server. This exit server could potentially be anywhere in the world. To anyone looking in from the outside, it will appear as though this is your location. It’s one of the key reasons people purchase a VPN in the first place.
An IP leak occurs when a bug or process causes data to bypass that tunnel and gives a third party website or web service access to your real IP address.
In this particular case, the WebRTC (Web Real Time Communication) Protocol makes it possible for a service or website to request your real IP address from your browser, bypassing the VPN you’re using.
Step-by-Step Guide to testing if you have a WebRTC Leak
- Type “What is my IP” into Google search bar
- Make a note of the numerical address displayed at the top of the search results. It will probably look something like this: 126.96.36.199. This is your public IP address.
- Now it’s time to make sure that this information is not visible when your VPN is on. So, turn the VPN on and connect to a server (where doesn’t matter).
- Once the VPN is connected, visit ipleak.net, which shows a wide range of information about your IP, DNS servers, and so on. What we’re interested in are the two addresses displayed at the top of the page labelled ‘Your IP Address’ and ‘Your IP address – WebRTC detection’.
Understanding the Results of the WebRTC Test
- If both the addresses have changed to display the VPN server you selected, congratulations, your real IP isn’t being leaked via the WebRTC flaw.
- If neither address shows a change from your genuine IP address then you have a problem with your VPN configuration, either at your end or at the VPN provider’s.
- If the address displayed at the top is correct to your VPN setting but the second one shows your true IP address then you have a WebRTC IP leak.
Fixing the WebRTC Leak in Google Chrome
If you’re a Google Chrome user all you need to do to fix the leak is download the lightweight browser extension, WebRTC Network Limiter. This allows you to reconfigure Chrome privacy settings to plug the WebRTC leak. Simple and effective.
Fixing the WebRTC Leak in Firefox
To plug the leak in Firefox you need to access the about:config menu, by typing ‘about:config’ in the browser address bar. Then find the media.peerconnection.enabled entry and double-click on it to turn it off. It’s a good idea to empty your browser cache once you’re done.
Finish up by retesting your VPN for leaks at ipleak.net.