New technologies are more often than not a double-edged sword. While they add or improve functionality on the one hand, they may also introduce undesirable features.
While that is great for Internet users who use new services making use of WebRTC, others are left with privacy issues because of it.
Mozilla has integrated WebRTC in Firefox 22 and Google in Chrome 23. While Firefox users can toggle a preference to disable WebRTC in the browser, Chrome users cannot disable it natively.
It is interesting to note at this point that Chrome Android users can disable WebRTC, while desktop users cannot. To do so, the following link needs to be loaded and set to enable: chrome://flags/#disable-webrtc
WebRTC can be used to spy on users
Privacy advocates have two issues in regards to WebRTC. The first is that it is possible to detect the local IP address of the device used to load the WebRTC service, the second that device fingerprinting may be used in some browsers, Chromium-based for example, to fingerprint the system.
Fingerprinting refers to creating unique identifiers for devices so that they can be recognized even if some variables change (like the browser version or IP address).
How to protect yourself in Chrome
There are several solutions to the privacy issue. The most straightforward option is to install the Chrome extension
WebRTC Block WebRTC Leak Prevent which blocks the WebRTC feature in Chromium-based browsers.
This option is only viable for users who don't use WebRTC. While it may be possible to turn the extension on or off based on your communication needs, it is not something that is really comfortable to do.
In regards to fingerprinting, previous versions of Chrome had an option to disable device enumeration on the chrome://flags page. This feature has been removed from Chrome recently and is no longer available.
Chrome provides websites with media device hashes and there is little that you can do about it as there are no options anymore to disable this from happening.
One way to deal with it is to clear "cookies and other site and plug-in data" regularly in the browser. Doing so will generate a new hash so that spying sites cannot identify you anymore based on that.
Besides that, starting Chrome in Incognito Mode will also render the fingerprint useless for that session.
How to test
In case you are wondering, here are links to scripts that reveal information about your system when WebRTC is enabled.
These test websites should work in all modern web browsers. Success depends on the implementation of WebRTC mostly though.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.