Whenever you connect to sites on the Internet information about the connection and the underlying system are available to the site automatically.
Information include the web browser and version used to connect, the language, operating system and also the remote IP address.
While there are means to prevent the IP address from being revealed, by using proxy servers or virtual private networks for example, one IP address is revealed in the end.
The recent integration of WebRTC in Firefox, Chrome and other Chromium-based browsers such as Opera have privacy implications as sites may use it to detect the local IP address of the computer.
You can test this by visiting this Github page which will reveal the local and public IP address when opened.
The main issue is that the local IP address can be used to identify your system when used in conjunction with other information retrieval techniques.
So how does it work?
WebRTC allows requests to be made to STUN servers (Session Traversal Utilities for NAT) which return local and public IP addresses for the system that is used by the user.
Ad-blockers such as Adblock Plus or Ghostery don't block these requests as they are made outside of the "normal XMLHttpRequest procedure".
Firefox users can disable WebRTC
- Type about:config in the browser's address bar and hit enter.
- Confirm you will be careful if the prompt appears.
- Search for media.peerconnection.enabled.
- Double-click the preference to set it to false. This turns of WebRTC in Firefox.
Note: Turning of WebRTC means that services and applications that make use of it, such as Firefox Hello, won't work anymore.
Google Chrome and other Chromium-based browser users can install the
WebRTC Block WebRTC Leak Prevent extension which disables WebRTC in the browser.
Additional information about WebRTC spying are available here.