WebRTC is one of these new technologies that is on the one hand pretty useful and on the other a privacy nightmare as it can be abused.
WebRTC, the RTC stands for Real-Time Communications, is a set of APIs that all major web browsers support. Its primary use is to integrate better communications capabilities in the browser that websites and services may utilize for voice and video chat, and other communication forms.
WebRTC is enabled by default in Firefox, Chrome and other browsers, and websites and services may use it without user interaction.
One of the issues with WebRTC from a privacy point of view is that browsers may leak the "real" IP address of the device to websites. Since there are no WebRTC permission prompts, sites may do so without users even knowing about it.
Users who connect to a VPN, Socks proxy or Tor, may have the IP of their device leaked automatically because of this which is a huge privacy issue that is ignored for the most part by browser makers.
Only a few browsers include options to block WebRTC IP leaks. Vivaldi has an option under Settings > Privacy to disable the broadcasting of the device's IP address, and Firefox users may disable WebRTC entirely even by setting media.peerconnection.enabled to false on about:config.
Privacy conscious Internet users know that WebRTC may leak the IP address of the device, but the bulk of users don't.
If you use Google Chrome, or most Chromium-based browsers such as Opera or Vivaldi: load chrome://webrtc-internals/ in the browser's address bar to list all WebRTC connections.
The site that tried to establish the WebRTC connection is listed at the top (in this case https://ip.voidsec.com/.
Mozilla Firefox users need to load about:webrtc in the browser's address bar to display WebRTC connections.
Firefox lists the site address under Session Statistics.
The fact that a WebRTC connection is listed by the browser does not necessarily mean that the IP address of the device was leaked.
If you have configured the browser to block WebRTC leaks, or if the software that your VPN provider uses blocks WebRTC IP leaks automatically, then it won't have been leaked.
You may use the internal pages to find out if sites use or abuse WebRTC. While you'd expect WebRTC use on sites that offer communication services and apps, you may be hard pressed finding a reason why a news site might want to do the same.
If you ask me, I'd argue that browsers should never implement features that may leak data such as the IP address without asking users for permission first.
I hold some browser makers, Mozilla for instance, to a higher standard than others when it comes to privacy, and I find it puzzling that Firefox does not display permission prompts before WebRTC connections are established (or at least include an option to enable this).
Now You: Have you disabled WebRTC or blocked it from accessing local IP addresses?
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.