Today I read in a German Blog http://stadt-bremerhaven.de/deanonymisierung-webrtc-ip-adressen/ that it's easy possible to find out for others my real public IP address although I use as VPN your new product F-Secure Freedome.
I think this is true. In the above mentioned link there is an example mentioned. When I call the Web page https://diafygi.github.io/webrtc-ips/ you see among other things also my own real IP address.
Could you please investigate this please? What is your opionion about this?
Thank you for reporting this.
We will indeed investigate.
i saw that article eariler - it seems to be a security hole / feature in chrome and firefox... using internet explorer or safari would not have this issue.... https://github.com/diafygi/webrtc-ips... mine shows up blank here...
if i am understanding this correctly, they get the ip directly from the client's machines - nothing to do with the fact they are running a VPN, as the browser you are using is responding to these scripts and replying it with your local ip... to put it in simplier terms, imagine your browser responding to a nigerian prince with your bank account info... in other words... use any browser except firefox and chrome which have this security flaw...
I read the article originally on Torrentfreak. Tested with Google Chrome on Windows with Freedome protection on. Sure enough, the test showed my true ip (external and internal). I installed the extension mentioned in the article, fixed it.
First it was reported it's just a Windows issue, but the same thing happened on my Android device with Freedome (kitkat 4.4.4) with Firefox and Opera. Followed instructions and disabled WebRTC on both browsers, fixed it.
On the comments of that article, some people were also saying some IOS devices had the same thing happen (can't remember which browsers they used).
On heise.de in this article you find the solution how to block it by yourself:
IE: Currently (?) doesn't have the feature
Firefox: about:config, serach for media.peerconnection.enabled and set the value to False
Chrome: Install the AddOn WebRTC Block ( https://chrome.google.com/webstore/detail/webrtc-block/nphkkbaidamjmhfanlpblblcadhfbkdm).
When you call this webpage https://diafygi.github.io/webrtc-ips/ before doting teh above mentioned change and afterwards you see that these fixes work.
I assume this "problem" affects all VPN software in the world and so Freedome as well. Perhaps F-Secure can extend the Freedome settings where the users can change the seetings by Freedome (and Freedome updates the corresponding browser settings) and not manually.
Probably the most of us want to get a little bit more privacy and probably only 5% of all Freedome users know about this problem.
yes - can you fix this at all ?
Not that keen to sign up with your service if my real IP addess is leaking because of
STUN or WebRTC. I really don't know how it all works BUT its a leak never the less.
I have heard firefox can be configured to fix this BUT I dont like firefox.
Thanks ...... ps otherwise great service.
for more information read http://tinyurl.com/qzocjd6
Well, even if you install the aforementioned extension to Chrome, it does NOT fix it.
Just go to http://ipleak.net/ - Bingo!
That's a total bummer, i really like to prefer Chrome as my primary browser
You can now block the webrtc leak in Chrome 42 by making an edit to a file:
This topic has been closed due to inactivity. If you would like to discuss this topic further, please start a new post.
You can reference this topic in your post by adding this link:
Visit the Community
Check our Forums or How-to & FAQs for advice or answers
View User Guides
Refer to our getting started guides and product manuals
Talk to our Support and get answers to your questions