Help my Real IP address is being reveled throng WebRTC. WHY..?

hello was going over some online security cheeks today i my real privite IP address is exposed for the world to see.. Why is this happning,my freedom Vpn is always upto date and with all settings on. This is the site where i could clearly see my real ip http://whoer.net/extended  .Help me Fix this problem. Thanks

Comments

  • Simon
    Simon Posts: 2,667 Superuser

    I'm only guessing but it's quite possible that you can see your own IP address, but no one else can.  I see my own IP when I click your link.   Smiley Wink

  • colin3200
    colin3200 Posts: 5

    Hi yes thanks for the reply.. yes if that website can detect my real ip than what to stop every other site detecting and logging it. maybe  im missing something here..!

  • Ukko
    Ukko Posts: 3,611 Superuser

    Hello,

     

    Sorry for my reply... not really friendly with technologies and other.

    But probably you normally understand situation and nothing can to stop some of "not nice" web-sites detected your IP.

     

    There was same topics (and web have many articles around probably) about WebRTC and other variants as "limiation" for most of VPN services and some of specific background for browser.

    As example under community maybe topic, which related: http://community.f-secure.com/t5/F-Secure/Freedome-leaking-my-public-IP/m-p/71994/highlight/true#M1709

     

    With workarounds.

     

    Sorry if I wrong understand your words.

     

    Also potentially websites can to track you (when IP not requried) with using any tricks (system configuration: OS language, installed fonts, settings of browsers, plugins or other information.. which can to take website during your visit). Such as.... most likely.. your configuration can be different with other users.

     

    Sorry for not nice English.

  • colin3200
    colin3200 Posts: 5

    Thanks ukko, Very informative post. i seem to have fixed the problem with  WebRTC leaking my ip by installing WebRTC BLOCK plugin for my browser. seems to work, for now lol Smiley Wink

  • Ukko
    Ukko Posts: 3,611 Superuser
    Hello, Sorry for long delay with my reply. I just want to say.. that under previous topic (where was description for "fix") was words about "WebRTC Block plugin" as not full workaround. Such as.. it's can be tricks with iframes/frames.. when plugin does not helpful. But maybe it's already fixed (not sure about this).... so maybe all OK there too.
  • [Deleted User]
    [Deleted User] Posts: 0 Former F-Secure Employee

    Unfortunately the WebRTC IP address leak is quite real, and a VPN solution can not technically defeat it. The problem needs to be addressed within the web browser itself -  by browser configuration changes to disable WebRTC, or by changes made by the browser developers.

     

    Your options regarding WebRTC depend a lot on the browser you're using. We shall soon post a knowledge base article describing methods to disable WebRTC on each browser. Before that, here's the short version:

     

    iOS browsers, and MSIE and Safari on desktops are not vulnerable, since they do not support WebRTC.

     

    Chrome on desktop computers is vulnerable. There is a plugin to disable WebRTC, but it is not effective. You may consider using Firefox instead. For Firefox on desktop computers, you may install a plugin to disable or enable WebRTC.

     

    New versions of the Android default web browser implements WebRTC. You may wish to use Firefox or Chrome instead.

     

    Chrome on Android: Please type "chrome://flags/#disable-webrtc" in the address bar, and press enter. Enable the option, and reboot the device.

     

    The long background story:

     

    WebRTC is a JavaScript API (programming interface) provided by a web browser. JavaScript code downloaded from a web server may ask your web browser, through WebRTC, for its IP addresses. If your web browser supports WebRTC, it will happily hand over the IP addresses. The JavaScript code may then display those IP addresses on the web page (as in the linked demonstration pages), or upload them to the web server.

     

    A VPN solution, such as Freedome or its competitors, can not disable WebRTC within the web browser. The best we could do, would be to inspect all JavaScript code coming from a web server, and try to find WebRTC code, and break it at that point.  If the web server happens to be on a TLS/SSL protected https server, we have absolutely no way of doing that, since all JavaScript is encrypted while it is being downloaded from the web server to the browser. The code may also be obfuscated or compressed, making it very hard to reliably detect WebRTC.

  • (I posted this to another thread already but i thought i put it here too)

     

    There is now a working extension for Google Chrome too:

     

    WebRTC Network Limiter (Chrome Store)

     

    Tested after installation using the site IPLeak.net seems to be doing its job.

  • [Deleted User]
    [Deleted User] Posts: 0 Former F-Secure Employee

    I moved this topic to the correct board so that it gets better visibility.

     

    @FormerMember@colin3200@Ukko@Simon@HessuH

This discussion has been closed.
Product & Pricing Info