Web Real-Time Communication is an open-source platform devised to facilitate instantaneous data exchanges between Internet browsers and mobile apps. To that end, WebRTC freely offers many application programming interfaces that enable even more useful applications; like, say, allowing you to join a Zoom call from right inside your browser, without having to download a separate client beforehand.
Web developers can hence call upon these APIs in order to achieve such platform-agnostic, real-time communication. And that’s precisely what countless devs have been doing ever since WebRTC launched back in 2011 because… well, because doing so surely beats writing your own code, duh. Especially when that code has largely been written by Googlers. We all know Google can do no wrong, right?
When you realize that someone else has already written a solution that does exactly what you need to do and is offering it under an open-source license, you don’t stop to think about the benefits of native inter-platform communications relevant to your particular use case; you just hit that GitHub download button before the author changes their mind and thank Stack Overflow heavens that the transfer went through.
As for why our VPN task force is tackling WebRTC in the first place, this standard is something any responsible netizen needs to be aware of due to the threat it poses to one’s online privacy. It *is* a Google brainchild, after all.
Can a privacy threat be good news for VPN users?
Picture the following scenario: you’re running a ridiculously redundant setup consisting of three VPNs, decide to check how your Enderbot farm is doing – and your computer willingly gives up your real, physical IP address simply because a Discord server asked nicely, VPNs be damned. “Nicely” in this context meaning “via a WebRTC API”. Whoops?
Making matters even worse, a typical VPN kill switch is absolutely useless in dealing with WebRTC leaks. Because it falls for one of the oldest tricks in the cybersecurity book, called “it’s a feature, not a bug” mantra.
You see, WebRTC technically doesn’t leak your IP address – it shares it to facilitate real-time communications between you and some other device on the World Wide Web. This is why there will never be a fix to the threat it poses to one’s digital anonymity. At least until it gets replaced with a more privacy-friendly solution. That is to say, never, because Google, remember?
Alright, and now, for some good news: any virtual private network app worth its salt is well-aware of the humongous vulnerability that WebRTC poses nowadays. That isn’t to say any VPN is completely safe against such gaffes. Yet this is precisely why we unironically deem WebRTC to be a good thing for conscientious Internet users.
Because testing to see how your VPN deals with run-of-the-mill WebRTC leaks is a surefire way to weed out the worst service providers of the bunch. Testing, in this instance, simply means making a note of your physical IP address – static or otherwise – before purposefully OK’ing a WebRTC prompt to send that very same designation to a given website.
Here’s how to disable WebRTC in most browsers
These days, most popular VPNs offer some level of built-in protection against WebRTC leaks. But you can still take some additional measures to ensure your IP address does not end up in some shady hands due to a simple misclick. The exact steps will depend on your Internet browser of choice, however.
For example, Apple’s Safari has a convenient “WebRTC mDNS ICE candidates” box under its Experimental Features tab that you can leave unchecked in order to block any and all WebRTC requests from websites.
To accomplish the same thing in Firefox, all you have to do is type “about:config” into your URL bar, hit Enter, and disable the “media.peer connection.enabled” flag on the following screen.
Chrome isn’t as willing to provide you with a WebRTC-free browsing experience, so your best bet for blocking this protocol in Google’s own backyard is to use an extension like WebRTC Leak Prevent.
Finally, it bears reminding that a leaked IP address usually isn’t the worst-case scenario when it comes to having your online privacy violated. Not that you should take it lightly, but a WebRTC leak is at least unlikely to jeopardize even more sensitive data such as your browsing history, passwords, and the like.