Need alternative WebRTC Block no longer works...

Yesterday i have installed 43 Canary build, unfortunately again tired of.

 

I found an FTP repository for Google developers that has no password/login, and has EVERY SINGLE VERSION of Chrome ever developed. Again, I will post it tonight, it's an amazing find that took some digging on my part.

 

Ok, some test results using a windows 7 test machine with F-Secure Fredome VPN clint installed(OpenVPN based). Tested using Browswerleaks.com WebRTC test.

Script blocking disables WebRTC completely in all browsers. With Javascript enabled,

Firefox: Gives local LAN IP and one unknown and unexplained IP. Doesn't get around VPN tunnel and give router WAN IP. Easily disabled using standard fix enumerated at the bottom of test results page.

Seamonkey: Same results. Standard Firefox fix works in Seamonkey as well.

Opera 25(Chromium Blink): WebRTC is enabled but can't get local IPs, just audio device ID. Doesn't get around VPN tunnel. No way to disable WebRTC.

 

Entire Chromium Repository for every version ever released is here;

https://commondatastorage.googleapis.com/chromium-browser-continuous/index.html?path=Win/

 

https://omahaproxy.appspot.com/

Along with Mayahana's link, the link above is extremely beneficial for referencing revision numbers to released versions and more.

 

Google STUN server list:

Code:

stun:stun.l.google.com:19302
stun:stun1.l.google.com:19302
stun:stun2.l.google.com:19302
stun:stun3.l.google.com:19302
stun:stun4.l.google.com:19302

 

That's port 19302, and it looks like Google is the primary user of port 19302.

So blocking that would block Google's stun calls, but still not fix RTC NAT traverse, because Chrome is allowing traversal of NAT by force via the internal Stun Protocol.

 

I would still block them. The port would be blocked by default in my router and I would block the domains in my hosts file and in my router.

 

Test is no longer showing my Local IP. This is an important fix particularly for VPN users.

This involved:

- installing latest Dev channel build - currently 42.0.2311.15 dev-m (64-bit) http://www.chromium.org/getting-involved/dev-channel
- follow instructions here exactly: https://code.google.com/p/chromium/issues/detail?id=333752#c67

Or wait until Chrome 42 makes it to Stable, but even then editing Preferences file manually will be necessary. Although surely by that time there will be updated extensions to block WebRTC. I should point out, though, that the method above doesn't block WebRTC, simply prevents IP leakage. I use this method together with WebRTC Block extension still because I believe it still has some benefits.

EDIT: WebRTC extension still disables WebRTC, Device Enumeration, etc. It just didn't prevent IP leak using method from https://diafygi.github.io/webrtc-ips/. So I think using the WebRTC Block extension is still very much useful in conjunction with the manual fix above.

 

This forces all WebRTC connections to only use server-reflexive and relay ICE candidates, and only on the default IP route. While this may cause a QoS hit (two users behind NAT can no longer keep their traffic internal to the NAT), it does allow the issue mentioned here to be fully addressed without disabling WebRTC altogether.

Rules.

 

Thanks WildByDesign for your effort and info about the workaround!

Also, I noticed Chrome tried to connect to stun.services.mozilla.com:3478

 

My pleasure, Yuki. I am a firm believer in giving the user granular control over options for users who are more advanced. And WebRTC is something that I strongly believe should have a way to disable it, whether in chrome://flags or elsewhere.

Correct, in that particular test from OP that site is specifically telling Chromium browsers to utilize Mozilla's STUN server for bypass to get IP.

Code:

        //firefox already has a default stun server in about:config
        //    media.peerconnection.default_iceservers =
        //    [{"url": "stun:stun.services.mozilla.com"}]
        var servers = undefined;

        //add same stun server for chrome
        if(useWebKit)
            servers = {iceServers: [{urls: "stun:stun.services.mozilla.com"}]};

 

Hi Mister B

Sorry for the Newbie query:

By Script blocking in FF do you mean something like No Script? I use it but accd to : http://ipleak.net/ there is still a Web RTC leak but this test: https://diafygi.github.io/webrtc-ips/ shows its blocked.... BTW disabling Javascript in Chrome did block WebRTC.

What script blocker did you use on Chrome w/o disabling Javascript but that blocks WebRTC?

 

@Darkblade

For Firefox.
See screenshot and instructions on how to disable WebRTC in this article: http://www.ghacks.net/2015/01/27/si...cal-ip-address-in-browsers-supporting-webrtc/

 

I don't use Chrome at all but I have been testing the new Chromium based Opera with a script blocker that is available for Chrome called simply Script Blocker. I've found it to be acceptable but not as good as Noscript or Scriptkeeper for the older Opera Presto.

I've posted quite a bit about javascript. I see it as one of the biggest security issue these days and a script blocker that whitelists is an essential item these days if you care about privacy and security. WebRTC, from the tests I've done, can't function at all without scripting.

 

This is strange.
I am on Chrome (current Stable) and made a couple of tests, always conencted with VPN.
Ipleak.net showed by IP leaking. I did disable all scripts with uMatrix on Ipleak.net and the WebRTC leak was gone (actually I think because Ipleak could not run the script itself).

Then I went to https://diafygi.github.io/webrtc-ips/ and tested again. WebRTC leak was there.
But the problem was that uMatrix did not detect any javascript, so I could not block it.
So, I disabled Javascript from Settings. Run the test again.
Then, it was not consistent. Refreshing the page showed leaking and not leaking. Strange.

 

New here - 1st post. I haven't searched Wilder for info on Cyberfox, but I'm trying it and it seems pretty secure, https://www.browserleaks.com report : http://imgur.com/JKQMgsj

I'm trying Cyberfox. Have been using Chrome but it's such a resource hog!

 

Is there still no way to block WebRTC on Chrome?

 

If you are concerned about WebRTC leaking your IP address you can use uBlock Origin to block it. For other purposes I don't know any other extension.

 

uBlock Origin doesn't block WebRTC on Chrome, I think it's due to technical limitations in Chrome.

 

Hm I didn't know that. All IP leak tests that are using WebRTC fail when that option in uBlock Origin is enabled and work OK when it's not. It might be efficient only when it comes to IP leaks?

 

I tried it with Chrome, real IP visible even if "Block WebRTC" is enabled. No problems with Firefox, hm.

 

I have just recently switched from: WebRTC Block
(https://chrome.google.com/webstore/detail/webrtc-block/nphkkbaidamjmhfanlpblblcadhfbkdm?hl=en)

To: WebRTC Network Limiter (developed by Google)
(https://chrome.google.com/webstore/...ia?utm_source=chrome-app-launcher-info-dialog)


As I understand it, both extensions achieve very much the same goals. However, I don't think that blocking WebRTC in Chrome is nearly as thorough as it is in Firefox.

 

I just tried this: https://diafygi.github.io/webrtc-ips/ on my WIN 7, IE11 build and all addresses were blank. Suspect Eset's Smart Security IDS blocks any local IP address leakage. Or IE's physical address block protection really works.

 

I doubt IE11 supports WebRTC. Microsoft was developing their own competing version of WebRTC, thought I think they caved and are supporting it in Edge, maybe not.

Regarding Chrome, the WebRTC Network Limiter extension works successfully.