Browser Security Hole May Allow Real IP Leak

Discussion in 'privacy problems' started by Phil McCrevis, Jan 30, 2015.

  1. Phil McCrevis

    Phil McCrevis Registered Member

    Joined:
    Mar 25, 2012
    Posts:
    97
    Location:
    US
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    This is an old topic on Wilders.

    And this is why prudent folk use gateways for VPNs, Tor, etc. There must be no path that bypasses the proxy. A browser is a pitiful sort of wall, no?
     
  3. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    108
    Hmmm..... So the quick fix now is to use browser that does not support WebRTC or if using Firefox, disable media.peerconnection.enabled.
    And long term solution to get VPN router.

    Those torguard routers look pretty expensive tough :eek: (https://torguard.net/store/)
    Maybe I just build my own from Raspberry Pi
     
  4. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    Tor Browser bundle which uses Firefox has media.peerconnection.enabled-disabled as default
     
  5. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    I find it useful to challenge words sometimes. When people refer to browsers, they somehow think of an elysian world of innocence and rendering of some markup.

    What we actually have is different, and really should not be called a browser. It is a sophisticated semi-dumb terminal on a central service which wants full cooperation & obedience from the client. The client is running effectively a little virtual machine which will run uncontrolled programs delivered by untrusted parties, which includes various forms of local storage. It allows communication with the real host through plugins and stuff built into the "browser" itself. And all that is by design, let alone security vulnerabilities - which are worsened by the level of functionality delivered by the browser and the plugins that people install/accept.

    And then the "browsers" are delivered to you, all for "free" by beneficent corporations.

    And you expect security and privacy?!
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Well, that's why we put them in VMs :)

    So far, anyway, corporations don't seem to be breaking out of VMs.

    But maybe it will end badly. Hard to say :oops:
     
  7. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    For 90% or my usage, Lynx is enough. Actually IF so many website's didn't employ such g*rb**e, I could live with pure text browser + simple image viewer. Can't I watch movie? Ah, okay, tho it's NOT NECESSARY add a quite simple streaming player w/out any r*b*is*h. All are done. lol
     
  8. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,950
    Location:
    USA
    I just learned about this vulnerability yesterday, and indeed it leaks my real IP address. Just a few lines of code does this. I went into the about:config in FF, and changed mediapeerconnection to false. That fixes the problem until they release an update. Using no script also prevents the leak. You can check to see if you are vulnerable by visiting this page https://diafygi.github.io/webrtc-ips/
     
Loading...