Websites can use WebRTC to determine your local IP address

Discussion in 'privacy problems' started by mvario, Jan 27, 2015.

  1. mvario

    mvario Registered Member

    Joined:
    Sep 16, 2008
    Posts:
    339
    Location:
    Haddonfield, IL
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    I don't get it, can't all websites allready see your IP address? Or is this only interesting for people who use VPN's?
     
  3. mvario

    mvario Registered Member

    Joined:
    Sep 16, 2008
    Posts:
    339
    Location:
    Haddonfield, IL
    Correct, it is pretty much an issue for users masking their IP address via a VPN, Tor, etc., though as pointed out, it can also be utilized for tracking if the tracking entity set ups a stun server.

    More Details
     
  4. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    Thanks for the info.
    It's a shame Chrome removed --disable-webrtc flag from desktop verion.
     
  5. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,147
    Location:
    UK
    Oh this is getting ridiculous.

    They're not browsers anymore, they're cuckoos.
     
  6. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    I just check TOR Browser bundle's about:config media.peerconnection.false is the default setting.
     
    Last edited: Jan 28, 2015
  7. mvario

    mvario Registered Member

    Joined:
    Sep 16, 2008
    Posts:
    339
    Location:
    Haddonfield, IL
    Something to keep an eye on, The default was false until, I believe FFv34 (whenever they introduced Hello Firefox), and the Tor bundle is using the ESR which I believe is FFv31.
     
  8. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,237
    The demo link does not show any IP adresses for me. I've tried it in both TheWorld (based on Chrome) and IE.
     
  9. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
  10. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,591
    Running a linux system with VPN leaves a user EXEMPT from this attack! Do I miss Windows, nope!

    Edit: my original post did not indicate linux WITH VPN employed.


    Questioning your setup:
    try it out for yourself at: https://diafygi.github.io/webrtc-ips/
     
    Last edited: Jan 31, 2015
  11. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Let's not turn this into a Linux vs Windows thread. For practical purposes, most of us can't run Linux (IE Gaming). Linux has it's own issues, bugs, stability, and vulnerabilities.
     
  12. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,591
    Not trying to be argumentative or rudely comparitive. I am lucky enough to be able to use Linux for almost everything I need when surfing through security and privacy interest sites. I keep a few Windows VMs around for the exceptions. I am an old DOS and code guy so I find linux to be much easier to control.

    I do still run 7 pro on some family machines, but I leave those for the "family" to use.
     
  13. mvario

    mvario Registered Member

    Joined:
    Sep 16, 2008
    Posts:
    339
    Location:
    Haddonfield, IL
    You mean getting around a VPN? I'm not using a VPN, but with FFv35, on Linux, my IP is shown as long as I have media.peerconnection.enabled set to true.
     
  14. guest

    guest Guest

    I can't find such value in Pale Moon. But in Cyberfox it is defaulted to "TRUE". :(

    EDIT: Disallowing javascript makes the IP addresses to be not visible. o_O
     
  15. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    974
    Pale Moon doesn't support WebRTC. :thumb:
     
  16. guest

    guest Guest

    My love is shared once more. :D
     
  17. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
  18. mvario

    mvario Registered Member

    Joined:
    Sep 16, 2008
    Posts:
    339
    Location:
    Haddonfield, IL
  19. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ mvario

    Thanx, yes i forgot that !
     
  20. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,591
    Yep, I edited my original post. I was referring to a linux OS using a VPN. If you are on linux straight through your IP will show because that is what is being used (as opposed to the VPN IP in my example).
     
  21. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    My routers are running Linux firmware. All of my clients are either Windows or dedicated media devices. The only machines that use Firefox are on my real IP but I still don't want Adblock Plus and Ghostery bypassed.
     
  22. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
    Thanks, disabled it.

    Now, are there any disadvantages to the advantage of having it disabled?
     
  23. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    731
    I think one of my Firefox browser addons switched it off... thanks for the info nonetheless!
     
  24. mvario

    mvario Registered Member

    Joined:
    Sep 16, 2008
    Posts:
    339
    Location:
    Haddonfield, IL
    The only things that I am aware of (and others, correct me if I'm wrong) that use it at the moment are Firefox Hello, the peer-to-peer voice/video application that comes with the latest couple of versions of Firefox, and I believe recently that Facebook video chat is also using WebRTC. So if you use those then disabling WebRTC will break them. But if you do need to use either of them, you can re-enable it quickly.
     
  25. guest

    guest Guest

    Sounds like a pointless feature that is dependent on WebRTC. :rolleyes:

     
Loading...