WebRTC in Firefox and Chrome Reveals IPs Behind VPN

Tookeri

Security enthusiast
Guru
VIP
Local time
2:28 PM
Messages
1,049
The implementation of WebRTC (Web Real-Time Communication) in Google Chrome and Mozilla Firefox allows viewing both the public IP address and the internal one, even if the connection is routed through a VPN server.
WebRTC is an open-source project that provides simple APIs to enable communication (voice calling, video chat, and P2P file sharing) via web apps straight from the browser via a standard set of protocols.

It is currently supported by Chrome, Firefox and Opera web browsers and it also works on mobile platforms Android and iOS.
WebRTC in Firefox and Chrome Reveals IPs Behind VPN - Softpedia


Even without using a VPN the WebRTC technology can be used to track you easier through your local IP address ie 192.168.X.X
More info: Sites may detect the local IP address in browsers supporting WebRTC - gHacks Tech News
 

My Computer My Computer

At a glance

Windows 7 Pro 32Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz4,00 GB (Usable 2,98)NVIDIA NVS 5100M
Computer type
Laptop
Computer Manufacturer/Model Number
HP Elitebook 8540p
OS
Windows 7 Pro 32
CPU
Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz
Motherboard
Hewlett-Packard 1521
Memory
4,00 GB (Usable 2,98)
Graphics Card(s)
NVIDIA NVS 5100M
Sound Card
NVIDIA High Definition Audio
Screen Resolution
1600x900
Hard Drives
INTEL SSDSA2CW120G3
Antivirus
F-Secure Internet Security
Browser
IE, Firefox, Opera
Other Info
Sandboxie,
SRP (Software Restriction Policy),
EMET (Enhanced Mitigation Experience Toolkit),
WFC (Windows Firewall Control by BiniSoft),
Malwarebytes Premium
Bloatware is notorious for causing problems.

Why do browser developers think that adding more unnecessary stuff is better than fixing existing broken features?
Is it because adding new stuff is easier than debugging existing code?
 

My Computer My Computer

At a glance

W7 Ultimate SP1, LM19.2 MATE, W10 Home 1703, ...AMD Phenom II x6 1100T, 3.3 GHz12GB DDR3 1333 G-Skill (4GB x 2), G-Skill (2G...NVIDIA GeForce GTX 660
Computer type
PC/Desktop
Computer Manufacturer/Model Number
n/a
OS
W7 Ultimate SP1, LM19.2 MATE, W10 Home 1703, W10 Pro 1703 VM, #All 64 bit
CPU
AMD Phenom II x6 1100T, 3.3 GHz
Motherboard
ASUS M4A88T-M/USB3 (AM3)
Memory
12GB DDR3 1333 G-Skill (4GB x 2), G-Skill (2GB x 2)
Graphics Card(s)
NVIDIA GeForce GTX 660
Sound Card
Realtek?
Monitor(s) Displays
Samsung S23B350
Screen Resolution
1920x1080
Hard Drives
WD Green 2TB (SATA), WD Green 3TB (SATA), WD Blue 4TB (SATA), WD Blue 6TB (SATA)
PSU
Cooler Master
Case
Antec GX300 Tower
Cooling
3x Antec TRICOOL 120mm Fans
Mouse
Wired Optical
Internet Speed
DSL
Antivirus
Avast
Browser
Pale Moon (64 bit)
Other Info
2018-12-27 Upgraded HDDs
2015-12-10 Upgraded case, graphics card, storage
2015-08-15 Upgraded motherboard & RAM
2015-07-15 Upgraded LM17.1 to LM17.2
Not sure what you think is bloatware in this, the browsers? Anyway, WebRTC can easily be disabled as described in the links.

Regarding debugging I didn't like reading this, so WebRTC is a no no for me even though I don't allow firewall UDP calls for my browsers:
Researcher Daniel Roesler explains that WebRTC in the two web browsers is configured so that it allows IP address requests to be made to a STUN (Session Traversal Utilities for Nat) server.

A STUN server is contacted via UDP and it allows a client behind a firewall to communicate to a VoIP provider outside the local network. It identifies the gateway IP, as well as the internal one assigned to the client in order to establish direct traffic exchange with it.

The results of the requests are available to JavaScript, but because they are made outside the normal XML/HTTP request procedure, they are not visible in the developer console.
 

My Computer My Computer

At a glance

Windows 7 Pro 32Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz4,00 GB (Usable 2,98)NVIDIA NVS 5100M
Computer type
Laptop
Computer Manufacturer/Model Number
HP Elitebook 8540p
OS
Windows 7 Pro 32
CPU
Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz
Motherboard
Hewlett-Packard 1521
Memory
4,00 GB (Usable 2,98)
Graphics Card(s)
NVIDIA NVS 5100M
Sound Card
NVIDIA High Definition Audio
Screen Resolution
1600x900
Hard Drives
INTEL SSDSA2CW120G3
Antivirus
F-Secure Internet Security
Browser
IE, Firefox, Opera
Other Info
Sandboxie,
SRP (Software Restriction Policy),
EMET (Enhanced Mitigation Experience Toolkit),
WFC (Windows Firewall Control by BiniSoft),
Malwarebytes Premium
Thanks for the info. I use Firefox and toggled this off.
 

My Computer My Computer

At a glance

Windows 7 Home Premium x64
OS
Windows 7 Home Premium x64
I forgot to add although it was mentioned in the quote:

If you use Firefox or a Chromium based browser(Chrome, Opera) on your smartphone, you might want to check WebRTC there too.
 

My Computer My Computer

At a glance

Windows 7 Pro 32Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz4,00 GB (Usable 2,98)NVIDIA NVS 5100M
Computer type
Laptop
Computer Manufacturer/Model Number
HP Elitebook 8540p
OS
Windows 7 Pro 32
CPU
Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz
Motherboard
Hewlett-Packard 1521
Memory
4,00 GB (Usable 2,98)
Graphics Card(s)
NVIDIA NVS 5100M
Sound Card
NVIDIA High Definition Audio
Screen Resolution
1600x900
Hard Drives
INTEL SSDSA2CW120G3
Antivirus
F-Secure Internet Security
Browser
IE, Firefox, Opera
Other Info
Sandboxie,
SRP (Software Restriction Policy),
EMET (Enhanced Mitigation Experience Toolkit),
WFC (Windows Firewall Control by BiniSoft),
Malwarebytes Premium
Unnecessary Software/Code

Not sure what you think is bloatware in this, the browsers? Anyway, WebRTC can easily be disabled as described in the links.
Perhaps I should have said "bloatcode". :)

My definition of bloatware is, unnecessary software added to a program or OS.

It often:

  • Interferes with the operation of the software that it is added to
  • Causes security problems
This WebRTC feature was recently added to Firefox (in version 34) and it causes security issues.
This is a new real-time communication feature of Firefox using WebRTC. It enables you to communicate with friends, family and colleagues using the browser and nothing else.
ghacks.net
Firefox 34 Find out what is new - gHacks Tech News
 

My Computer My Computer

At a glance

W7 Ultimate SP1, LM19.2 MATE, W10 Home 1703, ...AMD Phenom II x6 1100T, 3.3 GHz12GB DDR3 1333 G-Skill (4GB x 2), G-Skill (2G...NVIDIA GeForce GTX 660
Computer type
PC/Desktop
Computer Manufacturer/Model Number
n/a
OS
W7 Ultimate SP1, LM19.2 MATE, W10 Home 1703, W10 Pro 1703 VM, #All 64 bit
CPU
AMD Phenom II x6 1100T, 3.3 GHz
Motherboard
ASUS M4A88T-M/USB3 (AM3)
Memory
12GB DDR3 1333 G-Skill (4GB x 2), G-Skill (2GB x 2)
Graphics Card(s)
NVIDIA GeForce GTX 660
Sound Card
Realtek?
Monitor(s) Displays
Samsung S23B350
Screen Resolution
1920x1080
Hard Drives
WD Green 2TB (SATA), WD Green 3TB (SATA), WD Blue 4TB (SATA), WD Blue 6TB (SATA)
PSU
Cooler Master
Case
Antec GX300 Tower
Cooling
3x Antec TRICOOL 120mm Fans
Mouse
Wired Optical
Internet Speed
DSL
Antivirus
Avast
Browser
Pale Moon (64 bit)
Other Info
2018-12-27 Upgraded HDDs
2015-12-10 Upgraded case, graphics card, storage
2015-08-15 Upgraded motherboard & RAM
2015-07-15 Upgraded LM17.1 to LM17.2
Ok, then I understand.... and agree :)

This is one of the downsides of keeping a browser up to date. Besides patching security holes it also brings new (and sometimes unwanted) functionality that in turn brings new security issues. And so on...
 

My Computer My Computer

At a glance

Windows 7 Pro 32Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz4,00 GB (Usable 2,98)NVIDIA NVS 5100M
Computer type
Laptop
Computer Manufacturer/Model Number
HP Elitebook 8540p
OS
Windows 7 Pro 32
CPU
Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz
Motherboard
Hewlett-Packard 1521
Memory
4,00 GB (Usable 2,98)
Graphics Card(s)
NVIDIA NVS 5100M
Sound Card
NVIDIA High Definition Audio
Screen Resolution
1600x900
Hard Drives
INTEL SSDSA2CW120G3
Antivirus
F-Secure Internet Security
Browser
IE, Firefox, Opera
Other Info
Sandboxie,
SRP (Software Restriction Policy),
EMET (Enhanced Mitigation Experience Toolkit),
WFC (Windows Firewall Control by BiniSoft),
Malwarebytes Premium
Personally I block any tracking if I can.

WebRTC
 

My Computer My Computer

At a glance

Microsoft Windows 7 Home Premium 64-bit 7601 ...AMD C-60 APU with Radeon(tm) HD Graphics4.00 GBAMD Radeon HD 6290 Graphics
Computer type
Laptop
Computer Manufacturer/Model Number
ASUS
OS
Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
CPU
AMD C-60 APU with Radeon(tm) HD Graphics
Motherboard
ASUSTeK COMPUTER INC. X501U
Memory
4.00 GB
Graphics Card(s)
AMD Radeon HD 6290 Graphics
Sound Card
(1) AMD High Definition Audio Device (2) Realtek High Defi
Screen Resolution
1366 x 768 x 32 bits (4294967296 colors) @ 60 Hz
Hard Drives
Hitachi HTS545050A7E380 SATA Disk Device
Antivirus
Comodo CIS & FW, SecureAplus App Whitelisting, Threatfire
Browser
Cyberfox 64bit, Opera 64bit, Airfox
Other Info
Spy-The-Spy, HitmanPro.Alert, Norton Connect Safe, MJRegWatcher, BitDefender TrafficLight, Voodoo Shield, Zemana AntiMalware
Ok, then I understand.... and agree :)

This is one of the downsides of keeping a browser up to date. Besides patching security holes it also brings new (and sometimes unwanted) functionality that in turn brings new security issues. And so on...
It's only going to get worse if we have to switch to a "Cloud OS". :eek:

Smart Phones are a perfect example of this issue.
My friend had to get a new phone, so he got some sort of Android-based Smart Phone.
He tried out some of the Apps that were on it and then he updated it.
After the phone had been updated, the App he was most impressed with had been converted into "junk".
 

My Computer My Computer

At a glance

W7 Ultimate SP1, LM19.2 MATE, W10 Home 1703, ...AMD Phenom II x6 1100T, 3.3 GHz12GB DDR3 1333 G-Skill (4GB x 2), G-Skill (2G...NVIDIA GeForce GTX 660
Computer type
PC/Desktop
Computer Manufacturer/Model Number
n/a
OS
W7 Ultimate SP1, LM19.2 MATE, W10 Home 1703, W10 Pro 1703 VM, #All 64 bit
CPU
AMD Phenom II x6 1100T, 3.3 GHz
Motherboard
ASUS M4A88T-M/USB3 (AM3)
Memory
12GB DDR3 1333 G-Skill (4GB x 2), G-Skill (2GB x 2)
Graphics Card(s)
NVIDIA GeForce GTX 660
Sound Card
Realtek?
Monitor(s) Displays
Samsung S23B350
Screen Resolution
1920x1080
Hard Drives
WD Green 2TB (SATA), WD Green 3TB (SATA), WD Blue 4TB (SATA), WD Blue 6TB (SATA)
PSU
Cooler Master
Case
Antec GX300 Tower
Cooling
3x Antec TRICOOL 120mm Fans
Mouse
Wired Optical
Internet Speed
DSL
Antivirus
Avast
Browser
Pale Moon (64 bit)
Other Info
2018-12-27 Upgraded HDDs
2015-12-10 Upgraded case, graphics card, storage
2015-08-15 Upgraded motherboard & RAM
2015-07-15 Upgraded LM17.1 to LM17.2
The Local IP? Really? What use is that, as pretty much Everyone's Local IP will be 192.168.0/1/100.##

Oh. The demo the article links to gives me three IP addresses (Local network and a tunnel for private IP addresses), and the Public doesn't change when I enable Zenmate (but does on other ip tracking websites).

If Netflix implements this I, and 75% of Canadian subscribers, will cancel our memberships.
 

My Computer My Computer

At a glance

Windows 8 Pro (32-bit)1.83GHz Intel Core Duo2GB 667MHz DDR2 SDRAM (PC2-5300) (upgrade)ATI Radeon X1600 with 128MB GDDR3 memory
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Apple 17" iMac MA199LL (Early 2006)
OS
Windows 8 Pro (32-bit)
CPU
1.83GHz Intel Core Duo
Memory
2GB 667MHz DDR2 SDRAM (PC2-5300) (upgrade)
Graphics Card(s)
ATI Radeon X1600 with 128MB GDDR3 memory
Monitor(s) Displays
17-inch TFT active-matrix LCD, millions of colors
Screen Resolution
1440 x 900
Hard Drives
Hitachi 320GB HDT721032SLA360 7200RPM SATA II (upgrade)
Keyboard
Microsoft Wired Keyboard 600
Mouse
Microsoft Basic Optical Mouse v2.0
Internet Speed
4 Mbps
Antivirus
Microsoft Security Essentials
Browser
Google Chrome
Other Info
WEI:
Base Score: 3.9 Processor: 4.4 Memory 4.7
Graphics: 3.9 Gaming Graphics: 4.1 Primary HD: 5.9
Well, I use static local IPs so that way it's easier to track me with WebRTC. I don't use a VPN now but I change my public IP in the router at least once a week to make it more difficult to track me. Even with a new public IP it's easier to track me if I have the same local IP, browser & version, plugins, screen resolution, OS, and whatever can be used to track me. With all those variables combined I'm not that unique anymore.

If you don't allow JavaScript then several of these variables aren't available for web sites, but on the other hand it could make you more unique since most users run with standard browser settings which allows JavaScript globally.

I guess the thing is to try and not have any unique settings which is not easy if you're a "tweaker".
What have you guys done to try and limit how web sites can track and identify you? Apart from using VPN I mean. Please share your experience. And remember the forum rules - no talk about ad blocking.
 

My Computer My Computer

At a glance

Windows 7 Pro 32Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz4,00 GB (Usable 2,98)NVIDIA NVS 5100M
Computer type
Laptop
Computer Manufacturer/Model Number
HP Elitebook 8540p
OS
Windows 7 Pro 32
CPU
Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz
Motherboard
Hewlett-Packard 1521
Memory
4,00 GB (Usable 2,98)
Graphics Card(s)
NVIDIA NVS 5100M
Sound Card
NVIDIA High Definition Audio
Screen Resolution
1600x900
Hard Drives
INTEL SSDSA2CW120G3
Antivirus
F-Secure Internet Security
Browser
IE, Firefox, Opera
Other Info
Sandboxie,
SRP (Software Restriction Policy),
EMET (Enhanced Mitigation Experience Toolkit),
WFC (Windows Firewall Control by BiniSoft),
Malwarebytes Premium
Tracking issues

What have you guys done to try and limit how web sites can track and identify you? Apart from using VPN I mean. Please share your experience. And remember the forum rules - no talk about ad blocking.

Well there's interesting reading material here:

https://addons.mozilla.org/en-US/firefox/addon/http-useragent-cleaner/ - this type of add on needs to be selectively enabled/ disabled but can be done by clicking on the add on icon and scrolling down. Works with Etags.

https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/

https://addons.mozilla.org/en-US/firefox/addon/foundstone-html5-local-storage/

https://addons.mozilla.org/en-US/firefox/addon/immunity/?src=search

https://github.com/diegocr/CleanLinks

Edit: Forgot this one: https://www.dephormation.org.uk/index.php?page=81
 
Last edited:

My Computer My Computer

At a glance

Microsoft Windows 7 Home Premium 64-bit 7601 ...AMD C-60 APU with Radeon(tm) HD Graphics4.00 GBAMD Radeon HD 6290 Graphics
Computer type
Laptop
Computer Manufacturer/Model Number
ASUS
OS
Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
CPU
AMD C-60 APU with Radeon(tm) HD Graphics
Motherboard
ASUSTeK COMPUTER INC. X501U
Memory
4.00 GB
Graphics Card(s)
AMD Radeon HD 6290 Graphics
Sound Card
(1) AMD High Definition Audio Device (2) Realtek High Defi
Screen Resolution
1366 x 768 x 32 bits (4294967296 colors) @ 60 Hz
Hard Drives
Hitachi HTS545050A7E380 SATA Disk Device
Antivirus
Comodo CIS & FW, SecureAplus App Whitelisting, Threatfire
Browser
Cyberfox 64bit, Opera 64bit, Airfox
Other Info
Spy-The-Spy, HitmanPro.Alert, Norton Connect Safe, MJRegWatcher, BitDefender TrafficLight, Voodoo Shield, Zemana AntiMalware
Indeed some interesting reading, thanks for the tip :)
 

My Computer My Computer

At a glance

Windows 7 Pro 32Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz4,00 GB (Usable 2,98)NVIDIA NVS 5100M
Computer type
Laptop
Computer Manufacturer/Model Number
HP Elitebook 8540p
OS
Windows 7 Pro 32
CPU
Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz
Motherboard
Hewlett-Packard 1521
Memory
4,00 GB (Usable 2,98)
Graphics Card(s)
NVIDIA NVS 5100M
Sound Card
NVIDIA High Definition Audio
Screen Resolution
1600x900
Hard Drives
INTEL SSDSA2CW120G3
Antivirus
F-Secure Internet Security
Browser
IE, Firefox, Opera
Other Info
Sandboxie,
SRP (Software Restriction Policy),
EMET (Enhanced Mitigation Experience Toolkit),
WFC (Windows Firewall Control by BiniSoft),
Malwarebytes Premium

My Computer My Computer

At a glance

Microsoft Windows 7 Home Premium 64-bit 7601 ...AMD C-60 APU with Radeon(tm) HD Graphics4.00 GBAMD Radeon HD 6290 Graphics
Computer type
Laptop
Computer Manufacturer/Model Number
ASUS
OS
Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
CPU
AMD C-60 APU with Radeon(tm) HD Graphics
Motherboard
ASUSTeK COMPUTER INC. X501U
Memory
4.00 GB
Graphics Card(s)
AMD Radeon HD 6290 Graphics
Sound Card
(1) AMD High Definition Audio Device (2) Realtek High Defi
Screen Resolution
1366 x 768 x 32 bits (4294967296 colors) @ 60 Hz
Hard Drives
Hitachi HTS545050A7E380 SATA Disk Device
Antivirus
Comodo CIS & FW, SecureAplus App Whitelisting, Threatfire
Browser
Cyberfox 64bit, Opera 64bit, Airfox
Other Info
Spy-The-Spy, HitmanPro.Alert, Norton Connect Safe, MJRegWatcher, BitDefender TrafficLight, Voodoo Shield, Zemana AntiMalware
Back
Top