REVscene Automotive Forum - Websites can now use WebRTC to determine your local IP address

Quote:

Originally Posted by punkwax (Post 8593157)

So all the girls in the ads really are from Surrey!?!? :ahwow:

:troll:

That has nothing to do with WebRTC.

EDIT:

Quote:

Originally Posted by thumper (Post 8593098)

so this happened recently:

https://www.reddit.com/r/VPN/comment...etermine_your/

is this something i should be worried about for security and privacy issues?

I just followed your instruction and installed the Chrome extension (WebRTC Block) on my browser, and IT DOES NOT WORK!

I did a WebRTC test while running PIA VPN using a link provided by one of the comments on Reddit: https://diafygi.github.io/webrtc-ips/

My External IP address, Internal IP address (LAN IP Address), VPN IP address, TAP Server IP Address are ALL EXPOSED!

This is a MAJOR SECURITY LEAK!!!

Info blurred cause it's actually my real IP's.

EDIT2: Just did another WebRTC test with a link provided by WebRTC Block (https://www.browserleaks.com/webrtc). For this test, it says WebRTC is disabled on my browser, but I believe their test is faulty as I am still leaking mad with this link (https://diafygi.github.io/webrtc-ips/).

EDIT3: Apparently this security leak ONLY AFFECTS WINDOWS USERS. OSX, and Android users are safe.

EDIT4: SOLUTION: For Chrome users on WINDOWS, install Scriptsafe (https://chrome.google.com/webstore/d...hbdbdgdf?hl=en) to block WebRTC requests. This was intentionally put in by Google, without an official method to disable it.

EDIT5: I'm switching to Waterfox (has a built-in feature to disable it). The fact that Chrome doesn't have an official way to disable it troubles me. It's not ONLY the VPN address that's leaking. All of my IP addresses are leaking, if shit hits the fan, they can trace directly to my desktop computer that I am using.
EDIT6: Without ScriptSafe extension installed on Chrome, it also leaks on Chromebook as well.