Saturday, 18 January 2020

Computer/Network security and WebRTC

I was looking at security for my network set-up. Made aware that there is yet another security problem but this time with browsers. It is called WebRTC. Actually it is a process that provides browsers and mobiles with real-time capability and so supposedly 'enriching' the experience. Yeah, but it also comes with a problem. First of all, if users use a VPN it is possible that the 'real' IP address is leaked. Web browsers tend to implement WebRTC in such a way that it allows them to send requests to so-called STUN Servers which will return your local and public IP address. The requested results are available in Javascript, making them much more accessible. It is not the VPN  we are using but it is with the browser (Firefox, Chrome and a few more). It is called a Web leak. Can we do anything? Yes, we can. Most of us use Firefox and this allows us to stop WebRTC as most of us don't really need it. Type "about:config" in the Firefox address bar (without the apostrophes), scroll down and look for the entry - 'media.peerconnection.enabled' and change the value from true to false. This will stop the possible WebRTC leaks. To check whether your set-up does 'leak', do the following. Use the tools that are available - Browserleaks will check for WebRTC leaks with their leak test tool.
In the case of browsers where WebRTC can’t be disabled, you need to use third-party browser add-ons or extensions to solve the problem. If you use Chrome, download uBlock Origin or use the available Chrome extension. It is the same solution for Opera although use the Opera extension and not Chrome's. Or you can change to a VPN service like ExpressVPN that have a built-in rule. I must say - stay away from free VPN services. Why? Well, even if you do all the browser set-ups the data that you still provide will be used on a commercial basis and sold.
By the way - even mobiles (Android) suffer from this so do the same for your mobile!
Lastly, everyone ought to use a VPN (Virtual Private Network), and in doing so, hide your real IP address and even come from a different country. There can be some interesting quirks that if you do change to a 'foreign' server you can get replies and websites in their language. But I find generally speaking that this is rare. Have fun.

No comments:

Post a Comment