What is WebRTC and why it’s dangerous

Автор поста: VPNHOOK

webrtc

WebRTC which means “Web real-time communications” is a project and technology that allows browsers and other applications communicate with each other by means of peer-to-peer model. In other words, the browsers of two users interact with each other directly, avoiding any servers between. WebRTC is recommended by W3C and supported by all popular browsers such as Chrome, Firefox, and Opera.

 

On one hand, WebRTC is useful. It helps to implement voice and video calling like Skype by connecting two users directly. WebRTC utilizes modern audio and video codecs (G711, OPUS, VP8). Third party developers are free to build any apps on top of WebRTC. There are chats and other useful apps based on this technology.

 

However, WebRTC is a big headache for all those trying to achieve anonymity and safety while working in the Web. The main problem is that WebRTC easily reveals your real IP address, and it can’t be prevented by any proxies, VPN, Tor, or popular plugins like Ghostery. To establish audio or video connection via WebRTC, two computers need to exchange both public and local IP addresses. This procedure is implemented in such a straightforward way that a simple JavaScript code can request – and obtain – your IP very easily. The result is a serious breach in your system’s security which may be fixed only by complete disabling of WebRTC.

 

But there is more about WebRTC that makes it potentially dangerous. It increases browser recognizability which lets websites track individual users (so called fingerprints technology). The greater a browser differs from other browsers in its settings and behaviour, the higher its recognizability, or uniqueness. As a result, websites are able to identify users and track their Internet usage, with no cookies required.

 

WebRTC decreases effectiveness of virtual private networks (VPN) used by many for anonymity and safety purposes. WebRTC allows to obtain a user’s IP even if he or she works under a VPN or proxy. This is how you can test it out: while using a VPN, open Whoer.net in your browser. There is a special WebRTC parameter for determining your IP. As you can see, it is very easy to obtain.

 

How to disable WebRTC in your browser

 

Certainly, you should not panic and treat WebRTC as a sort of virus. But if you are very serious about your anonymity or safety, disabling WebRTC in your browser is one of the best recommendations you may get. Firefox has the easiest way to do it. Just open hidden browser setting by typing “about:config” in the address bar. Now find the parameter “media.peerconnection.enabled.” Disable it by switching to “false.”

 

Chrome. Things are a bit more complicated in this browser. WebRTC could be disabled by installing the plugin WebRTC Block. But it doesn’t function anymore.

 

That’s why, to achieve complete security, it is recommended to use Firefox where WebRTC deactivation is implemented on the browser level. You can additionally install the NoScript plugin which blocks all scripts execution (there is a Chrome version too). The same applies to Yandex.Browser which is based on Chromium and shares some Chrome code.

 

As for Opera, unfortunately, we don’t know any proven ways to disable WebRTC by means of the browser. It seems that the best advice is just to stop using all the Chrome-based browsers, as well as Opera.