Jump to content
TorGuard
Sign in to follow this  
Insomniac

You are not anonymous

Rate this topic

Recommended Posts

Insomniac
WebRTC is a technology that allows for browser-to-browser interactions not previously possible with other standards.
A serious privacy issue has been found in WebRTC. This issue allows for websites see the local IP address of a user. This is a major concern as it allows for unique identification of users behind NATs, VPN, and potentially Tor. The proper browser extension disables or configures WebRTC to not use certain IP addresses like an ISP-provided address, when browsing through a VPN). You can test this here. https://diafygi.github.io/webrtc-ips/ Your local IP address should not appear.

Please patch your browsers.
 
Chromium:
WebRTC Network Limiter: Chrome Store
 
Firefox:
Disable WebRTC configures WebRTC to not use certain IP addresses like an ISP-provided address, when browsing through a VPN). You can simply disable WebRTC in Firefox:
  • Enter "about:config" in the URL bar
  • Find the key of "media.peerconnection.enabled"
  • Set the value to "false"

But it may reset after each update. Which is why I recommend installing Disable WebRTC

Disable Web RTC: Mozilla Store or https://addons.mozilla.org/en-US/firefox/addon/happy-bonobo-disable-webrtc/
 


Firefox mobile:
Disable Web RTChttps://addons.mozilla.org/en-US/android/

TorGuard should send emails to all clients about this vulnerability and add info on this to the set-up instructions.
  • Like 2

Share this post


Link to post
Share on other sites
Support

This was fixed long ago, there is already an option in our VPN software that disabled this.

 

Regards

Share this post


Link to post
Share on other sites
rein013

This was fixed long ago, there is already an option in our VPN software that disabled this.

 

Regards

chrome seems fixed but Firefox mobile latest release on android 7 shows my real IP as well as my VPN IP . after installing the patch for Firefox no IP are shown . so it would seem Firefox does leak our true IP ? running TG using stealth settings . please advise because if Firefox is leaking IP then how do we know if other apps are leaking ?

Share this post


Link to post
Share on other sites
Support

The current FF module is outdated, the new release is currently in approval process with Mozilla, once that’s approved it will be available to download through the Mozilla store.

 

Regards

Share this post


Link to post
Share on other sites
mee

I just up dated the software and ran the test. I had a leak. I downloaded the add-on and now its gone. It was not fixed a long time ago.

 

BOO

Share this post


Link to post
Share on other sites
Support

I just up dated the software and ran the test. I had a leak. I downloaded the add-on and now its gone. It was not fixed a long time ago.

 

BOO

 

Hi, yes this was fixed the day we knew of the issue - if you had a leak then you didn't have the option enabled - bare in mind a local LAN IP is not a leak.

 

Regards

Share this post


Link to post
Share on other sites
En3rgy

This was fixed a long time ago, i use torguard and never had any leaks.

Share this post


Link to post
Share on other sites
19807409

That's the result of openwrt+openvpn (where firefox, with our without proxy, it always delivers local address). Browsers do not have installed Plugins agains webrtc

rl8c5YA.png

 

 

But again, if your provider is hijacking your dns or any other way of manipulation on higher level, then it might be used as well to locate you from outside and bang, they got you.

 

However, consider internet as totaly insecure and all these VPN's and so on, they only protect your privacy, they do not make you secure against law enforcement in case of crime, because then other rules are applied on everybody involved.

Share this post


Link to post
Share on other sites
Ramz

Get you're facts right Insomniac.

Share this post


Link to post
Share on other sites
Simon

I'm experiencing a webrtc leak of my local IP address, verified through ipleak.net, while on Android. This occurs whether I use the TorGuard VPN client, the OpenVPN client, or the tunnel on my router. All other versions of Chrome on Windows are behaving. How can I stop this?

Share this post


Link to post
Share on other sites
TorGuard

I'm experiencing a webrtc leak of my local IP address, verified through ipleak.net, while on Android. This occurs whether I use the TorGuard VPN client, the OpenVPN client, or the tunnel on my router. All other versions of Chrome on Windows are behaving. How can I stop this?

 

Hi Simon,

 

From a quick search, it doesn't seem to be possible to disable webrtc in Chrome on Android, however you can use Firefox and disable webrtc by going to: about:config — then set the following setting: media.peerconnection.enabled to false.

Share this post


Link to post
Share on other sites
Simon

Hi Simon,

 

From a quick search, it doesn't seem to be possible to disable webrtc in Chrome on Android, however you can use Firefox and disable webrtc by going to: about:config — then set the following setting: media.peerconnection.enabled to false.

 

Thanks for the response.

 

This feels like an issue.  Even if I were to switch to Firefox for Android while on my phone, don't apps use Chrome as a base to do their work?  Does this make data from apps on my phone vulnerable to the same kind of leak as the Chrome browser is allowing?

Share this post


Link to post
Share on other sites
TorGuard

Thanks for the response.

 

This feels like an issue.  Even if I were to switch to Firefox for Android while on my phone, don't apps use Chrome as a base to do their work?  Does this make data from apps on my phone vulnerable to the same kind of leak as the Chrome browser is allowing?

 

I'd consider every application vulnerable on your phone, unless you have the source code to be able to determine what it does. Far as I am aware, webrtc is mostly only supported in browsers and some streaming platforms, but that doesn't mean no applications will use it. You can try messing with the flags and disable webrtc with "chrome://flags", however I was unable to stop leaks while testing. If you want to stop the webrtc leaks, I recommend using Firefox.

 

There is a good application called "Orbot", it was made by Tor Project; if you want to give that a go: https://www.torproject.org/docs/android.html

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...