According to security researcher Paolo Stagno, who goes by the pseudonym VoidSec, some VPN solutions (that you may employ to access blocked websites or hide your real IP) are leaking your real IP address via a WebRTC bug. He recently audited more than 80 VPN service providers and found that close to 20 percent of them haven’t fixed the WebRTC leak.
The WebRTC leak, which is considered to one of the most critical flaws, was first discovered back in 2015 and has been ignored by browser makers for the past couple years. The same has, however, garnered limelight as the real IP address of the users can now be used to abuse their privacy.
For those unfamiliar with WebRTC, it is a free and open-source web standard for that allows a number of communication applications such as voice or video calling through browsers, eliminating the need for plugins or extensions, primarily Flash. WebRTC is supported by most major browsers and it doesn’t display any sort of pop-up or prompt to make you aware that it’s currently being used. So, it is possible for this technology to leak your real IP address without your consent.
According to VoidSec’s latest report, the VPN service providers are still not taking required measures to patch the vulnerability. It is, however, necessary to point out that most of the tested VPNs are free and only a couple of are actually popular. The VPN providers that have been found to be leaking the IP address of its users are:
BlackVPN
ChillGlobal (Chrome and Firefox Plugin)
CyrenVPN
Glype (Depends on the configuration)
hide-me.org
HideMyAss
Hola!VPN
Hola!VPN Chrome Extension
HTTP PROXY (in a browser that supports
WebRTC)
IBVPN Browser Addon
PHP Proxy
phx.piratebayproxy.co
PrivateTunnel
psiphon3 (not leaking if using L2TP/IP)
SmartHideProxy
SOCKS Proxy on browsers with Web RTC enabled
SumRando Web Proxy
TOR as PROXY on browsers with Web RTC enabled
Windscribe Add-ons (Browser Extension/Plugin)
You can check out if your VPN is leaking your real IP address right here. Now, if you want to prevent your IP address from leaking, the only option is to disable WebRTC in any and all of your browsers.
You can check active WebRTC connections by navigating to “chrome://webrtc-internals/” on Chromium-based browsers and “about:webrtc” on Firefox. It’s only Vivaldi that allows the users to disable the WebRTC broadcast under the privacy settings. Firefox users can also tinker around to cut access to their real IP address to websites until this vulnerability is fixed.
So, it is high time the browser makers, as well as VPN service providers, plug the vulnerabilities, and understand the implications of this leak especially for those internet users who are using them to protect lives in conflict nations.
No comments:
Post a Comment