WebRTC Leak Test

WebRTC is a real time communication platform that enables business houses to communicate amongst its peers in a fastest and easiest way. While using WebRTC there are chances to lose your privacy due to leak of your IP address via the VPN you are using. Do you know what these leaks are? Do you know how you can identify these leaks? Do you have any idea of how to prevent them? This post contains all solutions to all of these queries.

WebRTC is a rapidly growing Real Time Communication platform having wide range of products as well as solutions such as Video conferencing, video calling, audio calling, instant messaging, file sharing, etc. It doesn’t require any additional plug-ins to communicate, it enables direct and seamless communication directly provided both the users are connected to WebRTC.

Like every other applications it has a flip side too that user’s privacy is compromised in certain cases due to leakage of their IP address through the VPN they use. In 2015, it was found that remarkable number of users suffered “WebRTC Leak” whose IP address got leaked irrespective of their consent. Even a recent survey defines that astonishingly around 25% of the users have suffered a WebRTC leak that leads to loss of their personal information, payment details, search history etc.

WebRTC Test

WebRTC testing has many aspects in it. The fields you are focusing while going for a WebRTC testing will be different from those of others. Here are different ways, through which you can go for WebRTC testing. Such as –

1. P2P Testing: If you are are providing only peer-to-peer calls or 1:1 calls conducted without any intermediate media server then the testing becomes quite simple. ‘Scale and uptime of your signaling server,’ these two are the main concern areas in P2P testing, As the actual media isn’t touching your infrastructure except of your TURN(Traversal Using Relays around Net) servers, it would be easy to go for testing.

2. End –to-End WebRTC Testing: Ultimately the users are going to interact with your entire service for which you should focus on the end-to-end WebRTC testing. These test should be conducted in a way similar to that of how a real user interacts with your service. The following things should be considered in order to go for the same.

i. Manual Testing : Here you have to keep in mind about the locations , network conditions and the features of the device in which it is being used because these things affect the overall performance of WebRTC.
ii. User Testing: Here what you can do is a sample testing. It means you can release the product to a particular or limited number of users and record their view regarding the performance, then on the basis of those reviews or complains you can work upon. But it won’t be always effective for every product.
iii. Automated Testing: This can be done using Selenium or SaaS platforms. These platforms can cover up to 80% of the testing needs and you have to focus upon 20% of the scenario but in a productive way.

3. Mobile Testing: When you use your own application on your own device such as mobile or desktop, you own the responsibility of the implementation of WebRTC unlike the situation when you use a browser where it will be of someone else’s responsibility. You will have to modify, and update the WebRTC stack used. The main problem with this is, you have to spend more and more time in testing your mobile application also.

4. Media Server Testing: It is primarily done in order to test the behavior in different network conditions. Stress test can be done via synthetic traffic which is not originated from browsers. This will increase the scale of your test within very low cost. You can also use automated haedless browsers for the same get real scenarios in stress testing.

5. TURN Server Testing: It works by blocking certain types of traffics in order to make STUN operate poorly. This can be done by either changing the peer configuration or to configure the machines used to work in that certain manner. After this you don’t need to run extensive testing to it while outsourcing your TURN servers to a third- party service provider.

6. WebRTC Interoperability testing: It is quite tricky compared to other testing tools. Interoperability here indicates to take products, entities, or devices from different vendors and enable them speak with each other. It is again divided into two parts-

i. Service Interoperability: It means your service needs to perform perform well in front of the browsers. You have to make sure to keep pace with browser vendors.
ii. Browser Interoperability: It highlights the fact that how browsers communicate among each other. That is done by browser browser vendors with the help of KITE (an open source framework for interoperability testing).

7. Functional and Coverage Testing: Most of the testing tools available don’t focus on WebRTC exactly. If you are going to use a generic testing tool for WEbRTC testing then you may lose various functionalities required for WebRTC such as network condition, machine configuration, geographic spread etc. If you are going with WebRTC focused testing tool tool then you may lose other features as well as requirements you need to manage. That is why you have to use multiple tools to handle the full coverage of your desired application.

8. Fuzzing WebRTC: It creates slightly modified message so that the software that processes those messages will be confused or will be broke to create a backdoor for hackers.

WebRTC Leak

It refers to the susceptibility that leaks your IP address using a VPN. WebRTC uses the ICE protocol to identify your IP address. It also uses certain servers like STUN/TURN to see your IP address.

The Web browsers implements WebRTC in such a way that it allows them to send request to STUN/TURN servers, which will retain your local as well as public IP address. The worst thing is that the results are available in JavaScript making it easier for them to access. The requests are made outside the APIs that transfers data between the web browser and server. Because of which the requests can’t be seen in developer console.

The WebRTC leak is basically caused by a feature called “webrtc”. As WebRTC is a part of all of the common browsers and exposes your IP address. This feature is present there by default, but you should disable it to experience more secured browsing. Even VPN/Proxy applications can’t help you out with the WebRTC leak.

The best and suitable way to know whether you IP address is leaking, is to perform a WebRTC leak test. It will help you to figure out all your personal information being leaked through the WebRTC platform. The information also includes your device name, type, location, features, etc.

Why is the WebRTC Leak Dangerous?

Since the IP address is leaked it makes much easier for an outsider to spy on your system, track all your activities including search history. This again gives invitation to cyber criminals. All it takes is few JavaScripts to identify your IP address. It will not only access your private information s but also will restrict you from accessing geo-blocked contents.

Steps to Check WebRTC Leaks:

a. Make sure it is connected to a server and then Run your VPN.
b. Use the WebRTC Leak Test tools while connected to VPN.
c. If you get your real public IP address displayed in the result result page, then you have a WebRTC leak.

How to Prevent WebRTC Leaks?

In order to prevent WebRTC leak, you need to follow the followings -

1. Disable WebRTC:

You can simply disable WebRTC from your browsers to prevent the WebRTC leaks. Here are separate guides for different browsers-

a. FireFox: For Firefox uses its quite easy to disable WebRTC through these simple steps-

i. Start FireFox
ii. Type “ about:configuration” in the URL
iii. Click on the check box saying “I accept the risk”
iv. Type “media.peerconnections.enabled” in the search bar
v. Now look for “preference name” tab under the search bar
vi. Double click on the item displayed and change the value to “FlaseFalse”

b. Google Chrome on Android: If you are using Chrome on mobile then you can manually disable it by just copying the following URL in a chrome tab.

chrome://flags/#disable-webrtc

i. When the page is loaded just scroll down and search for “WebRTC STUN origin header” and disable it.
ii. You can also disable “WebRTC hardware video encoding” while not required.
iii. If you want to be extra safe you can also disable the “WebRTC hardware video decoding” option.

c. Brave: Since the Brave browsers is based on Chromium leak, it is also prone to WebRTC leaks. The following steps will help you to fix this easily.

i. Go to “Preferences”
ii. Click on “Shields”
iii. Look at right side for “ Fingerprinting Protection”
iv. In the drop down menu select “Block all fingerprinting”

If this doesn’t work for your device then you can try an alternative way to stop WebRTC leaks on Brave by heading to “Preferences>Security>WebRTC IP Handelling Policy” and then select “ Disable “non-proxied UDP.”

2. Use Add-ons and Extensions:

If there are cases where webRTC can’t be disabled from your browsers, then you have to use a third-party browser extensions and add-ons to fix it.

i. Google Chrome: In case of Chrome, you can use “uBlock” or “WebRTC Leak Prevention” to prevent WEbRTC Leak. You can also use them collectively.
ii. Opera: Here you can go for “WebRTC Leak Prevent add-on” to fix the problem once you install it you can go to the advanced optionand select “disable non-proxied UDP(forced proxy)”. Apart from these two you can also use uBlock.

3. Use a VPN Service having WebRTC Leak Protection:

There are certain VPN providers who can guarantee you with complete WebRTC Leak protection. Here you can ask for a free trial so that you will be assured about your data being secured and no leaks will occur further. Make sure you are not using any free VPN services if you are willing to avoid WebRTC Leak.

CONCLUSION

Since WebRTC is an open source platform using VPN, so there are maximum chances of your data being leaked. You can perform a WebRTC Leak Test in order to ensure your data is secured or not. Oditek Solutions will provide you with secured VPN ensuring your data being highly secured. There are certain browsers who are quite hostile in nature and can hold onto data from previously opened tabs. This means if you have an old tab open before connecting to the VPN, your real IP address can be collected in the form of cache by the browser. In such a case, the IP address will be retained there only even after you refresh risking your privacy.

Oditek Solutions will help you solve the problem by facilitating you to disable the WebRTC completely from the settings with the help of the provided VPN. This will ensure you are not exposed to any further privacy issues. Oditek Solutions also have a team of dedicated leak-proofing experts who persistently look into the new leak cases if any and instantly develop required fixes.