According to a VoidSec report, 23% of VPNs leak IP addresses via a WebRTC vulnerability.
Building a slide deck, pitch, or presentation? Here are the big takeaways:
- 23% of VPN providers leak user IP addresses through a WebRTC bug that's been around since 2015. — VoidSec, 2018
Despite their purported use to protect user anonymity while browsing the internet, 23% of VPN providers may actually leak user IP addresses, according to a security report from VoidSec.
Even worse is that the recorded IP addresses can be disclosed if a certain website already has a WebRTC connection established. Of the 83 VPN apps Stagno tested, 17 were found to be leaking information on the IP addresses, according to the report.
SEE: Network security policy (Tech Pro Research)
"This functionality could be also used to de-anonymize and trace users behind common privacy protection services such as: VPN, SOCKS Proxy, HTTP Proxy and in the past (TOR users)," Stagno wrote in the report.
Of the VPN providers tested, here are the ones that leaked IP addresses:
- BolehVPN (USA Only)
- ChillGlobal (Chrome and Firefox Plugin)
- Glype (Depends on the configuration)
- Hola!VPN Chrome Extension
- HTTP PROXY navigation in browser that support Web RTC
- IBVPN Browser Addon
- PHP Proxy
- psiphon3 (not leaking if using L2TP/IP)
- SOCKS Proxy on browsers with Web RTC enabled
- SumRando Web Proxy
- TOR as PROXY on browsers with Web RTC enabled
- Windscribe Addons
According to the post, Brave, Mozilla Firefox, Google Chrome, Google Chrome on Android, Samsung's browser, Opera, and Vivaldi all have WebRTC enabled by default, the report noted.
Of course, users can also clear their internet browser cache, history and cookies, and drop outgoing connections to also improve their privacy online.
- IT pro's guide to the evolution and impact of 5G technology (free PDF) (TechRepublic)
- Several privacy-busting bugs found in popular VPN services (ZDNet)
- Tor: The smart person's guide (TechRepublic)
- VPN services 2018: The ultimate guide to protecting your data on the internet (ZDNet)
- How to select a trustworthy VPN (TechRepublic)