One Leak Will Sink A Ship: WebRTC IP Address Leaks
Nasser Mohammed Al-Fannah
TL;DR
This paper investigates how WebRTC API causes IP address leaks in browsers, even when VPNs are used, posing privacy risks and highlighting the importance of careful browser and VPN choices.
Contribution
It provides an empirical analysis of IP leaks across browsers and VPNs and proposes countermeasures to mitigate this privacy issue.
Findings
Most browsers leak at least one client IP address.
VPN and browser choices significantly affect leak severity.
Countermeasures can reduce IP address leaks.
Abstract
The introduction of the WebRTC API to modern browsers has brought about a new threat to user privacy. This API causes a range of client IP addresses to become available to a visited website via JavaScript even if a VPN is in use. This a potentially serious problem for users utilizing VPN services for anonymity. In order to better understand the magnitude of this issue, we tested widely used browsers and VPN services to discover which client IP addresses can be revealed and in what circumstances. In most cases, at least one of the client addresses is leaked. The number and type of leaked IP addresses are affected by the choices of browser and VPN service, meaning that privacy-sensitive users should choose their browser and their VPN provider with care. We conclude by proposing countermeasures which can be used to help mitigate this issue.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.