Securing online privacy is important for every individual. However, the risks one should consider regarding privacy often come from unexpected places, some of which may even be unknown.
One such privacy risk that users are only recently starting to consider is WebRTC.
WebRTC (Web Real-Time Communication) is a technology used by web apps such as Google Hangouts and Facebook Messenger that can cause your public IP address to be exposed, or ‘leak,’ over the internet.
Your IP address can be used to find geographic location, track online activity or even target certain types of cyberattacks against your computer. Therefore, any online leak of IP can be risky.
Some may believe that with privacy tools in place, a WebRTC leak isn’t worrying. But, these IP leaks can happen even through VPNs, which many users rely on to protect their privacy and security online.
So, why does WebRTC exist, how does it work, and why it is such a serious privacy concern?
How Does WebRTC Work?
WebRTC works by forming a peer-to-peer connection between computers. What this means is that rather than web traffic passing through a server, which acts as a middleman for the exchange of data, it goes directly from a user's computer to the others. This connection is most commonly used for video calls as it allows high-quality audio and video to be sent quickly between two users.
To enable functionality like video calling, WebRTC also includes tools to allow web apps to access peripherals such as microphones and web cameras. If you have ever had a notification from your web browser saying that the website you’re on wants to use your webcam or microphone, the site was probably using WebRTC.
Why Does WebRTC Exist?
In the early days of the web, communication between devices and web servers was very limited. When a website was visited, the browser could only communicate with the web server that the website was stored on when you entered a new address into the address bar or clicked on a hyperlink.
This is all that static webpages require to function. But some developers realised there was potential for the web to be used in more engaging ways.
To make websites more dynamic and responsive, frameworks like Ajax were developed in the late ’90s, where browsers communicated with web servers in real time, allowing the creation of proper web apps that instantly responded to user actions. However, real-time communication was still restricted to channels between a web browser and a server.
In the past, communication between the web browsers of two different users was slow, as all traffic between them had to pass through the server in the middle. This introduced a significant delay. The delay wasn’t really an issue in things like direct messages. This was because differences of a few seconds between one user sending a message and another user receiving it did not really bother anyone. Services that allowed users to call each other or exchange live video were, however, impossible to implement without the server delay causing frustrating levels of connection lag.
WebRTC, an open source technology mostly developed by Google, was created to address a need for sending multimedia between two browsers in real time. Multimedia web apps like Discord, Google Hangouts, and Facebook Messenger, which require high-quality audio and video to be sent between users in real time, all require WebRTC to function.
Why WebRTC is a Privacy Concern?
WebRTC is a useful technology. But why are people alarmed by it? The reason for this is that WebRTC can potentially leak your IP (Internet Protocol) address and make your online privacy vulnerable - even from behind security tools such as VPNs.
IP addresses consist of a string of numbers and are unique to every device that connects to the internet. They can be used to locate your geographic location, track your activity online or perform cyberattacks like DDoS (Distributed Denial of Service), which can take down your entire internet connection if you’re targeted. Many users are aware of the need to protect their IPs and have come to rely on their VPNs for this purpose.
VPNs (Virtual Private Networks) route web traffic through their servers, disguising the real IP address from the outside world. The websites that are accessed will instead see one of the VPN provider’s IP addresses, depending on the servers used. To use a VPN, an app is installed on the computer or mobile device, and then the VPN is switched on to secure online activity.
VPNs enable the secure communication of data across shared or public networks. But can they protect software like WebRTC? (Source: Digital Inspiration/Flickr)
The problem is, the VPN may not be able to protect the IP address over WebRTC connections. Since WebRTC doesn’t use the browser web connection directly but rather creates a new direct connection between your computer and the computer of the person who you want to talk with on Hangouts or Messenger, the VPN may not even realize that a new connection has been made and end up failing to protect it.
Is My Public IP Being Leaked?
If you’re wondering whether your public IP address is vulnerable to leaks right now, you can use tools like HMA!’s WebRTC leak checker to check if you are protected or not. Disabling WebRTC will stop your IP address from being exposed to leaks, but it does mean that you will be unable to use many of the most popular web apps.
Alternatively, you can use a VPN service with a built-in WebRTC leak blocker, which will allow you to prevent leaks without putting your online privacy at risk.
Some users may not feel concerned about their IP address being revealed online, as they feel they have nothing to hide and are unlikely to be targeted by cyberattacks. While this may be true, the implications of laying out your activity online to be freely tracked is still concerning.
There are many who benefit from tracking the online activities of normal users, whether marketers or government agencies, and even if you feel you have nothing to hide, you should be hesitant to provide this information to them freely.
Top Image: WebRTC is a software that enables real-time communication via programming interfaces. (Source: Flickr)