A browser vulnerability where WebRTC (used for video calls and peer-to-peer communication) reveals your real IP address even when using a VPN, because WebRTC can access your network interfaces directly.

What is WebRTC Leak? | Privacy Glossary

WebRTC is a powerful technology that enables browser-based video calls without plugins. But that power comes with a privacy cost: it can expose your real IP address even when you're using a VPN.

How WebRTC Leaks Work

WebRTC needs to discover your network interfaces to establish peer connections:

Browser uses STUN servers to discover IPs
Discovers both local and public IPs
This bypasses VPN/proxy settings
JavaScript on any page can access these IPs
Your real IP is exposed

What Gets Leaked

Public IP

Your real internet IP
Even when connected to VPN
Geographic location revealed

Local IPs

192.168.x.x, 10.x.x.x addresses
Reveals network structure
Can help identify you

Testing for WebRTC Leaks

Quick Test

Connect to your VPN
Visit browserleaks.com/webrtc
Check if real IP appears

What You Should See

Only VPN's IP address
Or no IPs at all
No local network IPs

Preventing WebRTC Leaks

Browser Settings

Firefox:

about:config → media.peerconnection.enabled → false

Brave:

Settings → Privacy → "Prevent WebRTC leaks" → enabled

Safari:

Generally safe (limited WebRTC support)

Browser Extensions

uBlock Origin (has WebRTC control)
WebRTC Leak Prevent
Disable WebRTC

VPN Features

Many VPNs include WebRTC protection
Browser extensions from VPN providers
Check your VPN's settings

Trade-offs

Disabling WebRTC

Breaks:

Video/voice calls in browser
Some file transfer features
Screen sharing
Some games

Preserves:

Real IP privacy
Location privacy

Selective Control

Enable only for trusted sites
Use separate browser for calls
Accept some risk vs functionality

What is WebRTC Leak?