What Is WebRTC and Why Can It Leak Your IP?
WebRTC (Web Real-Time Communication) is an open standard built into modern browsers that enables peer-to-peer audio, video, and data sharing directly between browsers - Without plugins. It powers video calls, online games, and file sharing. However, it has a well-documented side effect: it can expose your real IP address even when you're connected to a VPN. Test whether you're affected right now with our VPN leak test.
How WebRTC Causes IP Leaks
To establish a peer-to-peer connection, WebRTC uses a protocol called ICE (Interactive Connectivity Establishment) to discover all possible network paths between peers. This process, called STUN (Session Traversal Utilities for NAT), contacts public STUN servers that reflect your IP back. A malicious or curious website can trigger this process via JavaScript and read your real IP address - Including both your local network IP and your public IP - Even if you're routing all traffic through a VPN.
WebRTC Leak Types
| Leak Type | What's Exposed | Risk |
|---|---|---|
| Public IP leak | Your real public IP via STUN server query | High - Defeats VPN anonymity |
| Local IP leak | Your private LAN IP (192.168.x.x or 10.x.x.x) | Low - Not useful to most attackers |
| IPv6 leak | Your real IPv6 address if VPN doesn't tunnel IPv6 | High - Uniquely identifies you |
| mDNS obfuscation bypass | Older browsers may bypass mDNS and reveal LAN IP | Medium |
Browser Support and Default Behavior
| Browser | WebRTC Enabled by Default | How to Disable |
|---|---|---|
| Chrome / Edge | Yes | Extension required (e.g. WebRTC Network Limiter); no built-in toggle |
| Firefox | Yes | Set media.peerconnection.enabled = false in about:config |
| Safari | Yes | Develop menu → WebRTC → disable; or use content blockers |
| Tor Browser | No - Disabled by default | N/A |
| Brave | Yes, but with fingerprinting protection | Settings → Privacy → WebRTC IP handling policy |
How to Prevent WebRTC Leaks
- Use a VPN that includes WebRTC leak protection at the network level (routes all UDP traffic through the tunnel).
- In Firefox, set
media.peerconnection.enabledtofalsein about:config to disable WebRTC entirely. - In Chrome, install a reputable WebRTC control extension and set IP handling to "Disable non-proxied UDP".
- Test for WebRTC leaks regularly using our VPN leak test - It checks WebRTC, DNS, and IPv6 leaks simultaneously.
- If you don't use video calling in your browser, disabling WebRTC has no practical downside. Also check browser fingerprinting as an additional tracking vector.