WebRTC Leaks: What Are They and How Can I Prevent Them?

WebRTC leaks can threaten your anonymity online — here’s how you can prevent them and stay safe.
We receive compensation from the products and services mentioned in this story, but the opinions are the author's own. Compensation may impact where offers appear. We have not included all available products or offers. Learn more about how we make money and our editorial policies.

A WebRTC leak occurs when the connection between two devices exposes the IP addresses of one or more internet-connected devices. WebRTC is the technology that allows us to connect online via video or audio. Whether you're FaceTiming your bestie, jumping on a Zoom meeting, or making a WhatsApp call, you're using the tech. It has both benefits and security risks.

In this article, we’ll explain a WebRTC leak and how to protect yourself against it with one of the best VPNs or by managing WebRTC in your browser.

In this article
What is a WebRTC leak?
What is WebRTC?
How to complete a WebRTC leak test
How to block WebRTC leaks
WebRTC FAQs
Bottom line

What is a WebRTC leak?

A WebRTC leak is a security vulnerability that can occur when you use WebRTC-based applications, like Zoom or WhatsApp, on your internet browser. For WebRTC technology to work properly, your IP address gets exposed by default as part of the process.

Although using WebRTC technology has become normalized out of convenience, exposing your IP address increases your risk of being a victim of cybercrime and privacy invasions.

WebRTC leaks can happen on any web browser and any device.

Why are WebRTC leaks bad?

WebRTC leaks are problematic because they can expose your local IP address, leaving your online privacy and safety more susceptible to bad actors.

These leaks are especially concerning if you’re already using a virtual private network (VPN), as they indicate that your VPN server is not protecting your anonymity online.

Having your IP address land in the wrong hands can put your safety and well-being at serious risk. When your IP address is exposed or traceable, any of the following can occur:

  • Criminals may find your device’s location. This is especially problematic if you broadcast what city you’re in on social media sites like Instagram or Facebook. A criminal can use your IP address to locate your device and trespass onto your property or otherwise harm you.
  • You could fall victim to a DDoS attack. DDoS attacks, or Distributed Denial of Service attacks, start with hackers finding your IP address. The hacker then prevents you from accessing the Internet, disturbing your day-to-day affairs.
  • Hackers may impersonate you and conduct fraudulent activity on your behalf. Your IP address can be a starting point for hackers to uncover more of your personal information. Once they’re armed with login information or specific details about your online activity, purchase habits, or services you subscribe to, they can use it to commit fraud and identity theft.

What are IPv4 and IPv6 addresses?

You may see that you have IPv4 and IPv6 addresses, but what does that mean?

  • IPv4: The original Internet Protocol (IP) version was created in 1983. It can store more than 4 billion addresses and carries about 94% of internet traffic today.
  • IPv6: The most recent version of IP, IPv6, was created in 1994 and is still being enabled to fix issues with the original IPv4 version. IPv6, sometimes called IPng, can store about 340 undecillion addresses (340 plus 36 zeroes).

What is WebRTC?

WebRTC stands for Web Real-Time Communications. WebRTC technology enables real-time voice and video connections through your web browser. It does this by communicating with the website or app you're using and exchanging information like your local and public IP addresses.

Examples of common services that use WebRTC include:

  • Discord
  • Facebook Messenger
  • Google Meet
  • GoToMeeting
  • Snapchat
  • WhatsApp

Local IP address vs. public IP address

Your internet service provider (ISP) assigns your public IP address to your router. Sharing this online is safer since your public IP address is traced back to your ISP. This could reveal your geographic location but not your exact address.

A local IP address, also called a private IP address, is assigned to each device you use to connect to the internet. This allows your devices to talk to each other over your home network — but anyone not on your home network can’t communicate with your devices. Local IP addresses are traceable, but only by devices on your home network.

How to complete a WebRTC leak test

In addition to letting you stream Netflix, your VPN should be able to shield your actual IP address from potential harm, no matter the circumstances. Your IP leak test results will help you determine how well your VPN performs. Here’s how to perform a WebRTC leak test:

  1. Disconnect from your VPN service and ensure it’s turned off, closed out, etc.
  2. Check your IP address by typing what’s my IP into your browser bar or visiting WhatsMyIPAddress.com. Your internet service provider (ISP) will show you your IP address. Write it down in a safe place.
  3. Close your browser window and application.
  4. Reconnect to your VPN.
  5. Go to a leak checker website to see if your IP address is still visible. We recommend trying a few different ones, like BrowserLeaks.com and Hide.me, to be as diligent and thorough in your testing as possible. If you can still see your IP address, your VPN is not protecting you against leaks. If it’s not there, your information is still safe.

If your VPN doesn’t prevent WebRTC leaks after testing, you must either get a different VPN or block WebRTC from your browser manually.

How to block WebRTC leaks

The easiest way to block WebRTC leaks is to use a VPN. Unfortunately, some VPNs still allow WebRTC traffic to bypass the encryption tunnel, thus defeating the purpose of using a VPN in the first place. We strongly recommend performing a leak test even if you already use a VPN.

If you find your current VPN is susceptible to leaks or are looking to use one for the first time, here is a list of trusted VPN providers that all passed our WebRTC leak test:

  • NordVPN: Nord is one of the best-known VPNs for many good reasons. It passed our WebRTC leak test and DNS leak test, uses military-grade encryption, and offers double VPN, which adds more security to your browsing data and location.

    Get NordVPN | Read Our NordVPN Review

  • ExpressVPN: ExpressVPN offers top-notch security standards, which could justify its premium price. It has a strict no-logs policy, is independently audited, and has a speedy and secure protocol called Lightway for an enhanced browsing experience.

    Get ExpressVPN | Read Our ExpressVPN Review

  • Surfshark: If you're looking for a VPN to cover all your devices, Surfshark is among the best for its value. It allows for unlimited simultaneous connections and is compatible with most operating systems, smartphones, routers, and even smart devices. 

    Get Surfshark | Read Our Surfshark Review

You can also block WebRTC leaks manually by disabling WebRTC technology on your web browser, and you don’t need to be a tech expert to do so successfully. 

Some browsers even allow you to use plugins and add-ons to block WebRTC leaks. We’ve provided the exact steps for disabling it on Chrome, Firefox, Safari, and Microsoft Edge for your Windows PC, Mac, iOS, or Android device.

Customizable Coverage That is Simple to Use
5.0
Editorial Rating
Learn More
On NordVPN's website
VPN
NordVPN
Save up to 72% off + 3 months extra
  • Ultra-secure, high-speed VPN complete with malware protection and automatic blocking of intrusive ads and third-party trackers
  • Other benefits include a premium password manager, dark web monitoring, and access to IP-restricted content
  • 3 plans to choose from for custom protection on up to 10 devices

How to turn off WebRTC on Chrome

The best way to turn off WebRTC capabilities on your Google Chrome browser is to install a browser extension. Here are some popular and reputable extensions that will help you stop WebRTC leaks:

To install any Chrome extensions listed above, click the hyperlink we included to visit its product page. When you’re ready to install one, click the blue button that says “Add to Chrome.”

A screenshot of the Google Chrome store and the WebRTC Control extension page.

Next, pin the extension’s icon to the top of your browser for easy and immediate access. Click on the jigsaw puzzle piece at the top right corner of your screen, then click on the push pin icon next to your WebRTC blocker.

A screenshot of Google Chrome web browser extensions, including the WebRTC Control extension and the option to pin it.

You’ll also need to ensure that WebRTC leaks are blocked in Incognito mode. By default, most extensions are turned off for Incognito mode.

To activate your WebRTC extension in Incognito mode, type chrome://extensions/ into your browser bar. Under the name of your WebRTC extension, click on “Details.” Toggle on the switch next to “Allow in Incognito.”

A screenshot of the WebRTC Control Google Chrome extension's settings, including the permissions, site access, and option to allow in Incognito Mode.

How to block WebRTC leaks in Opera and Brave browsers

Since Opera and Brave both use the same Chromium engine as Google Chrome, you can use many of the same browser plugins. You can follow the steps above to prevent WebRTC leaks on Chrome, even if you use Opera or Brave.

How to turn off WebRTC on Mozilla Firefox

On Firefox, you can disable all WebRTC services without using an extension. Follow these steps exactly to protect yourself from future leaks.

  1. Type about:config into the address bar and hit enter (or return if you’re using Apple hardware). A warranty warning will then appear on your screen. Once it does, click on “Accept the Risk and Continue.”
  2. On the next screen, click on “Show All.”
  3. A long list of settings should appear on your screen. We strongly advise against touching these, which could interfere with your browser’s performance. Search for “media. peerconnection.enabled” to get to the setting you need to adjust.
  4. You’ll see that it’s currently set to “true.” To turn off WebRTC, you need to set it to false. Click on the toggle button to the right of your screen.
  5. Close your browser and reload it to make sure the changes take effect.

A screenshot of the about://config menu in Mozilla Firefox that also shows the "media.peerconnection.enabled" setting that needs to be adjusted to prevent WebRTC leaks.

That’s all it takes. Remember that this disables any website that uses WebRTC technology, so services like Google Meet and Facebook Messenger may not let you take video or audio calls through your browser anymore. Be sure to plan accordingly.

How to turn off WebRTC on Safari

If you use Safari as your default browser, it’s easy to turn off WebRTC. All you need to do is the following:

1. Open Safari and hover your mouse under “Safari” at the top left corner of your screen. On the dropdown menu, click on “Preferences.”

A screenshot of the Apple Safari main menu with the Preferences option highlighted.

2. On the window that pops up, navigate to “Advanced.” Check the box next to “Show Develop Menu in Bar.”

A screenshot of the Apple Safari Advanced settings menu showing the option "Show Develop menu in menu bar" checked.

3. Once the box is checked, a new “Develop” tab should appear at the top of your screen. Click on the “Develop” tab and hover your mouse over “Experimental Features.”

4. Look for a checkmark next to “WebRTC mDNS ICE candidates.” If there is, click on it to disable WebRTC.

5. Close your browser and restart it to start browsing safely.

If your Safari doesn’t show WebRTC options under Experimental Features, check further down the Develop tab list and look for the “WebRTC” option. In the submenu, make sure “Enable Legacy WebRTC API” is unchecked.

A screenshot of Apple Safari in dark mode showing the Develop menu and the WebRTC drop-down menu selected. The "Enable Legacy WebRTC API" option is unchecked.

Once you’ve completed these steps, you should be set to prevent WebRTC leaks on Safari.

How to turn off WebRTC on Microsoft Edge

Unlike Firefox and Safari, Microsoft Edge does not entirely let you disable WebRTC technology. Instead, some versions let you hide your IP address when using websites and services that use WebRTC. This means you can usually use WebRTC applications without revealing your IP address. Here’s how to hide your IP address:

  1. Type about:flags into the address bar and press enter.
  2. Check the box next to “Hide my local IP over WebRTC connections.” This box is usually unchecked by default.
  3. Close your browser window and reload it.

Microsoft Edge makes it uncomplicated to stay safe when browsing the web.

Don’t see the “Hide my local IP” setting?

You’re not alone. This could be due to a July 7, 2022, Microsoft Edge update that addressed two WebRTC zero-day exploits. The most stable, up-to-date version is 103.0.1264.49.

If your Edge browser version doesn’t match or you have updates available, download and install them for the latest security patch.

WebRTC FAQs


+

How do I stop a WebRTC leak?

You can stop a WebRTC leak in one of two ways: using a premium VPN or manually disabling it in your browser. Disabling WebRTC means you won't be able to use the technology for video and audio connections. If you need Zoom for work or make internet-based audio or video calls, this may not be an option. Using a VPN allows you to remain anonymous while also using this technology.


+

What is a WebRTC leak test?

A WebRTC leak test is a series of steps that determine whether or not you’re vulnerable to WebRTC leaks. It can be performed quickly and at no cost, whether you’re using a VPN or not. 


+

Is it safe to disable WebRTC?

Yes, it’s completely safe to disable WebRTC. However, doing so may cause websites that use WebRTC technology to stop working. Instead, it would be best to consider using a VPN to hide your IP address.

Bottom line

A WebRTC leak can reveal your IP address, risking your privacy and safety—even if you use a VPN. Not all VPNs are created equal, so checking for potential leaks is critical to having total peace of mind when browsing the web.

Thankfully, you can safeguard your privacy using a premium VPN like NordVPN or disabling in-browser WebRTC. Whichever method you choose, we also highly recommend staying vigilant for new updates to better protect yourself against digital threats.

Customizable Coverage That is Simple to Use
5.0
Editorial Rating
Learn More
On NordVPN's website
VPN
NordVPN
Save up to 72% off + 3 months extra
  • Ultra-secure, high-speed VPN complete with malware protection and automatic blocking of intrusive ads and third-party trackers
  • Other benefits include a premium password manager, dark web monitoring, and access to IP-restricted content
  • 3 plans to choose from for custom protection on up to 10 devices

Author Details
Emily is a New York-based writer pursuing her lifelong passion of writing about technology. A social media and ecommerce expert, she explores the relationship between tech and privacy, as well as its impact on business and culture.
Mary is a seasoned cybersecurity writer with over seven years of experience. With a B.S. in Liberal Arts from Clarion University and an M.F.A. in Creative Writing from Point Park University, she educates audiences on scams, antivirus software, and more. Her passion lies in educating audiences on helpful ways to protect their data.