WARNING! IP address readable despite VPN!
A huge security flaw has been detected this week – and you need to take action to protect you:
If you want to continue surfing anonymously and safely, or view your favorite shows on Netflix in around the world, you need to install the the Chrome browser extension WebRTC block immediately!
If you use Mozilla Firefox you should type into the address bar
about: config
Choose media.peerconnection.enabled and set the value to “false”. It is enough to click with the right mouse button on the entry and select “switch” in the menu.
Why? Because, unfortunately, a serious vulnerability for VPN users became known today. And after the news spreads like wildfire, the gap is certainly exploited within a few days from criminal governments , their intelligence agencies and of course – streaming providers.
So – act NOW fast if you are surfing with Chrome or Firefox. As far as we know, Internet Explorer is not vulnerable to this (Funny how things change, its the first time Internet Explorer is safer in anything…). It doesnt take more than 30 seconds until you have installed the extension or have changed the configuration of Firefox.
…
Here you can test whether the changes worked: https://diafygi.github.io/webrtc-ips/
…
Done? Ok, lets continue reading. 🙂
As the engineer Daniel Roesler has found (on github ), server operators can read your real IP address on the users’ browsers Chrome and Firefox with a easy javascript trick.
Mozilla (Firefox) and Chrome implement WebRTC to enable real-time communication, for example video chat and telephony with your browser – no other software needed. This should work of course also behind firewalls and therefore browsers are able to ask a STUN server through javascript for the public IP address with which the user’s browser surfs the internet.
However, the STUN server transmits not only the VPN servers IP address – unfortunately the original IP too, which should be hidden by a VPN. As a result, for example, Netflix may find that you sit in a country where they do not want you to view their videos – and your screen stays black.
This vulnerability is really serious and must be closed immediately.There are already the first reports that even when you are using TOR, IP address can be found.
Fortunately, the whole mess can be easily corrected. Nevertheless, someone should shoot the developer who implemented this. 😉
More information at TorrentFreak.