WebRTC (IPv6) Leaking is still a problem in Windows


#1

Dear Community,

I am using brave on Windows 10 as well as on Android 7 & 5.1.1, and I really like it for the speed and the way ads are handled. However, since I am also constantly using VPN on all devices and checking that no private information is leaked, I noticed that BRAVE is leaking my (real) IPv6 Address when VPN is active. I am using the following version of BRAVE under Windows10 (current):

V8 5.9.211.38
Update Channel dev
rev 4e46480
os.release 10.0.14393
os.platform win32
os.arch x64
Node.js 7.9.0
Muon 4.1.9
libchromiumcontent 59.0.3071.115
Brave 0.17.19

I ran various WebRTC Leak tests (e.g. https://diafygi.github.io/webrtc-ips or https://browserleaks.com/webrtc#webrtc-device-id or “ipleak”) and all are showing my real IPv6 and local IP addresses when using BRAVE, while no information is leaked when I am using Firefox. BRAVE is also disclosing much more device ID information than Firefox, but that should be a separate topic.

This means that BRAVE is leaking real IPv6 addresses when running under a VPN, which is a serious security / privacy issue. Although some posts mentioned that this problem might be solved, it is obviously not in my case / experience (e.g. the post / solution mentioning “about:config” settings does not work, as there is no “about:config” in BRAVE.).

Is there any way to switch off WebRTC like in other browsers? I found no setting so far that could solve my problem.

Thanks for any kind of helpful information. I will use BRAVE under Windows only with caution, but as long as this problem remains unsolved, Firefox remains my preferred browser.

P.S.: Interestingly the WebRTC check sites above show no IP Leaking for the Android versions of BRAVE, so this problem seems to be limited to the Windows version of the Browser.


#2

Did you enable Fingerprinting protection mode via the top right lion icon?


#3

Thanks for your reply. I think I’m getting it slowly. When I turn on Fingerprinting Protection (seems to be disabled by default), https://ipleak.net does not show my private IPv6 address anymore. Also the diafygi test looks good when Fingerprinting Protection is enabled. However, the test results are somewhat mixed when running https://browserleaks.com/webrtc:

WebRTC Support Detection
RTCPeerConnection :heavy_check_mark:True
RTCDataChannel :heavy_check_mark:True
ORTC (Microsoft Edge) ×False

IP Address Detection
Local IP Address n/a
Public IP Address n/a
IPv6 Address n/a

WebRTC Media Devices
Device Enumeration ×False
Has Microphone ×False
Has Camera ×False
Audio-Capture Permissions ×False
Video-Capture Permissions ×False
Unique Device ID’s n/a

RTCPeerConnection still is “true”, but at least no IP address or device information is leaked anymore.

So, Fingerprinting Protection seems to be a solution for my problem. But is there any way to permanently turn on Fingerprinting Protection? It is somewhat tedious to click it in every single tab that is being opened.

Thanks!


#4

Hi @johndoe,

You can enable Fingerprinting Protection globally from about:preferences#shields. Hope this one can help

Thank you,
:slight_smile:


#5

Found it! Thank’s so much for the quick responses!! :grinning:


#6

I’m going to close this thread since the issue is solved. If you have another questions or face a bug, please open a new one for each. :slight_smile:

Thank you,
:slight_smile:


#7