webRTC leaks DeviceID

I noticed when using a router-based VPN the default setting for Brave Shield under “WebRTC IP Handling Policy” allows webRTC to identify my local LAN IP. Not good.

Changing to “Default Public Interface only” resolves this and reports the VPN exit host. The deviceID is still reported/visible under Media Devices, kind: audiooutput.

Does this not allow for fairly unique fingerprinting? If that is the case DeviceID should not be exposed over webRTC in a browser which has privacy as key feature and “Default Public Interface only” should be the the default for WebRTC.

I used https://browserleaks.com/webrtc to verify this.

WebRTC and a whole host of other problems have long been a part of Brave. I check back every so often and watch the horror. But, don’t worry, a Brave spokes-person will be here shortly, link to a few articles that may or may not adequately explain the situation… or, not, and silence will ensue.

I used to be hopeful for Brave, but, not so much anymore.

I saw the list of things which has been removed, de-googled, from Brave and it was impressive. Still leaks unique data/ID, possibly the reality is that modern browsers can not be anonymized, and only a stripped custom Linux-built browser with most/all features removed is the only option. This is an interesting situation.

This topic was automatically closed after 30 days. New replies are no longer allowed.