Many VPN Providers Leak Customer's IP Address via WebRTC Bug

An anonymous reader shares a report: Around 20% of today's top VPN solutions are leaking the customer's IP address via a WebRTC bug known since January 2015, and which apparently some VPN providers have never heard of. The discovery belongs to Paolo Stagno, a security researcher who goes by the pseudonym of VoidSec, and who recently audited 83 VPN apps on this old WebRTC IP leak. Stagno says he found that 17 VPN clients were leaking the user's IP address while surfing the web via a browser. The researcher published his results in a Google Docs spreadsheet. The audit list is incomplete because Stagno didn't have the financial resources to test all commercial VPN clients.

The bug and the way around it

[Xenna]

I just discovered this bug today myself by chance, but AFAIK if you're using NAT (which most of us do) this will only reveal your 'local' IP addres, usually something like 192.168.0.x. Still nasty, but it won't immediately identify you.

Also, there's an ad blocker plugin for most popular browsers (uBlock Origin) that has an optional setting that blocks this.

Test for the vulnerability here:

https://www.whatismybrowser.co...

The page will reveal your local IP if your browser is vulnerable (no VPN needed).