Many VPN Providers Leak Customer's IP Address via WebRTC Bug

An anonymous reader shares a report: Around 20% of today's top VPN solutions are leaking the customer's IP address via a WebRTC bug known since January 2015, and which apparently some VPN providers have never heard of. The discovery belongs to Paolo Stagno, a security researcher who goes by the pseudonym of VoidSec, and who recently audited 83 VPN apps on this old WebRTC IP leak. Stagno says he found that 17 VPN clients were leaking the user's IP address while surfing the web via a browser. The researcher published his results in a Google Docs spreadsheet. The audit list is incomplete because Stagno didn't have the financial resources to test all commercial VPN clients.

Re:The bug and the way around it

[Bruce+Perens]

It did reveal my local-network IPV4 address behind NAT, which is of little use to anyone. But it also showed my public IPV6 address, which is no surprise because there's no NAT. That's the dangerous one. I am not using a VPN, but if it was using one to conceal my identity this would reveal a traceable IP address.