Preventing WebRTC IP Address Leaks

When

08/01/2025    
2:00 pm-3:00 pm
Guillaume Nibert
Sorbonne Université

Where

Amphi 6
19 Place Marguerite Perey, Palaiseau

Event Type

The WebRTC API enables real-time communication of text, video, and audio media streams through a web browser without requiring third-party extensions. However, it was not designed with privacy in mind. We conduct an experiment to analyse privacy leaks associated with WebRTC. Our findings show that despite recent updates to the WebRTC specification and its implementations, sensitive public IP addresses can still be leaked during audio/video communication, particularly in large non-NAT corporate networks, even when using a VPN, SOCKS or HTTP/S proxy. To address the observed leaks, we develop a simple, easily maintainable, cross-platform open-source solution that confines the Mozilla Firefox web browser in a docker container. We also take into account the possibility of a malicious adversary compromising the browser.
Our tests have shown that our containerised solution is effective in all situations without restricting applications.

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.