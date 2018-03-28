Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Many VPN Providers Leak Customer's IP Address via WebRTC Bug

An anonymous reader shares a report: Around 20% of today's top VPN solutions are leaking the customer's IP address via a WebRTC bug known since January 2015, and which apparently some VPN providers have never heard of. The discovery belongs to Paolo Stagno, a security researcher who goes by the pseudonym of VoidSec, and who recently audited 83 VPN apps on this old WebRTC IP leak. Stagno says he found that 17 VPN clients were leaking the user's IP address while surfing the web via a browser. The researcher published his results in a Google Docs spreadsheet. The audit list is incomplete because Stagno didn't have the financial resources to test all commercial VPN clients.

  • The bug and the way around it (Score:3)

    by Xenna ( 37238 ) on Wednesday March 28, 2018 @02:46PM (#56342649)

    I just discovered this bug today myself by chance, but AFAIK if you're using NAT (which most of us do) this will only reveal your 'local' IP addres, usually something like 192.168.0.x. Still nasty, but it won't immediately identify you.

    Also, there's an ad blocker plugin for most popular browsers (uBlock Origin) that has an optional setting that blocks this.

    Test for the vulnerability here:

    https://www.whatismybrowser.co... [whatismybrowser.com]

    The page will reveal your local IP if your browser is vulnerable (no VPN needed).

  • I started looking at VPN providers and stumbled across this guys site. [thatoneprivacysite.net] Talk about information overload! I don't know anything other than what he has posted but by the looks of it he has way more free time than I do. So if your VPN is "leaking" this might be a good source for deciding who your next VPN provider will be.

