WebRTC leaks present a real cybersecurity threat, and unfortunately no browser is immune to this risk by default. However, it’s not only possible to disable WebRTC–it’s easy. We show you how to get it done in today’s guide, plus share some tips on using VPNs to further boost your cybersecurity.
WebRTC leaks are becoming more of a concern these days. Even people who use VPN browser extensions are vulnerable to the exploit, potentially putting their local identity and privacy at risk. If you’ve ever visited a website and given it permission to access your microphone or webcam, you may have exposed your identity without even knowing it. Your best bet is to disable WebRTC in your browser before it happens again.
Fortunately, it’s not all that difficult to disable WebRTC in Chrome, Firefox, Opera, Yandex, and other browsers. With a few minutes of your time you can protect your IP address on all of your devices by fixing dangerous WebRTC leaks. You can even upgrade to find a more secure browser to ensure your data stays safe at all costs! Read on for our full guide on how to disable WebRTC in your favorite web browser the fast and easy way.
Basics of WebRTC leaks
WebRTC, or Web Real-Time Communication, is an open source project launched in 2011 that aims to provide browsers and mobile apps with a simple interface for exchanging audio and video. The main advantage is that third party plugins or extensions aren’t needed to use this protocol, but that leads to some frightening drawbacks, as well.
About WebRTC vulnerabilities
Most people associate WebRTC issues with VPNs. This is a bit confusing, though, as VPNs aren’t where the problem lies, it’s in the browsers themselves. Some VPNs can and do address WebRTC leaks specifically, but by and large, your VPN doesn’t have a lot to do with this vulnerability, nor can they protect you from this vulnerability by default.
A good way to look at it is to think of a VPN as a private tunnel to the internet. Everything you do on your computer, from web browsing to gaming, movie streaming, and cloud storage, gets encrypted and anonymized before it leaves the device. This tunnel ensures your privacy no matter who is trying to track your data.
WebRTC vulnerabilities are like someone smuggling a small package through this private tunnel. They make it possible for external websites you share audio or video with to sniff out your real public IP address, even if you’re connected through a VPN. Worse still, most browser extensions fail to detect WebRTC attacks, even high quality script blockers.
Testing for WebRTC leaks
To thoroughly test your device for WebRTC leaks, you’ll want to run a vulnerability scan both with and without your VPN connected. This will help you determine whether or not you’re safe when you use your browser so you can take proper precautions to keep data secure.
- Open your favorite browser and go to ipleak.net
- Wait a moment for the tests to automatically run.
- Look at the section that says Your IP addresses – WebRTC detection
- If the box shows an IP address, the vulnerability is affecting your browser.
- Open your VPN software and connect to a secure server.
- Reload the WebRTC leak test. Does a public IP address show up? That means you have a privacy leak.
- If the section says “No leak” both with and without the VPN, you’re good to go.
How to disable WebRTC in Chrome, Firefox, Opera, Yandex
Disabling WebRTC features in four of the world’s main browsers is a straightforward affair. In just a few minutes you can patch WebRTC leaks, fix vulnerabilities, and lock down your identity for safer online browsing on any device.
Chrome WebRTC leaks
Chrome currently does not offer a default method of disabling WebRTC. You can either switch to Firefox to gain this functionality, or follow the extensions method outlined below.
If you’re using a desktop version of Chrome, download either the WebRTC Network Limiter or WebRTC Leak Prevent add-ons to stop WebRTC vulnerabilities, effectively disabling it in your browser. Add the extension by visiting the links above and clicking the “Add to Chrome” button at the top right. The extension will download and automatically enable, allowing you to stay safe from WebRTC vulnerabilities.
If you’re using Chrome on a mobile device, you won’t be able to install the extensions above. Instead, open a blank tab and enter the following URL: chrome://flags/#disable-webrtc Scroll down to where it says “WebRTC STUN origin header”, then tap to disable it. Save the changes by tapping the relaunch button below.
Firefox WebRTC vulnerabilities
Firefox is one of the few browsers that actually lets you disable WebRTC without installing third party software or engaging in any kinds of hacks. Doing this is safe and shockingly easy, as well.
Open an empty tab and type about:config into the URL bar, then press enter. A warning will display saying “this might void your warranty”. Leave the checkbox enabled next to “show this warning next time”, then click the blue “I accept the risk!” button to continue.
The next screen will be filled with confusing entries. You’re only looking for one, though: media.peerconnection.enabled Type this directly into the search box near the top of the window and a single entry should show up. Double click the preference and the value will change to “false”.
Note that this fix works on both the desktop and mobile versions of the browser, so you can be completely leak-free no matter where you surf.
The newer version of Opera runs on a modified Chromium engine, giving it full access to Chrome’s web store. You can install almost all of the extensions built for Chrome and run them just fine within Opera. This means it’s easy to follow the Chrome WebRTC patching instructions above to fix leaks with a lightweight third party extension.
As an alternative, Opera does offer a built-in method to disable the WebRTC feature. In the browser’s URL bar, type about:config and press enter. Go to Settings and select Show advanced settings. Click Privacy & security, then look to where it says WebRTC. Select Disable non-proxied UDP and save your changes.
Disabling WebRTC in Yandex is quite simple, as well. Open the browser and go to the extensions sections. Scroll down and click the Yandex Browser extensions catalog button. Type in the name of a good WebRTC blocker (we suggest WebRTC Control) and search for it. When the results show up, click on the plugin, then click Add to Yandex Browser to install it. Confirm the download, then click the icon next to your URL bar to activate WebRTC leak protection.
Disable WebRTC in other browsers
Chrome, Firefox, and Yandex aren’t the only browsers on the market. If you use another piece of software, whether on desktop or mobile, follow the guides below to fix the WebRTC leak for good.
Vivaldi is based on the Chromium engine and is capable of running nearly all add-ons designed for Chrome. This means you can actually follow the WebRTC patching advice listed under the Chrome section above to fix the vulnerability and surf safely.
Vivaldi also supports WebRTC leak protection built into its privacy settings. Open up the configurations screen and click on the Privacy tab. On the right you’ll see a header labeled WebRTC IP handling. Untick the box below next to where it says Broadcast IP for best WebRTC Performance. This will fix the vulnerability in an instant.
Brave is based on Chromium but currently does not support Chrome add-ons. The good news is you don’t need third party software to disable WebRTC vulnerabilities in Brave, it features a fix right out of the box.
Open Brave and navigate to Preferences > Shields > Fingerprinting Protection. Under the first dropdown menu choose Block all fingerprinting. This will disable WebRTC communications and stop potential leaks.
Alternatively, go to Preferences > Security > WebRTC IP Handling Policy and select Disable Non-Proxied UDP. This will make doubly sure that WebRTC leaks are taken care of. You can also follow both methods for added privacy, if you like.
This fix works on most versions of Brave, including mobile releases. Some iOS users report issues with WebRTC still staying active after following these instructions. Brave is working on a patch to fix this issue, so make sure to keep the browser up to date.
By default, Safari blocks sites from accessing your camera and microphone, making WebRTC issues almost unheard of. You can disable the feature anyway for complete privacy, just in case something goes wrong.
Open Safari and go to Safari > Preferences. Select the Advanced tab. Check the box at the bottom that says Show develop menu. Close the preferences window and navigate to Develop > Experimental features. Look for the option named Remove Legacy WebRTC API and select it to close WebRTC leaks.
If you’re using Safari on iPhone or iPad, open the settings app and scroll down. Navigate to Safari > Advanced > Experimental features. Look for the switch labeled Remove Legacy WebRTC API and tap it so it turns green.
Microsoft does not allow users to disable the WebRTC feature. There are also no add-ons or hacks you can deploy to fix the vulnerability. We recommend switching to an alternative browser if possible. If you can’t, there is a single privacy setting you can use that may cut down on WebRTC leaks, though it’s far from a fix.
In the URL bar on your Edge browser, type about:flags and press enter. Check the option marked Hide my local IP address over WebRTC connections and save your changes.
Best VPNs for securing your browser
You can disable WebRTC on your browser, but that doesn’t protect you from every online danger. Adding a VPN to the mix ensures better privacy, better security, and an all-around improved online experience. Here are our recommendations for the top VPNs that prioritize security:
ExpressVPN is one of the fastest and most reliable VPNs, and it’s perfect for preserving your online anonymity. It’s easy to log in and stay safe with the company’s one-click protection features, and you’ll have access to an incredibly fast network of over 3,000 servers in 94 different countries.
Whether you’re downloading files on your PC or surfing the web on a mobile device, ExpressVPN lets you connect and secure your identity in an instant.
With ExpressVPN, all of your information is secured with military-grade 256-bit AES encryption and backed by a strict zero-logging policy on traffic, DNS requests, and IP addresses. Information stays protected by an automatic kill switch and DNS leak prevention features, as well. ExpressVPN is also one of the few VPNs that can protect you from WebRTC vulnerabilities by default. Just launch the app and let it run in the background for complete online security.
Read our full ExpressVPN review.
- Unblocks US Netflix
- Superfast servers (minimal speed loss)
- AES-256 encryption
- Strict no-logs policy for personal information
- Great support (24/7 chat).
- Max 3 connections simultaneously
- Slightly pricier than competition.
NordVPN is a fast, secure, and extremely popular VPN that countless users rely on every day to keep their data safe. Joining grants you instant access to one of the largest networks in the industry, currently over 5,500 servers in 58 countries, with new nodes added almost every day.
NordVPN also delivers exclusive privacy features like double encryption, protection from DDoS attacks, and onion routing over VPN.
Their software comes with everything you need to stay safe on any device, from PC to Mac, Linux, iOS, and more. You also get 256-bit AES encryption, DNS leak protection, an automatic kill switch, and a zero-logging policy that covers time stamps, DNS requests, IP addresses, and traffic. NordVPN also protects you from WebRTC leaks by default, whether you use the dedicated app or an in-browser plugin.
Read our full NordVPN review.
- Works with Netflix, BBC iPlayer without breaking a sweat
- No bandwidth caps
- Zero leaks: IP/DNS/WebRTC
- Based in Panama
- Money back guarantee policy (30-days).
- They can take 30 days to process refunds.
CyberGhost delivers a fantastic VPN experience users of all experience levels can appreciate. It’s fast, incredibly easy to use, ultra secure, and it runs on all of your favorite devices, including iPhone, iPad, Android smartphones, Android tablets, PCs, Macs, etc. As soon as you sign up you’ll have access to CyberGhost’s massive network of over 5,900 servers in 90 countries, all with unlimited data and no restrictions on speed.
CyberGhost’s privacy features keeps you secure with 256-bit AES encryption on all data, a zero-logging policy on traffic, time stamps, and IP addresses, and both DNS leak protection and an automatic kill switch. These features hide your identity whenever you go online, allowing you to connect with fully encrypted data and an anonymous IP address.
Read our full CyberGhost review.
- LOW PRICE: 6 EXTRA free months (79% off - link below)
- Fast, constant speeds
- 7 simultaneous connections
- No logs policy
- 45-days 'No-hassle' money back guarante.
- IPv6 WebRTC leak in macOS
- Doesn’t unblock all streaming services.
PrivateVPN is a reliable, respected, strong, and safe VPN. The service makes it easy to keep your data and identity secure, all you have to do is click to connect and you’re ready to enjoy the world wide web. With PrivateVPN you can surf and stream with full privacy on a wide array of devices, including PC, iOS, Android, and Mac, all thanks to the company’s lightweight and easy to use software.
PrivateVPN operates a small but secure network of ~150 servers in some 60+ different countries. Data is locked down with 256-bit AES encryption to keep your connection safe, and an automatic kill switch and DNS leak protection along with a zero logging policy on traffic ensure your privacy is never at risk.
Read our full PrivateVPN review.
WebRTC vulnerabilities are a frightening prospect for a lot of users, especially those who are concerned about their online privacy. Disabling the feature in most popular browsers is extremely easy, however. With a few minutes of your time and a good VPN running in the background, you can surf and stream the web with complete confidence.
Know any other tips for disabling WebRTC in your favorite browser? Share your thoughts in the comments section below!
If you need a VPN for a short while when traveling for example, you can get our top ranked VPN free of charge. ExpressVPN includes a 30-day money-back guarantee. You will need to pay for the subscription, that’s a fact, but it allows full access for 30 days and then you cancel for a full refund. Their no-questions-asked cancellation policy lives up to its name.