WebRTC enables real-time peer-to-peer communication between browsers without the need for additional plugins or third-party apps. In this article, we will talk about how WebRTC works and how it impacts your online experience. We will also discuss major security flaws that plague WebRTC implementation in web browsers and how you can disable it in your browser (Chrome and Firefox) to mitigate the issue.
WebRTC: What Is It and Why You Should Disable It in Your Browser
The implementation of WebRTC in some modern browsers includes security flaws that can leak your IP address on the web, jeopardizing your online privacy. So today, alongside a detailed explainer on WebRTC, we will also show you how to disable it in your browser for enhanced privacy.
What is WebRTC?
WebRTC (Web Real-Time Communication) is a free and open-source HTML5 specification that provides browsers on desktops and mobile support for real-time communication (RTC) via plugin-free APIs. The technology enables audio and video communication to work inside web pages by allowing direct peer-to-peer communication, eliminating the need for plugins or other additional software.
In the simplest of terms, WebRTC enables multimedia communications (video and audio chats) between two or more people in their browsers, without having to download any additional software. All major browsers, including Google Chrome, Firefox, Microsoft Edge, Apple Safari, and Opera, support this technology.
Uses and Benefits
There are many different use-cases for WebRTC, from basic web apps that use the camera or microphone to more advanced video-calling and screen-sharing apps. The technology enables developers to add real-time communication capabilities to applications that work on top of an open standard. As per the non-profit organization behind the project, WebRTC “supports video, voice and generic data to be sent between peers, allowing developers to build powerful voice- and video-communication solutions.”
WebRTC leverages multiple standards and protocols, including data streams, STUN/TURN servers, signaling, JSEP, ICE, SIP, SDP, NAT, UDP/TCP, network sockets, and more. The technologies behind WebRTC are implemented as an open web standard and available as regular JavaScript APIs in all major browsers. For native clients, like Android and iOS applications, there’s a library to provide the same functionality.
One of the biggest benefits of WebRTC is the reduced lag-time for video chat, audio chat, live-streaming, and file-sharing. It also offers better sound quality as opposed to the now-deprecated Flash, thanks to adjustable microphone settings. The fact that it is a free, open-source, cross-platform technology has also gone a long way in encouraging its uptake among browser vendors and ensuring its popularity among web developers.
Security Concerns: Why Should You Disable Web RTC?
One of the major concerns surrounding WebRTC implementation in browsers came to light in 2015. Back then, TorrentFreak reported that a serious vulnerability plagues browsers supporting the WebRTC standard. As per the report, the vulnerability could potentially compromise the anonymity of VPNs and expose the public IP address of users. Generally referred to as a WebRTC Leak, the vulnerability reportedly affects both Firefox and Chrome.
How WebRTC Leaks Can Impact Your Online Privacy
WebRTC cannot transfer multimedia content and other data between browsers without knowing your IP address. To identify a user’s IP address, it uses a technology called ‘Interactive Connectivity Establishment Protocol’ or ICE. The technology obtains IP addresses in two unique ways.
Firstly, there’s ‘Host Candidate Discovery,’ which is the ICE protocol that allows a browser to read IP addresses from the device itself. Secondly, WebRTC can also use STUN/TURN servers to obtain a user’s IP addresses. Malicious websites could potentially exploit this to make your IP address visible even when connected to VPN services. The scariest part is that the leaks can happen without the user’s knowledge.
Websites already obtain a ton of information about their patrons from browser finger-printing, cookies, and metadata. This information, when combined with data collected from your public IP address, can help advertisers and potential cybercriminals to create an in-depth profile of the user. It is not only a massive invasion of privacy but also a huge security concern. Fortunately, you can mitigate the issue by disabling WebRTC in your browser on your computer and smartphone.
How to Disable WebRTC on Chrome and Firefox
You can disable WebRTC on your browser either using third-party extensions or through built-in methods. Here, we will look at how to disable WebRTC in Google Chrome and Mozilla Firefox on Windows 10 and Android. Microsoft Edge and Apple’s Safari do not currently enable WebRTC by default. So you do not need any action on these browsers unless you have manually enabled WebRTC.
-
Disable WebRTC in Chrome on Windows 10
Google Chrome doesn’t have a built-in method to disable WebRTC on desktop, both Windows and macOS. However, you can install free third-party extensions such as WebRTC Network Limiter (Free) or WebRTC Control (Free) from the official Chrome Web Store.
As a more comprehensive measure, you can use a script-blocker, like ScriptSafe (Free), to block all scripts online. It will enhance your privacy but break many web pages because sites rely on scripts to offer modern features. You just need to install and enable the extension to turn off the WebRTC protocol in Chrome.
Note: You could earlier block WebRTC on Chrome for Android using a Chrome Flag, but that option is no longer available.
-
Disable WebRTC in Firefox on Windows 10
Unlike Chrome, Firefox has a built-in setting that allows you to turn off WebRTC. Here’s how you do it:
1. Open Firefox on your computer, type about:config
in the address bar, and press Enter. Click through the statutory ‘Accept the Risk and Continue’ warning that appears the first time you’re using about:config.
2. Search for media.peerconnection.enabled
on the about:config page. The default value for this setting is ‘True,’ and you need to double-click on it to change it to ‘False’.
That’s it. All peer-to-peer connections, including WebRTC, are now blocked in Firefox on your desktop.
-
Disable WebRTC in Firefox on Android
Like Google Chrome on Android, you cannot disable WebRTC on Firefox for Android. That’s because you cannot access about:config in the Firefox stable and beta channels on Android as of April 2021. However, Mozilla does offer about:config access in Firefox Nightly, so you can download that from the Play Store (free) and follow the steps below:
- Open Firefox Nightly on your Android device, type
about:config
in the address bar, and press Enter. Now Search for media.peerconnection.enabled. The default value for this setting is ‘True,’ and you need to double-tap on it to change it to ‘False‘ (or single tap -> toggle to False).
With this settings change, all peer-to-peer connections, including WebRTC, will now be blocked on Firefox Nightly on your Android device.
Disable WebRTC in Your Browsers on PC and Mobile to Prevent Security Issues
WebRTC can be extremely beneficial for both web developers and end-users. While we largely think of it in the context of audio and video communication, its abilities reach far beyond multimedia. WebRTC also enables users to send any type of data using peer-to-peer connections. App developers can also integrate this into non-browser applications because of its versatility. However, the security concerns surrounding its implementation by major browsers mean that it is best left de-activated unless you’re on a trusted website. So go ahead, follow our tutorial above to disable this protocol in your browser on your PC and smartphone.
To further strengthen your online privacy, check out how you can switch to Open DNS on Android, always open Chrome and Firefox in Incognito mode by default, and fake your geo-location in your browser. For your smartphones, you should also check out what are the best browsers for privacy on Android and iOS.