WebRTC Leak Test

JavaScript Disabled

WebRTC Support Detection

RTCPeerConnection
RTCDataChannel
ORTC (Microsoft Edge)

IP Address Detection

Local IP Addressn/a
Public IP Addressn/a Hide IP
IPv6 Addressn/a

WebRTC Media Devices

Device Enumeration
Has Microphone
Has Camera
Unique Device ID's

How to Disable WebRTC

Disable WebRTC in Firefox

WebRTC in Mozilla Firefox is supported since Firefox 22, and it's enabled by default.

To disable RTCPeerConnection and protect IP addresses leakage, go to about:config and toggle media.peerconnection.enabled to false.

To disable Media Devices, toggle media.navigator.enabled as well as media.peerconnection.enabled both to false.

Disable WebRTC in Chrome

WebRTC in Google Chrome and Chromium-based web browsers is supported and enabled by default since Chrome version 23.

To protect IP addresses from leaking, using the official webrtc.org extension WebRTC Network Limiter. It has few options, depending on what you're looking for.

What about Device ID's

This article may contain irrelevant information, will be reviewed soon.

First of all, media device enumeration works only in Chromium-based web browsers since Chrome 30 or later.

Device ID's — it's a unique identifiers of an audio/video devices installed in your system. Even if you have no camera/microphone, Chrome may detect more than one device, such as «Line In», «Aux», «CD Player», etc, depending on the system drivers.

Full list of available media devices you can check in «chrome://settings/content ⇒ Media»

Of course, Google Chrome does not allow foreign websites to see the actual Model ID of your hardware devices, instead it provides self-generated hashes. But at the same time, any website is allowed to take this fingerprints without user confirmation.

How persistent and trackable these Device ID's?

Well, for most users this ID's may remain unchanged for months.

WebRTC Device ID is a HMAC of:

  1. Value of the "media":{"device_id_salt"} located in «Chrome\Data\profile\Preferences». Salt generates randomly at the Chrome's first launch. It's renew every time user doing «Clear browsing data ⇒ Cookies and other site and plug-in data». Also, Incognito Mode does not touch «device_id_salt», but generates its own salt for every session.

  2. Origin, aka «protocol://hostname:port». This dependence is not a problem for user tracking, script can be requested from constant host through iframe, and it will be same origin and same Device ID's on any domains.

  3. Raw Device ID of the physical device installed in your system.

So, WebRTC Device Fingerprints persistent to:

WebRTC Device Fingerprints not persistent to:

Further Reading

  1. RTC Peer Connection — Mozilla Developer Network
  2. Media Devices API — Mozilla Developer Network
  3. Media Stream Track API — Mozilla Developer Network
  4. An Intro to WebRTC’s NAT/Firewall Problem — webrtcHacks
  5. WebRTC Troubleshooter — WebRTC Home

Leave a Comment