Vivaldi 1.3.534.3 comes with WebRTC IP leak protection. Buried in a snapshot version of the Vivaldi browser released today, there’s a crucial security feature that none of the major Web browsers have, and that is native support for preventing WebRTC leaks that could expose a user’s IP address, even from behind proxies or VPNs.
WebRTC stands for Web Real-Time Communication, a protocol developed to help developers create applications such as chats, video conferencing software, file sharing, and more, but without the usage of special plugins such as Flash or Java.
WebRTC is a standardized protocol, embedded in all major browsers since 2011, and afterward.
WebRTC is vulnerable to IP leak attacks
Not long after browsers like Chrome (v23) and Firefox (v22) spent countless man hours on integrating the technology in their core, security researchers discovered a disturbing design vulnerability that could enable website owners to obtain a user’s real IP address when accessing a site from behind a proxy or VPN.
The attack worked even if the user wasn’t visibly using real-time communication features because the host website could open a secret WebRTC channel and run the exploit behind the user’s back.
The behind-VPN IP leak issue was fixed in Chrome last year, but the core issue was never fixed.
Today, for almost every browser there are extensions and add-ons to prevent WebRTC IP leaks. Vivaldi is the first major browser that integrates this protection as a customizable option in its control panel.
Just uncheck one option and you’re good to go
To enable this feature, users must go to the Vivaldi browser settings, to the Privacy section and uncheck the option that reads “Broadcast IP for best WebRTC Performance.”
Unchecking this option will not disable WebRTC altogether, but only prevent the known attacks through which IP leaks take place.
While WebRTC-based apps will be able to work with this option disabled, some performance issues may arise, and you may sometimes need to turn it back on if you trust the service you are using.
Just remember that this feature is not present in Vivaldi’s stable just yet, and if you’re not willing to wait until the upcoming 1.3 version is officially released, you’ll need to download and install the Snapshot version instead.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.