At least some of you might have hear the news about “big VPN security leak” in the recent days. We feel it is important that you know situation first hand and all relevant details in this regard. Please, spear us few minutes of your time to read this post.
Well, answer to this question is not very easy and might change with time. As you know with technology and software nothing is ever 100% certain. However in this particular case we would have to say NO. Your IP address is safe with VPN – if you will follow few simple rules. Unfortunately, detected leak is not in the VPN itself but in a third party software. This is the reason all VPN providers got exactly the same problem.
Leak through WebRCT (Web Real-Time Communication – “[…] is a free, open project that provides browsers and mobile applications with Real-Time Communications (RTC) capabilities via simple APIs.“) will become reality only when you are using Chrome or FireFox browser and OpenVPN protocol on Windows or when you are using those browsers without OpenVPN on Mac OSX.
To make sure this is clear:
Windows: don’t use Chrome & FireFox with OpenVPN (unless fixed as described below).
Mac OSX: do use Chrome & FireFox with OpenVPN only (unless fixed as described below).
Linux: no problems reported
If you are using those browsers with different VPN protocol this vulnerability can detect only your internal VPN and Lan IP address while connected to VPN, so it is not possible to detect your real IP address given by your ISP!
To avoid any risks you have to do following:
Firefox – Type “about:config” in the address bar and set the “media.peerconnection.enabled” setting to false.
Also you can try to use different browsers and different VPN protocol – try SoftEther VPN protocol, that we have described few days ago.
Of course if you are primarily using VPN to unblock sites and fight “geofencing” Smart DNS is still a good option!
If we learn more on the subject we will let you know ASAP. For now, if you want to make sure you are safe – fire up your browser, VPN and visit following test address that will show you if you are vulnerable to such “attack”: https://www.hideipvpn.com/webrtc.htm
Your safety and anonymity are our always top priority – you can still use VPN to successfully hide IP address!