Join the AMA (Ask Me Anything) with Firefox leadership team to talk about Firefox priorities in 2024. Mark your calendar! Thursday, June 13, 17:00 - 19:00 UTC.

Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

IP address detection

Signalguy
Signalguy
more options

Your IP address and location can still be tracked by WebRTC Support Detection while the VPN is on. Is anyone aware if this is a known issue that will be fixed? Obviously you can disable WebRTC and that resolves the issue but it's misleading for other people thinking they would be safe.

Your IP address and location can still be tracked by WebRTC Support Detection while the VPN is on. Is anyone aware if this is a known issue that will be fixed? Obviously you can disable WebRTC and that resolves the issue but it's misleading for other people thinking they would be safe.

All Replies (1)

jscher2000 - Support Volunteer
jscher2000 - Support Volunteer
  • Top 10 Contributor
more options

Hi Signalguy, do you mean Mozilla VPN, the Windows application (https://vpn.mozilla.org/), or the Firefox Private Network, the browser add-on (https://fpn.firefox.com/)?

This is from a couple years ago and was posted for Google Voice users, but hopefully it's still relevant.

To minimize leak exposure without completely disabling WebRTC:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.

(2) In the search box above the list, type or paste peer and pause while the list is filtered

(3) If the media.peerconnection.enabled preference is bolded and "modified" or "user set" to false, double-click it to restore the default value of true to allow WebRTC -- you'll restrict it in the next step

(4) Double-click the media.peerconnection.ice.proxy_only preference to switch the value from false to true -- this is equivalent to "disable_non_proxied_udp" which is the strictest setting, blocking WebRTC that does not come through your proxy (your VPN)

It is not guaranteed that sites will work with these settings; it may depend on your VPN.

For reference, users (and some extensions) can select among four different WebRTC IP handling policies, corresponding to these preferences in about:config. The "Expected Effect" is quoted from: https://github.com/aghorler/WebRTC-Leak-Prevent/blob/master/DOCUMENTATION.md, since I didn't see official documentation:

(A) "disable_non_proxied_udp":

  • media.peerconnection.ice.default_address_only => false
  • media.peerconnection.ice.no_host => false
  • media.peerconnection.ice.proxy_only => true
  • Expected Effect: "Force the use of a proxy, and only allow WebRTC traffic over UDP proxies. This will effectively disable WebRTC communication for most users (depending on UDP proxy usage)."

(B) "default_public_interface_only":

  • media.peerconnection.ice.default_address_only => true
  • media.peerconnection.ice.no_host => true
  • media.peerconnection.ice.proxy_only => false
  • Expected Effect: "Send WebRTC traffic via the default public network adapter to the Internet. This will be the VPN adapter for system-VPN users."

(C) "default_public_and_private_interfaces":

  • media.peerconnection.ice.default_address_only => true
  • media.peerconnection.ice.no_host => false
  • media.peerconnection.ice.proxy_only => false
  • Expected Effect: "Same as above, except allow WebRTC traffic through the default private interface to your local network as well."

(D) "default"

  • media.peerconnection.ice.default_address_only => false
  • media.peerconnection.ice.no_host => false
  • media.peerconnection.ice.proxy_only => false