- What is webRTC?
- How does webRTC work?
- Why is webRTC dangerous?
- What are suitable alternatives to webRTC?
Almost everyone uses the Internet for work or entertainment but few people know how to stay safe when browsing.
Your privacy and safety online also depend on things such as browser plugins (or extensions). This is where webRTC comes in.
Debuted in 2011, webRTC is an open-source, HTML5 specification that allows for voices and video communication to work inside web pages. It removes the need to run or install any plugins in the browser.
But how safe and effective is it exactly and are there better alternatives? Let’s take a deeper look.
What is webRTC?
WebRTC (Web Real-Time Communications) is an open source project that embeds real-time voice, text and video communications capabilities in browsers.
WebRTC enables peer to peer (P2P) communication natively between browsers without the need for any software application or browser plug-ins.
The Web Real-Time Communications Working Group and the Internet Engineering Task Force (IETF) are currently working on standards for WebRTC. At this time, WebRTC is fully enabled in Google Chrome and Mozilla Firefox Web browsers.
As a real time communication standard, WebRTC enables web browsers to provide video calling, voice calling and peer2peer file transfers. WebRTC can capture images from your computers web cam as well.
All of this may sound complicated but in reality webRTC is built on a simple concept.
It is just a way for a website to connect directly to your computer and share information with your computer. But in doing so, it finds all sorts of information about you such as your physical location as it sees your real IP address.
How does webRTC work?
WebRTC has three major components on which it is designed to work.
getUserMedia: This allows your browser or the native app to gain access to the device’s camera and microphone to capture the video.
RTCPeerConnection: This allows audio-video calls to be set up on the device.
RTCDataChannel: This allows the browser or the native app to get peer-to-peer communication established between the devices.
webRTC is designed to do multiple tasks but setting up this real time peer-to-peer audio video call is the prime advantage. To achieve this, each device is assigned a public IP.
This is done to allow it to detect other devices trying to make a connection. Signaling data channels are then created to support the device-to-device communication and hence a session is established.
The signaling takes place over an HTTPS connection or a websocket. It is implemented via JS code and it isn’t part of WebRTC itself.
WebRTC generates the bits of information it needs to send and process such bits of information that gets received but it won’t really do anything over the network about them. These bits of information are packed into SDP messages by WebRTC today.
The actual media goes through a very different medium and connection. It goes through “media channels”. These use either SRTP (for voice and video) or SCTP (for the data channel).
On one hand, WebRTC is useful as it helps to implement voice and video calling like Skype or Zoom by connecting two users directly.
It utilizes modern audio and video codecs (G711, OPUS, VP8) and allows third party developers to build any apps on top of WebRTC.
Its open-source structure gives a great deal of flexibility and freedom to users in how they choose to deploy this technology.
Why is webRTC dangerous?
Despite its benefits, WebRTC has a few drawbacks that make it unsuitable for everyone trying to achieve anonymity and safety online.
The main problem is that WebRTC doesn’t conceal your real IP address, and it can compromise any proxies, VPN, Tor, or popular plugins like Ghostery.
To establish audio or video connection via WebRTC, two computers need to exchange both public and local IP addresses.
But that is not the only drawback of running WebRTC that makes it potentially dangerous. It increases browser recognizability, thus allowing websites to track individual users (so called fingerprints technology).
The more different a browser is from other browsers in its settings and behavior, the higher its recognizability, or uniqueness.
As a result, websites are able to identify users and track their Internet usage, with no cookies required.
WebRTC also decreases the effectiveness of virtual private networks (VPN), which many people use for anonymity and safety. WebRTC allows connected clients to obtain a user’s IP even when they work under a VPN or proxy.
What are suitable alternatives to webRTC?
If you want to be truly anonymous while browsing, the best option is to use VPN to hide your IP address. In this case, only the local IP address assigned by the VPN will be detected.
Disabling webRTC makes it harder to track your actual IP address. Because webRTC validates local encryption to keep communications private, it is less secure than mainstream conferencing services.
If you use a proxy instead, the main danger will be that it will figure out your actual IP address for the proxy server or the IP address of the VPN server if you access it through a VPN plus proxy chain.
However, with reliable VPN services, this risk is minimal. However, even using a highly secure browser like Tor won’t help you hide your real IP address since WebRTC will discover it.
It is imperative to use a solid VPN that prevents webRTC leaks, which completely undermine your security and expose your true location and activities for everyone to see. A good VPN service is able to stop the three most common leaks which are:
- DNS leaks
- WebRTC and IP leaks
- Chrome extension leaks
These are not the only benefits of using a VPN service. In addition to keeping your online connections and private data secure. VPNs create a private network over a public one, and encrypt all the data that is routed through it. As a result, no hackers will manage to intercept it – or exploit your connections for that matter.
Since a VPN service provides end-to-end encryption, no ISP (Internet Service Provider) or government agency will manage to keep tabs on your online activities.
All they’ll see is a string of indecipherable gibberish or think that you are accessing a website with HTTPS (Hyper Text Transfer Protocol Secure) like Gmail or eBay, for instance.
Additional benefits of using a VPN include:
- Enhanced data security
- Internet anonymity
- The power to overcome geo-blocks
- Better online privacy
- Superior bandwidth
A VPN will not just ensure your IP address doesn’t get leaked, but it can encrypt all your data to keep your privacy intact. You cover your tracks by masking your physical address.
How does it achieve that? It’s simple – it gives you the option to connect to one of its secure servers. Usually, these servers are part of a wide network that spans the whole globe.
Once connected, your IP (Internet Protocol) address gets replaced with the address of the server and your actual IP address is thus masked (hidden).
By hiding your true IP address, you can not only remain truly anonymous online but also access geo-restricted content.
It is a safe and reliable way to surf securely online as well as access the content or services you want no matter where you are in the world.