How WebRTC Leaks Your Real IP (Even With a VPN On)

Your VPN is on, so you assume your real IP is hidden. Yet some pages still grab your true address from outside the VPN — and the culprit is often WebRTC.

What WebRTC is

WebRTC (Web Real-Time Communication) is a built-in browser capability for video calls, voice, and peer-to-peer transfers. To set up a direct connection, it needs to know each side's network address, so it asks a STUN server "what is my public IP?" and gathers candidate addresses (ICE candidates).

How the leak happens

The key issue: this lookup does not go through your HTTP proxy settings. Even if your browser traffic uses a VPN/proxy, WebRTC may grab the real public IP of the underlying network and expose it to the page via JavaScript. A page needs only a few lines of code and no permission prompt to read these candidates — hence "silent leak."

What modern browsers do about it

Mainstream browsers have reduced the risk: by default they use mDNS to replace local IPs with random values like xxxx.local, so your LAN address is usually not exposed without permission. But your public IP (the srflx candidate) can still leak in many configurations — and that is exactly what tells you whether your VPN is really covering you.

How to check yourself

On our home page, look at the "WebRTC Leak" card: if the public IP it shows matches the exit IP in the "IP Information" card, there is no extra leak (either no VPN, or the VPN also handles WebRTC). If they differ, a real IP is likely leaking past your VPN.

How to protect yourself

• Disable or restrict WebRTC in your browser (some browsers have a setting; or use a trusted extension).
• Use a VPN that captures all system traffic (not just a browser proxy) so WebRTC goes through the tunnel too.
• Re-check on the detection page regularly to confirm your settings actually work — many people think they disabled it but did not.