关于使用chrome翻墙后如何处理webRTC功能(该功能可能会暴露你的真实ip,即便你挂了代理)
对于使用chrome翻墙后如何对待webRTC这项功能?该功能虽然能带来便利但也无可厚非的带来了危险(对于注重隐私的人而言)。
Q: 1.什么是webRTC?
2.如何解决这个问题?google一下后在隐私防护网站privacytools(似乎很厉害的网站)对于chrome禁用webRTC他们给出的答案确实让人失望。然后我不死心的继续google在这篇中提到有个工具可以然而该扩展在商店消失了。好了不得不在此继续终于在这里找到了
整篇文章的复制:
This method also works in mobile versions of Firefox (Android/iOS)
The Statutory add-on blocks WebRTC by default, but allows you to white-list sites by adding them to this list
(This method does not work in desktop versions of Chrome)
Q: 1.什么是webRTC?
2.如何解决这个问题?google一下后在隐私防护网站privacytools(似乎很厉害的网站)对于chrome禁用webRTC他们给出的答案确实让人失望。然后我不死心的继续google在这篇中提到有个工具可以然而该扩展在商店消失了。好了不得不在此继续终于在这里找到了
整篇文章的复制:
【At the beginning of 2015 both the Chrome and Firefox browsers introduced a new “feature” called WebRTC. Rather alarmingly, however, it permits websites to detect your real IP address, even when using a VPN!
What is WebRTC?
Web Real-Time Communication (WebRTC) is a potentially useful standard that allows browsers to incorporate features such as voice calling, video chat, and P2P file sharing directly into the browser.
A good example of this is the new Firefox Hello video and chat client that lets you talk securely to anyone else using an up-to-date Firefox, Chrome, or Opera browser, without the need to download any add-on, or configure any new settings.
So what’s the problem?
Unfortunately for VPN users, WebRTC allows a website (or other WebRTC services) to directly detect your host machine’s true IP address, regardless of whether you are using a proxy server or VPN.
As the makers of https://diafygi.github.io/webrtc-ips/, a tool that detects whether your browser is vulnerable to a WebRTC leak, explain,
“Firefox and Chrome have implemented WebRTC that allow requests to STUN servers be made that will return the local and public IP addresses for the user. These request results are available to javascript, so you can now obtain a users local and public IP addresses in javascript. This demo is an example implementation of that.
Additionally, these STUN requests are made outside of the normal XMLHttpRequest procedure, so they are not visible in the developer console or able to be blocked by plugins such as AdBlockPlus or Ghostery. This makes these types of requests available for online tracking if an advertiser sets up a STUN server with a wildcard domain.”
The Opera browser, which uses the same WebKit code that powers Chrome is also affected by the issue, but Internet Explorer and Safari, which do not support WebRTC, are not. Update: newer versions of the stock Android browser appear to implement WebRTC, and so should be avoided.
Am I affected?
You can test whether your browser is leaking your true IP address through WebRTC by visiting ipleak.net.
Here we can clearly see that I have a WebRTC leak. The website can see my VPN server’s IP, but can also see real local (UK) IP address. Bad!
If you have disabled WebRTC in your browser (or are using a browser that does not ”feature” WebRTC, you will see this message. Good!
You may also see something like this, which means that your browser is vulnerable to the WebRTC “bug”, but that your VPN provider has fixed the problem and is routing WebRTC STUN requests through its servers. Bravo!
Although it is great that some VPN providers (such as AirVPN) have taken steps to fix the WebRTC “bug”, it should be stressed that, fundamentally, the problem lies with the WebRTC API, together with the fact that it is enabled by default within affected browsers.
It is therefore is not really the fault of VPN providers, although we would love to see more of them rise to the challenge of helping their customers (who will be largely unaware of the problem) from having their privacy compromised by this issue.
Fixes
Firefox
1. The simplest solution to the problem is to just disable WebRTC. In Firefox can be easily done manually in the advanced settings:
a) Type ‘about:config’ into the URL bar (and click through ‘I’ll be careful I promise!’)
b) Search for ‘media.peerconnection.enabled’
c) Double-click on the entry to change the Value to ‘false’
b) Search for ‘media.peerconnection.enabled’
c) Double-click on the entry to change the Value to ‘false’
This method also works in mobile versions of Firefox (Android/iOS)
2. Install the Disable WebRTC add-on. The uBlock Origin browser extension also prevent WebRTC from leaking your local IP address on the desktop (all of these add-ons also on mobile versions of Firefox.)
In uBlock Origin go to Menu -> Add-ons -> uBlock Origin -> Options -> Show Dashboard to disable WebRTC
3. A more nuclear option is to use the NoScript Add-on. This is an extremely powerful tool, and is the best way to keep your browser safe from a whole host of threats (including WebTRC), but many websites will not play game with NoScript, and it requires a fair bit of technical knowledge to configure and tweak it to work the way you want it to.
It is easy to add exceptions to a whitelist, but even this requires some understanding of the risks that might be involved. Not for the casual user then, but for web savvy power-users, NoScript is difficult to beat (in fact, even with all with most of its features turned off, NoScript provides some useful protections anyway.) NoScript works on desktop versions of Firefox only.
4. As I have noted, WebRTC can actually be useful, so for a more nuanced approach you can install the Statutory add-on. This allows you to decide, on a site-by-site basis, whether to allow a WebRTC connection. Desktop only.
The Statutory add-on blocks WebRTC by default, but allows you to white-list sites by adding them to this list
Note that the Tor Browser (which is based on Firefox) disables WebRTC by default.
Chrome
1. The uBlock Origin browser extension is also available for Chrome (and work for Opera.)
2. The WebRTC Network Limiter browser extension will prevent IP leaks without fully disabling WebRTC functionality (this is an official Google extension.)
3. In Android you can manually disable WebRTC in Chrome using the following method:
Type chrome://flags/#disable-webrtc into the search bar
(This method does not work in desktop versions of Chrome)Opera
In theory, Opera can use regular Chrome extensions, but these mostly fail to block WebRTC IP leaks. The one method I know of that does work is using the WebRTC Leak Prevent extension, but only if you:
- Go to Menu -> Extensions -> Manage Extensions WebRTC Leak Prevent -> Options
- Set “IP handling policy” to: Disable non-proxied UDP (force proxy), and tick both options under “Legacy”.
3. Hit “Apply settings”.
Conclusion
The WebRTC “bug” is dangerous for VPN users, as it can reveal your true IP address (thereby negating the whole point of using a VPN!)
Although not really their fault, it would be great, however, if more providers could addresses the problem in order to protect theirs users, most of whom are completely unaware of this threat.
In the meantime, at least once you are aware of the problem, it can be easily fixed.】
而似乎去广告工具没有后者给力。不能完全做到,严格来说是没法做到。这是如何测试出来的呢?这里使用privacytools提供的测试网页。首先我们需要设置好这两个工具,这个设置非常简单去广告工具直接在里面勾选 防止 WebRTC 泄露本地IP地址 就好了。
而官方工具估计有人打开后蒙了,英文?其实从上至下,对隐私的注重的成度越高。想要隐藏真实ip必须选择最下面的。当然测试时这两个工具不能同时打开。
这时我们需要将测试地址加入翻墙代理的pac地址内。或者全局翻也可以。
如果打开测试页面看不到你的任何一个路径ip那么你成功的阻止了。
评论
发表评论