I just came across the following web page from the "OVPN" site:
If you can't read the graphic clearly, it says "Disable WebRTC if you are using Chrome, Firefox or Opera … It has been revealed that it's possible to get hold of the IP address of users running WebRTC even if they are connected to a VPN or proxy service."
Now let's not all jump screaming off the nearest cliff. First, there is no date attached to the notice and in my quick searches around the web I saw that most posts on this topic seemed to be from around 2015. Maybe things are better now. Second, this notice is specifically targeted at users of a specific piece of software (OVPN) designed to provide secure internet access and additional privacy. So they are referring to a very specific audience concerned with security in a way that most home users are not.
- BUT -
One of the primary reasons that Flash has fallen out of favor as an underlying technology for web collaboration is that it opened too many avenues for malicious misuse by evildoers. It initially worked so well for web conferencing exactly because it provided easy access to communications protocols and device peripherals such as webcams and microphones without needing a rewrite for every operating system and manufacturer.
Bad guys kept finding new ways to exploit those access methods to wreak havoc on an unsuspecting user. Which meant Adobe had to keep patching Flash. Which meant vendors reliant on Flash had to keep updating their software and instructions to deal with the latest version. Which meant users had to keep updating their systems to stay current with the latest versions of both Flash and the software using it. And finally, many corporate IT security personnel got tired of the vulnerabilities and banned Flash Player from users' computers.
So now HTML5 and WebRTC are the great new hope and web collaboration vendors are furiously rewriting to eliminate Flash dependence in favor of the new underlying platform. We're in for a very rough ride if this just opens us up to a new round of security concerns and banned use in corporate venues. Many companies use Virtual Private Networks (VPNs) to provide additional security for their employees. If they decide that WebRTC exposes them to security vulnerabilities, they will prohibit its use, just as they did with Flash. And we'll be right back to square one in the web conferencing arena, with individual participants or entire companies unable to access our webinars and webcasts.
By the way, if you are interested in testing your own browser to see what is discoverable through the WebRTC API set, you can navigate to https://browserleaks.com/webrtc
