VPN WebRTC Leaks and Logging Studies
Let's take a closer look at 2 recent studies about VPN WebRTC leaks and VPN logging policies.
Within a few days apart, two interesting studies about VPN services were released.
Below, we give you a quick run down of these two studies and, in light of their results, then discuss how Cogipas’ recommended VPN services fared.
'VPN WebRTC Leaks & Logging Studies' Contents (select to expand)
VoidSec's Study of VPN WebRTC Leaks
The first was an analysis by independent security expert “VoidSec” about which VPN services suffered from WebRTC leaks. VoidSec is the tagline and domain of well-respected security researcher, Paolo Stagno (source).
This study revealed that 23% of VPNs tested leaked the IP addresses of users via WebRTC. The results were somewhat shocking given that the vulnerability has been known for many years.
In contrast the second study we’ll look at below, VoidSec speaks with authority and the VPN community should stand up and take notice of these results.
You can test your VPN service yourself at https://ip.voidsec.com/ and report the results to VoidSec (instructions how to do so are in the data spreadsheet linked above).
Web Browsers at Risk for WebRTC Leaks
The VoidSec study also sets out the default WebRTC settings for most major web browsers.
As you can see above, VoidSec found the following browsers that have WebRTC enabled by default (a bad thing when using a VPN):
- Mozilla Firefox
- Google Chrome
- Google Chrome on Android
- Internet (Samsung Browser)
How To Stop Webrtc Leaks
If you use one of the browsers above - after all, Chrome is the most popular web browser - plug any risk of WebRTC leaks by using a browser plugin that blocks WebRTC.
For example, use the WebRTC Leak Prevent plugin for Chrome. Other plugins and add-ons are available for other web browsers.
TheBestVPN's Study of VPN Logging Policies
We place “independent” in quotes because a tiny footnote on their website reveals that, “Earnings disclosure: We are affiliated with some of the VPN services listed on this site”. Plus, the website seems perhaps to be passing off on BestVPN.com’s well-earned good name.
The analysis is interesting but smacks more of a publicity stunt for their own reviews because the analysis page is chock full of links to their VPN reviews (the ones generating commissions for them).
Plus, there is this bizarre statement by TheBestVPN which seems to expressly condone illegal behaviour while using a VPN, “Bottom line, if you aren’t doing anything illegal, you should be fine. But what’s the point of having a VPN anyway?” Not sure they cleared that one through their lawyers.
We think ThatOnePrivacySite’s logging info on VPN services is a much better source of information than TheBestVPN “study”. Nevertheless.
In light of both of these studies, how did Cogipas’ recommended VPN services fare? Let’s take a look.
ExpressVPN WebRTC Leaks & Logging Policy
VoidSec’s test results concluded that ExpressVPN has no WebRTC leaks.
TheBestVPN found that ExpressVPN is a “strict no logging VPN service”. In other words, ExpressVPN earned the highest marks for its privacy and logging policy.
IPVanish VPN WebRTC Leaks & Logging Policy
VoidSec gave IPVanish VPN the all-clear for WebRTC leaks.
IPVanish is well-known for its excellent privacy protections and fast speeds.
Try it 7 days risk-free.
Private Internet Access VPN WebRTC Leaks & Logging Policy
VoidSec found that Private Internet Access VPN (or PIA as it is known) does suffer from a partial WebRTC leak (it can expose your private LAN’s IP). That won’t affect most people, but it’s still good to know. To ensure no WebRTC leaks occur when using PIA, install a WebRTC blocking plugin with your browser.
Like 4 of 5 of our top recommended VPN services, TheBestVPN judged PIA VPN a “strict no logging VPN service”.
We consider PIA VPN a good VPN, especially for torrent file-sharing, given its fast speeds, non-logging policy and the industry’s lowest prices.
VoidSec found that NordVPN has WebRTC leaks. As with PIA above, address this blocking WebRTC with a plugin for your browser.
Like ExpressVPN and PIA above, TheBestVPN also gave NordVPN the highest marks as a “strict no logging VPN service”.
PureVPN WebRTC Leaks & Logging Policy Results
VoiSec initially discovered WebRTC leaks, but PureVPN quickly plugged them. VoidSec now confirms that PureVPN has no WebRTC leaks.
TheBestVPN criticized PureVPN for advertising itself as a “no logs” VPN service, yet keeping records of the following: Your name, Your email address, Your phone number, Your IP address, Bandwidth data and connection timestamps.
You might be thinking, “Well, why do you recommend PureVPN as the #5 best VPN service?”
Here’s why. At the end of the day, PureVPN remains one of the biggest, best, least expensive and fastest VPN services out there.
We wouldn’t recommend that Edward Snowden use it. But for torrenting, streaming and geo-shifting purposes such as to watch Netflix abroad, PureVPN is perfectly fine especially for its attentive customer service and low prices.
The only evidence of PureVPN’s privacy policies coming back to haunt one of its customers was a true scumbag, an alleged serial cyberstalker in the USA (source1, source2 & source3). As long as you are not using PureVPN to illegally stalk and harrass people, we stand by it as the #5 best VPN service in our humble opinion, especially for newcomers to VPN services.
VPN WebRTC Leaks Wrap-Up
Pay attention to the VoidSec study, but no so much the TheBestVPN study.
Be mindful of WebRTC leaks and either use a web browser that doesn’t enable WebRTC or use a WebRTC-blocking plugin for those web browser’s at risk, like Chrome for example, to eliminate the risk.
• best overall VPN for privacy
Try risk-free for 30 days
• best value VPN
Try risk-free for 7 days
• excellent for all VPN uses
Try risk-free for 30 days