VPN WebRTC Leaks

Let's take a closer look at 2 recent studies about VPN WebRTC leaks and VPN logging policies. 

vpn webrtc leaks photo (fixing a leak)

Which VPNs are safe from WebRTC leaks and logging?  

Within a few days apart, two interesting studies about VPN services were released. 

Below, we give you a quick run down of these two studies and, in light of their results, then discuss how Cogipas’ recommended VPN services fared. 

VoidSec's Study of VPN WebRTC Leaks

voicsec's logo

VoidSec is a trusted source of Internet security information.

The first was an analysis by independent security expert “VoidSec” about which VPN services suffered from WebRTC leaks. VoidSec is the tagline and domain of well-respected security researcher, Paolo Stagno (source).

This study revealed that 23% of VPNs tested leaked the IP addresses of users via WebRTC. The results were somewhat shocking given that the vulnerability has been known for many years.

Here’s VoidSec’s VPN WebRTC leak study in full and its accompanying data spreadsheet.

In contrast the second study we’ll look at below, VoidSec speaks with authority and the VPN community should stand up and take notice of these results.

You can test your VPN service yourself at https://ip.voidsec.com/ and report the results to VoidSec (instructions how to do so are in the data spreadsheet linked above).

Web Browsers at Risk for WebRTC Leaks

The VoidSec study also sets out the default WebRTC settings for most major web browsers.

screenshot of VoidSec WebRTC leaks data table

VoidSec's list of WebRTC leaking web browsers

As you can see above, VoidSec found the following browsers that have WebRTC enabled by default (a bad thing when using a VPN):

  • Brave
  • Mozilla Firefox
  • Google Chrome
  • Google Chrome on Android
  • Internet (Samsung Browser)
  • Opera
  • Vival

How To Stop Webrtc Leaks

If you use one of the browsers above - after all, Chrome is the most popular web browser - plug any risk of WebRTC leaks by using a browser plugin that blocks WebRTC.

For example, use the WebRTC Leak Prevent plugin for Chrome. Other plugins and add-ons are available for other web browsers.

TheBestVPN's Study of VPN Logging Policies

The second study was an analysis by an “independent” VPN review site about the Privacy Policies of over 115 VPN services. They found that 23% of VPN services collect 3 or more important log files which are deeply hidden in their privacy policy.

We place “independent” in quotes because a tiny footnote on their website reveals that, “Earnings disclosure: We are affiliated with some of the VPN services listed on this site”. Plus, the website seems perhaps to be passing off on BestVPN.com’s well-earned good name.

The analysis is interesting but smacks more of a publicity stunt for their own reviews because the analysis page is chock full of links to their VPN reviews (the ones generating commissions for them).

Plus, there is this bizarre statement by TheBestVPN which seems to expressly condone illegal behaviour while using a VPN, “Bottom line, if you aren’t doing anything illegal, you should be fine. But what’s the point of having a VPN anyway?” Not sure they cleared that one through their lawyers.

Lastly, the “study” they undertook was not at all robust. They basically took VPN privacy policies on their face and did not test the claims set out in privacy policies. Put bluntly, just because a VPN’s privacy policy says it doesn’t collect logs or customer data doesn’t makes the claim true.

We think ThatOnePrivacySite’s logging info on VPN services is a much better source of information than TheBestVPN “study”. Nevertheless. Update: ThatOnePrivacySite has since been taken over by unscrupulous folks and should not be consulted for trusted VPN information.


In light of both of these studies, how did Cogipas’ recommended VPN services fare? Let’s take a look.

VoidSec’s test results concluded that ExpressVPN has no WebRTC leaks.

VoidSec found that ExpressVPN has no WebRTC leaks.

TheBestVPN found that ExpressVPN is a “strict no logging VPN service”. In other words, ExpressVPN earned the highest marks for its privacy and logging policy.

Both of these results reinforce why - among many other reasons - we consider ExpressVPN a good VPN.

Try it 30 days risk-free.  Read full review »

VoidSec found that Private Internet Access VPN (or PIA as it is known) does suffer from a partial WebRTC leak (it can expose your private LAN’s IP). That won’t affect most people, but it’s still good to know. 

To ensure no WebRTC leaks occur when using PIA, install a WebRTC blocking plugin with your browser.

TheBestVPN also judged PIA VPN a “strict no logging VPN service”.

We consider PIA VPN a good VPN, especially for torrent file-sharing, given its fast speeds, non-logging policy and the industry’s lowest prices.

VoiSec initially discovered WebRTC leaks, but PureVPN quickly plugged them. VoidSec now confirms that PureVPN has no WebRTC leaks.

VoidSec confirms that PureVPN has no WebRTC leaks.

In the VPN Privacy Policy study by TheBestVPN, PureVPN was found to be 1 of 26 VPN services keeping “3 or more alarming log files”. Ouch.

TheBestVPN criticized PureVPN for advertising itself as a “no logs” VPN service, yet keeping records of the following: Your name, Your email address, Your phone number, Your IP address, Bandwidth data and connection timestamps.

PureVPN remains one of the biggest, best, least expensive and fastest VPN services out there.

We wouldn’t recommend that Edward Snowden use it. But for torrenting, streaming and geo-shifting purposes such as to watch Netflix abroad, PureVPN is perfectly fine especially for its attentive customer service and low prices.

The only evidence of PureVPN’s privacy policies coming back to haunt one of its customers was a true scumbag, an alleged serial cyberstalker in the USA (source1, source2 & source3). As long as you are not using PureVPN to illegally stalk and harrass people, we stand by it, especially for newcomers to VPN services.

VPN WebRTC Leaks Wrap-Up

Bottom line?

Pay attention to the VoidSec study, but no so much the TheBestVPN study.

Be mindful of WebRTC leaks and either use a web browser that doesn’t enable WebRTC or use a WebRTC-blocking plugin for those web browser’s at risk, like Chrome for example, to eliminate the risk.

October 1, 2021

Leave a Reply

Your email address will not be published.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}