VPN Vulnerability - STUN
This week a very concerning security flaw revealed that it’s easy to see the real IP-addresses of many VPN users through a WebRTC feature. With a few lines of code websites can make requests to STUN (en.wikipedia.org/wiki/STUN) servers and log users’ VPN IP-address and the “hidden” home IP-address, as well as local network addresses. The vulnerability affects WebRTC-supporting browsers including Firefox and Chrome and also appears to affect Vivaldi. It would be great if you could build in extra security to your browser to prevent this. This website is method of testing the vulnerability https://diafygi.github.io/webrtc-ips/ , i had my VPN switched on and it told me my fake and real IP addresses through a request to STUN whereas the same test on Safari resulted in no addresses displayed. I like the potential of this browser but security is very important.