Skip to content
Pricing
Log InStart Free TrialBook a Demo
Fingerprinting

WebRTC Leak

A WebRTC leak is the exposure of a device's true local or public IP address through the WebRTC APIs, even when the user is behind a VPN or proxy. It occurs because WebRTC gathers network candidates for peer-to-peer connectivity and can reveal addresses that the browser would otherwise keep hidden.

How it works

How WebRTC Leak works

WebRTC enables real-time audio, video, and data connections directly between browsers. To establish these connections it uses a process called ICE, which gathers candidate addresses, including local network addresses and public addresses discovered via STUN servers. These candidates can be read by scripts on the page.

Because ICE may surface the real public IP obtained through STUN and the private LAN address, a script can learn network details that a VPN or proxy was meant to conceal. When the WebRTC-derived address differs from the address seen at the HTTP layer, the discrepancy indicates that the user is masking their connection.

Modern browsers have added mitigations, such as restricting candidate exposure or requiring permission, and privacy tools can disable WebRTC entirely. The presence or absence of leaked candidates, and any mismatch between them and the connection IP, are themselves informative signals.

Why it matters

Why WebRTC Leak matters for fraud prevention

WebRTC leaks are important in fraud prevention because they can reveal that a user is hiding behind a VPN or proxy and sometimes expose the true network. Detecting a mismatch between the WebRTC address and the request IP helps flag evasion attempts common in account takeover, multi-accounting, and fraud rings. Even when the exact IP is not revealed, the anomaly itself raises risk.

With TRACIO

How TRACIO handles it

TRACIO's IP Intelligence focuses on detecting VPNs, proxies, and Tor and assessing network risk, and WebRTC-related discrepancies are the kind of network inconsistency that informs such an assessment. Rather than relying on exposing a user's private address, TRACIO emphasizes detecting the mismatch that signals masking. This supports risk scoring while respecting that browsers increasingly limit raw address exposure.

FAQ

Frequently asked questions

Identify every device with confidence

Start with a free plan of 2,500 API calls per month. No credit card required.