Many users hide their actual IP address and thus their location by accessing the Internet via a VPN server. However, the WebRTC implementations by Mozilla Firefox and Google Chrome disclose the address.
VPN access abroad is a practical matter. Through it, web service does not recognize where you are actually located. Because in all IP packets exchanged with it, the IP address of the VPN provider is in the place where the address assigned by the German Internet provider should generally be.
One purpose of this obfuscation tactic is, for example, to be able to use the US offer of a film and video service such as Netflix. The film industry doesn't like that at all, of course, because it sells rights on a country-by-country basis. Therefore, Netflix and Co. try again and again to recognize VPN users and block them out.
Now the programmer and engineer Daniel Roesler has shown on Github how a server operator can find out the user's original IP address anyway. Firefox and Mozilla implement WebRTC, a technology for real-time communication in the browser. This enables video chats between two browsers - without an additional service such as Skype.
Of course, computers that are behind a firewall and (thanks to NAT) should have a private instead of a public IP address that can be accessed from the Internet should also be allowed to chat. Firefox and Chrome, therefore, allow a website to use JavaScript to ask a STUN server for the public IP address with which it can be viewed on the Internet.
Fortunately, there is a remedy.
In a demo, Roesler shows that the public STUN server stun.services.mozilla.com not only transmits the address with which you can be seen at the exit of the VPN tunnel, so to speak.
It also reveals the public address from which the VPN connection was established. If a web service integrates such code into its website, it has another m
eans of finding out where the user's computer is despite the VPN.
Fortunately, there is a remedy: The WebRTC Block extension is available for Chrome. In Firefox, the user can simply set the value media.peerconnection.enabled to false in about: config.