Take control of WebRTC IP leaks with Statutory for Firefox
In recent years, new technologies have found their way into modern web browsers. Designed to improve or add functionality to the browser to support web applications making use of them, they sometimes have side-effects that can affect a user’s privacy on the Internet.
It became known only recently for instance that the two browser features HTTP Strict Transport and HTTP Public Key Pinning can be abused for tracking purposes while they have been designed to make user connections to HTTPS more secure.
The same is true for WebRTC which sites may use to detect the local IP address of the system connecting to it.
You can test if your browser leaks the information by visiting IP Leak. Check whether your IP address is revealed under the WebRTC detection section on the page.
If you do use web applications or services that make use of WebRTC, then you may not want to disable the feature completely, as it would mean to toggle it whenever you use these apps or services.
Statutory is a free browser add-on for the Firefox web browser that puts you in control. Instead of disabling WebRTC outright, it displays notifications on pages where it is being used.
You may accept or deny the request then and there depending on whether the request was initiated by you or by the site.
The extension ships with a whitelist and blacklist on top of that to define permanent rules for sites. If you use WebRTC on a site for example, you may want to add it to the whitelist to allow it automatically.
The same is true in reverse for sites that make use of WebRTC even though you don’t use it on those sites. Instead of receiving prompts each time you visit the site, you simply add it to the blacklist to deny the request automatically.
Blacklisted and whitelisted sites are mixed into a single list by the extension. To whitelist a site simply adds its domain name in a new row, and to blacklist a site do the same but prepend “!” in front of the domain name.
The add-on’s options enable you to disable notifications, and to disable WebRTC permanently. If you select the latter all WebRTC functions are disabled so that it cannot be used anymore in the browser until revoked.
There is an easier way to disable WebRTC in Firefox though as you can set the preference media.peerconnection.enabled to false on the about:config page to block it as well.