experiment 32 · webrtc · no permissions
your VPN
has a hole.
WebRTC uses ICE (Interactive Connectivity Establishment) to find the best network path for
real-time communication. As part of this process, the browser enumerates all your network
interfaces — including those hidden behind a VPN.
Your real local IP — not masked by VPN.
WebRTC bypasses proxies to reveal your router-assigned address.
Ad networks use this to re-identify users who think they are anonymous.
—IPs found
—LAN IPs
—candidates
RTCPeerConnection is unavailable in this browser.
WebRTC is supported in all major modern browsers. Some privacy browsers (Tor Browser, Brave Shield) block
this API or prevent local IP disclosure. If you see this, your browser is already protecting you.
gathering ICE candidates...
how ad networks cross-reference VPN users
1
User enables VPN. Public IP changes. Cookie-based session ends. User thinks they're anonymous.
2
WebRTC leaks the local IP — e.g. 192.168.1.42. This is assigned by your router, not by your ISP. It does not change when you enable a VPN.
3
Canvas fingerprint + local IP + timezone form a stable cross-session identifier. A returning user with the same LAN IP, canvas hash, and timezone is re-identified with high confidence — regardless of VPN, cookies, or private browsing.
▶ what is ICE candidate harvesting?
WebRTC is a peer-to-peer communication protocol built into browsers. When establishing a connection, both peers gather "ICE candidates" — network addresses where they can potentially be reached. These include host candidates (local interface IPs), server-reflexive candidates (your public IP as seen by a STUN server), and relay candidates (TURN server addresses).
The local IP enumeration happens even when no STUN server is configured — creating an RTCPeerConnection with null config and a data channel is sufficient to trigger host candidate collection on most browsers. The browser reports the IP of every active network interface: Ethernet, Wi-Fi, VPN tunnel, loopback, and virtual adapters.
This behavior was documented as a privacy issue in 2015. Firefox added a mitigatio in 2019 via media.peerconnection.ice.default_address_only. Chrome's behavior has varied. The Safari implementation also leaks local IPs. Users can check if they are protected by whether this experiment finds IPs that match their LAN subnet.