I use a Virtual Private Network (VPN) on a regular basis. There are many reasons to do so. It helps keep my true IP address concealed; all my internet traffic appears encrypted to the ISP. If I need to use Wi-Fi at a coffee shop, I can do so without fear that the owner of the access point could be snooping on me. Some internet content is also geographically restricted, and my VPN provides me a choice of where I want my internet traffic to originate from.
But there is good news. This problem does not affect any web browsers in OS X. It appears to only impact Windows machines, and only the Firefox and Chrome browsers. Of course, we want all browsers to be secure, so how to fix this?
If you’re on Windows and using Firefox, type “about:config” in the address bar, and set “media.peerconnection.enabled” to False.
If you’re on Windows and using Chrome, type “chrome://flags/” in the address bar and check “Disable WebRTC device enumeration.”
The superior way to fix this is to force all traffic to go through your VPN, but my skills with Windows Firewall are a bit lacking. If you control your own physical firewall, you probably already have a good idea on how to force web traffic to go over port 1194 (OpenVPN) during VPN sessions. Properly implemented, that should also plug this data leak.
I advise anyone who cares about privacy who is using Windows to take the above steps to fix the problem. There are lots of people out there who want to track you so they can spy on you and sell you things. Why make it easy for them?