SSysLeak

Single-signal test

WebRTC leak test

Your browser was just asked to gather connection candidates — the same thing any website can do silently. Here is what it gave away.

WebRTC leak test

Gathering ICE candidates…

Raw ICE candidates (0)

Still gathering…

The hole in many VPN setups

WebRTC exists so browsers can talk to each other directly — video calls, file drops, multiplayer games — without routing every packet through a server. Direct connections need real addresses, so WebRTC ships with a discovery mechanism (ICE) that asks your machine and a reflection server (STUN) “what addresses can you be reached at?”. The catch: any web page can start that discovery with a few lines of JavaScript, no permission prompt, no visible sign. The addresses it harvests can include your local network IP and — in badly configured setups — the public IP your VPN was supposed to hide.

This made headlines in 2015 when researchers showed popular VPNs leaking subscribers' real addresses to any site that asked. Browsers responded: today's Chrome and Firefox hand out anonymized .local mDNS names instead of raw local IPs until you actually grant a site media permissions. That is the “mDNS obfuscation” verdict above, and it is what a healthy modern setup looks like. A raw public address in the results that differs from the IP on your dashboard is the classic leak signature — your VPN hides your browsing but WebRTC walks right past it.

Reading your result

No raw IPs / mDNS only: good — sites can't use WebRTC to unmask you. Local address exposed: sites learn your private network address (10.x, 192.168.x) — mostly a tracking aid, it identifies your network position behind the router. Public address exposed: the serious one; if you run a VPN, compare it against your dashboard IP. If they differ, your real identity is one JavaScript call away, and the fixes in the FAQ below are worth ten minutes of your time.

Frequently asked questions

What is a WebRTC leak?
WebRTC is the browser technology behind video calls and peer-to-peer connections. To connect peers directly it discovers your network addresses — and a website can trigger that discovery silently, sometimes revealing your real public IP even when a VPN hides it from normal web traffic.
Why does this work even with a VPN?
Some VPN setups only tunnel ordinary browser traffic. WebRTC's STUN requests can ride a different network path, and the address that comes back is your real one, not the VPN's. Well-configured VPN apps and browser extensions block or proxy this; the test above shows whether yours does.
How do I fix a WebRTC leak?
Options, strongest first: disable WebRTC where you don't need it (Firefox: media.peerconnection.enabled=false), use a VPN client that explicitly blocks WebRTC leaks, or use a browser extension that restricts WebRTC's network access. After changing anything, re-run this test to verify.
Is this test private?
Yes. It runs entirely in your browser: the page asks your browser for ICE candidates and displays them to you. The only network traffic is your browser's own STUN request (to stun.l.google.com, disclosed above). SysLeak's servers receive nothing.

This is one signal of many. The SysLeak exposure dashboard combines your IP, fingerprint and WebRTC results into a single Exposure Score.