A Browser can leak your encrypted activity

A browser leaking user activity

A browser is one of those essential tools that you really need to surf the Internet. They are getting prettier, faster, with more tools and, unfortunately, less secure. This small piece of software can give a false sense of security. There are entities accessing the private info of many Internet users through their own browser.

This is a very common scenario with VPN users. By using a Virtual Private Network, many people think they are completely safe and they don't even consider their browsing settings. Many times, the VPN is not doing its job because everything is leaking through the browser.

How can Browsers Leak Your Activity?

A browser is essential for every Internet user, and some entities take advantage of how misinformed most people are. They release the browser software with default options that allow marketing agencies and snoopers to have access to data, such as cookies. That data contains all kinds of information, such as location, preferences, activity, etc.

Even when using a good VPN provider, a user can be exposed because of the wrong browser configuration. The main security issues related to browsers are:

  • WebRTC IP leaks
  • Third party cookies
  • Flash vulnerability
  • Geolocation

And keep in mind that, although these settings are very important, you should also consider using a safe browser that respects your privacy. That will increase the chances of being protected.

The Myth of The Incognito Window

Before we teach you how to fix these safety issues settings, we want to make sure you understand the incognito window. This is a feature that also gives a false sense of security, and a huge one.

The incognito window lack of security

You click that option and you think you are protected against any monitoring. That's completely false! Keep in mind that the incognito mode only avoids data from being saved in your device. It's helpful if you are on a public computer and you don't want your passwords to be stored there. It's good if you don't want to save any Internet history in a certain device. Yes, it does that, but only that!

The incognito window does not offer any protection against any external entity monitoring you. There's no encryption whatsoever. Any website will still know you visited it, just by seeing your IP address. Any entity trying to monitor you can still follow you. That kind of protection and encryption is only achieved with a VPN.

The wrong browser configuration will still give you away, even with that private mode activated. And it feels like companies that create browsers are not explaining very well what this mode really does (and what it doesn't). It looks like they do not mind this false sense of security when people use their software. Trust in a product means more users and, therefore, more downloads.

The Best Browser Settings for Safety

It's time to go to the part that matters the most, learning how to tweak those settings in your browser to avoid any leaking.

We couldn't explain how to do these things on every existing browser. So, we decided to give you an explanation of these procedures in the most popular ones, Chrome and Firefox. There are many browsers that are based on these two, so this process will be very similar in those.


Web real-time communications (WebRTC) is a technology that gives more functionality to web browsers. It allows browsers to communicate with each other. It makes it possible for browsers to use apps, such as Skype voice and video calling. It basically allows browsers of different users to communicate directly.

That sounds very nice, but there's a huge drawback. WebRTC allows every website to see your real IP address immediately, even if you are using a VPN. As simple as that!

If what you want is anonymity, then there's only one way to go: Disable WebRTC. This feature is turned on by default in the most popular browsers. Here's what you have to do:

Disable WebRTC in Chrome

Chrome does not allow you to do this with an on and off switch. This can only be achieved by installing an extension, such as WebRTC leak prevent. Install it, activate it and test if you are still leaking your real IP address (test tool at the end of the post).

Disable WebRTC in Firefox

In Mozilla Firefox, this can be done in two ways. You can also install an add-on, or you can go to the browser settings and disable it manually. We strongly recommend using the second option, it turns it off for good! To do so, do the following:

  1. In the search bar, type about:config
  2. You will see a warning to be careful with the settings. To continue, click on “I accept the risk
  3. You will see a list with a search bar. In that bar, type media.peerconnection.enabled and press enter
  4. There will be only one match, double click to make the value “false

Third-Party Cookies

Third-party cookies have the objective to track you so that entities, such as advertisers, to follow your activity and find out about your preferences. That way, they know exactly which ads to show you, increasing their chances of making money. To avoid any risks, it's advised that you just turn third-party cookies off

Disable Third-Party Cookies in Chrome

  1. Go to Settings
  2. Hit “Advanced Settings
  3. Under “Privacy and security” select “Site Settings
  4. Select “Block third-party cookies

Disable Third-Party Cookies in Firefox

In the “Privacy & Security” tab, select “Custom“. After that, you will be able to customize what you want to allow and to block, just like in the image below.

Disable third party cookies on Firefox


Flash is an easy thing to infiltrate and mess around. It is not often updated and it has quite some security flaws that can leak your IP address. We recommend you to disable it completely.

Disable Flash in Chrome

  1. Go to Settings
  2. Hit “Advanced Settings
  3. Under “Privacy and security” select “Site Settings
  4. Untick the box and you should see “Block sites from running flash

Disable Flash in Firefox

Flash works via a plugin in Firefox. Go to “Add-ons” and, on the “Shockwave Flash” dropdown menu, select “Never Activate“.

Disable the flash plugin in Firefox


The geolocation feature has a similar purpose as the cookies. It is meant to track you to know your preferences. In this case, they are able to send you suggestions relevant to the place where you are at that moment. Again, we recommend to turn this feature off.

Disable Geolocation in Chrome

  1. Go to “Settings
  2. Hit “Advanced Settings
  3. Under “Privacy and security” select “Site Settings
  4. In “Location” select the option “Block

Disable Geolocation in Firefox

  1. In the search bar, type about:config
  2. Again, click on “I accept the risk
  3. The list will appear. In the search bar, type geo.enabled and press enter
  4. There will be only one match, double click on it to make the value “false

Make Sure You Are Protected

It's good practice to use some tools from time to time to make sure you're not leaking info that can expose your identity. Keep in mind that sometimes settings change because of browser updates. These options may come back to default without any warning.

We are not trying to make you obsessed and check it all the time. But it's a good thing to take a few seconds and perform a test every couple of weeks, or at least once a month.

We like ipleak.net and doileak.com. They are very thorough, giving you results for the topics we just discussed, and more.


Browsers are great, but they can be false friends too. Especially for the ones who care enough to use a VPN. It's a waste of money and resources to expose a connection that was supposed to be encrypted.

By configuring your safety settings properly, you will increase your security when browsing the Internet.

Sharing is caring!

Similar Posts