There bad news and there’s good news for security fans, first things first – the Chromium source code disabled the ability to compile the Browser without WebRTC. For those who have no clue why WebRTC is a thing, well back in 2015 there was a huge security breach based on the Web Real-Time Communication project which allowed attackers to reveal your real IP even behind a VPN. So people started to asking what can we do and it seems disabling WebRTC is the best solution – in case you’re VPN hasn’t patched his own VPN configuration.
Alternative Chromium based Browsers
I often recommend the project woolyss because these guys behind the project compiled a Chromium version (stable/beta) without stuff like WebRTC (and more) but the times are over because Chromium project decided to remove the ability to compile the Browser without the flag. The change made sense in my opinion because WebRTC is not evil it’s just that some bad guys can abuse some weaknesses but no protocol/project is perfect and most VPN providers have already patched their server configuration in order to prevent any IP leakage. Chromium official provided a extension, to control this but some people prefered to entirely disable WebRTC, well that’s imo not optimal solution because WebRTC Video calls are still more secure than compared to other insecure protocols. Most modern chat clients also using WebRTC like Discord, Riot or Signal.
So what can you do?
Well the woolyss project is not dead and I’m sure these guys will work on it but in the meantime you might want to try out Cent Browser. It’s a pretty young project from 2015 and it looks promising since these developers including patches in order to provide builds without WebRTC and other stuff like disabling HTML5 canvas in order to reduce your Browser fingerprint. It seems – from what I saw so far – the CHromium based Browser with the most features.
The developers seem to put a lot of effort into the project in order to provide a ‘unfucked’ Browser. I already wrote a comment on woolyss (which wasn’t published for no reasons) that they might could ask those devs to get the necessary patches to continue to provide their builds without WebRTC.
WebRTC is a privacy concern since 2015 for some people, because attackers might can abuse a weakness and WebRTC itself can’t be patches to solve this without breaking existent implementations so it’s up to your Browser to protect you against it, but the implementations are problematically. You can Enable or disable WebRTC in Firefox or Cent Browser but there is no domain based rule exclusion possible, which would be optimal to disallow WebRTC on a global level and allow it only for those pages which are secured.