Any misunderstanding is entirely my fault.
Snipped image re external ISP ip was not snipped for privacy reasons.
No, the avast SafeZone Browser is not a VPN, merely a browser using Chromium code and maintained by Avast.
IPv6 not reachable is due to router settings set to reach IPv6 addresses via tunneling alone, enabling direct IPv6 will result in avast network code alerts when network inspector is run.
- Not running SafeZone Browser in a VPN environment in the first post.
- Snip is the actual WebRTC leak displayed; network ip's displayed in the attachment
below above are from the internal home network and are not the actual ISP ip assigned to the home router, which is set to dynamic. - Actual ISP ip (IPv4) is listed above the found WebRTC leak. You will see your ISP ip when you run the ipleak.net site in your browser.
- Since the browser used is forward-facing, the found private information can be discoverable for malicious purposes as the browser is connecting to system(s) outside the private home network.
So, the test is specifically for browsers connecting via a VPN, but also can be used for those not connecting via a VPN. Either way, in either mode, WebRTC leak should not occur if the browser is configured properly. WebRTC leak shows independently of VPN or non-VPN environment.
Running avast SafeZone Browser version 3.55.2393.596.
Additional testing done today:
- Running SafeZone Browser in Bank Mode will result in the same WebRTC leak as in standard desktop environment.
- Running SafeZone Browser in avast VPN will also result in a Web
roRTC leak, but shows the actual avast VPN ip (100.100.48.17) instead of the system ip shown in the first attachment above.
Obviously, SafeZone Browser will behave the same way
outside of Bank Mode whether in VPN or not.
Just so you know, Opera browser also shows the same vulnerability whether running in VPN or outside VPN, as it also allows WebRTC to run and display.
Hope this clarifies things for you.