Part 2: How Regional Inconsistencies and WebRTC Leaks De-mask VPN Users.
A VPN (Virtual Private Network) is designed to mask your IP address, but it does nothing to mask your system environment. Sophisticated tracking scripts look for "Environmental Friction"—discrepancies between where your IP says you are and where your system settings say you are.
Your Operating System installs specific font packages based on your initial regional setup. If you are using a VPN to appear as if you are in Germany, but your system lacks the specific regional fonts or character sets typically found on a German-localized OS, you stand out.
JS can use document.fonts.check() to see if specific, rare regional fonts are present. If your IP is Berlin but your font profile is 100% "US-English Standard," your Anonymity Set shrinks drastically.
This is known as Attribute Correlation Analysis. It’s not about finding your name; it’s about proving you aren't who your IP says you are.
Web Real-Time Communication (WebRTC) is a protocol used for video chat and P2P sharing. It is notorious in the security community because it can bypass the VPN tunnel entirely.
WebRTC uses STUN (Session Traversal Utilities for NAT) servers to discover your public IP. A simple JS command can force the browser to send a request to a STUN server. Because this happens at a lower level than the browser's standard proxy settings, the STUN server often sees—and reports back—your ISP-assigned home IP address, even while your VPN is active.
// Example of the leak vector: RTCPeerConnection()
Two final "snitches" that often catch VPN users off guard:
new Date().getTimezoneOffset() reports GMT-5 (New York), the website knows with 100% certainty that you are using a proxy.