[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] WebRTC to uncover local IP



AntiTree transcribed 0.3K bytes:
> This PoC has made its ways around. Using webRTC to deanonomize your IP. New
> to me: https://diafygi.github.io/webrtc-ips/
> 

Neat. Although… that's kind of most of the purpose of the WebRTC and STUN/ICE
protocols, being directly P2P and all… so I'm not exactly sure this could be
considered a PoC or a bug.

That said, Tor Browser has always disabled the WebRTC sections of Firefox's
code, at compile time, [0] so if you're using Tor Browser you don't have to
worry about things like this.  However, if Mozilla were ever to remove that
--disable-webrtc option from the .mozconfig settings, we'd potentially need to
figure out some other way to disable it, e.g. setting the FF preference:

    media.peerconnection.enabled = false

which worked in my tests to disable WebRTC after it was compiled in.

Even better than disabling it, the Tor Browser Team really needs help from
someone with a really strong knowledge of WebRTC and its potential privacy
caveats to help us assess which parts of WebRTC (if any) that we might be able
to safely allow.  The reason it's entirely disabled is because we know some
parts are unsafe, and sadly we didn't have the time/resources to sort out
which parts are which. :/

[0]: https://gitweb.torproject.org/tor-browser.git/tree/.mozconfig?h=esr24&id=tor-browser-31.4.0esr-4.0-1-build1#n22

-- 
 ♥Ⓐ isis agora lovecruft
_________________________________________________________
OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35
Current Keys: https://blog.patternsinthevoid.net/isis.txt

Attachment: signature.asc
Description: Digital signature

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk