info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
WebRTC privacy problems
23 views
Skip to first unread message
Daniel Berntsson
Feb 13, 2015, 4:14:56 AM2/13/15
to dev-p...@lists.mozilla.org
Until WebRTC Javascript did not have access to the computer's networking
details. With WebRTC it suddenly has. Any web server can unbeknownst to
the user get a list of all IP addresses on all the client computer's
network interfaces and a list of all IP addresses with which the client
computer can reach a STUN server. On Windows, Firefox even bypasses the
routing table trying to reach the STUN server through as many paths as
it can and then sends the results to any web server that wants it
without approval from or notice to the user. More information and a demo:
https://github.com/diafygi/webrtc-ips
We at mullvad.net run an anonymising VPN service and for our users this
is a serious privacy problem. For most users any web server can
deanonymise them by getting the IP address they have from their ISP sent
to them by Firefox.
The first of the two problems is that the WebRTC implementation sends
all IP addresses on all network interfaces. This gives the web server
information about the client's local network and any other networks it
may be connected to. If the client computer has a public IP address from
the ISP it will be revealed even if it is not used publicly on the
internet but only for a VPN.
The second problem is that it (on Windows) bypasses the routing table
sending requests to the STUN server through paths that should not be
used. Again, in many cases this means the STUN server will be contacted
with an ISP IP address only intended to be used for the VPN tunnel,
revealing the user's identity to both the STUN server and the web server.
Just contacting a STUN server to get a public IP address would not be a
privacy problem.
Is there a chance Firefox might in the future use the more aggressive
methods only after simply contacting a STUN server in the ordinary way
fails and then only after asking approval from the user? Like when users
are asked if they want to reveal their geographical location.
Best regards
Daniel Berntsson
details. With WebRTC it suddenly has. Any web server can unbeknownst to
the user get a list of all IP addresses on all the client computer's
network interfaces and a list of all IP addresses with which the client
computer can reach a STUN server. On Windows, Firefox even bypasses the
routing table trying to reach the STUN server through as many paths as
it can and then sends the results to any web server that wants it
without approval from or notice to the user. More information and a demo:
https://github.com/diafygi/webrtc-ips
We at mullvad.net run an anonymising VPN service and for our users this
is a serious privacy problem. For most users any web server can
deanonymise them by getting the IP address they have from their ISP sent
to them by Firefox.
The first of the two problems is that the WebRTC implementation sends
all IP addresses on all network interfaces. This gives the web server
information about the client's local network and any other networks it
may be connected to. If the client computer has a public IP address from
the ISP it will be revealed even if it is not used publicly on the
internet but only for a VPN.
The second problem is that it (on Windows) bypasses the routing table
sending requests to the STUN server through paths that should not be
used. Again, in many cases this means the STUN server will be contacted
with an ISP IP address only intended to be used for the VPN tunnel,
revealing the user's identity to both the STUN server and the web server.
Just contacting a STUN server to get a public IP address would not be a
privacy problem.
Is there a chance Firefox might in the future use the more aggressive
methods only after simply contacting a STUN server in the ordinary way
fails and then only after asking approval from the user? Like when users
are asked if they want to reveal their geographical location.
Best regards
Daniel Berntsson
Bjoern Hoehrmann
Feb 13, 2015, 3:25:56 PM2/13/15
to
* Daniel Berntsson wrote in mozilla.dev.privacy:
is the most recent discussion about this in W3C's WebRTC Working Group.
--
Björn Höhrmann · mailto:bjo...@hoehrmann.de · http://bjoern.hoehrmann.de
D-10243 Berlin · PGP Pub. KeyID: 0xA4357E78 · http://www.bjoernsworld.de
Available for hire in Berlin (early 2015) · http://www.websitedev.de/
>Until WebRTC Javascript did not have access to the computer's networking
>details. With WebRTC it suddenly has. Any web server can unbeknownst to
>the user get a list of all IP addresses on all the client computer's
>network interfaces and a list of all IP addresses with which the client
>computer can reach a STUN server. On Windows, Firefox even bypasses the
>routing table trying to reach the STUN server through as many paths as
>it can and then sends the results to any web server that wants it
>without approval from or notice to the user. More information and a demo:
https://lists.w3.org/Archives/Public/public-webrtc/2015Feb/thread.html#msg1
>details. With WebRTC it suddenly has. Any web server can unbeknownst to
>the user get a list of all IP addresses on all the client computer's
>network interfaces and a list of all IP addresses with which the client
>computer can reach a STUN server. On Windows, Firefox even bypasses the
>routing table trying to reach the STUN server through as many paths as
>it can and then sends the results to any web server that wants it
>without approval from or notice to the user. More information and a demo:
is the most recent discussion about this in W3C's WebRTC Working Group.
--
Björn Höhrmann · mailto:bjo...@hoehrmann.de · http://bjoern.hoehrmann.de
D-10243 Berlin · PGP Pub. KeyID: 0xA4357E78 · http://www.bjoernsworld.de
Available for hire in Berlin (early 2015) · http://www.websitedev.de/
0 new messages