[tor-bugs] #19026 [Obfuscation/Snowflake]: Remove local LAN address ICE candidates

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon May 16 21:30:38 UTC 2016 

#19026: Remove local LAN address ICE candidates
-----------------------------------+---------------------
 Reporter:  dcf                    |          Owner:
     Type:  enhancement            |         Status:  new
 Priority:  Medium                 |      Milestone:
Component:  Obfuscation/Snowflake  |        Version:
 Severity:  Normal                 |     Resolution:
 Keywords:                         |  Actual Points:
Parent ID:                         |         Points:
 Reviewer:                         |        Sponsor:
-----------------------------------+---------------------

Comment (by dcf):

 The WebRTC working draft touches on this issue:
 https://www.w3.org/TR/2016/WD-webrtc-20160128/#revealing-ip-addresses
   Even without WebRTC, the Web server providing a Web application will
 know the public IP address to which the application is delivered. Setting
 up communications exposes additional information about the browser’s
 network context to the web application, and may include the set of
 (possibly private) IP addresses available to the browser for WebRTC use.
 Some of this information has to be passed to the corresponding party to
 enable the establishment of a communication session.

   Revealing IP addresses can leak location and means of connection; this
 can be sensitive. Depending on the network environment, it can also
 increase the fingerprinting surface and create persistent cross-origin
 state that cannot easily be cleared by the user.

   A connection will always reveal the IP addresses proposed for
 communication to the corresponding party. The application can limit this
 exposure by choosing not to use certain addresses using the settings
 exposed by the [https://www.w3.org/TR/2016/WD-webrtc-20160128/#idl-def-
 RTCIceTransportPolicy RTCIceTransportPolicy] dictionary, and by using
 relays (for instance TURN servers) rather than direct connections between
 participants. One will normally assume that the IP address of TURN servers
 is not sensitive information. These choices can for instance be made by
 the application based on whether the user has indicated consent to start a
 media connection with the other party.

   Mitigating the exposure of IP addresses to the application itself
 requires limiting the IP addresses that can be used, which will impact the
 ability to communicate on the most direct path between endpoints. Browsers
 are encouraged to provide appropriate controls for deciding which IP
 addresses are made available to applications, based on the security
 posture desired by the user. The choice of which addresses to expose is
 controlled by local policy (see [https://datatracker.ietf.org/doc/draft-
 ietf-rtcweb-ip-handling/ RTCWEB-IP-HANDLING] for details).

 The latter link is all about handling IP addresses with respect to
 privacy:
 https://datatracker.ietf.org/doc/draft-ietf-rtcweb-ip-
 handling/?include_text=1

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19026#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list