[tor-talk] WebRTC to uncover local IP
isis
isis at torproject.org
Thu Jan 29 21:20:15 UTC 2015
AntiTree transcribed 0.3K bytes:
> This PoC has made its ways around. Using webRTC to deanonomize your IP. New
> to me: https://diafygi.github.io/webrtc-ips/
>
Neat. Although… that's kind of most of the purpose of the WebRTC and STUN/ICE
protocols, being directly P2P and all… so I'm not exactly sure this could be
considered a PoC or a bug.
That said, Tor Browser has always disabled the WebRTC sections of Firefox's
code, at compile time, [0] so if you're using Tor Browser you don't have to
worry about things like this. However, if Mozilla were ever to remove that
--disable-webrtc option from the .mozconfig settings, we'd potentially need to
figure out some other way to disable it, e.g. setting the FF preference:
media.peerconnection.enabled = false
which worked in my tests to disable WebRTC after it was compiled in.
Even better than disabling it, the Tor Browser Team really needs help from
someone with a really strong knowledge of WebRTC and its potential privacy
caveats to help us assess which parts of WebRTC (if any) that we might be able
to safely allow. The reason it's entirely disabled is because we know some
parts are unsafe, and sadly we didn't have the time/resources to sort out
which parts are which. :/
[0]: https://gitweb.torproject.org/tor-browser.git/tree/.mozconfig?h=esr24&id=tor-browser-31.4.0esr-4.0-1-build1#n22
--
♥Ⓐ isis agora lovecruft
_________________________________________________________
OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35
Current Keys: https://blog.patternsinthevoid.net/isis.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1154 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20150129/e86a31c6/attachment.sig>
More information about the tor-talk
mailing list