- From: Greg Norcie <gnorcie@cdt.org>
- Date: Wed, 30 Mar 2016 11:20:12 -0400
- To: Christine Runnegar <runnegar@isoc.org>
- Cc: Justin Uberti <juberti@google.com>, Wendy Seltzer <wseltzer@w3.org>, Adam Roach <abr@mozilla.com>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
- Message-ID: <CAMJgV7ad2XW3QZZwV9q6oukMUG8VcwjyED9xhhyUDjuvXv=UKw@mail.gmail.com>
First off this is a great document, I can tell Justin spent a lot of time on it. I strongly agree with Section 4.1: WebRTC should not be finding out local IPs from VPNs if any other mode of operation can be achieved. I like how the document breaks down four potential modes of WebRTC operation. I would suggest that for modes 1 and 2, that there should be explicit, opt in consent. (Regardless of if the user is activating the microphone or camera) Users desiring anonymity and facing serious reprisals for exercising their free expression may be targeted by powerful adversaries for surveillance. These users often use tools like Tor and VPNs to hide their local IP address. If these users want to make a well informed, calculated decision to reveal their local IP address, they should be allowed to. However this consent must be informed, and the decision reversible. It is not enough to have a small dialog pop up and ask permission. Ideally I'd love to see a GUI element in the browser chrome when WebRTC is running. I realize some of what I raise may have already been extensively discussed elsewhere, so please point me to relevant threads if I am rehashing old discussions :) /********************************************/ Greg Norcie (norcie@cdt.org) Staff Technologist Center for Democracy & Technology District of Columbia office (p) 202-637-9800 PGP: http://norcie.com/pgp.txt *CDT's Annual Dinner (Tech Prom) is April 6, 2016. Don't miss out!learn more at https://cdt.org/annual-dinner <https://cdt.org/annual-dinner>* /*******************************************/ On Wed, Mar 30, 2016 at 5:41 AM, Christine Runnegar <runnegar@isoc.org> wrote: > Thank you Justin, Adam, Wendy and to others in RTCWeb, WebRTC and PING. > These are not easy issues. > > It is really rewarding to see privacy concerns being addressed through the > protocol development process. > > Kind regards, > Christine (PING co-chair) > > > On 29 Mar 2016, at 5:50 AM, Justin Uberti <juberti@google.com> wrote: > > > > +Adam > > > > Credit to Adam Roach who provided helpful feedback on these areas in his > document review. > > > > On Mon, Mar 28, 2016 at 12:53 PM, Wendy Seltzer <wseltzer@w3.org> wrote: > > Hi PING and Justin, > > > > At the last PING call, I indicated I would look into Justin Uberti's > > IETF draft, https://tools.ietf.org/html/draft-ietf-rtcweb-ip-handling-01 > > > > The primary concern I had in the previous draft, a statement that IP > > information was being compared with mic/camera permissions and deemed > > less "sensitive," has been removed, and replaced with a more nuanced > > acknowledgment that privacy concerns may differ among differing users of > > the Web and rtcweb. Moreover, the document now recommends that IP > > address be included explicitly in the permission grant. > > > > Thanks, Justin! > > > > Overall, I think the document now strikes a reasonable balance between > > information flow-control and usability. It suggests that users should be > > able to configure preferences or extensions for even greater control. > > I'd welcome others' review whether the guidance still leaves too much > > scope for surprising privacy-invasive address-leakage. > > > > --Wendy > > -- > > Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office) > > Policy Counsel and Domain Lead, World Wide Web Consortium (W3C) > > http://wendy.seltzer.org/ +1.617.863.0613 (mobile) > > > > > > >
Received on Wednesday, 30 March 2016 15:21:00 UTC