Re: Review of WebRTC 1.0 from Privacy Interest Group from Greg Norcie on 2016-02-17 (public-privacy@w3.org from January to March 2016)

From: Greg Norcie <gnorcie@cdt.org>
Date: Wed, 17 Feb 2016 12:08:45 -0500
To: Keiji Takeda <tkeiji@w3.org>
Cc: Stefan Håkansson LK <stefan.lk.hakansson@ericsson.com>, "public-privacy@w3.org" <public-privacy@w3.org>, "runnegar@isoc.org" <runnegar@isoc.org>, "tjwhalen@google.com" <tjwhalen@google.com>
Message-ID: <CAMJgV7ZQwC9qz+rUQcsvkzc2SJz0CShS1vvR4aMJ4JoRHn7XAw@mail.gmail.com>

I don't think you're misunderstanding, these all seem like valid points :)

Looking forward to discussing!


/********************************************/
Greg Norcie (norcie@cdt.org)
Staff Technologist
Center for Democracy & Technology
District of Columbia office
(p) 202-637-9800
PGP: http://norcie.com/pgp.txt



*CDT's Annual Dinner (Tech Prom) is April 6, 2016.  Don't miss out!learn
more at https://cdt.org/annual-dinner <https://cdt.org/annual-dinner>*
/*******************************************/

On Wed, Feb 17, 2016 at 10:54 AM, Keiji Takeda <tkeiji@w3.org> wrote:

> Greg,
>
> Thank you for sharing your thought.
>
> I also have been reviewing the spec and have some points need to be
> discussed.
>
> I feel like WebRTC is defining functions beyond current web security and
> privacy practices/principles so we need to examine their appropriateness
> carefully.
>
> For example ...
>
> - It makes holes in same origin policy.
> - It reveals client's IP addresses behind VPN or Tor.
> - It provides more fingerprinting surface to track users.
> - Most functions are all or nothing(as Greg pointed out) and it is
> difficult to be conscious unless users intentionally use WebRTC.
> (Attack can be effective against user who do not use WebRTC.)
>
> I may be missing some point but please let me know if I am
> misunderstanding.
>
> Keiji Takeda
>
>
> On 2/16/16 3:35 PM, Greg Norcie wrote:
>
>> Hi all,
>>
>> I read through the WebRTC 1.0 spec, and I had a few things that jumped
>> out,
>> would love to hear if the rest of the group agrees/disagrees.
>>
>> First, I noticed that the getStats[1] API seems to get a ton of granular
>> data, some of which could be used to fingerprint users. Do we feel that
>> this level of granularity is in keeping with previous guidance on
>> Fingerprinting? [2]
>>
>> Along similar lines, I noticed that consent for WebRTC seems to be quite
>> all or nothing - once granted it seems to be difficult to revoke.
>> Considering WebRTC can expose a user's local IP, maybe we should recommend
>> that this consent be easily revocable and visible when in place?
>>
>>
>> This has come up in two different reviews now[3], so we may want to give
>> some guidance in the privacy questionnaire. (I will be looking at our
>> current language and drafting some changes later this week)
>>
>> [1] https://www.w3.org/TR/webrtc-stats/
>> [2] https://w3c.github.io/fingerprinting-guidance/
>> [3] The previous being the Permissions UI:
>> https://www.w3.org/TR/permissions/
>>
>>
>> /********************************************/
>> Greg Norcie (norcie@cdt.org)
>> Staff Technologist
>> Center for Democracy & Technology
>> District of Columbia office
>> (p) 202-637-9800
>> PGP: http://norcie.com/pgp.txt
>>
>>
>>
>> *CDT's Annual Dinner (Tech Prom) is April 6, 2016.  Don't miss out!learn
>> more at https://cdt.org/annual-dinner <https://cdt.org/annual-dinner>*
>>
>> /*******************************************/
>>
>> On Mon, Feb 1, 2016 at 5:08 AM, Stefan Håkansson LK <
>> stefan.lk.hakansson@ericsson.com> wrote:
>>
>> Dear Privacy Interest Group,
>>>
>>> The WebRTC Working Group is working toward publishing the WebRTC 1.0
>>> specification to Candidate Recommendation and is thus seeking wide
>>> review on the document:
>>>
>>> https://www.w3.org/TR/2016/WD-webrtc-20160128/
>>>
>>> We are particularly interested on feedback on the following aspects from
>>> PING:
>>> - the privacy considerations,
>>> - more specifically, the risks associated with exposing IP addresses as
>>> part of the establishment of the P2P connection,
>>> - the privacy properties of the identity verification mechanism,
>>> - the guarantees provided by isolated mediastreams.
>>>
>>> We of course also welcome feedback on any other aspect of the
>>> specification..
>>>
>>> We would appreciate if that feedback could be provided before the week
>>> of February 22 where our next meeting in scheduled, and no later than
>>> March 1st.
>>>
>>> If you have any comments, we prefer you submit them as Github issues:
>>> https://github.com/w3c/webrtc-pc/issues
>>> Alternatively, you can send your comments by email to
>>> public-webrtc@w3.org
>>> .
>>>
>>> Thanks,
>>>
>>> For the WebRTC co-chairs,
>>> Stefan Håkansson
>>>
>>>
>>>
>>>
>>

Received on Wednesday, 17 February 2016 17:09:34 UTC