Re: Review of WebRTC 1.0 from Privacy Interest Group from Joseph Lorenzo Hall on 2016-02-18 (public-privacy@w3.org from January to March 2016)

From: Joseph Lorenzo Hall <joe@cdt.org>
Date: Thu, 18 Feb 2016 09:51:18 -0500
To: Keiji Takeda <tkeiji@w3.org>
Cc: "public-privacy@w3.org" <public-privacy@w3.org>
Message-ID: <CABtrr-UGUBpzDjH+iMeaxqK4OzNg-xvt5iOH4SCJcDQVjeg2Vg@mail.gmail.com>
I agree and we just got started on our review, so not sure discussing
WebRTC is ripe for next week (I'll be out of town so can't join the
call, dang it). best, Joe

On Thu, Feb 18, 2016 at 8:17 AM, Keiji Takeda <tkeiji@w3.org> wrote:
> This message is being sent only to PING mailing list.
>
> Since the spec to review is relatively large and complex and having
> significant impact to user privacy so I think it is better to spend enough
> time to exchange thoughts before the actual meeting since the time is
> limited.
>
> Should we share our review results or questions on this mailing list?
> Or is there any good way for such internal discussion? (GitHub?)
>
> Keiji
>
>
> On 2/17/16 4:43 PM, Joseph Lorenzo Hall wrote:
>>
>> We do provide review comments and will consolidate them and bring them
>> back to you. I have to warn you that some of the stuff we may raise
>> will have been argued to death already at IETF and W3C, so it may be a
>> case of a bunch of responses on your end of the variety: "Yes, we
>> considered that before and the consensus of the group was x."  ::)
>>
>> On Wed, Feb 17, 2016 at 2:10 PM, Stefan Håkansson LK
>> <stefan.lk.hakansson@ericsson.com> wrote:
>>>
>>> Thanks Greg and Keiji for your reviews. Is it correct to interpret
>>> Christine's message as that PING will discuss further and come back with
>>> review comments representing the whole group?
>>>
>>> Br,
>>> Stefan
>>>
>>>
>>>
>>> On 17/02/16 18:09, Greg Norcie wrote:
>>>>
>>>> I don't think you're misunderstanding, these all seem like valid points
>>>> :)
>>>>
>>>> Looking forward to discussing!
>>>>
>>>>
>>>> /********************************************/*
>>>> *Greg Norcie (norcie@cdt.org <mailto:norcie@cdt.org>)
>>>> Staff Technologist
>>>> Center for Democracy & Technology
>>>> District of Columbia office
>>>> (p) 202-637-9800
>>>> PGP: http://norcie.com/pgp.txt
>>>>
>>>> *CDT's Annual Dinner (Tech Prom) is
>>>> April 6, 2016.  Don't miss out!
>>>> learn more at https://cdt.org/annual-dinner*
>>>> /*******************************************/*
>>>> *
>>>>
>>>> On Wed, Feb 17, 2016 at 10:54 AM, Keiji Takeda <tkeiji@w3.org
>>>> <mailto:tkeiji@w3.org>> wrote:
>>>>
>>>>      Greg,
>>>>
>>>>      Thank you for sharing your thought.
>>>>
>>>>      I also have been reviewing the spec and have some points need to be
>>>>      discussed.
>>>>
>>>>      I feel like WebRTC is defining functions beyond current web
>>>> security
>>>>      and privacy practices/principles so we need to examine their
>>>>      appropriateness carefully.
>>>>
>>>>      For example ...
>>>>
>>>>      - It makes holes in same origin policy.
>>>>      - It reveals client's IP addresses behind VPN or Tor.
>>>>      - It provides more fingerprinting surface to track users.
>>>>      - Most functions are all or nothing(as Greg pointed out) and it is
>>>>      difficult to be conscious unless users intentionally use WebRTC.
>>>>      (Attack can be effective against user who do not use WebRTC.)
>>>>
>>>>      I may be missing some point but please let me know if I am
>>>>      misunderstanding.
>>>>
>>>>      Keiji Takeda
>>>>
>>>>
>>>>      On 2/16/16 3:35 PM, Greg Norcie wrote:
>>>>
>>>>          Hi all,
>>>>
>>>>          I read through the WebRTC 1.0 spec, and I had a few things that
>>>>          jumped out,
>>>>          would love to hear if the rest of the group agrees/disagrees.
>>>>
>>>>          First, I noticed that the getStats[1] API seems to get a ton of
>>>>          granular
>>>>          data, some of which could be used to fingerprint users. Do we
>>>>          feel that
>>>>          this level of granularity is in keeping with previous guidance
>>>> on
>>>>          Fingerprinting? [2]
>>>>
>>>>          Along similar lines, I noticed that consent for WebRTC seems to
>>>>          be quite
>>>>          all or nothing - once granted it seems to be difficult to
>>>> revoke.
>>>>          Considering WebRTC can expose a user's local IP, maybe we
>>>> should
>>>>          recommend
>>>>          that this consent be easily revocable and visible when in
>>>> place?
>>>>
>>>>
>>>>          This has come up in two different reviews now[3], so we may
>>>> want
>>>>          to give
>>>>          some guidance in the privacy questionnaire. (I will be looking
>>>>          at our
>>>>          current language and drafting some changes later this week)
>>>>
>>>>          [1] https://www.w3.org/TR/webrtc-stats/
>>>>          [2] https://w3c.github.io/fingerprinting-guidance/
>>>>          [3] The previous being the Permissions UI:
>>>>          https://www.w3.org/TR/permissions/
>>>>
>>>>
>>>>          /********************************************/
>>>>          Greg Norcie (norcie@cdt.org <mailto:norcie@cdt.org>)
>>>>          Staff Technologist
>>>>          Center for Democracy & Technology
>>>>          District of Columbia office
>>>>          (p) 202-637-9800 <tel:202-637-9800>
>>>>          PGP: http://norcie.com/pgp.txt
>>>>
>>>>
>>>>
>>>>          *CDT's Annual Dinner (Tech Prom) is April 6, 2016.  Don't miss
>>>>          out!learn
>>>>          more at https://cdt.org/annual-dinner
>>>>          <https://cdt.org/annual-dinner>*
>>>>
>>>>          /*******************************************/
>>>>
>>>>          On Mon, Feb 1, 2016 at 5:08 AM, Stefan Håkansson LK <
>>>>          stefan.lk.hakansson@ericsson.com
>>>>          <mailto:stefan.lk.hakansson@ericsson.com>> wrote:
>>>>
>>>>              Dear Privacy Interest Group,
>>>>
>>>>              The WebRTC Working Group is working toward publishing the
>>>>              WebRTC 1.0
>>>>              specification to Candidate Recommendation and is thus
>>>>              seeking wide
>>>>              review on the document:
>>>>
>>>>              https://www.w3.org/TR/2016/WD-webrtc-20160128/
>>>>
>>>>              We are particularly interested on feedback on the following
>>>>              aspects from
>>>>              PING:
>>>>              - the privacy considerations,
>>>>              - more specifically, the risks associated with exposing IP
>>>>              addresses as
>>>>              part of the establishment of the P2P connection,
>>>>              - the privacy properties of the identity verification
>>>> mechanism,
>>>>              - the guarantees provided by isolated mediastreams.
>>>>
>>>>              We of course also welcome feedback on any other aspect of
>>>> the
>>>>              specification..
>>>>
>>>>              We would appreciate if that feedback could be provided
>>>>              before the week
>>>>              of February 22 where our next meeting in scheduled, and no
>>>>              later than
>>>>              March 1st.
>>>>
>>>>              If you have any comments, we prefer you submit them as
>>>>              Github issues:
>>>>              https://github.com/w3c/webrtc-pc/issues
>>>>              Alternatively, you can send your comments by email to
>>>>              public-webrtc@w3.org <mailto:public-webrtc@w3.org>
>>>>              .
>>>>
>>>>              Thanks,
>>>>
>>>>              For the WebRTC co-chairs,
>>>>              Stefan Håkansson
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>
>>
>>
>



-- 
Joseph Lorenzo Hall
Chief Technologist, Center for Democracy & Technology [https://www.cdt.org]
e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key
Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871

CDT's annual dinner, Tech Prom, is April 6, 2016! https://cdt.org/annual-dinner
Received on Thursday, 18 February 2016 14:52:10 UTC