Re: Review of WebRTC 1.0 from Privacy Interest Group

Hi all.

Thanks so much for moving this forward.

Just one note, we don’t have a lot of time after the call to get back to the WG. So, as much as we can do before the call the better.

Christine


> On 18 Feb 2016, at 4:28 PM, Greg Norcie <gnorcie@cdt.org> wrote:
> 
> It might be useful to discuss at the high level on the call, and then we can divy up more detailed feedback (either on the call or offline).
> 
> 
> /********************************************/
> Greg Norcie (norcie@cdt.org)
> Staff Technologist
> Center for Democracy & Technology
> District of Columbia office
> (p) 202-637-9800
> PGP: http://norcie.com/pgp.txt

> 
> CDT's Annual Dinner (Tech Prom) is 
> April 6, 2016.  Don't miss out!
> learn more at https://cdt.org/annual-dinner

> /*******************************************/
> 
> On Thu, Feb 18, 2016 at 9:51 AM, Joseph Lorenzo Hall <joe@cdt.org> wrote:
> I agree and we just got started on our review, so not sure discussing
> WebRTC is ripe for next week (I'll be out of town so can't join the
> call, dang it). best, Joe
> 
> On Thu, Feb 18, 2016 at 8:17 AM, Keiji Takeda <tkeiji@w3.org> wrote:
> > This message is being sent only to PING mailing list.
> >
> > Since the spec to review is relatively large and complex and having
> > significant impact to user privacy so I think it is better to spend enough
> > time to exchange thoughts before the actual meeting since the time is
> > limited.
> >
> > Should we share our review results or questions on this mailing list?
> > Or is there any good way for such internal discussion? (GitHub?)
> >
> > Keiji
> >
> >
> > On 2/17/16 4:43 PM, Joseph Lorenzo Hall wrote:
> >>
> >> We do provide review comments and will consolidate them and bring them
> >> back to you. I have to warn you that some of the stuff we may raise
> >> will have been argued to death already at IETF and W3C, so it may be a
> >> case of a bunch of responses on your end of the variety: "Yes, we
> >> considered that before and the consensus of the group was x."  ::)
> >>
> >> On Wed, Feb 17, 2016 at 2:10 PM, Stefan Håkansson LK
> >> <stefan.lk.hakansson@ericsson.com> wrote:
> >>>
> >>> Thanks Greg and Keiji for your reviews. Is it correct to interpret
> >>> Christine's message as that PING will discuss further and come back with
> >>> review comments representing the whole group?
> >>>
> >>> Br,
> >>> Stefan
> >>>
> >>>
> >>>
> >>> On 17/02/16 18:09, Greg Norcie wrote:
> >>>>
> >>>> I don't think you're misunderstanding, these all seem like valid points
> >>>> :)
> >>>>
> >>>> Looking forward to discussing!
> >>>>
> >>>>
> >>>> /********************************************/*
> >>>> *Greg Norcie (norcie@cdt.org <mailto:norcie@cdt.org>)
> >>>> Staff Technologist
> >>>> Center for Democracy & Technology
> >>>> District of Columbia office
> >>>> (p) 202-637-9800
> >>>> PGP: http://norcie.com/pgp.txt

> >>>>
> >>>> *CDT's Annual Dinner (Tech Prom) is
> >>>> April 6, 2016.  Don't miss out!
> >>>> learn more at https://cdt.org/annual-dinner*

> >>>> /*******************************************/*
> >>>> *
> >>>>
> >>>> On Wed, Feb 17, 2016 at 10:54 AM, Keiji Takeda <tkeiji@w3.org
> >>>> <mailto:tkeiji@w3.org>> wrote:
> >>>>
> >>>>      Greg,
> >>>>
> >>>>      Thank you for sharing your thought.
> >>>>
> >>>>      I also have been reviewing the spec and have some points need to be
> >>>>      discussed.
> >>>>
> >>>>      I feel like WebRTC is defining functions beyond current web
> >>>> security
> >>>>      and privacy practices/principles so we need to examine their
> >>>>      appropriateness carefully.
> >>>>
> >>>>      For example ...
> >>>>
> >>>>      - It makes holes in same origin policy.
> >>>>      - It reveals client's IP addresses behind VPN or Tor.
> >>>>      - It provides more fingerprinting surface to track users.
> >>>>      - Most functions are all or nothing(as Greg pointed out) and it is
> >>>>      difficult to be conscious unless users intentionally use WebRTC.
> >>>>      (Attack can be effective against user who do not use WebRTC.)
> >>>>
> >>>>      I may be missing some point but please let me know if I am
> >>>>      misunderstanding.
> >>>>
> >>>>      Keiji Takeda
> >>>>
> >>>>
> >>>>      On 2/16/16 3:35 PM, Greg Norcie wrote:
> >>>>
> >>>>          Hi all,
> >>>>
> >>>>          I read through the WebRTC 1.0 spec, and I had a few things that
> >>>>          jumped out,
> >>>>          would love to hear if the rest of the group agrees/disagrees.
> >>>>
> >>>>          First, I noticed that the getStats[1] API seems to get a ton of
> >>>>          granular
> >>>>          data, some of which could be used to fingerprint users. Do we
> >>>>          feel that
> >>>>          this level of granularity is in keeping with previous guidance
> >>>> on
> >>>>          Fingerprinting? [2]
> >>>>
> >>>>          Along similar lines, I noticed that consent for WebRTC seems to
> >>>>          be quite
> >>>>          all or nothing - once granted it seems to be difficult to
> >>>> revoke.
> >>>>          Considering WebRTC can expose a user's local IP, maybe we
> >>>> should
> >>>>          recommend
> >>>>          that this consent be easily revocable and visible when in
> >>>> place?
> >>>>
> >>>>
> >>>>          This has come up in two different reviews now[3], so we may
> >>>> want
> >>>>          to give
> >>>>          some guidance in the privacy questionnaire. (I will be looking
> >>>>          at our
> >>>>          current language and drafting some changes later this week)
> >>>>
> >>>>          [1] https://www.w3.org/TR/webrtc-stats/

> >>>>          [2] https://w3c.github.io/fingerprinting-guidance/

> >>>>          [3] The previous being the Permissions UI:
> >>>>          https://www.w3.org/TR/permissions/

> >>>>
> >>>>
> >>>>          /********************************************/
> >>>>          Greg Norcie (norcie@cdt.org <mailto:norcie@cdt.org>)
> >>>>          Staff Technologist
> >>>>          Center for Democracy & Technology
> >>>>          District of Columbia office
> >>>>          (p) 202-637-9800 <tel:202-637-9800>
> >>>>          PGP: http://norcie.com/pgp.txt

> >>>>
> >>>>
> >>>>
> >>>>          *CDT's Annual Dinner (Tech Prom) is April 6, 2016.  Don't miss
> >>>>          out!learn
> >>>>          more at https://cdt.org/annual-dinner

> >>>>          <https://cdt.org/annual-dinner>*
> >>>>
> >>>>          /*******************************************/
> >>>>
> >>>>          On Mon, Feb 1, 2016 at 5:08 AM, Stefan Håkansson LK <
> >>>>          stefan.lk.hakansson@ericsson.com
> >>>>          <mailto:stefan.lk.hakansson@ericsson.com>> wrote:
> >>>>
> >>>>              Dear Privacy Interest Group,
> >>>>
> >>>>              The WebRTC Working Group is working toward publishing the
> >>>>              WebRTC 1.0
> >>>>              specification to Candidate Recommendation and is thus
> >>>>              seeking wide
> >>>>              review on the document:
> >>>>
> >>>>              https://www.w3.org/TR/2016/WD-webrtc-20160128/

> >>>>
> >>>>              We are particularly interested on feedback on the following
> >>>>              aspects from
> >>>>              PING:
> >>>>              - the privacy considerations,
> >>>>              - more specifically, the risks associated with exposing IP
> >>>>              addresses as
> >>>>              part of the establishment of the P2P connection,
> >>>>              - the privacy properties of the identity verification
> >>>> mechanism,
> >>>>              - the guarantees provided by isolated mediastreams.
> >>>>
> >>>>              We of course also welcome feedback on any other aspect of
> >>>> the
> >>>>              specification..
> >>>>
> >>>>              We would appreciate if that feedback could be provided
> >>>>              before the week
> >>>>              of February 22 where our next meeting in scheduled, and no
> >>>>              later than
> >>>>              March 1st.
> >>>>
> >>>>              If you have any comments, we prefer you submit them as
> >>>>              Github issues:
> >>>>              https://github.com/w3c/webrtc-pc/issues

> >>>>              Alternatively, you can send your comments by email to
> >>>>              public-webrtc@w3.org <mailto:public-webrtc@w3.org>
> >>>>              .
> >>>>
> >>>>              Thanks,
> >>>>
> >>>>              For the WebRTC co-chairs,
> >>>>              Stefan Håkansson
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>
> >>>
> >>>
> >>
> >>
> >>
> >
> 
> 
> 
> --
> Joseph Lorenzo Hall
> Chief Technologist, Center for Democracy & Technology [https://www.cdt.org]
> e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key

> Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871
> 
> CDT's annual dinner, Tech Prom, is April 6, 2016! https://cdt.org/annual-dinner

> 
> 

Received on Thursday, 18 February 2016 15:35:50 UTC