Re: Review of WebRTC 1.0 from Privacy Interest Group

• From: Joseph Lorenzo Hall <joe@cdt.org>
• Date: Thu, 18 Feb 2016 11:28:39 -0500
• To: Greg Norcie <norcie@cdt.org>
• Cc: Keiji Takeda <tkeiji@w3.org>, "public-privacy@w3.org" <public-privacy@w3.org>
• Message-ID: <CABtrr-XBq963gNdy4dd_8P2qVgKX1oOu_Grithuga=84_SQcFg@mail.gmail.com>

This is a great point, perhaps we can do a PING "check in" on WebRTC
review and then follow up afterwards with a separate (non-regular)
call about the spec. It's very difficult to adequately review such a
big spec on a short timeline. best, Joe

On Thu, Feb 18, 2016 at 10:28 AM, Greg Norcie <gnorcie@cdt.org> wrote:
> It might be useful to discuss at the high level on the call, and then we can
> divy up more detailed feedback (either on the call or offline).
>
>
> /********************************************/
> Greg Norcie (norcie@cdt.org)
> Staff Technologist
> Center for Democracy & Technology
> District of Columbia office
> (p) 202-637-9800
> PGP: http://norcie.com/pgp.txt
>
> CDT's Annual Dinner (Tech Prom) is
> April 6, 2016.  Don't miss out!
> learn more at https://cdt.org/annual-dinner
> /*******************************************/
>
> On Thu, Feb 18, 2016 at 9:51 AM, Joseph Lorenzo Hall <joe@cdt.org> wrote:
>>
>> I agree and we just got started on our review, so not sure discussing
>> WebRTC is ripe for next week (I'll be out of town so can't join the
>> call, dang it). best, Joe
>>
>> On Thu, Feb 18, 2016 at 8:17 AM, Keiji Takeda <tkeiji@w3.org> wrote:
>> > This message is being sent only to PING mailing list.
>> >
>> > Since the spec to review is relatively large and complex and having
>> > significant impact to user privacy so I think it is better to spend
>> > enough
>> > time to exchange thoughts before the actual meeting since the time is
>> > limited.
>> >
>> > Should we share our review results or questions on this mailing list?
>> > Or is there any good way for such internal discussion? (GitHub?)
>> >
>> > Keiji
>> >
>> >
>> > On 2/17/16 4:43 PM, Joseph Lorenzo Hall wrote:
>> >>
>> >> We do provide review comments and will consolidate them and bring them
>> >> back to you. I have to warn you that some of the stuff we may raise
>> >> will have been argued to death already at IETF and W3C, so it may be a
>> >> case of a bunch of responses on your end of the variety: "Yes, we
>> >> considered that before and the consensus of the group was x."  ::)
>> >>
>> >> On Wed, Feb 17, 2016 at 2:10 PM, Stefan Håkansson LK
>> >> <stefan.lk.hakansson@ericsson.com> wrote:
>> >>>
>> >>> Thanks Greg and Keiji for your reviews. Is it correct to interpret
>> >>> Christine's message as that PING will discuss further and come back
>> >>> with
>> >>> review comments representing the whole group?
>> >>>
>> >>> Br,
>> >>> Stefan
>> >>>
>> >>>
>> >>>
>> >>> On 17/02/16 18:09, Greg Norcie wrote:
>> >>>>
>> >>>> I don't think you're misunderstanding, these all seem like valid
>> >>>> points
>> >>>> :)
>> >>>>
>> >>>> Looking forward to discussing!
>> >>>>
>> >>>>
>> >>>> /********************************************/*
>> >>>> *Greg Norcie (norcie@cdt.org <mailto:norcie@cdt.org>)
>> >>>> Staff Technologist
>> >>>> Center for Democracy & Technology
>> >>>> District of Columbia office
>> >>>> (p) 202-637-9800
>> >>>> PGP: http://norcie.com/pgp.txt
>> >>>>
>> >>>> *CDT's Annual Dinner (Tech Prom) is
>> >>>> April 6, 2016.  Don't miss out!
>> >>>> learn more at https://cdt.org/annual-dinner*
>> >>>> /*******************************************/*
>> >>>> *
>> >>>>
>> >>>> On Wed, Feb 17, 2016 at 10:54 AM, Keiji Takeda <tkeiji@w3.org
>> >>>> <mailto:tkeiji@w3.org>> wrote:
>> >>>>
>> >>>>      Greg,
>> >>>>
>> >>>>      Thank you for sharing your thought.
>> >>>>
>> >>>>      I also have been reviewing the spec and have some points need to
>> >>>> be
>> >>>>      discussed.
>> >>>>
>> >>>>      I feel like WebRTC is defining functions beyond current web
>> >>>> security
>> >>>>      and privacy practices/principles so we need to examine their
>> >>>>      appropriateness carefully.
>> >>>>
>> >>>>      For example ...
>> >>>>
>> >>>>      - It makes holes in same origin policy.
>> >>>>      - It reveals client's IP addresses behind VPN or Tor.
>> >>>>      - It provides more fingerprinting surface to track users.
>> >>>>      - Most functions are all or nothing(as Greg pointed out) and it
>> >>>> is
>> >>>>      difficult to be conscious unless users intentionally use WebRTC.
>> >>>>      (Attack can be effective against user who do not use WebRTC.)
>> >>>>
>> >>>>      I may be missing some point but please let me know if I am
>> >>>>      misunderstanding.
>> >>>>
>> >>>>      Keiji Takeda
>> >>>>
>> >>>>
>> >>>>      On 2/16/16 3:35 PM, Greg Norcie wrote:
>> >>>>
>> >>>>          Hi all,
>> >>>>
>> >>>>          I read through the WebRTC 1.0 spec, and I had a few things
>> >>>> that
>> >>>>          jumped out,
>> >>>>          would love to hear if the rest of the group
>> >>>> agrees/disagrees.
>> >>>>
>> >>>>          First, I noticed that the getStats[1] API seems to get a ton
>> >>>> of
>> >>>>          granular
>> >>>>          data, some of which could be used to fingerprint users. Do
>> >>>> we
>> >>>>          feel that
>> >>>>          this level of granularity is in keeping with previous
>> >>>> guidance
>> >>>> on
>> >>>>          Fingerprinting? [2]
>> >>>>
>> >>>>          Along similar lines, I noticed that consent for WebRTC seems
>> >>>> to
>> >>>>          be quite
>> >>>>          all or nothing - once granted it seems to be difficult to
>> >>>> revoke.
>> >>>>          Considering WebRTC can expose a user's local IP, maybe we
>> >>>> should
>> >>>>          recommend
>> >>>>          that this consent be easily revocable and visible when in
>> >>>> place?
>> >>>>
>> >>>>
>> >>>>          This has come up in two different reviews now[3], so we may
>> >>>> want
>> >>>>          to give
>> >>>>          some guidance in the privacy questionnaire. (I will be
>> >>>> looking
>> >>>>          at our
>> >>>>          current language and drafting some changes later this week)
>> >>>>
>> >>>>          [1] https://www.w3.org/TR/webrtc-stats/
>> >>>>          [2] https://w3c.github.io/fingerprinting-guidance/
>> >>>>          [3] The previous being the Permissions UI:
>> >>>>          https://www.w3.org/TR/permissions/
>> >>>>
>> >>>>
>> >>>>          /********************************************/
>> >>>>          Greg Norcie (norcie@cdt.org <mailto:norcie@cdt.org>)
>> >>>>          Staff Technologist
>> >>>>          Center for Democracy & Technology
>> >>>>          District of Columbia office
>> >>>>          (p) 202-637-9800 <tel:202-637-9800>
>> >>>>          PGP: http://norcie.com/pgp.txt
>> >>>>
>> >>>>
>> >>>>
>> >>>>          *CDT's Annual Dinner (Tech Prom) is April 6, 2016.  Don't
>> >>>> miss
>> >>>>          out!learn
>> >>>>          more at https://cdt.org/annual-dinner
>> >>>>          <https://cdt.org/annual-dinner>*
>> >>>>
>> >>>>          /*******************************************/
>> >>>>
>> >>>>          On Mon, Feb 1, 2016 at 5:08 AM, Stefan Håkansson LK <
>> >>>>          stefan.lk.hakansson@ericsson.com
>> >>>>          <mailto:stefan.lk.hakansson@ericsson.com>> wrote:
>> >>>>
>> >>>>              Dear Privacy Interest Group,
>> >>>>
>> >>>>              The WebRTC Working Group is working toward publishing
>> >>>> the
>> >>>>              WebRTC 1.0
>> >>>>              specification to Candidate Recommendation and is thus
>> >>>>              seeking wide
>> >>>>              review on the document:
>> >>>>
>> >>>>              https://www.w3.org/TR/2016/WD-webrtc-20160128/
>> >>>>
>> >>>>              We are particularly interested on feedback on the
>> >>>> following
>> >>>>              aspects from
>> >>>>              PING:
>> >>>>              - the privacy considerations,
>> >>>>              - more specifically, the risks associated with exposing
>> >>>> IP
>> >>>>              addresses as
>> >>>>              part of the establishment of the P2P connection,
>> >>>>              - the privacy properties of the identity verification
>> >>>> mechanism,
>> >>>>              - the guarantees provided by isolated mediastreams.
>> >>>>
>> >>>>              We of course also welcome feedback on any other aspect
>> >>>> of
>> >>>> the
>> >>>>              specification..
>> >>>>
>> >>>>              We would appreciate if that feedback could be provided
>> >>>>              before the week
>> >>>>              of February 22 where our next meeting in scheduled, and
>> >>>> no
>> >>>>              later than
>> >>>>              March 1st.
>> >>>>
>> >>>>              If you have any comments, we prefer you submit them as
>> >>>>              Github issues:
>> >>>>              https://github.com/w3c/webrtc-pc/issues
>> >>>>              Alternatively, you can send your comments by email to
>> >>>>              public-webrtc@w3.org <mailto:public-webrtc@w3.org>
>> >>>>              .
>> >>>>
>> >>>>              Thanks,
>> >>>>
>> >>>>              For the WebRTC co-chairs,
>> >>>>              Stefan Håkansson
>> >>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>>
>> >>>
>> >>>
>> >>>
>> >>
>> >>
>> >>
>> >
>>
>>
>>
>> --
>> Joseph Lorenzo Hall
>> Chief Technologist, Center for Democracy & Technology
>> [https://www.cdt.org]
>> e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key
>> Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871
>>
>> CDT's annual dinner, Tech Prom, is April 6, 2016!
>> https://cdt.org/annual-dinner
>>
>



-- 
Joseph Lorenzo Hall
Chief Technologist, Center for Democracy & Technology [https://www.cdt.org]
e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key
Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871

CDT's annual dinner, Tech Prom, is April 6, 2016! https://cdt.org/annual-dinner

Received on Thursday, 18 February 2016 16:29:29 UTC