Re: Review of rtcweb IP Address Handling Recommendations

First off this is a great document, I can tell Justin spent a lot of time
on it.

I strongly agree with Section 4.1: WebRTC should not be finding out local
IPs from VPNs if any other mode of operation can be achieved.

I like how the document breaks down four potential modes of WebRTC
operation. I would suggest that for modes 1 and 2, that there should be
explicit, opt in consent. (Regardless of if the user is activating the
microphone or camera)

Users desiring anonymity and facing serious reprisals for exercising their
free expression may be targeted by powerful adversaries for surveillance.
These users often use tools like Tor and VPNs to hide their local IP
address. If these users want to make a well informed, calculated decision
to reveal their local IP address, they should be allowed to. However this
consent must be informed, and the decision reversible. It is not enough to
have a small dialog pop up and ask permission. Ideally I'd love to see a
GUI element in the browser chrome when WebRTC is running.

I realize some of what I raise may have already been extensively discussed
elsewhere, so please point me to relevant threads if I am rehashing old
discussions :)


/********************************************/
Greg Norcie (norcie@cdt.org)
Staff Technologist
Center for Democracy & Technology
District of Columbia office
(p) 202-637-9800
PGP: http://norcie.com/pgp.txt



*CDT's Annual Dinner (Tech Prom) is April 6, 2016.  Don't miss out!learn
more at https://cdt.org/annual-dinner <https://cdt.org/annual-dinner>*
/*******************************************/

On Wed, Mar 30, 2016 at 5:41 AM, Christine Runnegar <runnegar@isoc.org>
wrote:

> Thank you Justin, Adam, Wendy and to others in RTCWeb, WebRTC and PING.
> These are not easy issues.
>
> It is really rewarding to see privacy concerns being addressed through the
> protocol development process.
>
> Kind regards,
> Christine (PING co-chair)
>
> > On 29 Mar 2016, at 5:50 AM, Justin Uberti <juberti@google.com> wrote:
> >
> > +Adam
> >
> > Credit to Adam Roach who provided helpful feedback on these areas in his
> document review.
> >
> > On Mon, Mar 28, 2016 at 12:53 PM, Wendy Seltzer <wseltzer@w3.org> wrote:
> > Hi PING and Justin,
> >
> > At the last PING call, I indicated I would look into Justin Uberti's
> > IETF draft, https://tools.ietf.org/html/draft-ietf-rtcweb-ip-handling-01
> >
> > The primary concern I had in the previous draft, a statement that IP
> > information was being compared with mic/camera permissions and deemed
> > less "sensitive," has been removed, and replaced with a more nuanced
> > acknowledgment that privacy concerns may differ among differing users of
> > the Web and rtcweb. Moreover, the document now recommends that IP
> > address be included explicitly in the permission grant.
> >
> > Thanks, Justin!
> >
> > Overall, I think the document now strikes a reasonable balance between
> > information flow-control and usability. It suggests that users should be
> > able to configure preferences or extensions for even greater control.
> > I'd welcome others' review whether the guidance still leaves too much
> > scope for surprising privacy-invasive address-leakage.
> >
> > --Wendy
> > --
> > Wendy Seltzer -- wseltzer@w3.org +1.617.715.4883 (office)
> > Policy Counsel and Domain Lead, World Wide Web Consortium (W3C)
> > http://wendy.seltzer.org/        +1.617.863.0613 (mobile)
> >
> >
>
>
>

Received on Wednesday, 30 March 2016 15:21:00 UTC