Re: [webrtc-stats] Stats API should require additional permission / user opt-in (#550) from Philipp Hancke via GitHub on 2020-02-19 (public-webrtc-logs@w3.org from February 2020)

From: Philipp Hancke via GitHub <sysbot+gh@w3.org>
Date: Wed, 19 Feb 2020 06:08:48 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-588052924-1582092526-sysbot+gh@w3.org>

> The fine level network information exposed by this API seems to be sufficient to re-carry out this attack.

I think that is a bit too general. Lets ignore for a bit that [CBR](https://github.com/w3c/webrtc-nv-use-cases/issues/57) is the answer to this. Lets also ignore that you have the audio stream.

The key of fon-iks is this: `The  size  of  the  encryptedpacket therefore reflects properties of the input signal`
getStats provides [packetsSent](https://w3c.github.io/webrtc-stats/#dom-rtcsentrtpstreamstats-packetssent) and [bytesSent](https://w3c.github.io/webrtc-stats/#dom-rtcsentrtpstreamstats-bytessent). With opus we're talking about a typical frame size of 20ms or 50 packets per second.
To carry ouf foniks you would need to call getStats with a resolution higher than that.

Lets try this actually. Go to [one of the samples](https://webrtc.github.io/samples/src/content/peerconnection/audio/) and paste the following:
```
const bytes = [];
let iv = setInterval(async () => {
  const sender = pc1.getSenders()[0];
  const stats = await sender.getStats();
  stats.forEach(s => {
    if (s.type === 'outbound-rtp') {
      bytes.push([s.packetsSent, s.bytesSent]);
    }
  });
}, 10);
setTimeout(() => clearInterval(iv), 2000);
```
If you do a `bytes.map(x => x[0])` you can see that in Chrome there you don't even have enough granularity to capture a single packet. In Firefox you do. @henbos can probably comment on getStats caching in Chrome.

I didn't see any discussion in the foniks paper about the frame size/duration but I assume that recall drops if you increase the frame size. The mitigation here might be to limit the resolution of getStats.

Note that this concern probably also applies to [getSynchronizationSources](https://w3c.github.io/webrtc-pc/#dom-rtcrtpreceiver-getsynchronizationsources) which exposes the RTP timestamp and the audioLevel (typically from the ssrc-audio-level extension) and is explicitly designed for high-frequency polling.

-- 
GitHub Notification of comment by fippo
Please view or discuss this issue at https://github.com/w3c/webrtc-stats/issues/550#issuecomment-588052924 using your GitHub account

Received on Wednesday, 19 February 2020 06:08:50 UTC