[webrtc-stats] Privacy concern: Leaking communication / plain text using patterns in packet size, frequency, etc. (#699) from henbos via GitHub on 2022-09-27 (public-webrtc-logs@w3.org from September 2022)

From: henbos via GitHub <sysbot+gh@w3.org>
Date: Tue, 27 Sep 2022 13:59:43 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issues.opened-1387820412-1664287180-sysbot+gh@w3.org>

henbos has just created a new issue for https://github.com/w3c/webrtc-stats:

== Privacy concern: Leaking communication / plain text using patterns in packet size, frequency, etc. ==
Originally from #550 filed by @pes10k:

> The stats collected by this API enable two new privacy harms / risks. This spec should enable the main uses of WebRTC, without automatically exposing these additional risks.
> 
> Prior work (e.g. http://www.cs.unc.edu/~fabian/papers/foniks-oak11.pdf) has shown that you can recreate the plain text content of an encrypted, dTLS encoded audio conversation, based on patterns in packet size, frequency, etc. The fine level network information exposed by this API seems to be sufficient to re-carry out this attack. If this is needed for analysis / quality control / etc use, the API should limit it to these special cases (additional permission, for example).


Please view or discuss this issue at https://github.com/w3c/webrtc-stats/issues/699 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 27 September 2022 13:59:45 UTC