W3C home > Mailing lists > Public > public-webrtc@w3.org > August 2015

Sandboxing usage of RTCPeerConnection?

From: Dominique Hazael-Massieux <dom@w3.org>
Date: Mon, 17 Aug 2015 14:26:55 +0200
Message-ID: <55D1D30F.4070508@w3.org>
To: "public-webrtc@w3.org" <public-webrtc@w3.org>

Back in April, I had tried to list the various mitigation strategies 
that are available to reduce some of the mis-usage of RTCPeerConnection 
to obtain information on the local network topology:

While there is still more work needed on the "VPN use case" (where 
leaking some of the IP addresses of VPN users potentially reveal their 
true location), I wonder if there is any interest in making it also much 
less trivial for any random third-party (e.g. ads network) to obtain 
users local IP addresses which provide increased fingerprinting surface 
for little benefit.

The specific idea I would like to suggest is that content embedded via 
<iframe> don't get access to the RTCPeerConnection interface unless they 
are embedded with an "allow-rtcpeerconnection" token in the sandbox 

Would there be support for such a proposal?

Received on Monday, 17 August 2015 12:27:03 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:18:08 UTC