This seems like it's going to cause a lot of ossification, since it will mean that if you want to load an iframe that *can* use PC, then you will have to use iframe-sandbox and then you will be restricted to just the APIs that are presently whitelistable. It would be fine to have PC disabled when IFRAME sandbox was used unless allow-rtcpeerconnection was set. -Ekr On Mon, Aug 17, 2015 at 5:26 AM, Dominique Hazael-Massieux <dom@w3.org> wrote: > Hi, > > Back in April, I had tried to list the various mitigation strategies that > are available to reduce some of the mis-usage of RTCPeerConnection to > obtain information on the local network topology: > https://lists.w3.org/Archives/Public/public-webrtc/2015Apr/0131.html > > While there is still more work needed on the "VPN use case" (where leaking > some of the IP addresses of VPN users potentially reveal their true > location), I wonder if there is any interest in making it also much less > trivial for any random third-party (e.g. ads network) to obtain users local > IP addresses which provide increased fingerprinting surface for little > benefit. > > The specific idea I would like to suggest is that content embedded via > <iframe> don't get access to the RTCPeerConnection interface unless they > are embedded with an "allow-rtcpeerconnection" token in the sandbox > attribute. > http://www.w3.org/TR/html5/embedded-content-0.html#attr-iframe-sandbox > > Would there be support for such a proposal? > > Dom > >Received on Monday, 17 August 2015 12:55:24 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:18:08 UTC