- From: Eric Rescorla <ekr@rtfm.com>
- Date: Mon, 17 Aug 2015 05:54:16 -0700
- To: Dominique Hazael-Massieux <dom@w3.org>
- Cc: "public-webrtc@w3.org" <public-webrtc@w3.org>
- Message-ID: <CABcZeBPXfBuenJZqscx_ee5ef-b51TgLFDEnLrNhc0S3AxpX2A@mail.gmail.com>
This seems like it's going to cause a lot of ossification, since it will mean that if you want to load an iframe that *can* use PC, then you will have to use iframe-sandbox and then you will be restricted to just the APIs that are presently whitelistable. It would be fine to have PC disabled when IFRAME sandbox was used unless allow-rtcpeerconnection was set. -Ekr On Mon, Aug 17, 2015 at 5:26 AM, Dominique Hazael-Massieux <dom@w3.org> wrote: > Hi, > > Back in April, I had tried to list the various mitigation strategies that > are available to reduce some of the mis-usage of RTCPeerConnection to > obtain information on the local network topology: > https://lists.w3.org/Archives/Public/public-webrtc/2015Apr/0131.html > > While there is still more work needed on the "VPN use case" (where leaking > some of the IP addresses of VPN users potentially reveal their true > location), I wonder if there is any interest in making it also much less > trivial for any random third-party (e.g. ads network) to obtain users local > IP addresses which provide increased fingerprinting surface for little > benefit. > > The specific idea I would like to suggest is that content embedded via > <iframe> don't get access to the RTCPeerConnection interface unless they > are embedded with an "allow-rtcpeerconnection" token in the sandbox > attribute. > http://www.w3.org/TR/html5/embedded-content-0.html#attr-iframe-sandbox > > Would there be support for such a proposal? > > Dom > >
Received on Monday, 17 August 2015 12:55:24 UTC